[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8JCrkVB8FnVreHo7xb9MUT7f8_HECvRqNikPZUVThv0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":6,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":201},"custom-background-for-post-and-page","Custom Background for Post and Page","1.0","sunil chaulagain","https:\u002F\u002Fprofiles.wordpress.org\u002Fmesunil2010\u002F","\u003Cp>Are you looking something to make you WordPress website more interesting???? Then we have a right plugin for you. Now you can design your each post or plugin page individually or simple apply a custom design everywhere on a click.\u003C\u002Fp>\n\u003Cp>Custom Background Design WordPress is a complete for making website awesome. We bet to you that its best of its kind.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwpexplored.com\" rel=\"nofollow ugc\">WpExplored.com\u003C\u002Fa> for more free and premium plugins.\u003C\u002Fp>\n\u003Cp>Major features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Just 1 click installation.\u003C\u002Fli>\n\u003Cli>Global custom design.\u003C\u002Fli>\n\u003Cli>Design Each post\u002Fpage individually.\u003C\u002Fli>\n\u003Cli>Full customization options.\u003C\u002Fli>\n\u003Cli>Support gif animated images.\u003C\u002Fli>\n\u003Cli>Easy color chooser tool.\u003C\u002Fli>\n\u003Cli>Fully integrated in WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to design your WordPress website background globally or design each post or page individually.",40,8112,100,2,"2013-10-19T05:35:00.000Z","3.6.1","",[19,20,21,22],"custom-background-deisgn","custom-background-image","post-page-background-image","post-page-design","http:\u002F\u002Fwpexlored.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-background-for-post-and-page.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"mesunil2010",50,30,84,"2026-04-04T06:52:39.822Z",[],{"attackSurface":38,"codeSignals":70,"taintFlows":115,"riskAssessment":191,"analyzedAt":200},{"hooks":39,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":69,"entryPointCount":26,"unprotectedCount":26},[40,46,50,54,58,62],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","post_edit_form_tag","post_edit_form_upload","custombg.php",33,{"type":41,"name":47,"callback":48,"file":44,"line":49},"wp_head","custombg_start",38,{"type":41,"name":51,"callback":52,"file":44,"line":53},"admin_menu","custombg_menu",39,{"type":41,"name":55,"callback":56,"file":44,"line":57},"add_meta_boxes","custombg_add_custom_box",102,{"type":41,"name":59,"callback":60,"file":44,"line":61},"save_post","custombg_save_postdata",108,{"type":41,"name":63,"callback":64,"file":44,"line":65},"admin_notices","custom_error_notice",301,[],[],[],[],{"dangerousFunctions":71,"sqlUsage":72,"outputEscaping":74,"fileOperations":26,"externalRequests":26,"nonceChecks":113,"capabilityChecks":14,"bundledLibraries":114},[],{"prepared":26,"raw":26,"locations":73},[],{"escaped":26,"rawEcho":75,"locations":76},19,[77,80,81,83,85,87,89,91,92,94,95,97,99,101,103,105,107,109,111],{"file":44,"line":78,"context":79},53,"raw output",{"file":44,"line":78,"context":79},{"file":44,"line":82,"context":79},54,{"file":44,"line":84,"context":79},56,{"file":44,"line":86,"context":79},57,{"file":44,"line":88,"context":79},59,{"file":44,"line":90,"context":79},82,{"file":44,"line":90,"context":79},{"file":44,"line":93,"context":79},83,{"file":44,"line":25,"context":79},{"file":44,"line":96,"context":79},86,{"file":44,"line":98,"context":79},88,{"file":44,"line":100,"context":79},154,{"file":44,"line":102,"context":79},178,{"file":44,"line":104,"context":79},181,{"file":44,"line":106,"context":79},305,{"file":44,"line":108,"context":79},327,{"file":44,"line":110,"context":79},392,{"file":44,"line":112,"context":79},396,1,[],[116,158,174],{"entryPoint":117,"graph":118,"unsanitizedCount":26,"severity":157},"custombg_start (custombg.php:41)",{"nodes":119,"edges":151},[120,125,131,135,137,141,143,147],{"id":121,"type":122,"label":123,"file":44,"line":124},"n0","source","$_FILES",341,{"id":126,"type":127,"label":128,"file":44,"line":129,"wp_function":130},"n1","sink","update_option() [Settings Manipulation]",353,"update_option",{"id":132,"type":122,"label":133,"file":44,"line":134},"n2","$_POST['bgrepeat']",358,{"id":136,"type":127,"label":128,"file":44,"line":134,"wp_function":130},"n3",{"id":138,"type":122,"label":139,"file":44,"line":140},"n4","$_POST['bgcolor']",359,{"id":142,"type":127,"label":128,"file":44,"line":140,"wp_function":130},"n5",{"id":144,"type":122,"label":145,"file":44,"line":146},"n6","$_POST (x2)",269,{"id":148,"type":127,"label":149,"file":44,"line":110,"wp_function":150},"n7","echo() [XSS]","echo",[152,154,155,156],{"from":121,"to":126,"sanitized":153},true,{"from":132,"to":136,"sanitized":153},{"from":138,"to":142,"sanitized":153},{"from":144,"to":148,"sanitized":153},"low",{"entryPoint":159,"graph":160,"unsanitizedCount":173,"severity":157},"custombg_options (custombg.php:314)",{"nodes":161,"edges":168},[162,163,164,165,166,167],{"id":121,"type":122,"label":123,"file":44,"line":124},{"id":126,"type":127,"label":128,"file":44,"line":129,"wp_function":130},{"id":132,"type":122,"label":133,"file":44,"line":134},{"id":136,"type":127,"label":128,"file":44,"line":134,"wp_function":130},{"id":138,"type":122,"label":139,"file":44,"line":140},{"id":142,"type":127,"label":128,"file":44,"line":140,"wp_function":130},[169,171,172],{"from":121,"to":126,"sanitized":170},false,{"from":132,"to":136,"sanitized":170},{"from":138,"to":142,"sanitized":170},3,{"entryPoint":175,"graph":176,"unsanitizedCount":26,"severity":157},"\u003Ccustombg> (custombg.php:0)",{"nodes":177,"edges":186},[178,179,180,181,182,183,184,185],{"id":121,"type":122,"label":123,"file":44,"line":124},{"id":126,"type":127,"label":128,"file":44,"line":129,"wp_function":130},{"id":132,"type":122,"label":133,"file":44,"line":134},{"id":136,"type":127,"label":128,"file":44,"line":134,"wp_function":130},{"id":138,"type":122,"label":139,"file":44,"line":140},{"id":142,"type":127,"label":128,"file":44,"line":140,"wp_function":130},{"id":144,"type":122,"label":145,"file":44,"line":146},{"id":148,"type":127,"label":149,"file":44,"line":110,"wp_function":150},[187,188,189,190],{"from":121,"to":126,"sanitized":153},{"from":132,"to":136,"sanitized":153},{"from":138,"to":142,"sanitized":153},{"from":144,"to":148,"sanitized":153},{"summary":192,"deductions":193},"The plugin \"custom-background-for-post-and-page\" v1.0 exhibits a mixed security posture.  On the positive side, the static analysis reveals no known CVEs, a complete absence of dangerous functions, and all SQL queries utilize prepared statements, indicating a good foundation for secure coding. The plugin also implements nonce and capability checks, which are essential for protecting against common WordPress exploits.\n\nHowever, a significant concern arises from the output escaping. The analysis shows that 100% of the 19 outputs are not properly escaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis did not reveal critical or high-severity issues, the presence of one flow with an unsanitized path warrants attention, as it could potentially be exploited if combined with other weaknesses. The lack of known vulnerabilities in its history is positive, but this could be due to limited exposure or previous fixes. The plugin's strengths lie in its SQL handling and the presence of basic security checks, but the widespread lack of output escaping is a critical weakness that needs immediate remediation.",[194,197],{"reason":195,"points":196},"All outputs are unescaped (XSS risk)",15,{"reason":198,"points":199},"Flow with unsanitized path found",5,"2026-03-16T22:20:55.351Z",{"wat":202,"direct":208},{"assetPaths":203,"generatorPatterns":205,"scriptPaths":206,"versionParams":207},[204],"\u002Fwp-content\u002Fplugins\u002Fcustom-background-for-post-and-page\u002Fjscolor.js",[],[],[],{"cssClasses":209,"htmlComments":210,"htmlAttributes":212,"restEndpoints":223,"jsGlobals":224,"shortcodeOutput":226},[],[211],"\u003C!-- backward compatible (before WP 3.0) -->",[213,214,215,216,217,218,219,220,221,222],"enctype=\"multipart\u002Fform-data\"","name=\"custombg\"","class=\"color {hash:true}\"","name=\"document_file\"","id=\"document_file\"","name=\"bgcolor\"","name=\"bgrepeat\"","id=\"bgrepeat\"","name=\"activebox\"","id=\"activebox\"",[],[225],"CUSTOMBG_PLUGIN_URL",[]]