[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f69kxETMNqPjlxaa1ezL2FD2OLmtyQanBJPjHRrhVPpE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":54,"analysis":154,"fingerprints":271},"css-js-files","CSS JS Files","1.5.6","jamesdlow","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamesdlow\u002F","\u003Cp>A simple WordPress plugin that allows users to select files CSS and\u002For write CSS rules to any single page or post or globally\u003C\u002Fp>\n","Select files CSS\u002FJS and\u002For write CSS\u002FJS rules to any single page or post or globally",100,7855,2,"2026-01-26T01:44:00.000Z","6.5.8","4.9.0","",[19,20,21,22,23],"css","custom-css","file-css","page","post","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcss-js-files\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcss-js-files.zip",99,1,0,"2024-09-24 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-9146","css-js-files-authenticated-admin-arbitrary-file-read","CSS JS Files \u003C= 1.5.0 - Authenticated (Admin+) Arbitrary File Read","The CSS JS Files plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the editor_page() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.",null,"\u003C=1.5.0","1.5.1","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2024-10-02 20:28:13",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc532fc06-1ddd-4472-a5aa-10d7c8688d36?source=api-prod",9,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},11,390,90,87,"2026-04-04T05:04:37.009Z",[55,73,96,115,133],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":11,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":70,"download_link":71,"security_score":72,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"css-file-selector","CSS File Selector","1.0.4","Chrgiga","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrgiga\u002F","\u003Cp>A simple WordPress plugin that allows users to select files CSS and\u002For write CSS rules to any single page or post\u003C\u002Fp>\n","Select files CSS and\u002For write CSS rules to any single page or post",30,4829,3,"2015-01-07T22:58:00.000Z","4.1.42","3.0",[19,20,21,22,23],"http:\u002F\u002Fwww.chrgiga.com\u002Fcss-file-selector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcss-file-selector.zip",85,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":94,"download_link":95,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"postpage-specific-custom-css","Post\u002FPage Specific Custom Code","0.3.0","Łukasz Nowicki","https:\u002F\u002Fprofiles.wordpress.org\u002Flukasznowicki\u002F","\u003Cp>Post\u002FPage\u002FProduct-specific custom code allows you to add custom CSS styles to individual posts, pages, or WooCommerce products. It provides a dedicated area in the editor screen where you can write your CSS code. You can also choose whether the CSS should apply only to the single view or also to archive-type views.\u003C\u002Fp>\n\u003Cp>A new meta box will appear below the content editor on the edit screen for posts, pages, and products. You can enter any custom CSS there and decide whether it loads only on the single view or also on archive pages like category listings or product grids.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>This plugin requires at least WordPress 5.0 (remember always to keep your WordPress installation up to date!) and PHP 7.4 on your server.\u003C\u002Fp>\n","Add custom CSS to posts, pages, or WooCommerce products, with optional archive support. Includes a dedicated editor box.",7000,77520,92,42,"2025-07-21T14:45:00.000Z","6.8.5","5.0","7.4",[20,90,91,92,93],"per-page-css","post-specific","product","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpostpage-specific-custom-css\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostpage-specific-custom-css.0.3.0.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":11,"num_ratings":27,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":17,"tags":109,"homepage":17,"download_link":114,"security_score":72,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"super-simple-custom-css","Super Simple Custom CSS","2.0","ColoredWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoloredwebwp\u002F","\u003Cp>*Functionalities Super Simple Custom CSS provide\u003C\u002Fp>\n\u003Cp>1) Apply sitewide CSS:\u003Cbr \u002F>\nYou may apply certain css which will be effecting areas sitewite.\u003C\u002Fp>\n\u003Cp>2) Apply CSS to Specific post\u003Cbr \u002F>\nYou may apply specific css by selecting post on whichever you want to apply. You also can select more then one post for applying slimier style to more then one post.\u003C\u002Fp>\n\u003Cp>3) Apply CSS to Specific page:\u003Cbr \u002F>\nYou may apply specific css by selecting page on whichever you want to apply. You also can select more then one page for applying slimier style to more then one page.\u003C\u002Fp>\n\u003Cp>4) Apply CSS to all posts:\u003Cbr \u002F>\nYou may apply certain css to all the posts together.\u003C\u002Fp>\n\u003Cp>5) Apply CSS to all pages:\u003Cbr \u002F>\nYou may apply certain css to all the pages together.\u003C\u002Fp>\n\u003Cp>Note: You can also apply css by editing any page or post. You will find Super Simple Custom CSS box to add CSS you want to apply for that particulate page or post.\u003C\u002Fp>\n","Super Simple Custom CSS wordpress plugin is used for adding custom styling to all post, all page,specific post,specific page or sitewide.",300,7364,"2020-08-30T11:00:00.000Z","5.5.18","3.8",[20,110,111,112,113],"simple-css","specific-css","specific-page-css","specific-post-css","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsuper-simple-custom-css.2.0.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":28,"num_ratings":28,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":17,"download_link":132,"security_score":72,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"custom-css-for-pages","Custom CSS for pages","1.0","farvehandleren","https:\u002F\u002Fprofiles.wordpress.org\u002Ffarvehandleren\u002F","\u003Cp>Create custom css for pages.\u003C\u002Fp>\n","Create custom css for pages.",10,1676,"2016-06-30T07:15:00.000Z","4.4.34","4.0",[19,129,20,130,131],"custom","pages","post-custom-css","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-for-pages.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":143,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":17,"requires_php":17,"tags":147,"homepage":17,"download_link":151,"security_score":152,"vuln_count":13,"unpatched_count":28,"last_vuln_date":153,"fetched_at":30},"instant-css","Instant CSS","1.2.2","dylanblokhuis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdylanblokhuis\u002F","\u003Cp>Use the power of Visual Studio Code in WordPress to write your CSS or SCSS\u003C\u002Fp>\n\u003Cp>The plugin uses autoprefixer to parse your CSS\u002FSCSS into CSS that will work on older browsers, no need to write -webkit, -moz or -o.\u003C\u002Fp>\n\u003Cp>You can also choose to use SCSS, more info about SCSS here: https:\u002F\u002Fsass-lang.com\u002Fguide\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use all the powerful features from Visual Studio Code\u003C\u002Fli>\n\u003Cli>Your CSS gets compiled with autoprefixer to work on older browsers\u003C\u002Fli>\n\u003Cli>Use SCSS to create efficient stylesheets with variables, mixins, etc.\u003C\u002Fli>\n\u003Cli>Option to minify your CSS to reduce loading times\u003C\u002Fli>\n\u003Cli>No refreshing on saving\u003C\u002Fli>\n\u003Cli>Live editor updating styles on save and have the browser update simultaneously\u003C\u002Fli>\n\u003C\u002Ful>\n","Write your styles beautifully with the power of Visual Studio Code",4000,14854,98,15,"2023-09-21T07:16:00.000Z","6.3.8",[19,20,148,149,150],"postcss","sass","scss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-css.zip",84,"2023-09-29 00:00:00",{"attackSurface":155,"codeSignals":194,"taintFlows":234,"riskAssessment":262,"analyzedAt":270},{"hooks":156,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":28,"unprotectedCount":28},[157,163,166,168,171,174,177,181,184,187],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","add_meta_boxes","add_custom_box","css-js-files.php",26,{"type":158,"name":164,"callback":160,"priority":27,"file":161,"line":165},"admin_init",28,{"type":158,"name":167,"callback":167,"file":161,"line":63},"save_post",{"type":158,"name":169,"callback":169,"file":161,"line":170},"admin_enqueue_scripts",32,{"type":158,"name":172,"callback":172,"file":161,"line":173},"wp_enqueue_scripts",34,{"type":158,"name":175,"callback":175,"file":161,"line":176},"wp_head",36,{"type":158,"name":178,"callback":179,"file":161,"line":180},"wp_body_open","wp_body",37,{"type":158,"name":182,"callback":182,"file":161,"line":183},"wp_footer",38,{"type":158,"name":185,"callback":185,"file":161,"line":186},"admin_head",43,{"type":158,"name":188,"callback":188,"file":161,"line":189},"admin_menu",45,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":232,"externalRequests":28,"nonceChecks":27,"capabilityChecks":232,"bundledLibraries":233},[],{"prepared":28,"raw":28,"locations":197},[],{"escaped":199,"rawEcho":144,"locations":200},5,[201,204,206,208,210,212,214,216,218,220,222,224,226,228,230],{"file":161,"line":202,"context":203},106,"raw output",{"file":161,"line":205,"context":203},118,{"file":161,"line":207,"context":203},166,{"file":161,"line":209,"context":203},167,{"file":161,"line":211,"context":203},289,{"file":161,"line":213,"context":203},290,{"file":161,"line":215,"context":203},291,{"file":161,"line":217,"context":203},292,{"file":161,"line":219,"context":203},294,{"file":161,"line":221,"context":203},349,{"file":161,"line":223,"context":203},356,{"file":161,"line":225,"context":203},359,{"file":161,"line":227,"context":203},369,{"file":161,"line":229,"context":203},373,{"file":161,"line":231,"context":203},380,4,[],[235,254],{"entryPoint":236,"graph":237,"unsanitizedCount":28,"severity":253},"menu_page (css-js-files.php:63)",{"nodes":238,"edges":250},[239,244],{"id":240,"type":241,"label":242,"file":161,"line":243},"n0","source","$_POST (x5)",75,{"id":245,"type":246,"label":247,"file":161,"line":248,"wp_function":249},"n1","sink","update_option() [Settings Manipulation]",88,"update_option",[251],{"from":240,"to":245,"sanitized":252},true,"low",{"entryPoint":255,"graph":256,"unsanitizedCount":28,"severity":253},"\u003Ccss-js-files> (css-js-files.php:0)",{"nodes":257,"edges":260},[258,259],{"id":240,"type":241,"label":242,"file":161,"line":243},{"id":245,"type":246,"label":247,"file":161,"line":248,"wp_function":249},[261],{"from":240,"to":245,"sanitized":252},{"summary":263,"deductions":264},"The \"css-js-files\" plugin v1.5.6 presents a mixed security profile.  On the positive side, the static analysis reveals no exploitable attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks.  Furthermore, the plugin demonstrates good practices with 100% of its SQL queries utilizing prepared statements and having at least one nonce check and four capability checks.  However, a significant concern arises from the output escaping, with only 25% of 20 total outputs being properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before outputting to the browser.  The file operations, while present, are not explicitly flagged as a risk in the taint analysis, which shows no unsanitized paths. \n\nThe vulnerability history of this plugin is a notable point of concern.  While there are no currently unpatched vulnerabilities, the presence of one past CVE, specifically related to 'Improper Limitation of a Pathname to a Restricted Directory' (Path Traversal), suggests a history of critical security flaws.  Although this specific vulnerability is patched, it indicates a tendency for the plugin to have had historically serious security weaknesses.  The fact that the last vulnerability was very recent (September 2024) also warrants attention, suggesting that ongoing security diligence is crucial.  \n\nIn conclusion, the plugin has strengths in its limited attack surface and secure SQL handling. However, the poor output escaping and the history of a serious vulnerability like path traversal, even if patched, represent significant weaknesses.  The recent nature of the last vulnerability further amplifies these concerns, suggesting that while the current version might be free of known critical issues, a cautious approach is recommended due to its past security incidents and remaining code concerns.",[265,268],{"reason":266,"points":267},"25% output escaping for 20 outputs",6,{"reason":269,"points":199},"History of 1 medium severity vulnerability","2026-03-16T20:36:16.985Z",{"wat":272,"direct":279},{"assetPaths":273,"generatorPatterns":275,"scriptPaths":276,"versionParams":277},[274],"\u002Fwp-content\u002Fplugins\u002Fcss-js-files\u002Fcss-js-files.php",[],[],[278],"css-js-files\u002Fcss-js-files.php?ver=",{"cssClasses":280,"htmlComments":283,"htmlAttributes":284,"restEndpoints":298,"jsGlobals":299,"shortcodeOutput":300},[281,282],"css-js-files-text","css-js-files-text-full",[],[285,286,287,288,289,290,291,292,293,294,295,296,297],"name=\"css_js_files_css_links\"","name=\"css_js_files_css_files[]\"","name=\"css_js_files_css_rules\"","name=\"css_js_files_css_admin\"","name=\"css_js_files_js_links\"","name=\"css_js_files_js_files[]\"","name=\"css_js_files_js_rules\"","name=\"css_js_files_js_admin\"","name=\"css_js_files_head_rules\"","name=\"css_js_files_body_rules\"","name=\"css_js_files_footer_rules\"","name=\"css_js_files_path\"","name=\"css_js_files_content\"",[],[],[]]