[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVBVDWOlcibKS_xZh5dV3Q5ekcYfyMS8xC5LvybjtT0A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":14,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":49,"analysis":142,"fingerprints":194},"custom-query-shortcode","Custom Query Shortcode","0.5.0","Peter Hebert","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeterhebert\u002F","\u003Cp>This plugin gives you \u003Ccode>[query]\u003C\u002Fcode> shortcode which enables you to query and output any posts filtered by specific attributes.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>You can use most parameters supported by \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002FWP_Query\" rel=\"nofollow ugc\">WP_Query class\u003C\u002Fa> to filter the posts; you can query for specific post types, categories, tags, authors, etc.\u003C\u002Fp>\n\u003Ch4>Other supported parameters\u003C\u002Fh4>\n\u003Cp>Aside from WP_Query parameters, the shortcode also supports the following additional parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>featured\u003C\u002Fem>: to query for sticky posts which by default are excluded from the query.\u003C\u002Fli>\n\u003Cli>\u003Cem>thumbnail_size\u003C\u002Fem>: to specify the size of the {THUMBNAIL} images. You can use \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fadd_image_size#Reserved_Image_Size_Names\" rel=\"nofollow ugc\">built-in image sizes\u003C\u002Fa> or custom ones you’ve defined.\u003C\u002Fli>\n\u003Cli>\u003Cem>content_limit\u003C\u002Fem>: to limit the number of words of the {CONTENT} var; by default it’s “0” which means it outputs the whole content.\u003C\u002Fli>\n\u003Cli>\u003Cem>posts_separator\u003C\u002Fem>: text to display between individual posts.\u003C\u002Fli>\n\u003Cli>\u003Cem>lens\u003C\u002Fem>: custom output template – see description below.\u003C\u002Fli>\n\u003Cli>\u003Cem>twig_template\u003C\u002Fem>: output template using Twig templating engine – requires the Timber library.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Formatting the output\u003C\u002Fh4>\n\u003Cp>You can define how you want to format the output inline within an opening \u003Ccode>[query]\u003C\u002Fcode> and closing \u003Ccode>[\u002Fquery]\u003C\u002Fcode> tag.\u003Cbr \u002F>\nAvailable keywords are: TITLE, CONTENT, AUTHOR, AUTHOR_URL, DATE, THUMBNAIL, CONTENT, COMMENT_COUNT.\u003C\u002Fp>\n\u003Cp>The following example will display the latest 5 posts from the category with the ID of 3, showing a post title and comment count, with a link to the post:\u003Cbr \u002F>\n    [query posts_per_page=”5″ cat=”3″]\u003C\u002Fp>\n\u003Ch3>\u003Ca href=\"{URL}\" rel=\"nofollow ugc\">{TITLE} ({COMMENT_COUNT})\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>[\u002Fquery]\u003C\u002Fp>\n\u003Cp>Grid display\u003C\u002Fp>\n\u003Cp>With the “cols” parameter you can display the output in a grid.\u003Cbr \u002F>\n    [query posts_per_page=”3″ cols=”3″] {THUMBNAIL}\u003C\u002Fp>\n\u003Ch3>{TITLE}\u003C\u002Fh3>\n\u003Cp>{CONTENT} [\u002Fquery]\u003Cbr \u002F>\nwill display the latest 3 posts in the defined template, in 3 columns.\u003Cbr \u002F>\nThe plugin will automatically divide the grid into rows based upon the ‘posts_per_page’ option, divided by the ‘cols’ option.\u003C\u002Fp>\n\u003Ch4>Lenses (output templates)\u003C\u002Fh4>\n\u003Cp>With the “lens” parameter you can customize the display of the query results using a template. Some basic lenses\u002Ftemplates are provided:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>ul\u003C\u002Fstrong>: unordered list of linked post titles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ul-title-date\u003C\u002Fstrong>: same as ‘ul’, but also displays the posted date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article-excerpt\u003C\u002Fstrong>: series of articles, with a header containing the linked post title, and the excerpt.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article-excerpt-date\u003C\u002Fstrong>: same as ‘article-excerpt’, but also displays the posted date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>cards\u003C\u002Fstrong>: displays the post thumb above the header with linked post title, followed by the excerpt.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Bootstrap lenses\u003C\u002Fp>\n\u003Cp>Some pre-defined lenses\u002Ftemplates are provided which use JavaScript Components from the \u003Ca href=\"http:\u002F\u002Fgetbootstrap.com\u002F\" rel=\"nofollow ugc\">Bootstrap\u003C\u002Fa> CSS framework. The generated markup is compliant with the 5.x version of Bootstrap.\u003C\u002Fp>\n\u003Cp>This feature relies on Bootstrap library to be already loaded on the page, the plugin does \u003Cem>not\u003C\u002Fem> include it.\u003C\u002Fp>\n\u003Cp>If you’re using a Bootstrap-based theme, this \u003Cem>should\u003C\u002Fem> work; otherwise you can use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbootstrap\u002F\" rel=\"ugc\">Bootstrap plugin\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fgetbootstrap.com\u002Fjavascript\u002F#tabs\" rel=\"nofollow ugc\">Tabs\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This will show the latest 3 posts in a tabbed widget.\u003Cbr \u002F>\n    [query posts_per_page=”3″ lens=”tabs”]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fgetbootstrap.com\u002Fjavascript\u002F#tabs\" rel=\"nofollow ugc\">Accordion\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This will create an accordion widget of all our posts from the “faq” post type.\u003Cbr \u002F>\n    [query posts_per_page=”0″ post_type=”faq” lens=”accordion”]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fgetbootstrap.com\u002Fjavascript\u002F#carousel\" rel=\"nofollow ugc\">Carousel\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This creates a carousel of latest five featured posts:\u003Cbr \u002F>\n    [query posts_per_page=”5″ featured=”true” lens=”carousel”]\u003C\u002Fp>\n\u003Cp>Custom Lenses\u002Ftemplates\u003C\u002Fp>\n\u003Cp>You can create your own custom templates and put them into one of these pre-defined folder names within your theme:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>‘query-shortcode-templates’\u003C\u002Fli>\n\u003Cli>‘partials\u002Fquery-shortcode-lenses\u002F’\u003C\u002Fli>\n\u003Cli>‘html\u002Flenses\u002F’\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Or simply specify your own subfolder in the ‘lens’ parameter:\u003Cbr \u002F>\n    [query lens=”folder\u002Ftemplate-name”]\u003C\u002Fp>\n\u003Ch4>Twig Template Support\u003C\u002Fh4>\n\u003Cp>Starting with version 0.4, you can use Twig templates for your output. Support for Twig is provided by the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftimber\u002Ftimber\" rel=\"nofollow ugc\">Timber\u003C\u002Fa> library.\u003C\u002Fp>\n\u003Cp>This requires that Timber 2.x be installed as a \u003Ca href=\"https:\u002F\u002Ftimber.github.io\u002Fdocs\u002Fv2\u002Finstallation\u002Finstallation\u002F\" rel=\"nofollow ugc\">Composer dependency\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To use a Twig template for your query output, simply use the 'twig_template' parameter instead of the 'lens' parameter, and provide the path to your template. By default, Timber looks within the \u003Ccode>views\u003C\u002Fcode> folder in your active theme. You can \u003Ca href=\"https:\u002F\u002Ftimber.github.io\u002Fdocs\u002Fv2\u002Fguides\u002Ftemplate-locations\u002F#changing-the-default-folder-for-twig-files\" rel=\"nofollow ugc\">change the default template location\u003C\u002Fa> in Timber.\u003C\u002Fp>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[query twig_template=\"template-name.twig\"]\n[query twig_template=\"folder\u002Ftemplate-name.twig\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A powerful shortcode that enables you to query anything you want and display it however you like, on both pages and posts, and in widgets.",30,3152,100,1,"2025-08-22T21:12:00.000Z","6.8.5","3.3","",[20,21,22],"post","query","shortcode","https:\u002F\u002Fgithub.com\u002Fpeterhebert\u002Fcustom-query-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-query-shortcode.0.5.0.zip",99,0,"2025-08-24 21:19:23","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":14},"CVE-2025-8562","custom-query-shortcode-authenticated-contributor-path-traversal-via-lens-parameter","Custom Query Shortcode \u003C= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter","The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can contain sensitive information.",null,"\u003C=0.4.0","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-08-25 09:23:52",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9e37c664-76ed-4ede-88fd-e41b9969685f?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":13,"avg_patch_time_days":14,"trust_score":13,"computed_at":48},"peterhebert",3,130,"2026-04-04T16:19:27.153Z",[50,72,87,109,127],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"display-posts-shortcode","Display Posts – Easy lists, grids, navigation, and more","3.0.3","Bill Erickson","https:\u002F\u002Fprofiles.wordpress.org\u002Fbillerickson\u002F","\u003Cp>Display Posts allows you easily list content from all across your website. Start by adding this shortcode in the content editor to display a list of your most recent posts:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[display-posts]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Filter by Category\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To only show posts within a certain category, use the category parameter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[display-posts category=\"news\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Display as Post Grid\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can create a great looking, column-based grid of posts with a bit of styling. \u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002F2019\u002F01\u002F04\u002Fpost-grid-styling\u002F\" rel=\"nofollow ugc\">Here’s how!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List Popular Posts\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can highlight your popular content in multiple ways. If you want to feature the posts with the most comments, use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[display-posts orderby=\"comment_count\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can also list \u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002F2019\u002F01\u002F04\u002Fmost-popular-posts-by-social-shares\u002F\" rel=\"nofollow ugc\">most popular posts by social shares\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Include thumbnails, excerpts, and more\u003C\u002Fstrong>\u003Cbr \u002F>\nThe \u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Fdocs\u002Fparameters\u002F#display-parameters\" rel=\"nofollow ugc\">display parameters\u003C\u002Fa> let you control what information is displayed for each post. To include an image and summary, use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[display-posts include_excerpt=\"true\" image_size=\"thumbnail\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can use any image size added by WordPress (thumbnail, medium, medium_large, large) OR any custom image size added by your theme or other plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sort the list however you like\u003C\u002Fstrong>\u003Cbr \u002F>\nBy default the listing will list the newest content first, but you can order by title, menu order, relevance, content type, metadata, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List upcoming events\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can easily list upcoming events from any event calendar. Each plugin will require slightly different code.\u003C\u002Fp>\n\u003Cp>Here are \u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Ftag\u002Fevents\u002F\" rel=\"nofollow ugc\">tutorials for popular event calendar plugins\u003C\u002Fa>. If your plugin is not listed here, submit a support request and I’ll add it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tutorials\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Ftutorials\u002F\" rel=\"nofollow ugc\">Our tutorials\u003C\u002Fa> cover common customization requests, and are updated often.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full Documentation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Fdocs\u002Fparameters\u002F#query-parameters\" rel=\"nofollow ugc\">Query parameters\u003C\u002Fa> for customizing which posts are listed (filter by category, tag, date…)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Fdocs\u002Fparameters\u002F#display-parameters\" rel=\"nofollow ugc\">Display parameters\u003C\u002Fa> determine how the posts appear (title, excerpt, image…)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002F2019\u002F01\u002F04\u002Fuse-template-parts-to-match-your-themes-styling\u002F\" rel=\"nofollow ugc\">Template parts\u003C\u002Fa> for Display Posts to perfectly match your theme’s post listings\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Fdocs\u002Fthe-output-filter\u002F\" rel=\"nofollow ugc\">Output filter\u003C\u002Fa> for complete control over how the listing looks on your site\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdisplayposts.com\u002Fdocs\u002Fparameters\u002F#display-parameters\" rel=\"nofollow ugc\">Filters\u003C\u002Fa> for even more powerful customizations for developers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Extensions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbillerickson\u002FDisplay-Posts-Pagination\" rel=\"nofollow ugc\">Display Posts – Pagination\u003C\u002Fa> – Allow results of Display Posts to be paginated\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisplay-posts-date-view\u002F\" rel=\"ugc\">Display Posts – Date View\u003C\u002Fa> – Lets you break your content down by month or year.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbillerickson\u002FDisplay-Posts-Alpha-View\" rel=\"nofollow ugc\">Display Posts – Alpha View\u003C\u002Fa> – Display an alphabetical listing of your content, broken down by letter\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbillerickson\u002FDisplay-Posts-Transient-Cache\" rel=\"nofollow ugc\">Display Posts – Transient Cache\u003C\u002Fa> – Cache the output using transients\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbillerickson\u002Fdps-coauthor-addon\" rel=\"nofollow ugc\">Co-Authors Plus Addon\u003C\u002Fa> – multiple authors on posts\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbillerickson\u002Fdps-columns-extension\" rel=\"nofollow ugc\">Columns Extension\u003C\u002Fa> – display posts in columns\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbillerickson\u002FDPS-Exclude-Sticky\" rel=\"nofollow ugc\">DPS Exclude Sticky\u003C\u002Fa> – exclude sticky posts unless specifically requested\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshazahm1\u002FDisplay-Posts-Shortcode-Pinch-Zoomer\" rel=\"nofollow ugc\">DPS Pinch Zoomer\u003C\u002Fa> – adds support pinch zooming post images on mobile devices and mouse wheel zooming on desktops\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshazahm1\u002FDisplay-Posts-Shortcode-Remote\" rel=\"nofollow ugc\">Display Posts Shortcode Remote\u003C\u002Fa> – display posts from a remote WordPress site utilizing the WP REST API.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.",80000,1250447,96,164,"2024-10-14T16:53:00.000Z","6.6.5","3.0",[66,67,68,21,22],"page","pages","posts","https:\u002F\u002Fdisplayposts.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-posts-shortcode.3.0.3.zip",92,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":13,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":17,"requires_php":18,"tags":84,"homepage":18,"download_link":85,"security_score":86,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"query-shortcode","Query Shortcode","0.2.1","shazdeh","https:\u002F\u002Fprofiles.wordpress.org\u002Fshazdeh\u002F","\u003Cp>This plugin gives you \u003Ccode>[query]\u003C\u002Fcode> shortcode which enables you to output posts filtered by specific attributes. You can format the output to your liking and even display the results in a grid of customizable columns and rows.\u003Cbr \u002F>\nAlso supports “lenses” which can turn your query results into Tabs, Accordion, or Carousel widgets. This feature relies on Bootstrap library to be already loaded on the page, the plugin does \u003Cem>not\u003C\u002Fem> include it (for that you can use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbootstrap\u002F\" rel=\"ugc\">Bootstrap plugin\u003C\u002Fa>). You can create new lenses or override the built-in ones in your theme to customize the output.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>You can use all parameters supported by \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002FWP_Query\" rel=\"nofollow ugc\">WP_Query class\u003C\u002Fa> to filter the posts; you can query for specific post types, categories, tags, authors, etc. You also have to define how you want to format the output:\u003Cbr \u002F>\n    [query posts_per_page=”5″ cat=”3″]\u003C\u002Fp>\n\u003Ch3>\u003Ca href=\"{URL}\" rel=\"nofollow ugc\">{TITLE} ({COMMENT_COUNT})\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>[\u002Fquery]\u003Cbr \u002F>\nThe above shortcode will display the title of the latest 5 posts from the category with the ID of 3. Available keywords are: TITLE, CONTENT, AUTHOR, AUTHOR_URL, DATE, THUMBNAIL, CONTENT, COMMENT_COUNT and more to be added later.\u003C\u002Fp>\n\u003Ch4>Grid display\u003C\u002Fh4>\n\u003Cp>With the “cols” parameter you can display the output in a grid. So this:\u003Cbr \u002F>\n    [query posts_per_page=”3″ cols=”3″] {THUMBNAIL}\u003C\u002Fp>\n\u003Ch3>{TITLE}\u003C\u002Fh3>\n\u003Cp>{CONTENT} [\u002Fquery]\u003Cbr \u002F>\nwill display the latest 3 posts in the defined template, in 3 columns. If in the above snippet we set the posts_per_page option to 6, it will display the latest 6 posts in two rows that each has 3 columns.\u003C\u002Fp>\n\u003Ch4>Lenses\u003C\u002Fh4>\n\u003Cp>With the “lens” parameter you can display the query results in a Tab, Accordion, or Carousel widget. Example:\u003Cbr \u002F>\n    [query posts_per_page=”0″ post_type=”faq” lens=”accordion”]\u003Cbr \u002F>\nThis will create an accordion widget of all our posts from the “faq” post type. This creates a carousel of latest five featured posts:\u003Cbr \u002F>\n    [query posts_per_page=”5″ featured=”true” lens=”carousel”]\u003C\u002Fp>\n\u003Ch4>Other supported parameters\u003C\u002Fh4>\n\u003Cp>Aside from wp_query parameters, the shortcode also supports additional parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>featured\u003C\u002Fem> : to query for sticky posts which by default are excluded from the query.\u003C\u002Fli>\n\u003Cli>\u003Cem>thumbnail_size\u003C\u002Fem> : to specify the size of the {THUMBNAIL} images. You can use \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fadd_image_size#Reserved_Image_Size_Names\" rel=\"nofollow ugc\">built-in image sizes\u003C\u002Fa> or custom ones you’ve defined.\u003C\u002Fli>\n\u003Cli>\u003Cem>content_limit\u003C\u002Fem> : to limit the number of words of the {CONTENT} var; by default it’s “0” which means it outputs the whole content.\u003C\u002Fli>\n\u003Cli>\u003Cem>posts_separator\u003C\u002Fem> : text to display between individual posts.\u003C\u002Fli>\n\u003C\u002Ful>\n","An insanely powerful shortcode that enables you to query anything you want and display it however you like.",2925,5,"2013-04-27T02:21:00.000Z","3.6.1",[20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-shortcode.zip",85,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":46,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":107,"download_link":108,"security_score":86,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"mhshohel-faq","Mhshohel Faq","1.2","Md Hossain Shohel","https:\u002F\u002Fprofiles.wordpress.org\u002Fmhshohel\u002F","\u003Cp>Simple jquery accordian plugin with custom post.\u003C\u002Fp>\n\u003Cp>You can call faqs in wordpress post or page via shortcode.\u003C\u002Fp>\n\u003Cp>For simply call all faqs, use [mhshohel_faq]\u003C\u002Fp>\n\u003Cp>Call faq from categories, use [mhshohel_faq category=”category id”] use category ID\u003C\u002Fp>\n\u003Cp>Call faq by order, use [mhshohel_faq order=”DESC”] DESC or ASC\u003C\u002Fp>\n\u003Cp>Faq limit, use [mhshohel_faq limit=”20″] use numaric.\u003C\u002Fp>\n\u003Cp>All Together, use [mhshohel_faq limit=”20″ category=”category id” order=”DESC” ]\u003C\u002Fp>\n","faq in accordian, with custom post, and shortcode.",20,2374,74,"2016-11-27T17:23:00.000Z","4.6.30","3.0.1",[102,103,104,105,106],"accordionfaq","custom-post","faq","jquery-accordion","shortcode-faq","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmhshohel-faq","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmhshohel-faq.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":95,"downloaded":117,"rating":26,"num_ratings":26,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":125,"download_link":126,"security_score":86,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"random-post-box","Random Post Box","1.0.3","Xoda","https:\u002F\u002Fprofiles.wordpress.org\u002Fxoda\u002F","\u003Cp>Random Post Box is a plugin that lets you place a box anywhere on your blog, with template tag or shortcode, and\u003Cbr \u002F>\nload random posts with an interval and fade effect. It uses jQuery (Ajax) which means that the content is loaded without\u003Cbr \u002F>\nloading the rest of the page. The timings can be set in the admin options-panel.\u003C\u002Fp>\n\u003Cp>The template tag is \u003Ccode>\u003C?php random_post_box(); ?>\u003C\u002Fcode>. You can also use the shortcode \u003Ccode>[random-post-box]\u003C\u002Fcode> in a page or post.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Insert placeholder with template tag\u003C\u002Fli>\n\u003Cli>Insert placeholder with shortcode\u003C\u002Fli>\n\u003Cli>Set time for displaying the post\u003C\u002Fli>\n\u003Cli>Set times for fade in and fade out affect\u003C\u002Fli>\n\u003Cli>Exclude or include posts by category\u003C\u002Fli>\n\u003Cli>Exclude posts by age (in days)\u003C\u002Fli>\n\u003Cli>Use title only\u003C\u002Fli>\n\u003Cli>Use post excerpt or bodycontent\u003C\u002Fli>\n\u003Cli>Strip tags from body\u003C\u002Fli>\n\u003Cli>Show\u002Fhide post metadata\u003C\u002Fli>\n\u003C\u002Ful>\n","The Random Post Box plugin places a box anywhere on the blog, where it loads random posts one-after-the-other.",6256,"2010-07-28T08:19:00.000Z","3.0.5","2.9",[122,123,20,124,22],"ajax","jquery","random","http:\u002F\u002Fwww.open-source-editor.com\u002Fwordpress\u002Frandom-post-box.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-post-box.1.0.3.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":26,"num_ratings":26,"last_updated":18,"tested_up_to":137,"requires_at_least":64,"requires_php":18,"tags":138,"homepage":139,"download_link":140,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":141},"demomentsomtres-display-posts-shortcode","DeMomentSomTres Display Posts Shortcode","2.5","Marc Queralt i Bassa","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcqueralt\u002F","\u003Cp>Based on development by Bill Erickson (http:\u002F\u002Fwww.billerickson.net\u002Fshortcode-to-display-posts\u002F). We have added support to multisite in order to be capable of reading any other blog in the network.\u003C\u002Fp>\n\u003Cp>The \u003Cem>DeMomentSomTres Display Posts Shortcode\u003C\u002Fem> was written to allow users to easily display listings of posts without knowing PHP or editing template files and extendend to take the maximum profit from a network install with multiple blogs.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Add the shortcode in a post or page, and use the arguments to query based on tag, category, post type, and many other possibilities (see the Arguments). I’ve also added some extra options to display something more than just the title: include_date, include_excerpt, and image_size.\u003C\u002Fp>\n\u003Cp>Add the parameter blog_id to change the network instance number.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002FWP_Query\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa> for information on using the arguments.\u003C\u002Fp>\n\u003Cp>The parameter metaorderby allows to order based on a metafield or customfield value. The parameter metaorderbynum does the same but considering the values as numbers.\u003C\u002Fp>\n\u003Ch4>History & Raison d’être\u003C\u002Fh4>\n\u003Cp>A customer of us needed a multisite website to implement multiple languages and she was using \u003Ca href=\"http:\u002F\u002Fdemomentsomtres.com\u002Fenglish\u002Fwordpress-plugins\u002Fdemomentsomtres-language\u002F\" rel=\"nofollow ugc\">DeMomentSomTres Language Plugin\u003C\u002Fa>. Although they could have many blogs they didn’t want to keep 3 blogs informed. However they wanted to show the blog in all the subsites. So we build this plugin allowing to show blog content from other sites in the multisite installation.\u003C\u002Fp>\n","Display a listing of posts using the [display-posts] shortcode allowing multiple network instances.",10,2654,"4.1.42",[66,67,68,21,22],"http:\u002F\u002Fdemomentsomtres.com\u002Fenglish\u002Fwordpress-plugins\u002Fdemomentsomtres-display-posts-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdemomentsomtres-display-posts-shortcode.zip","2026-03-15T10:48:56.248Z",{"attackSurface":143,"codeSignals":167,"taintFlows":182,"riskAssessment":183,"analyzedAt":193},{"hooks":144,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":166,"entryPointCount":14,"unprotectedCount":26},[145,151,157],{"type":146,"name":147,"callback":148,"file":149,"line":150},"filter","widget_text","do_shortcode","init.php",27,{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","init","register","src\\class-queryshortcode.php",52,{"type":152,"name":158,"callback":159,"file":155,"line":160},"template_redirect","css",53,[],[],[164],{"tag":21,"callback":22,"file":155,"line":165},106,[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":181},[],{"prepared":26,"raw":26,"locations":170},[],{"escaped":172,"rawEcho":173,"locations":174},39,2,[175,179],{"file":176,"line":177,"context":178},"lenses\\carousel.php",78,"raw output",{"file":176,"line":180,"context":178},82,[],[],{"summary":184,"deductions":185},"The \"custom-query-shortcode\" plugin exhibits a generally positive security posture based on the static analysis. The absence of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for all SQL queries are strong indicators of secure coding practices. The high percentage of properly escaped output further contributes to a reduced risk of cross-site scripting vulnerabilities. The limited attack surface, with only one shortcode and no unprotected entry points, is also a significant strength.\n\nHowever, the plugin does have a history of a medium severity vulnerability, specifically a path traversal issue. While this vulnerability is listed as patched, its existence suggests a potential for previously undiscovered or similar vulnerabilities in how it handles file paths or input that could be used to manipulate them. The lack of nonce checks and capability checks, while not directly exploitable through the current static analysis findings, represents a missed opportunity to further harden the plugin against various attack vectors that often exploit these weaknesses.\n\nIn conclusion, \"custom-query-shortcode\" v0.5.0 appears to be a relatively secure plugin due to its adherence to many secure coding principles. The primary concern stems from its past vulnerability, which highlights the importance of ongoing vigilance and thorough security testing. While the current static analysis doesn't reveal immediate critical threats, the absence of certain security checks warrants consideration for future development and auditing.",[186,189,191],{"reason":187,"points":188},"Medium severity vulnerability history",15,{"reason":190,"points":81},"Missing nonce checks",{"reason":192,"points":81},"Missing capability checks","2026-03-16T22:28:04.848Z",{"wat":195,"direct":204},{"assetPaths":196,"generatorPatterns":198,"scriptPaths":199,"versionParams":201},[197],"\u002Fwp-content\u002Fplugins\u002Fcustom-query-shortcode\u002Fassets\u002Fcss\u002Fquery-shortcode.css",[],[200],"\u002Fwp-content\u002Fplugins\u002Fcustom-query-shortcode\u002Fassets\u002Fjs\u002Fquery-shortcode.js",[202,203],"custom-query-shortcode\u002Fassets\u002Fcss\u002Fquery-shortcode.css?ver=","custom-query-shortcode\u002Fassets\u002Fjs\u002Fquery-shortcode.js?ver=",{"cssClasses":205,"htmlComments":208,"htmlAttributes":209,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":213},[206,207],"cqs-grid","cqs-grid-item",[],[210],"data-cqs-cols",[],[],[214,215,216],"[query]","\u003C!-- Start of query shortcode -->","\u003C!-- End of query shortcode -->"]