[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0C1XmoORdy9sPMvvdxg3jdZGiB-iQDF4AgGcGIwQT4E":3,"$fofjiEqDnM9Ug4CbXTmGtVXqeRAJx7HK7zPU9S-6ayXc":257,"$fPkGbWmshZcRdRVM6g_M0KAK0BK9MJvbIKUr3Qb1Qg8Y":261},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":53,"analysis":154,"fingerprints":237},"create-posts-terms","Create Posts & Terms","1.3.1","Valentin Agachi","https:\u002F\u002Fprofiles.wordpress.org\u002Favaly\u002F","\u003Cp>Create Posts & Terms helps with automatically creating a list of new pages, posts & custom post items with dummy content. The items can be nested and can have custom fields & terms assigned upon creation.\u003C\u002Fp>\n\u003Cp>It also allows you to create a list of categories, post tags & custom taxonomies terms.\u003C\u002Fp>\n","Create pages, posts, custom post items, categories, post tags & custom taxonomies terms in bulk.",70,3424,0,"2012-03-15T13:28:00.000Z","3.3.2","3.0","",[19,20,21,22,23],"categories","cpt","create","pages","posts","http:\u002F\u002Fgithub.com\u002Favaly\u002Fcreate-pages","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcreate-posts-terms.zip",63,1,"2025-10-27 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-49351","create-posts-terms-cross-site-request-forgery","Create Posts & Terms \u003C= 1.3.1 - Cross-Site Request Forgery","The Create Posts & Terms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.3.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-12-10 15:51:42",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5ae4d19a-26f1-491e-b0ac-0bb2c6cdd318?source=api-prod",[],false,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"avaly",30,68,"2026-05-20T07:53:28.448Z",[54,75,95,118,138],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":11,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":17,"tags":68,"homepage":71,"download_link":72,"security_score":73,"vuln_count":64,"unpatched_count":13,"last_vuln_date":74,"fetched_at":29},"essential-widgets","Essential Widgets","3.0.1","Catch Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatchthemes\u002F","\u003Cp>Essential Widgets – a free WordPress plugin for widgets allows you to create and add interesting widgets on your website to make it more attractive and welcoming. Essential Widgets stays true to the essence of its name and offers exactly what you expect from a widgets plugin—all the “essential” widgets for your website. The plugin has been crafted beautifully to draw the extra attention to the important parts of your website. Essential Widgets provides you with the ability to have more control over the widgets with the various customization options. This free WordPress plugin for widgets allows you to create 7 different interesting widgets on your website. All the 7 widgets provided to you comes with so many customization options and are very easy to use. So, with Essential Widgets plugin, customize the interesting widgets your way and display them anywhere you want on your website to make it more dynamic.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>EW: Archives\u003Cbr \u002F>\nThe Archives widget comes with various customization options. Choose a title, limit the number of posts, select the archive type, post type, order and more with the Archives widget.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Authors\u003Cbr \u002F>\nDisplaying the author’s information is kind of a must-have feature if your website has multiple authors. Our new WordPress widgets plugin allows you to add Authors widget. With this widget, you can show the list of the authors on your website, the number of posts, select feed type, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Categories\u003Cbr \u002F>\nEssential Widgets Pro supports Categories widget. The widget provides you with various customizable options such as the title of the widget, taxonomy option, order option, number of categories to show, display as a list or none, number of posts to display, sort by option, select feed type ton display and display as text or image.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Menus\u003Cbr \u002F>\nBored with the same default menu? Our new WordPress plugin for widgets, Essential Widgets Pro supports Menus widget. With the Menus widget filled with various customization options, you can display your menus elegantly anywhere you want on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Pages\u003Cbr \u002F>\nDisplay a list of pages with the Pages widget. With various customization options being provided to you, you can showcase the pages that are more important on your website wherever you want with Essential Widgets Pro.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Posts\u003Cbr \u002F>\nEssential Widgets Pro supports Posts widget. With the widget and its customizable options, you can easily display a list of posts on your website. You can add a title, select the post type, number of items to display, order, sort by, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Tags\u003Cbr \u002F>\nAnd last, but definitely not the least, the Tags widget. You can display a list of tags as cloud or list, select the order of the tags, sort by option and the number of items to be displayed. The widget also provides you with more customization options including the unit, separator, search, text type, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>To translate the plugin, use translate.wordpress.org (GlotPress). You only need your WordPress.org account to join the collaborative translation project.\u003C\u002Fp>\n\u003Cp>You can translate Essential Widgets on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fessential-widgets\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Essential Widgets is a WordPress plugin for widgets that allows you to create and add amazing widgets with high customization option",10000,490680,2,"2026-01-26T17:59:00.000Z","6.9.4","5.9",[19,22,23,69,70],"tags","widgets","https:\u002F\u002Fcatchplugins.com\u002Fplugins\u002Fessential-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.3.0.1.zip",98,"2026-02-04 18:41:50",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":17,"tags":90,"homepage":92,"download_link":93,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":94,"fetched_at":29},"wpa-seo-auto-linker","SEO Auto Linker","1.5.3","Arjan Olsder","https:\u002F\u002Fprofiles.wordpress.org\u002Farjanolsder\u002F","\u003Cp>Want to automatically create cornerstone content? WPA SEO Auto Linker helps get this done. Simply create a new keyword or a new phrase. The system will link that keyword or phrase to your chosen dofollow URL. Through the settings, it is easy to finetune the workings of this plugin. For performance, it is best to make use of a caching engine.\u003C\u002Fp>\n\u003Cp>“Using this plugin didn’t just help define cornerstone content in our SEO strategy, it also increased pageviews by 18%. The average visitor spends 13 seconds more on our website.” – Roelof van Doorn, technical editor at GadgetGear.nl\u003C\u002Fp>\n\u003Cp>While our plugin has been without support for three years, we have seen a lot of similar plugins moving in. Please note we will not be adding fancy interfaces or click tracking. The reason is we want to remain the fastest tool on the market. Click tracking takes a heavy hit on your database while creating a smooth graphical interface will lead to code bloat and the security risks that come with maintaining huge heaps of code. We just don’t want that.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>WPA SEO Auto Linker plugin is based on the SEO Auto Links 0.5 plugin by Maarten Brakkee.\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Fseo-auto-links\u002F\u003C\u002Fp>\n\u003Cp>The SEO Auto links plugin is based on the SEO Smart Links 2.7.6 plugin by Vladimir Prelovac:\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Fseo-automatic-links\u002F\u003C\u002Fp>\n\u003Cp>Inspiration for SEO Smart Links originated from the Autolink plugin by Chris Lynch\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.planetofthepenguins.com\u002F\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of WPA SEO Auto Linker.\u003C\u002Fp>\n\u003Cp>WPA SEO Auto Linker is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>WPA SEO Auto Linker is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with WPA SEO Auto Linker. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","SEO Auto Linker assists in creating cornerstone SEO content. This is not a full replacement for SEO plugins.",4000,60841,86,16,"2024-12-17T10:14:00.000Z","6.7.5","5.6",[19,22,91,23,69],"post","https:\u002F\u002Fwww.websitenazorg.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpa-seo-auto-linker.1.5.3.zip","2025-09-05 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":16,"requires_php":17,"tags":109,"homepage":115,"download_link":116,"security_score":117,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"bainternet-posts-creation-limits","Bainternet Posts Creation Limits","3.2","Bainternet","https:\u002F\u002Fprofiles.wordpress.org\u002Fbainternet\u002F","\u003Cp>this plugin helps you to limit the number of posts\u002Fpages\u002Fcustom post types each user can create on your site. say you have a multiple author blog and you want to limit the number of posts each author can post.\u003C\u002Fp>\n\u003Cp>very simple and light wieght plugin that runs only when user tries to crate a new post of any kind (post,page,attachment,or any custom post type) and check if he has reached his limit.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main Feature:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit number of any post type creation.\u003C\u002Fli>\n\u003Cli>Select Post Status to count. (NEW)\u003C\u002Fli>\n\u003Cli>Limit number of any post type creation by user Role. (NEW)\u003C\u002Fli>\n\u003Cli>Limit number of any post type creation by user ID. (NEW)\u003C\u002Fli>\n\u003Cli>New Limit Rule System (faster and stable).\u003C\u002Fli>\n\u003Cli>Custom blocked message For each Rule. (NEW)\u003C\u002Fli>\n\u003Cli>MultiSite Support. (Fixed and works better then before)\u003C\u002Fli>\n\u003Cli>ADD NEW Links are removed when limit is reached (NEW)\u003C\u002Fli>\n\u003Cli>0 Now means ZERO so Its actually blocks the user from creating at all.\u003C\u002Fli>\n\u003Cli>Shortcode to limit front end post creation (NEW).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>!! Do Not Try with admin user beacuse he is never limited unless you are on a multisite install and then the super admin is never limited.\u003C\u002Fp>\n\u003Cp>any Feedback is Welcome.\u003C\u002Fp>\n\u003Cp>check out our \u003Ca href=\"http:\u002F\u002Fen.bainternet.info\u002Fcategory\u002Fplugins\" rel=\"nofollow ugc\">other plugins\u003C\u002Fa>\u003C\u002Fp>\n","this plugin helps you to limit the number of posts\u002Fpages\u002Fcustom post types each user can create on your site.",300,20568,76,21,"2016-12-11T13:05:00.000Z","4.7.0",[110,111,112,113,114],"cpt-limits","limit-pages","limit-user","limits","posts-per-user","http:\u002F\u002Fen.bainternet.info\u002Fcategory\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbainternet-posts-creation-limits.3.2.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":17,"tags":133,"homepage":136,"download_link":137,"security_score":117,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"wp-multilingual-sitemap","WP Multilingual Sitemap","0.1","adiaz","https:\u002F\u002Fprofiles.wordpress.org\u002Fadiaz\u002F","\u003Cp>\u003Cstrong>WP Multilingual Sitemap is a highly customizable WordPress plugin that allows displaying, in posts and pages, an HTML sitemap of: pages, posts and posts ordered by categories.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>CMS Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Sitemap settings are set through a \u003Cstrong>shortcode\u003C\u002Fstrong> added in a post or page\u003C\u002Fli>\n\u003Cli>Support for pages, posts and custom posts \u003C\u002Fli>\n\u003Cli>Support for native WordPress functions parameters\u003C\u002Fli>\n\u003Cli>No data added to the database\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multilingual Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WPML translations fully compatible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Display sitemaps in different languages without changing the shortcodes\u003C\u002Fli>\n\u003Cli>Built-in plugin localization without .mo files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Accesibility Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0\u003C\u002Fli>\n\u003Cli>HTML5 validation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cp>Here you can find some examples of use:\u003C\u002Fp>\n\u003Ch4>Sitemap Pages (`[wpms-pages]`)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Display pages with a depth limit of 2 and exclude page ID 25\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-pages depth=2 exclude=25]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display pages with only children and grandchildren of the current page\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-pages child_of=CURRENT]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display pages with the page modified date and pages sorted by the menu order number.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-pages show_date=modified sort_column=menu_order]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Sitemap Posts ([wpms-posts])\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Display 3 posts from a category with ID 50 ordered by title\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-posts category=50 numberposts=3 orderby=title]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display all private custom ‘movie’ posts with the list title “Movies”\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-posts post_type=movie post_status=private title_li=Movies]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display posts in all languages (WPML)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-posts suppress_filters=1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Sitemap Posts by Categories ([wpms-categories-posts])\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Display posts of just 5 categories\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-categories-posts number=5]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display posts of only top categories\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-categories-posts depth=1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display posts of categories whose parent’s category ID is 40\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpms-categories-posts child_of=40]\u003Ch3>Available Parameters\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Codex\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_list_pages\" rel=\"nofollow ugc\">Template Documentation for the \u003Ccode>wp_list_pages\u003C\u002Fcode> function\u003C\u002Fa>: use this with \u003Ccode>[wpms-pages]\u003C\u002Fcode> shortcode\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fget_posts\" rel=\"nofollow ugc\">Template Documentation for the \u003Ccode>get_posts\u003C\u002Fcode> function\u003C\u002Fa>: use this with \u003Ccode>[wpms-posts]\u003C\u002Fcode> and \u003Ccode>[wpms-categories-posts]\u003C\u002Fcode> shortcodes\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fwp_list_categories\" rel=\"nofollow ugc\">Template Documentation for the \u003Ccode>wp_list_categories\u003C\u002Fcode> function\u003C\u002Fa>: use this with \u003Ccode>[wpms-categories-posts]\u003C\u002Fcode> shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom\u003C\u002Fh4>\n\u003Cp>In addition, for the \u003Ccode>[wpms-posts]\u003C\u002Fcode> shortcode, you can set another two params:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>\u003Cstrong>‘title_li’\u003C\u002Fstrong>\u003C\u002Fem>: (string) the title and style of the outer list item. Defaults to “Posts”. If empty, the title will be not displayed.\u003C\u002Fli>\n\u003Cli>\u003Cem>\u003Cstrong>‘style’\u003C\u002Fstrong>\u003C\u002Fem>: style to display the categories list. The value ‘list’ displays the categories as list items while empty value generates no special display method (the list items are separated by \u003Ccode>\u003Cbr>\u003C\u002Fcode> tags). The default value is list (creates list items for an unordered list). \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For the latest information visit the website: \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fp\u002Fwp-multilingual-sitemap\u002F\" title=\"Wordpress Multilingual Sitemap\" rel=\"nofollow ugc\">http:\u002F\u002Fcode.google.com\u002Fp\u002Fwp-multilingual-sitemap\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Follow us on Twitter\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Falvarodp\" rel=\"nofollow ugc\">http:\u002F\u002Ftwitter.com\u002Falvarodp\u003C\u002Fa>\u003C\u002Fp>\n","Allows creating complete multilingual sitemaps of your entire blog.",200,14390,80,3,"2010-09-23T12:36:00.000Z","3.0.5","2.8",[19,22,23,134,135],"shortcode","sitemap","http:\u002F\u002Fcode.google.com\u002Fp\u002Fwp-multilingual-sitemap\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-multilingual-sitemap.0.1.zip",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":50,"downloaded":146,"rating":147,"num_ratings":27,"last_updated":148,"tested_up_to":149,"requires_at_least":16,"requires_php":17,"tags":150,"homepage":152,"download_link":153,"security_score":117,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"locus","Locus","1.0","Diana K. Cury","https:\u002F\u002Fprofiles.wordpress.org\u002Fdianakc\u002F","\u003Cp>List post from a specific category with options like date format, link text, order and more. Locus is a very simple plugin for display content in diferrent ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display a single post, page or any available post type.\u003C\u002Fli>\n\u003Cli>Display full content or the excerpt, or both!\u003C\u002Fli>\n\u003Cli>Category descriptions are visible by default, if any.\u003C\u002Fli>\n\u003Cli>Configure date format, link text or hide them all.\u003C\u002Fli>\n\u003Cli>Use styles for every block, (refer the stylesheet in \u003Ccode>locus\u002Fcontrol\u002Flocus-style.css\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Set display post orders, such random, by date, by author, comment count (popularity) etc\u003C\u002Fli>\n\u003Cli>Display thumbnails, if available\u003C\u002Fli>\n\u003Cli>Easy to use: you don’t have to learn to use it\u003C\u002Fli>\n\u003Cli>Settings per widget, so you can have different widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n","Locus allows you display any post, page or post type in widgetized areas of you site.",5937,100,"2014-04-17T04:04:00.000Z","3.9.40",[19,22,151,23,70],"post-types","http:\u002F\u002Fdianakcury.com\u002Fdev\u002Flocus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocus.zip",{"attackSurface":155,"codeSignals":167,"taintFlows":190,"riskAssessment":225,"analyzedAt":236},{"hooks":156,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":13,"unprotectedCount":13},[157],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_menu","cp_plugin_menu","create-posts-terms.php",20,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":64,"bundledLibraries":189},[],{"prepared":13,"raw":13,"locations":170},[],{"escaped":13,"rawEcho":172,"locations":173},8,[174,177,179,181,182,184,186,188],{"file":161,"line":175,"context":176},54,"raw output",{"file":161,"line":178,"context":176},55,{"file":161,"line":180,"context":176},61,{"file":161,"line":11,"context":176},{"file":161,"line":183,"context":176},284,{"file":161,"line":185,"context":176},285,{"file":161,"line":187,"context":176},291,{"file":161,"line":103,"context":176},[],[191,208,216],{"entryPoint":192,"graph":193,"unsanitizedCount":13,"severity":207},"cp_create (create-posts-terms.php:34)",{"nodes":194,"edges":204},[195,199],{"id":196,"type":197,"label":198,"file":161,"line":180},"n0","source","$_SERVER['REQUEST_URI']",{"id":200,"type":201,"label":202,"file":161,"line":180,"wp_function":203},"n1","sink","echo() [XSS]","echo",[205],{"from":196,"to":200,"sanitized":206},true,"low",{"entryPoint":209,"graph":210,"unsanitizedCount":13,"severity":207},"ct_create (create-posts-terms.php:264)",{"nodes":211,"edges":214},[212,213],{"id":196,"type":197,"label":198,"file":161,"line":187},{"id":200,"type":201,"label":202,"file":161,"line":187,"wp_function":203},[215],{"from":196,"to":200,"sanitized":206},{"entryPoint":217,"graph":218,"unsanitizedCount":13,"severity":207},"\u003Ccreate-posts-terms> (create-posts-terms.php:0)",{"nodes":219,"edges":223},[220,222],{"id":196,"type":197,"label":221,"file":161,"line":180},"$_SERVER['REQUEST_URI'] (x2)",{"id":200,"type":201,"label":202,"file":161,"line":180,"wp_function":203},[224],{"from":196,"to":200,"sanitized":206},{"summary":226,"deductions":227},"The \"create-posts-terms\" v1.3.1 plugin exhibits a mixed security posture. On the positive side, the static analysis indicates no dangerous functions, raw SQL queries, file operations, external HTTP requests, or obvious entry points like AJAX handlers, REST API routes, shortcodes, or cron events lacking authentication or permission checks. The SQL queries that are present use prepared statements, which is a strong security practice.\n\nHowever, a significant concern arises from the output escaping. With 8 total outputs and 0% properly escaped, this suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from the plugin, or is influenced by user input, could be susceptible to injection. Furthermore, the vulnerability history reveals a previously patched medium-severity CSRF vulnerability and a currently unpatched medium-severity vulnerability. The recurrence of CSRF issues in the past, coupled with the unpatched vulnerability, indicates a need for more robust security development practices.\n\nIn conclusion, while the plugin has successfully minimized its direct attack surface and employs secure database practices, the lack of output escaping and the presence of unpatched vulnerabilities represent significant weaknesses. The development team should prioritize addressing the output escaping and investigating the currently unpatched vulnerability to mitigate potential risks to user data and site integrity.",[228,231,234],{"reason":229,"points":230},"Unescaped output",6,{"reason":232,"points":233},"Unpatched CVE",15,{"reason":235,"points":64},"Capability checks present, but lack of other security controls","2026-03-16T21:42:01.932Z",{"wat":238,"direct":247},{"assetPaths":239,"generatorPatterns":241,"scriptPaths":242,"versionParams":244},[240],"\u002Fwp-content\u002Fplugins\u002Fcreate-posts-terms\u002Fcss\u002Fstyle.css",[],[243],"\u002Fwp-content\u002Fplugins\u002Fcreate-posts-terms\u002Fjs\u002Fmain.js",[245,246],"create-posts-terms\u002Fcss\u002Fstyle.css?ver=","create-posts-terms\u002Fjs\u002Fmain.js?ver=",{"cssClasses":248,"htmlComments":250,"htmlAttributes":251,"restEndpoints":253,"jsGlobals":254,"shortcodeOutput":256},[249],"wrap",[],[252],"data-post-type",[],[255],"cp_create_post_terms",[],{"error":206,"url":258,"statusCode":259,"statusMessage":260,"message":260},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcreate-posts-terms\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":262},[]]