[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVm_jj8sj2XT4qzukxgV6ndiIrXApoDZ0fMmXL__q6_c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":43,"crawl_stats":34,"alternatives":49,"analysis":153,"fingerprints":339},"client-showcase","Client Showcase","1.2.0","dxladner","https:\u002F\u002Fprofiles.wordpress.org\u002Fdxladner\u002F","\u003Cp>Display your Clients with pride. This plugin displays your client’s logo in a page, post using a shortcode or use the custom widget. Attach your client’s website URL to the Logo for added information. Administrator enters their clients using a custom post type. They can enter the client’s name\u002Ftitle, logo and their website url. Then using a shortcode you can display your Clients Logo on a page or post. This plugin also comes with a Custom Widget. Just find the widget called ‘Client Showcase’, drag and drop into your themes widget sections. Simple way to display your clients to show your expertise. Do not have Clients. You can use this plugin for displaying multiple different options. Use your creativity.\u003C\u002Fp>\n\u003Cp>NEW FEATURES:\u003Cbr \u002F>\nDrag N Drop Ordering and Display your List Option. Using a simple Drag N Drop option, you can arrange your clients in any particular order you choose. Also, you can choose whether\u003Cbr \u002F>\nto display your Clients Horizontally or Vertically. For complete instructions for the NEW FEATURES, please read the complete documentation located at\u003Cbr \u002F>\nour website \u003Ca href=\"https:\u002F\u002Fhyperdrivedesigns.com\u002Ffree-plugins\u002Fclient-showcase\u002F\" rel=\"nofollow ugc\">Hyperdrive Designs: Client Showcase Documentation\u003C\u002Fa>. If you decide\u003Cbr \u002F>\nto upgrade the plugin, be sure to read the new documentation as the settings have changed.\u003C\u002Fp>\n","Display your Clients with pride. This plugin displays your client's logo in a page, post using a shortcode or use the custom widget.",30,4984,0,"2017-03-23T00:06:00.000Z","4.7.32","4.0","",[19,4,20,21,22],"client-list","clients","clients-logo","display-clients","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclient-showcase.zip",64,1,"2025-04-01 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-31737","client-showcase-authenticated-contributor-stored-cross-site-scripting","Client Showcase \u003C= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Client Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-09 13:11:42",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7250aaa2-c778-4899-af76-6b3f79cff486?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":44,"total_installs":45,"avg_security_score":46,"avg_patch_time_days":11,"trust_score":47,"computed_at":48},3,360,78,79,"2026-04-05T09:08:04.322Z",[50,68,86,109,130],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":13,"num_ratings":13,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":17,"tags":63,"homepage":17,"download_link":66,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":34,"fetched_at":27},"canto-clients","Canto Clients","1.0","CantoThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcantothemes\u002F","\u003Cp>Canto Clients simple and effective client logo shortcode. It’s interrogated with BxSlider.\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[canto_clients]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Attributes List:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>count (int): Amount of logos at view.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Default: 4\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>hover (bool): If 1 (true), logos will be black and white. When hover event will be happened, logo will be colorful.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Default: 1\n\nOptions: '0 - False', '1 - True'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Canto Clients simple and effective client logo shortcode.",10,2652,"2019-10-17T16:16:00.000Z","3.7.41","3.0",[20,21,64,65],"custom-post-type","shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcanto-clients.1.0.zip",85,{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":13,"downloaded":76,"rating":13,"num_ratings":13,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":17,"download_link":85,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":34,"fetched_at":27},"ocl-widget","Contact widget – Ocl.to","1.0.1","getreveltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fgetreveltd\u002F","\u003Cp>This plugin is all you need to add a contact widget to your WordPress website. It is very easy to set up and there is no coding required. Just follow the simple instruction, fill in the details in configuration tab and integrate the Ocl contact widget to your website!\u003C\u002Fp>\n\u003Cp>After these simple steps, you will be ready to gather information from clients.\u003C\u002Fp>\n\u003Ch3>Contact widget\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Customisable widget fields\u003C\u002Fli>\n\u003Cli>You choose the data you want to collect\u003C\u002Fli>\n\u003Cli>Contact widget is automatically added to your website\u003C\u002Fli>\n\u003Cli>You can switch it on\u002Foff any time you want\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CRM\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All data is transferred to Ocl CRM system\u003C\u002Fli>\n\u003Cli>You can process collected data with the help of Ocl features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Further Reading\u003C\u002Fh3>\n\u003Cp>For more info, check out the following links:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Focl.to\u002F\" rel=\"nofollow ugc\">OCL website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to install and activate the plugin\u003C\u002Fh3>\n\u003Cp>Please see our \u003Ca href=\"https:\u002F\u002Focl.to\u002Fwordpress\" rel=\"nofollow ugc\">step by step instructions guide\u003C\u002Fa> on how to install and use this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>From within WordPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to \u003Ccode>Plugins > Add New\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Search by for Oclto\u003C\u002Fli>\n\u003Cli>Activate the plugin from the Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Manually\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>contact-widget\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>How to set up your contact widget account\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Look for \u003Ccode>Ocl widget\u003C\u002Fcode> in your WordPress menu\u003C\u002Fli>\n\u003Cli>Go to configuration tab and follow the link on the banner to create ocl account (if you do not have one already)\u003C\u002Fli>\n\u003Cli>After that follow the second link and log in to the system using your Ocl credentials\u003C\u002Fli>\n\u003Cli>Generate widget code inside the system and paste it to your WordPress plugin menu\u003C\u002Fli>\n\u003C\u002Fol>\n","Generate your own contact widget and paste it to your Wordpress page. Gather information about clients and automatically transfer it to your Ocl CRM s &hellip;",806,"2021-04-27T08:18:00.000Z","5.7.15","4.7","7.1",[19,82,83,84],"clients-management","com-system","contact-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Focl-widget.1.0.1.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":17,"tags":101,"homepage":106,"download_link":107,"security_score":108,"vuln_count":13,"unpatched_count":13,"last_vuln_date":34,"fetched_at":27},"wp-help","WP Help","1.7.5","Mark Jaquith","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkjaquith\u002F","\u003Cp>Site operators can create detailed, hierarchical documentation for the site’s authors, editors, and contributors, viewable in the WordPress admin. Powered by Custom Post Types, you get all the power of WordPress to create, edit, and arrange your documentation. Perfect for customized client sites. Never send another “here’s how to use your site” e-mail again!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NEW\u003C\u002Fstrong>: You can now pull in help documents from another WP Help install, and they will be automatically updated when the source documents change (even additions and deletions!). Perfect for WordPress multisite installs, or consultants with a large number of client installs.\u003C\u002Fp>\n","Site operators can create detailed, hierarchical documentation for the site's authors, editors, and contributors, viewable in the WordPress admin &hellip;",10000,287232,96,54,"2024-04-20T18:45:00.000Z","6.5.8","4.9",[102,20,103,104,105],"client-sites","docs","documentation","help","http:\u002F\u002Ftxfx.net\u002Fwordpress-plugins\u002Fwp-help\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-help.1.7.5.zip",92,{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":25,"last_updated":120,"tested_up_to":121,"requires_at_least":16,"requires_php":122,"tags":123,"homepage":17,"download_link":128,"security_score":119,"vuln_count":25,"unpatched_count":13,"last_vuln_date":129,"fetched_at":27},"cpo-content-types","CPO Content Types","1.1.1","WP Chill","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchill\u002F","\u003Cp>\u003Cstrong>NOTE: This plugin is meant for use with the WordPress themes developed by \u003Ca href=\"http:\u002F\u002Fcpothemes.com\" rel=\"nofollow ugc\">CPOThemes\u003C\u002Fa> themes, which take advantage of it to add richer content areas and designs. Check them out!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcpothemes.com\u002Fplugin\u002Fcpo-content-types\" rel=\"nofollow ugc\">CPO Content Types\u003C\u002Fa> is a utility plugin that adds support for a specific set of content elements within your WordPress installation. This plugin will add seven custom post types to your site: slides, features, portfolios, services, team members, testimonials and clients. You can still use CPO Content Types for any WordPress theme, although you will have to create your own page templates.\u003C\u002Fp>\n\u003Ch4>Included Content Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Slides\u003C\u002Fli>\n\u003Cli>Feature Blocks\u003C\u002Fli>\n\u003Cli>Portfolio Items\u003C\u002Fli>\n\u003Cli>Services\u003C\u002Fli>\n\u003Cli>Team Members\u003C\u002Fli>\n\u003Cli>Testimonials\u003C\u002Fli>\n\u003Cli>Clients\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Only the content types supported by the current WordPress theme will be shown, to avoid crowding your admin menu. You can still override this and show any content types if you want.\u003C\u002Fli>\n\u003Cli>This plugin is perfectly compatible with any theme: you will be able to manage your content just fine. However, there are no templates included and it is up to the theme to handle them.\u003C\u002Fli>\n\u003Cli>The portfolio post type included here is different from other portfolio plugins, and can be used in conjunction with them. For instance, you can still use JetPack portfolios at the same time.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add support for special content types in your website, such as a portfolio, features, and slides.",3000,106499,100,"2025-12-02T09:24:00.000Z","6.9.4","5.6",[20,124,125,126,127],"features","portfolio","slider","testimonials","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcpo-content-types.1.1.1.zip","2023-03-03 00:00:00",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":140,"num_ratings":141,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":151,"download_link":152,"security_score":119,"vuln_count":13,"unpatched_count":13,"last_vuln_date":34,"fetched_at":27},"woo-guaranteed-reviews-company","Guaranteed Reviews Company (Société des Avis Garantis)","1.2.9","nicolas2d","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolas2d\u002F","\u003Cp>Increase your conversion rate and improve your e-reputation displaying guaranteed reviews on your website.\u003C\u002Fp>\n\u003Ch4>Website review and product review\u003C\u002Fh4>\n\u003Cp>Our solution helps you collecting customer reviews (about website and products) to ensure the most accurate representation of your customers’ satisfaction. You will gain in content, positioning you better on the web. It is also possible to respond to reviews to stimulate dialogue between your customers and your company. Bringing the opportunity to be more attentive to the expectations of your customers.\u003C\u002Fp>\n\u003Cp>In order to collect reviews, this plugin will send following data to GRC \u002F SAG server (depending on the language you choose):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customer firstname\u003C\u002Fli>\n\u003Cli>Customer lastname\u003C\u002Fli>\n\u003Cli>Customer email\u003C\u002Fli>\n\u003Cli>Ordered products (id, ean13, name)\u003C\u002Fli>\n\u003Cli>Order date\u003C\u002Fli>\n\u003Cli>Order reference\u003C\u002Fli>\n\u003Cli>Order ID\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Generated automatically, sending e-mails to your customers by the Guaranteed Reviews Company helps you obtain a considerable number of reviews. E-mails can also be customized upon request.\u003C\u002Fp>\n\u003Ch4>Reviews visual representation: Rich Snippets stars and Widgets\u003C\u002Fh4>\n\u003Cp>Additionally, you will be able to display them on your website. The WordPress Plugin from the Guaranteed Reviews Company allows to display the Rich Snippets stars or Google stars on your products. These are visible in the search engine results, significantly increasing your click-rate. In fact, Google stars have a strong influence over users who are then encouraged to click.\u003C\u002Fp>\n\u003Cp>The Guaranteed Reviews Company also offers a wide range of widgets to integrate on your website. The reviews, highlighted by our visuals, will attract the attention of Internet users. Expressing your professionalism while reassuring your customers. Thanks to our flexibility, just like e-mails, it is possible to answer to personalized requests.\u003C\u002Fp>\n\u003Cp>In order to display reviews on your website we will send this data to your WordPress website:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customer firstname\u003C\u002Fli>\n\u003Cli>Customer lastname\u003C\u002Fli>\n\u003Cli>Review\u003C\u002Fli>\n\u003Cli>Product reviewed\u003C\u002Fli>\n\u003Cli>Review publication date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data will automatically be displayed in our review’s visual representation on the website and on the product’s sheets. You will valorize your image with our modern and professional visuals.\u003C\u002Fp>\n\u003Ch4>Google My Business\u003C\u002Fh4>\n\u003Cp>The Guaranteed Reviews Company’s plugin also enables the redirection of customer’s reviews to the Google My Business Reviews page.\u003C\u002Fp>\n\u003Cp>With this solicitation, your notation and your number of reviews will significantly raise, allowing you to increase your visibility and enhance your image to Internet users.\u003C\u002Fp>\n\u003Cp>English website version: \u003Ca href=\"https:\u002F\u002Fwww.guaranteed-reviews.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.guaranteed-reviews.com\u002F\u003C\u002Fa>\u003Cbr \u002F>\nFrench website version: \u003Ca href=\"https:\u002F\u002Fwww.societe-des-avis-garantis.fr\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.societe-des-avis-garantis.fr\u002F\u003C\u002Fa>\u003Cbr \u002F>\nSpanish website version: \u003Ca href=\"https:\u002F\u002Fwww.sociedad-de-opiniones-contrastadas.es\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.sociedad-de-opiniones-contrastadas.es\u002F\u003C\u002Fa>\u003Cbr \u002F>\nItalian website version: \u003Ca href=\"https:\u002F\u002Fwww.societa-recensioni-garantite.it\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.societa-recensioni-garantite.it\u002F\u003C\u002Fa>\u003Cbr \u002F>\nGerman website version: \u003Ca href=\"https:\u002F\u002Fwww.g-g-b.de\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.g-g-b.de\u002F\u003C\u002Fa>\u003Cbr \u002F>\nDutch website version: \u003Ca href=\"https:\u002F\u002Fwww.g-b-n.nl\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.g-b-n.nl\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Collect and display product and website reviews through Guaranteed Reviews Company \u002F Société des Avis Garantis.",1000,13824,84,5,"2025-12-01T10:38:00.000Z","6.8.5","4.5","5.3",[147,20,148,149,150],"avis","customer","rates","reviews","https:\u002F\u002Fwww.guaranteed-reviews.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-guaranteed-reviews-company.1.2.9.zip",{"attackSurface":154,"codeSignals":215,"taintFlows":280,"riskAssessment":318,"analyzedAt":338},{"hooks":155,"ajaxHandlers":201,"restRoutes":207,"shortcodes":208,"cronEvents":213,"entryPointCount":214,"unprotectedCount":25},[156,161,164,168,172,177,181,185,189,193,197],{"type":157,"name":158,"callback":159,"file":160,"line":11},"action","init","add_content_type","client-showcase.php",{"type":157,"name":158,"callback":162,"file":160,"line":163},"check_flush_rewrite_rules",31,{"type":157,"name":165,"callback":166,"file":160,"line":167},"add_meta_boxes","add_meta_boxes_for_content_type",32,{"type":157,"name":169,"callback":170,"file":160,"line":171},"display_content_type_meta","display_additional_meta_data",35,{"type":173,"name":174,"callback":175,"file":160,"line":176},"filter","manage_edit-client_showcase_columns","showcase_edit_columns",37,{"type":157,"name":178,"callback":179,"file":160,"line":180},"manage_posts_custom_column","showcase_custom_columns",38,{"type":157,"name":182,"callback":183,"file":160,"line":184},"admin_menu","client_showcase_options_page",40,{"type":157,"name":186,"callback":187,"file":160,"line":188},"admin_notices","client_showcase_admin_notice",44,{"type":157,"name":190,"callback":191,"file":160,"line":192},"admin_init","client_showcase_nag_ignore",45,{"type":157,"name":194,"callback":195,"file":160,"line":196},"wp_enqueue_scripts","enqueue_public_scripts_and_styles",51,{"type":157,"name":198,"callback":199,"file":160,"line":200},"widgets_init","client_showcase_widget",486,[202],{"action":203,"nopriv":204,"callback":205,"hasNonce":204,"hasCapCheck":204,"file":160,"line":206},"client_showcase_update_order",false,"client_showcase_save_order",42,[],[209],{"tag":210,"callback":211,"file":160,"line":212},"showcase","client_showcase_section",52,[],2,{"dangerousFunctions":216,"sqlUsage":217,"outputEscaping":227,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":279},[],{"prepared":214,"raw":44,"locations":218},[219,223,225],{"file":220,"line":221,"context":222},"uninstall.php",11,"$wpdb->query() with variable interpolation",{"file":220,"line":224,"context":222},12,{"file":220,"line":226,"context":222},13,{"escaped":25,"rawEcho":228,"locations":229},26,[230,233,235,237,239,241,242,244,246,248,250,251,253,255,257,259,261,263,265,267,269,271,273,274,276,278],{"file":160,"line":231,"context":232},142,"raw output",{"file":160,"line":234,"context":232},240,{"file":160,"line":236,"context":232},269,{"file":160,"line":238,"context":232},272,{"file":160,"line":240,"context":232},295,{"file":160,"line":240,"context":232},{"file":160,"line":243,"context":232},341,{"file":160,"line":245,"context":232},342,{"file":160,"line":247,"context":232},343,{"file":160,"line":249,"context":232},359,{"file":160,"line":45,"context":232},{"file":160,"line":252,"context":232},361,{"file":160,"line":254,"context":232},373,{"file":160,"line":256,"context":232},374,{"file":160,"line":258,"context":232},375,{"file":160,"line":260,"context":232},386,{"file":160,"line":262,"context":232},426,{"file":160,"line":264,"context":232},428,{"file":160,"line":266,"context":232},430,{"file":160,"line":268,"context":232},432,{"file":160,"line":270,"context":232},465,{"file":160,"line":272,"context":232},467,{"file":160,"line":272,"context":232},{"file":160,"line":275,"context":232},475,{"file":160,"line":277,"context":232},477,{"file":160,"line":277,"context":232},[],[281,299,309],{"entryPoint":282,"graph":283,"unsanitizedCount":25,"severity":298},"create_client_showcase_options_page (client-showcase.php:279)",{"nodes":284,"edges":296},[285,290],{"id":286,"type":287,"label":288,"file":160,"line":289},"n0","source","$_POST",284,{"id":291,"type":292,"label":293,"file":160,"line":294,"wp_function":295},"n1","sink","update_option() [Settings Manipulation]",285,"update_option",[297],{"from":286,"to":291,"sanitized":204},"low",{"entryPoint":300,"graph":301,"unsanitizedCount":25,"severity":298},"client_showcase_save_order (client-showcase.php:406)",{"nodes":302,"edges":307},[303,305],{"id":286,"type":287,"label":288,"file":160,"line":304},409,{"id":291,"type":292,"label":293,"file":160,"line":306,"wp_function":295},412,[308],{"from":286,"to":291,"sanitized":204},{"entryPoint":310,"graph":311,"unsanitizedCount":214,"severity":298},"\u003Cclient-showcase> (client-showcase.php:0)",{"nodes":312,"edges":316},[313,315],{"id":286,"type":287,"label":314,"file":160,"line":289},"$_POST (x2)",{"id":291,"type":292,"label":293,"file":160,"line":294,"wp_function":295},[317],{"from":286,"to":291,"sanitized":204},{"summary":319,"deductions":320},"The client-showcase plugin v1.2.0 exhibits a concerning security posture due to a significant lack of proper input validation and output escaping, coupled with a known unpatched vulnerability.  The static analysis reveals an unprotected AJAX handler, which presents a direct entry point for attackers. The high percentage of unsanitized output (96%) is particularly alarming, suggesting a strong likelihood of Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by the vulnerability history, which shows a medium severity XSS vulnerability from April 2025 that remains unpatched, indicating a pattern of insecure coding practices and a lack of diligent security patching.  While the plugin doesn't use dangerous functions, perform file operations, or make external HTTP requests, these strengths are overshadowed by the critical weaknesses in handling user input and securing entry points. The absence of nonce and capability checks on the identified AJAX handler is a significant oversight, leaving the application vulnerable to various attacks.",[321,323,326,329,332,334,336],{"reason":322,"points":58},"Unprotected AJAX handler",{"reason":324,"points":325},"High percentage of unsanitized output",8,{"reason":327,"points":328},"Unpatched medium severity CVE",18,{"reason":330,"points":331},"Flows with unsanitized paths",7,{"reason":333,"points":141},"Missing nonce checks",{"reason":335,"points":141},"Missing capability checks",{"reason":337,"points":141},"Low percentage of prepared SQL statements","2026-03-16T22:27:01.045Z",{"wat":340,"direct":346},{"assetPaths":341,"generatorPatterns":343,"scriptPaths":344,"versionParams":345},[342],"\u002Fwp-content\u002Fplugins\u002Fclient-showcase\u002Fcss\u002Fclient-showcase-public-styles.css",[],[],[],{"cssClasses":347,"htmlComments":349,"htmlAttributes":350,"restEndpoints":352,"jsGlobals":353,"shortcodeOutput":354},[348],"client_showcase_widget_size",[],[351],"client_url",[],[],[355,356,357],"\u003Cul id=\"listStyle\">","\u003Cli","id=\"listStyle\">"]