[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbhAmllDCWqc7oQI7FOf2pSh97kSAxua2JV88I0iXIwg":3,"$fmApqHgEtzbchL7afqkQ4QSRFCd-NLUd6qGIs1PJbIvs":575,"$feYGaZv3vlNVz_7Y9EzUAzOQejLE_RTcVQoI5-lCXofo":579},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":74,"crawl_stats":39,"alternatives":82,"analysis":181,"fingerprints":500},"cornerstone","Cornerstone","0.8.1","Archetyped","https:\u002F\u002Fprofiles.wordpress.org\u002Farchetyped\u002F","\u003Cp>Cornerstone makes WordPress practical for \u003Cstrong>any type of site\u003C\u002Fstrong> by enhancing its content management capabilities.  Too long have we had to resort to hacks like using categories in menus to build a pseudo site structure (you know what I’m talking about).\u003C\u002Fp>\n\u003Cp>Cornerstone enhances your WordPress site in several ways.  One of the most useful features is one that allows WordPress to be used for sites that go beyond just blogging– \u003Cstrong>Posts in Sections\u003C\u002Fstrong>.  Create a section, add posts to it, they show up when visitors navigate to that section.  Simple as that.  It really is, but because you’re awesome \u003Ca href=\"http:\u002F\u002Farchetyped.com\u002Fknow\u002Fhow-to-organize-posts-in-sections-in-wordpress-with-cornerstone\u002F\" rel=\"nofollow ugc\">here’s a tutorial on how to do it\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Thanks for the Support!\u003C\u002Fh3>\n\u003Cp>The support from the users that love Cornerstone is huge.  You can support Cornerstone’s future development and help to make it even better by donating or even just by sending me a nice message 🙂\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgum.co\u002Fcnr-donate\" rel=\"nofollow ugc\">Donate to Cornerstone\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>”NEW: Content Types” – Add custom fields to default (posts, pages, etc.) and custom (events, properties, etc.) post types\u003C\u002Fli>\n\u003Cli>Posts in Sections (see above for more info.  Why are you reading from the bottom up?)\u003C\u002Fli>\n\u003Cli>Structured permalinks – post permalinks are based on the section they are in (e.g. \u003Ccode>\u002Fsection-name\u002Fpost-name\u002F\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>RSS for Sections – Let users subscribe to and receive updates for specific sections on the site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Next Up\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Template functionality – enhanced page titles, featured content, etc.\u003C\u002Fli>\n\u003Cli>And more, which is where your feedback comes in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Farchetyped.com\u002Ftools\u002Fcornerstone\u002F\" rel=\"nofollow ugc\">Plugin home page\u003C\u002Fa>\u003C\u002Fp>\n","Enhanced content management for WordPress",30000,67552,80,6,"2024-07-16T00:28:00.000Z","6.6.5","5.3","",[20,21,22,23,24],"cms","management","organization","sections","structure","http:\u002F\u002Farchetyped.com\u002Ftools\u002Fcornerstone\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcornerstone.0.8.1.zip",67,3,1,"2025-10-06 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,51,64],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":39,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":39,"patch_diff_files":48,"patch_trac_url":39,"research_status":39,"research_verified":49,"research_rounds_completed":50,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":49,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-63072","cornerstone-authenticated-contributor-stored-cross-site-scripting","Cornerstone \u003C= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Cornerstone plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=7.7.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-12-10 16:03:32",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1c8e6f5e-d403-497d-bedc-d570d35ca00f?source=api-prod",[],false,0,{"id":52,"url_slug":53,"title":54,"description":55,"plugin_slug":4,"theme_slug":39,"affected_versions":56,"patched_in_version":6,"severity":41,"cvss_score":57,"cvss_vector":58,"vuln_type":44,"published_date":59,"updated_date":60,"references":61,"days_to_patch":39,"patch_diff_files":63,"patch_trac_url":39,"research_status":39,"research_verified":49,"research_rounds_completed":50,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":49,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-28002","cornerstone-reflected-cross-site-scripting","Cornerstone \u003C= 0.8.0 - Reflected Cross-Site Scripting","The Cornerstone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=0.8.0",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-04-26 00:00:00","2024-04-24 16:01:13",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5f75dfef-b30f-45a5-ba3e-cb82c1443800?source=api-prod",[],{"id":65,"url_slug":66,"title":67,"description":55,"plugin_slug":4,"theme_slug":39,"affected_versions":56,"patched_in_version":6,"severity":41,"cvss_score":57,"cvss_vector":58,"vuln_type":44,"published_date":68,"updated_date":69,"references":70,"days_to_patch":72,"patch_diff_files":73,"patch_trac_url":39,"research_status":39,"research_verified":49,"research_rounds_completed":50,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":49,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-32570","cornerstone-reflected-cross-site-scripting-via-phpself","Cornerstone \u003C= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF","2024-04-16 00:00:00","2024-04-24 16:00:19",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5c18a9b8-5041-4451-a3cc-91952c234d9c?source=api-prod",9,[],{"slug":75,"display_name":7,"profile_url":8,"plugin_count":76,"total_installs":77,"avg_security_score":78,"avg_patch_time_days":79,"trust_score":80,"computed_at":81},"archetyped",4,150060,87,24,85,"2026-05-19T19:30:07.921Z",[83,107,128,145,165],{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":104,"download_link":105,"security_score":106,"vuln_count":50,"unpatched_count":50,"last_vuln_date":39,"fetched_at":31},"clicface-organi","Clicface Organi","2.08","clicface","https:\u002F\u002Fprofiles.wordpress.org\u002Fclicface\u002F","\u003Cp>Clicface Organi is a great plugin for WordPress to create employee org charts. This is the perfect solution for organizations, teams and associations.\u003C\u002Fp>\n\u003Cp>Clicface Organi works with Clicface Trombi, as it uses Clicface Trombi employee database to generate org charts.\u003C\u002Fp>\n\u003Cp>It’s the perfect solution to build very easily the org chart of any company.\u003C\u002Fp>\n\u003Cp>Stay in touch with Clicface updates by \u003Ca href=\"http:\u002F\u002Feepurl.com\u002FOz7YH\" rel=\"nofollow ugc\">subscribing to our newsletter\u003C\u002Fa>. New subscribers automatically receive discount vouchers.\u003C\u002Fp>\n\u003Cp>Need help? Check our \u003Ca href=\"https:\u002F\u002Fplugins.clicface.com\u002Fdocumentation\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fsupport.clicface.com\u002F\" rel=\"nofollow ugc\">create a new support ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy integration\u003C\u002Fli>\n\u003Cli>Drag’n Drop moves to create the org chart\u003C\u002Fli>\n\u003Cli>Show employee’s details in a new window or a lightbox\u003C\u002Fli>\n\u003Cli>Custom Styles\u003C\u002Fli>\n\u003Cli>Insert any employee (up to 10)\u003C\u002Fli>\n\u003Cli>Insert any Label (up to 10): a box where you can type anything you want\u003C\u002Fli>\n\u003Cli>Works with Clicface Trombi, to keep your employee data up to date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Supported languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n","Create Org Charts easily in WordPress. A flexible and lightweight WordPress plugin, working with Clicface Trombi.",200,26180,52,5,"2024-11-12T09:51:00.000Z","6.7.5","4.7","5.6",[21,100,101,102,103],"management-tool","org-chart","organigram","organizational-chart","https:\u002F\u002Fplugins.clicface.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclicface-organi.zip",92,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":91,"downloaded":115,"rating":50,"num_ratings":50,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":125,"download_link":126,"security_score":127,"vuln_count":50,"unpatched_count":50,"last_vuln_date":39,"fetched_at":31},"talentlms","TalentLMS WordPress plugin","7.1","Yiannis Panagopoulos","https:\u002F\u002Fprofiles.wordpress.org\u002Fpanagop\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.talentlms.com\u002F\" title=\"TalentLMS super-easy, cloud-based learning platform\" rel=\"nofollow ugc\">TalentLMS\u003C\u002Fa> is a cloud-based, lean LMS with an emphasis on usability and easy course creation. With TalentLMS we wanted to create a better learning experience in every way that actually matters – and we are excited about this new offering. The product focuses on small but growing organizations. There are a number of obstacles that prohibit small organizations from using elearning. To be productive, small businesses need a number of tools and several related services such as setup and maintenance, course creation and the support of end-users. All these require ample time, resources and money. It comes as no surprise that most small organizations find elearning a non-viable pursuit and prefer on-job or informal training methods.\u003C\u002Fp>\n\u003Cp>Read more about TalentLMS in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.talentlms.com\u002Fblog\u002Ftalentlms-an-introduction\u002F\" title=\"TalentLMS - an Introduction\" rel=\"nofollow ugc\">TalentLMS – an Introduction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.talentlms.com\u002Fblog\u002Ftalentlms-get-started-in-5\u002F\" title=\"TalentLMS - Get started in 5'\" rel=\"nofollow ugc\">TalentLMS – Get started in 5′\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>List your TalentLMS courses and their content in WordPress.\u003C\u002Fli>\n\u003Cli>Integrate your TalentLMS courses as WooCommerce products\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin integrates Talentlms with Wordpress. Promote your TalentLMS content through your WordPress site.",19170,"2025-11-06T08:44:00.000Z","6.8.5","2.0","5.2.4",[121,122,123,124,108],"elearning","lcms","learning-management-system","lms","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftalentlms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftalentlms.7.1.4.zip",100,{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":127,"downloaded":136,"rating":50,"num_ratings":50,"last_updated":137,"tested_up_to":117,"requires_at_least":138,"requires_php":18,"tags":139,"homepage":18,"download_link":144,"security_score":127,"vuln_count":50,"unpatched_count":50,"last_vuln_date":39,"fetched_at":31},"simple-page-folder-organizer","Simple Page Folder Organizer","1.1","Come2theweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fjitendra742744\u002F","\u003Cp>Simple Page Folder Organizer is a simple and effective way to organize WordPress backend pages into folders for easy filtering and management. This is a completely FREE plugin designed to help users like you organize pages without unnecessary complexity. It allows you to easily create folders and categorize your pages for better organization and filtering — no more complicated plugins with unnecessary options. Just the basics, done right. The plugin creates a simple taxonomy system for your pages, allowing you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create unlimited folders\u002Fcategories for your pages\u003C\u002Fli>\n\u003Cli>Filter pages by folder in the admin list\u003C\u002Fli>\n\u003Cli>Maintain hierarchical folder structure (parent\u002Fchild folders)\u003C\u002Fli>\n\u003Cli>Keep your page organization simple and intuitive\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for websites with many pages that need better organization in the WordPress backend. The plugin works out of the box with no complicated configuration needed.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple folder creation for pages\u003C\u002Fli>\n\u003Cli>Hierarchical folder structure support\u003C\u002Fli>\n\u003Cli>Filter pages by folder in admin\u003C\u002Fli>\n\u003Cli>Lightweight with no performance impact\u003C\u002Fli>\n\u003Cli>No conflict with other plugins\u003C\u002Fli>\n\u003Cli>Works with default WordPress pages\u003C\u002Fli>\n\u003Cli>Completely free to use\u003C\u002Fli>\n\u003Cli>No ads or upsells\u003C\u002Fli>\n\u003C\u002Ful>\n","Organize WordPress pages into folders for better backend management.",715,"2025-07-30T18:08:00.000Z","4.6",[140,141,142,143],"folder-management","organize-pages","page-organization","page-taxonomy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-page-folder-organizer.1.1.zip",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":127,"downloaded":153,"rating":127,"num_ratings":29,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":163,"download_link":164,"security_score":127,"vuln_count":50,"unpatched_count":50,"last_vuln_date":39,"fetched_at":31},"syssy","SYSSY – Monitoring Websites","2.0.1","SYSSY","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyssynet\u002F","\u003Cp>Connects your WordPress website with SYSSY for monitoring and security issue reporting. Requires account on https:\u002F\u002Fwww.syssy.net.\u003C\u002Fp>\n\u003Cp>SYSSY is an online platform for managing and monitoring websites.\u003C\u002Fp>\n\u003Cp>We provide plugins for connecting different CMS (content management systems) with SYSSY, so SYSSY receives data about your website and informs you if there are some problems or if you need to do any security updates in your system or on your server.\u003C\u002Fp>\n\u003Cp>For connecting your WordPress website, just add your API key of your project from https:\u002F\u002Fapp.syssy.net and connect your website with SYSSY.\u003Cbr \u002F>\nSYSSY calls your WordPress website via REST API and fetches your WordPress versions, a list of your installed plugins and their versions, PHP and MySQL version.\u003Cbr \u002F>\nOn SYSSY platform you can see a list with all your projects if there is any need for a security update in your websites.\u003C\u002Fp>\n\u003Cp>Find more information on https:\u002F\u002Fwww.syssy.net.\u003Cbr \u002F>\nPlease find our general terms and conditions here: https:\u002F\u002Fwww.syssy.net\u002Fen\u002Fterms-and-conditions\u003Cbr \u002F>\nPlease find our terms of service here: https:\u002F\u002Fwww.syssy.net\u002Fen\u002Fterms-of-service\u003C\u002Fp>\n","Connects your WordPress website with SYSSY for monitoring and security issue reporting. Requires account on https:\u002F\u002Fwww.syssy.net.",5609,"2026-03-26T15:40:00.000Z","7.0","5.4.0","7.4.0",[159,21,160,161,162],"cmsmonitoring","monitoring","plugin-monitoring","websitemonitoring","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsyssy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsyssy.2.0.1.zip",{"slug":166,"name":167,"version":131,"author":168,"author_profile":169,"description":170,"short_description":171,"active_installs":13,"downloaded":172,"rating":50,"num_ratings":50,"last_updated":173,"tested_up_to":96,"requires_at_least":18,"requires_php":18,"tags":174,"homepage":18,"download_link":180,"security_score":106,"vuln_count":50,"unpatched_count":50,"last_vuln_date":39,"fetched_at":31},"seo-schema-structured-data-breadcrumb-list","SEO Schema – Structured Data & Breadcrumb List","eGrove Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fegs2025\u002F","\u003Cp>SEO Schema – Structured Data & Breadcrumb List plugin helps you add JSON-LD structured data for \u003Cstrong>Organization Schema\u003C\u002Fstrong> and \u003Cstrong>Breadcrumb Schema\u003C\u002Fstrong> to your WordPress site. It allows you to provide detailed organization information, like name, URL, logo, description, contact details, address, and dynamic breadcrumbs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Admin form to input organization details.\u003C\u002Fli>\n\u003Cli>Supports Organization Schema (JSON-LD).\u003C\u002Fli>\n\u003Cli>Supports dynamic Breadcrumb Schema (JSON-LD).\u003C\u002Fli>\n\u003Cli>Add dynamic breadcrumbs with customizable name and URL.\u003C\u002Fli>\n\u003Cli>Easy-to-use interface in the WordPress admin panel.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nFor more details, visit \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa>.\u003C\u002Fp>\n","A WordPress plugin to add structured data for Organization Schema and Breadcrumb Schema using JSON-LD.",1413,"2025-01-10T16:54:00.000Z",[175,176,177,178,179],"breadcrumbs","json-ld","organization-schema","schema-markup","structured-data","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-schema-structured-data-breadcrumb-list.1.0.0.zip",{"attackSurface":182,"codeSignals":313,"taintFlows":391,"riskAssessment":483,"analyzedAt":499},{"hooks":183,"ajaxHandlers":309,"restRoutes":310,"shortcodes":311,"cronEvents":312,"entryPointCount":50,"unprotectedCount":50},[184,189,192,195,198,201,205,208,212,216,221,225,227,230,233,235,238,241,244,247,250,254,258,261,263,266,269,272,275,278,280,283,285,288,291,294,297,300,303,306],{"type":185,"name":186,"callback":187,"file":188,"line":13},"action","admin_init","anonymous","includes\\class.base.php",{"type":185,"name":190,"callback":187,"file":188,"line":191},"init",193,{"type":185,"name":190,"callback":187,"file":193,"line":194},"includes\\class.content_utilities.php",29,{"type":185,"name":190,"callback":187,"priority":196,"file":193,"line":197},11,30,{"type":185,"name":199,"callback":187,"file":193,"line":200},"admin_enqueue_scripts",33,{"type":185,"name":202,"callback":187,"priority":203,"file":193,"line":204},"do_meta_boxes",10,39,{"type":185,"name":206,"callback":187,"priority":203,"file":193,"line":207},"save_post",47,{"type":185,"name":209,"callback":187,"priority":210,"file":193,"line":211},"pre_get_posts",20,50,{"type":185,"name":213,"callback":214,"file":193,"line":215},"admin_notices","_admin_notice_post_locked",493,{"type":185,"name":217,"callback":218,"priority":219,"file":193,"line":220},"admin_print_footer_scripts","wp_tiny_mce",25,508,{"type":222,"name":223,"callback":187,"file":224,"line":194},"filter","the_content_feed","includes\\class.feeds.php",{"type":222,"name":226,"callback":187,"file":224,"line":197},"the_excerpt_rss",{"type":222,"name":228,"callback":187,"file":224,"line":229},"get_wp_title_rss",107,{"type":185,"name":231,"callback":187,"file":232,"line":200},"cnr_register_field_types","includes\\class.media.php",{"type":185,"name":234,"callback":187,"file":232,"line":204},"media_upload_cnr_field_media",{"type":222,"name":236,"callback":187,"priority":196,"file":232,"line":237},"attachment_fields_to_edit",42,{"type":185,"name":239,"callback":187,"file":232,"line":240},"pre-html-upload-ui",45,{"type":222,"name":242,"callback":187,"priority":203,"file":232,"line":243},"admin_url",51,{"type":185,"name":245,"callback":187,"file":232,"line":246},"cnr_admin_menu_type",54,{"type":222,"name":248,"callback":187,"file":232,"line":249},"media_upload_tabs",57,{"type":185,"name":251,"callback":187,"priority":196,"file":252,"line":253},"admin_head","includes\\class.post.php",40,{"type":222,"name":255,"callback":187,"file":256,"line":257},"rewrite_rules_array","includes\\class.structure.php",102,{"type":222,"name":259,"callback":187,"file":256,"line":260},"post_rewrite_rules",105,{"type":185,"name":209,"callback":187,"file":256,"line":262},108,{"type":222,"name":264,"callback":187,"priority":203,"file":256,"line":265},"post_link",111,{"type":222,"name":267,"callback":187,"priority":203,"file":256,"line":268},"post_type_link",112,{"type":222,"name":270,"callback":187,"priority":203,"file":256,"line":271},"wp_nav_menu_objects",115,{"type":185,"name":273,"callback":187,"priority":197,"file":256,"line":274},"admin_print_scripts",118,{"type":185,"name":276,"callback":187,"priority":203,"file":256,"line":277},"update_option_permalink_structure",119,{"type":185,"name":202,"callback":187,"priority":29,"file":256,"line":279},122,{"type":222,"name":281,"callback":187,"priority":203,"file":256,"line":282},"wp_insert_post_data",124,{"type":185,"name":206,"callback":187,"priority":203,"file":256,"line":284},125,{"type":185,"name":286,"callback":187,"priority":203,"file":256,"line":287},"delete_post",126,{"type":185,"name":289,"callback":187,"file":256,"line":290},"restrict_manage_posts",128,{"type":185,"name":292,"callback":187,"file":256,"line":293},"parse_request",129,{"type":222,"name":295,"callback":187,"file":256,"line":296},"manage_posts_columns",130,{"type":185,"name":298,"callback":187,"priority":203,"file":256,"line":299},"manage_posts_custom_column",131,{"type":185,"name":301,"callback":187,"priority":203,"file":256,"line":302},"quick_edit_custom_box",132,{"type":185,"name":304,"callback":187,"priority":203,"file":256,"line":305},"bulk_edit_custom_box",133,{"type":185,"name":190,"callback":307,"priority":29,"file":308,"line":194},"cnr_init","main.php",[],[],[],[],{"dangerousFunctions":314,"sqlUsage":321,"outputEscaping":326,"fileOperations":50,"externalRequests":50,"nonceChecks":50,"capabilityChecks":94,"bundledLibraries":390},[315,318],{"fn":316,"file":224,"line":211,"context":317},"create_function","$cb = create_function('', 'return true;');",{"fn":316,"file":252,"line":319,"context":320},88,"$callback = create_function('$post', 'return $post->ID;');",{"prepared":203,"raw":29,"locations":322},[323],{"file":224,"line":324,"context":325},179,"$wpdb->get_var() with variable interpolation",{"escaped":327,"rawEcho":328,"locations":329},23,32,[330,334,336,337,339,341,343,345,347,349,351,353,354,356,358,360,361,362,364,365,367,369,371,372,373,375,377,379,381,383,385,387],{"file":331,"line":332,"context":333},"includes\\class.content_type.php",392,"raw output",{"file":193,"line":335,"context":333},742,{"file":193,"line":335,"context":333},{"file":193,"line":338,"context":333},747,{"file":193,"line":340,"context":333},785,{"file":193,"line":342,"context":333},849,{"file":193,"line":344,"context":333},850,{"file":193,"line":346,"context":333},876,{"file":193,"line":348,"context":333},934,{"file":193,"line":350,"context":333},1224,{"file":224,"line":352,"context":333},212,{"file":232,"line":305,"context":333},{"file":232,"line":355,"context":333},138,{"file":232,"line":357,"context":333},139,{"file":232,"line":359,"context":333},140,{"file":232,"line":359,"context":333},{"file":232,"line":359,"context":333},{"file":232,"line":363,"context":333},149,{"file":232,"line":363,"context":333},{"file":232,"line":366,"context":333},150,{"file":232,"line":368,"context":333},151,{"file":232,"line":370,"context":333},152,{"file":232,"line":370,"context":333},{"file":232,"line":370,"context":333},{"file":232,"line":374,"context":333},208,{"file":232,"line":376,"context":333},489,{"file":252,"line":378,"context":333},175,{"file":256,"line":380,"context":333},548,{"file":256,"line":382,"context":333},662,{"file":256,"line":384,"context":333},732,{"file":256,"line":386,"context":333},734,{"file":388,"line":389,"context":333},"includes\\class.utilities.php",308,[],[392,408,423,432,475],{"entryPoint":393,"graph":394,"unsanitizedCount":29,"severity":41},"attachment_html_upload_ui (includes\\class.media.php:319)",{"nodes":395,"edges":406},[396,401],{"id":397,"type":398,"label":399,"file":232,"line":400},"n0","source","$_REQUEST[$var]",323,{"id":402,"type":403,"label":404,"file":232,"line":400,"wp_function":405},"n1","sink","echo() [XSS]","echo",[407],{"from":397,"to":402,"sanitized":49},{"entryPoint":409,"graph":410,"unsanitizedCount":50,"severity":422},"admin_menu_load_plugin (includes\\class.content_utilities.php:459)",{"nodes":411,"edges":419},[412,415],{"id":397,"type":398,"label":413,"file":193,"line":414},"$_GET",474,{"id":402,"type":403,"label":416,"file":193,"line":417,"wp_function":418},"wp_redirect() [Open Redirect]",477,"wp_redirect",[420],{"from":397,"to":402,"sanitized":421},true,"low",{"entryPoint":424,"graph":425,"unsanitizedCount":50,"severity":422},"admin_page_manage (includes\\class.content_utilities.php:714)",{"nodes":426,"edges":430},[427,429],{"id":397,"type":398,"label":413,"file":193,"line":428},873,{"id":402,"type":403,"label":404,"file":193,"line":346,"wp_function":405},[431],{"from":397,"to":402,"sanitized":421},{"entryPoint":433,"graph":434,"unsanitizedCount":29,"severity":422},"\u003Cclass.content_utilities> (includes\\class.content_utilities.php:0)",{"nodes":435,"edges":467},[436,437,438,440,445,448,450,453,457,459,462,465],{"id":397,"type":398,"label":413,"file":193,"line":414},{"id":402,"type":403,"label":416,"file":193,"line":417,"wp_function":418},{"id":439,"type":398,"label":413,"file":193,"line":380},"n2",{"id":441,"type":403,"label":442,"file":193,"line":443,"wp_function":444},"n3","get_results() [SQLi]",687,"get_results",{"id":446,"type":398,"label":447,"file":193,"line":380},"n4","$_GET (x3)",{"id":449,"type":403,"label":404,"file":193,"line":335,"wp_function":405},"n5",{"id":451,"type":398,"label":413,"file":193,"line":452},"n6",583,{"id":454,"type":455,"label":456,"file":193,"line":452},"n7","transform","→ admin_page_manage()",{"id":458,"type":403,"label":404,"file":193,"line":335,"wp_function":405},"n8",{"id":460,"type":398,"label":413,"file":193,"line":461},"n9",756,{"id":463,"type":455,"label":464,"file":193,"line":461},"n10","→ count_posts()",{"id":466,"type":403,"label":442,"file":193,"line":443,"wp_function":444},"n11",[468,469,470,471,472,473,474],{"from":397,"to":402,"sanitized":421},{"from":439,"to":441,"sanitized":421},{"from":446,"to":449,"sanitized":421},{"from":451,"to":454,"sanitized":49},{"from":454,"to":458,"sanitized":49},{"from":460,"to":463,"sanitized":49},{"from":463,"to":466,"sanitized":421},{"entryPoint":476,"graph":477,"unsanitizedCount":29,"severity":422},"\u003Cclass.media> (includes\\class.media.php:0)",{"nodes":478,"edges":481},[479,480],{"id":397,"type":398,"label":399,"file":232,"line":400},{"id":402,"type":403,"label":404,"file":232,"line":400,"wp_function":405},[482],{"from":397,"to":402,"sanitized":49},{"summary":484,"deductions":485},"The plugin \"cornerstone\" v0.8.1 presents a mixed security posture. While the attack surface appears to be minimal with no identified AJAX handlers, REST API routes, shortcodes, or cron events, the code signals reveal significant concerns. The presence of \"create_function\", a dangerous PHP function known for potential security risks, is a notable weakness. Furthermore, a concerning 58% of output escaping is not properly implemented, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.  The taint analysis also shows that 60% of analyzed flows have unsanitized paths, though no critical or high-severity issues were found in this specific analysis.\n\nThe vulnerability history is a major red flag, with three known CVEs, one of which remains unpatched. The common vulnerability type being Cross-Site Scripting aligns with the output escaping findings. The fact that the last vulnerability was recent (2025-10-06) suggests ongoing security challenges with this plugin. While the plugin exhibits some good practices like a high percentage of prepared SQL statements and some capability checks, the combination of dangerous functions, insufficient output escaping, unsanitized paths, and a history of unpatched XSS vulnerabilities points to a plugin that requires significant attention to security.\n\nIn conclusion, the \"cornerstone\" v0.8.1 plugin has fundamental security weaknesses in its code that, coupled with its vulnerability history, create a substantial risk. The lack of proper output escaping is a critical vulnerability that could be exploited by attackers. The presence of dangerous functions and unpatched vulnerabilities further exacerbates the risk. Users should exercise extreme caution and prioritize updating or seeking alternative solutions.",[486,489,491,494,497],{"reason":487,"points":488},"Unpatched CVE detected",18,{"reason":490,"points":203},"Dangerous function detected (create_function)",{"reason":492,"points":493},"High percentage of unescaped output",15,{"reason":495,"points":496},"Flows with unsanitized paths detected",12,{"reason":498,"points":203},"Multiple past vulnerabilities (3 total)","2026-03-16T17:22:56.843Z",{"wat":501,"direct":510},{"assetPaths":502,"generatorPatterns":505,"scriptPaths":506,"versionParams":507},[503,504],"\u002Fwp-content\u002Fplugins\u002Fcornerstone\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcornerstone\u002Fassets\u002Fjs\u002Fmain.js",[],[],[508,509],"cornerstone\u002Fassets\u002Fcss\u002Fmain.css?ver=","cornerstone\u002Fassets\u002Fjs\u002Fmain.js?ver=",{"cssClasses":511,"htmlComments":563,"htmlAttributes":564,"restEndpoints":570,"jsGlobals":571,"shortcodeOutput":574},[512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562],"cnr-wrapper","cnr-body","cnr-content","cnr-sidebar","cnr-footer","cnr-header","cnr-nav","cnr-menu","cnr-item","cnr-active","cnr-disabled","cnr-button","cnr-form","cnr-input","cnr-label","cnr-error","cnr-success","cnr-warning","cnr-info","cnr-modal","cnr-overlay","cnr-close","cnr-title","cnr-description","cnr-meta","cnr-date","cnr-author","cnr-category","cnr-tag","cnr-comment","cnr-avatar","cnr-reply","cnr-pagination","cnr-next","cnr-prev","cnr-first","cnr-last","cnr-page","cnr-current","cnr-breadcrumb","cnr-home","cnr-separator","cnr-search","cnr-field","cnr-submit","cnr-loading","cnr-loaded","cnr-error-message","cnr-success-message","cnr-warning-message","cnr-info-message",[],[565,566,567,568,569],"data-cnr","data-cnr-id","data-cnr-type","data-cnr-value","data-cnr-options",[],[572,573],"CNR","cnr",[],{"error":421,"url":576,"statusCode":577,"statusMessage":578,"message":578},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcornerstone\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":76,"versions":580},[581,587,597,607],{"version":6,"download_url":26,"svn_tag_url":582,"released_at":39,"has_diff":49,"diff_files_changed":583,"diff_lines":39,"trac_diff_url":584,"vulnerabilities":585,"is_current":421},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcornerstone\u002Ftags\u002F0.8.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcornerstone%2Ftags%2F0.8.0&new_path=%2Fcornerstone%2Ftags%2F0.8.1",[586],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"version":588,"download_url":589,"svn_tag_url":590,"released_at":39,"has_diff":49,"diff_files_changed":591,"diff_lines":39,"trac_diff_url":592,"vulnerabilities":593,"is_current":49},"0.8.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcornerstone.0.8.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcornerstone\u002Ftags\u002F0.8.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcornerstone%2Ftags%2F0.7.8&new_path=%2Fcornerstone%2Ftags%2F0.8.0",[594,595,596],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":65,"url_slug":66,"title":67,"severity":41,"cvss_score":57,"vuln_type":44,"patched_in_version":6},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":57,"vuln_type":44,"patched_in_version":6},{"version":598,"download_url":599,"svn_tag_url":600,"released_at":39,"has_diff":49,"diff_files_changed":601,"diff_lines":39,"trac_diff_url":602,"vulnerabilities":603,"is_current":49},"0.7.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcornerstone.0.7.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcornerstone\u002Ftags\u002F0.7.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcornerstone%2Ftags%2F0.7.7&new_path=%2Fcornerstone%2Ftags%2F0.7.8",[604,605,606],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":65,"url_slug":66,"title":67,"severity":41,"cvss_score":57,"vuln_type":44,"patched_in_version":6},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":57,"vuln_type":44,"patched_in_version":6},{"version":608,"download_url":609,"svn_tag_url":610,"released_at":39,"has_diff":49,"diff_files_changed":611,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":612,"is_current":49},"0.7.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcornerstone.0.7.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcornerstone\u002Ftags\u002F0.7.7\u002F",[],[613,614,615],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":65,"url_slug":66,"title":67,"severity":41,"cvss_score":57,"vuln_type":44,"patched_in_version":6},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":57,"vuln_type":44,"patched_in_version":6}]