[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fV7_qENglNjTDPdUMcXafjgUBu2VOucYSi-0-BubUaDM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":154,"fingerprints":187},"custom-post-type-list-shortcode","Custom Post Type List Shortcode","1.4.4","Blackbird Interactive","https:\u002F\u002Fprofiles.wordpress.org\u002Fblackbird-interactive\u002F","\u003Cp>UPGRADE AT YOUR OWN RISK: We’ve added a legacy feature to the plugin which has been tested and is  working on our local WordPress install. However, every environment is different, if you run into problem please visit http:\u002F\u002Fblackbirdi.com\u002Fblog for support.\u003C\u002Fp>\n\u003Cp>When used with Custom Post Type UI plug-in (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcustom-post-type-ui\u002F) and Advanced Custom Fields plug-in (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadvanced-custom-fields\u002F), you can easily list all of the posts within a post-type and sort by regular or custom fields.\u003C\u002Fp>\n\u003Cp>Updated and tested on latest version of WordPress (4.0)\u003C\u002Fp>\n\u003Cp>Most updates are because of users responding with requests. If you feel there is something that you would like to see in the plugin visit our site and post a comment.\u003C\u002Fp>\n\u003Cp>Enjoy!\u003Cbr \u002F>\nYou can find documentation for the CPT_List @ (http:\u002F\u002Fblackbirdi.com\u002Fblog\u002F)\u003C\u002Fp>\n","A shortcode with which you can easily list all of the posts within a post-type and sort by regular or custom fields.",100,25615,92,5,"2014-12-10T02:16:00.000Z","4.0.38","3.0","",[20,21,22,23,24],"cpt","custom-post-type","custom-post-type-list","post-list","shortcode","http:\u002F\u002Fblackbirdi.com\u002Fblog","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-list-shortcode.1.4.4.zip",64,1,"2023-04-17 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2023-0542","custom-post-type-list-shortcode-authenticated-contributor-stored-cross-site-scripting","Custom Post Type List Shortcode \u003C= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Custom Post Type List Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.4.4","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb702f507-475a-4d45-8bb1-635f5f377c88?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"blackbird-interactive",30,69,"2026-04-04T01:04:48.488Z",[52,76,95,110,134],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":71,"download_link":72,"security_score":73,"vuln_count":14,"unpatched_count":74,"last_vuln_date":75,"fetched_at":30},"w4-post-list","W4 Post List","2.5.5","Shazzad Hossain Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajib1223\u002F","\u003Cp>Display Posts (any custom post type), Terms (any custom taxonomy), Users (any role) on Content or Widget Areas by placing a shortcode. Select what to show and design how to show it. Using the plugin is really easy. You will find Tinymce button on post\u002Fpage editor to quickly inset a list. Also, there’s a separate page for creating or editing list.\u003C\u002Fp>\n\u003Ch4>List Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Terms\u003C\u002Fli>\n\u003Cli>Users\u003C\u002Fli>\n\u003Cli>Terms & Posts\u003C\u002Fli>\n\u003Cli>Users & Posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Creating a list is just few steps. There are different sets option for different List Type, following options are available for List Type – \u003Ccode>posts\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Posts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>post type\u003C\u002Fli>\n\u003Cli>post mime type\u003C\u002Fli>\n\u003Cli>post status\u003C\u002Fli>\n\u003Cli>post search keyword\u003C\u002Fli>\n\u003Cli>include post by ids\u003C\u002Fli>\n\u003Cli>exclude post by ids\u003C\u002Fli>\n\u003Cli>exclude current post\u003C\u002Fli>\n\u003Cli>posts per page – while using pagination\u003C\u002Fli>\n\u003Cli>post by parent ids\u003C\u002Fli>\n\u003Cli>post by author ids\u003C\u002Fli>\n\u003Cli>post by terms ( tax_query )\u003C\u002Fli>\n\u003Cli>post by meta ( meta_query )\u003C\u002Fli>\n\u003Cli>post by year, month, day ( date_query )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Group Results by\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>year\u003C\u002Fli>\n\u003Cli>month\u003C\u002Fli>\n\u003Cli>month year\u003C\u002Fli>\n\u003Cli>category, post tag or custom taxonomies\u003C\u002Fli>\n\u003Cli>authors\u003C\u002Fli>\n\u003Cli>parents\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Order Results by\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>post id\u003C\u002Fli>\n\u003Cli>post title\u003C\u002Fli>\n\u003Cli>post name\u003C\u002Fli>\n\u003Cli>post publish date\u003C\u002Fli>\n\u003Cli>post modified date\u003C\u002Fli>\n\u003Cli>menu order\u003C\u002Fli>\n\u003Cli>approved comment count\u003C\u002Fli>\n\u003Cli>meta value\u003C\u002Fli>\n\u003Cli>or random\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Page Pagination by\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Next \u002F Previous links\u003C\u002Fli>\n\u003Cli>Numeric navigation flat – Ex: 1, 2, 3.\u003C\u002Fli>\n\u003Cli>Numeric navigation showing in unordered list.\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable pagination by ajax\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>To Create Template\u003C\u002Fh4>\n\u003Cp>Templates are designed using Shortcodes. You can create a simple list just showing post title and linked to the post page, or you can display complex list using any of the information relating to post. Some of the available shortcodes are –\u003C\u002Fp>\n\u003Cul>\n\u003Cli>post thumbnail\u003C\u002Fli>\n\u003Cli>post categories\u003C\u002Fli>\n\u003Cli>post tags\u003C\u002Fli>\n\u003Cli>post custom taxonomy terms\u003C\u002Fli>\n\u003Cli>post author name \u002F links \u002F avatar\u003C\u002Fli>\n\u003Cli>post publish time\u003C\u002Fli>\n\u003Cli>post modified time\u003C\u002Fli>\n\u003Cli>post excerpt\u003C\u002Fli>\n\u003Cli>post content\u003C\u002Fli>\n\u003Cli>post meta value (multiple times, with multiple meta keys)\u003C\u002Fli>\n\u003Cli>media thumbnail\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check all of the \u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fdocs\u002Fw4-post-list\u002Ffaqs\u002Fwhat-are-the-available-template-tags\u002F\" rel=\"nofollow ugc\">available shortcodes\u003C\u002Fa> here.\u003C\u002Fp>\n\u003Ch4>Check Example\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-1\" rel=\"nofollow ugc\">Simple Posts List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-2\" rel=\"nofollow ugc\">Media List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-3\" rel=\"nofollow ugc\">Year\u002FMonth Archive\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-4\" rel=\"nofollow ugc\">List of Categories\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-5\" rel=\"nofollow ugc\">List of Terms\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>W4 Post List uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.",3000,193960,94,93,"2026-02-16T07:12:00.000Z","6.9.4","5.8","7.4",[21,69,70,23,24],"media","post","https:\u002F\u002Fw4dev.com\u002Fplugins\u002Fw4-post-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fw4-post-list.2.5.5.zip",99,0,"2023-03-22 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":11,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":92,"download_link":93,"security_score":94,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"news-cpt","News CPT","1.1.1","vanjwilson","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanjwilson\u002F","\u003Cp>This plugin add a News custom post type to your WordPress site. Now you can keep your press releases or time-sensitive announcements in a separate list, without having to juggle categories or tags.\u003C\u002Fp>\n\u003Cp>The plugin adds a News tab to your admin menu, which allows you to enter news items just as you would regular posts. The archive list of your news items will appear at \u003Ccode>\u002Fnews\u003C\u002Fcode>, and individual news items will appear at \u003Ccode>\u002Fnews\u002F\u003Cpermalink>\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Default single item and archive page templates for news items are also provided. These templates have abundant IDs and classes, so that you can style them with your own CSS.\u003Cbr \u002F>\nYou may also customize them by putting copies in your theme folder, and changing the markup. When you update the plugin, you will get new features and bug fixes, while keeping any customizations you made in your copies of these templates.\u003C\u002Fp>\n\u003Cp>A list of news items may be included in other post content with the list-news-items] shortcode. (See the FAQ for more information on using the shortcode.)\u003C\u002Fp>\n\u003Cp>Finally, the plugin adds a Recent News Items widget, which can be placed on any sidebar available in your theme, to show a list of news items in reverse chronological order. You can set the title of this list and the number of news items to show.\u003C\u002Fp>\n","A quick, easy way to add an extensible News custom post type to Wordpress.",10340,2,"2014-05-17T14:45:00.000Z","3.9.40","3.1",[20,21,90,24,91],"news","widget","http:\u002F\u002Fvanwilson.info\u002Fwordpress\u002Fplugins\u002Fnews-cpt-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnews-cpt.1.1.1.zip",85,{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":11,"num_ratings":28,"last_updated":105,"tested_up_to":65,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":18,"download_link":109,"security_score":11,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"superlight-cpt-manager","SuperLight CPT Manager","1.2.1","Ryan Edmunds","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanedmunds\u002F","\u003Cp>SuperLight CPT Manager is a minimalist WordPress plugin that lets administrators create Custom Post Types without clutter or bloat.\u003C\u002Fp>\n\u003Cp>Each CPT automatically:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Registers itself with WordPress (visible in menus and REST API)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Supports basic post features (title, editor, thumbnail, excerpt)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Comes with a unique shortcode (e.g. \u003Ccode>[superlight_cpt slug=\"book\"]\u003C\u002Fcode>)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are no extra scripts, no custom tables, and no unnecessary settings — just pure, clean functionality in under 200 lines of PHP.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Add, import\u002Fexport, or delete custom post types on the fly\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Each post type gets its own shortcode\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Works instantly with Query Loop and block editors (\u003Ccode>show_in_rest\u003C\u002Fcode> enabled)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>All CPTs stored in a single WordPress option (\u003Ccode>superlight_cpts\u003C\u002Fcode>)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No dependencies, no setup, no nonsense\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Create and manage custom post types instantly. Each CPT gets its own shortcode.",10,141,"2026-02-04T10:13:00.000Z","5.5",[20,21,108,24],"lightweight","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsuperlight-cpt-manager.1.2.1.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":11,"num_ratings":28,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":131,"vuln_count":132,"unpatched_count":74,"last_vuln_date":133,"fetched_at":30},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,"2025-12-04T08:12:00.000Z","6.5.8","4.7","5.4.0",[125,126,127,128],"custom-post-types","elementor-widgets","shortcodes","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,"2026-02-18 15:32:44",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":11,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":67,"tags":148,"homepage":152,"download_link":153,"security_score":11,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"post-types-unlimited","Post Types Unlimited","1.2.8","wpexplorer","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpexplorer\u002F","\u003Cp>Post Types Unlimited is an easy way to add \u003Cstrong>custom post types\u003C\u002Fstrong> and \u003Cstrong>custom taxonomies\u003C\u002Fstrong> to your WordPress site (the right way). The plugin works with any theme and is easily translatable. With Post Types Unlimited you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create custom post types.\u003C\u002Fli>\n\u003Cli>Create custom taxonomies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Post Types Unlimited makes use of core WordPress functionality for the admin screens and post type, taxonomy registration. This means the plugin is fast, slim and uses the familiar WordPress UI.\u003C\u002Fp>\n\u003Cp>Additionally you won’t find any upsell or advertisements in the plugin because there isn’t a “Pro” version. It’s the perfect plugin for adding post types and\u002For taxonomies to any site (including your client sites) without worrying about extra bloat or annoying ads.\u003C\u002Fp>\n\u003Cp>The design of your post types and taxonomies created with the Post Types Unlimited plugin are controlled by your theme. The plugin doesn’t do any hacking or advanced modifications to your templates and thus works great with ANY theme.\u003C\u002Fp>\n\u003Cp>If you are using our amazing \u003Ca href=\"https:\u002F\u002Ftotalwptheme.com\u002F\" rel=\"nofollow ugc\">Total WordPress Theme\u003C\u002Fa> you will have access to many extra settings that will give you full control over the display of your post types and taxonomies.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t have any upsells, banners or other marketing strategies. This makes it perfect for use with any site, including client websites.\u003C\u002Fp>\n","Create unlimited custom post types and custom taxonomies.",10000,142325,9,"2025-05-20T01:25:00.000Z","6.8.5","5.7",[20,125,149,150,151],"post-types","taxonomies","types","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-types-unlimited\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-types-unlimited.1.2.8.zip",{"attackSurface":155,"codeSignals":167,"taintFlows":174,"riskAssessment":175,"analyzedAt":186},{"hooks":156,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":74,"unprotectedCount":74},[157],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","init","initialize","cpt_shortcode.php",16,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":74,"externalRequests":74,"nonceChecks":74,"capabilityChecks":74,"bundledLibraries":173},[],{"prepared":74,"raw":74,"locations":170},[],{"escaped":74,"rawEcho":74,"locations":172},[],[],[],{"summary":176,"deductions":177},"The static analysis for the \"custom-post-type-list-shortcode\" plugin v1.4.4 indicates a generally robust security posture with no identified dangerous functions, unsanitized taint flows, or direct SQL injection risks due to prepared statements. All identified outputs are also properly escaped, and the plugin does not perform file operations or external HTTP requests. The lack of detected AJAX handlers, REST API routes, shortcodes, or cron events without authentication or permission checks contributes to a minimal attack surface, which is a positive sign.\n\nHowever, the plugin has a known medium severity vulnerability for Cross-Site Scripting (XSS) that remains unpatched. This historical vulnerability, coupled with the complete absence of nonce and capability checks in the static analysis, raises concerns. While the current version might not exhibit these issues in the analyzed code paths, the lack of these fundamental security checks suggests a potential for vulnerabilities to arise in future development or if the plugin's functionality were to expand. The absence of these checks can be a systemic weakness, even if not immediately exploitable in the current static scan.\n\nIn conclusion, while the plugin demonstrates good practices in areas like SQL handling and output escaping, the unpatched XSS vulnerability and the complete lack of nonces and capability checks represent significant security weaknesses. Users should be aware of the past vulnerability and the potential for future issues due to the absence of essential security mechanisms.",[178,181,184],{"reason":179,"points":180},"Unpatched CVEs",17,{"reason":182,"points":183},"Missing nonce checks",8,{"reason":185,"points":183},"Missing capability checks","2026-03-16T20:34:55.539Z",{"wat":188,"direct":199},{"assetPaths":189,"generatorPatterns":193,"scriptPaths":194,"versionParams":195},[190,191,192],"\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-list-shortcode\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-list-shortcode\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-list-shortcode\u002Fjs\u002Ffrontend.js",[],[191,192],[196,197,198],"custom-post-type-list-shortcode\u002Fcss\u002Fstyle.css?ver=","custom-post-type-list-shortcode\u002Fjs\u002Fadmin.js?ver=","custom-post-type-list-shortcode\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":200,"htmlComments":201,"htmlAttributes":202,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":205},[],[],[],[],[],[]]