[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-o80SPEk9cuKmVaxMVl5-xtaWUlFAnxzQYrxKmjODM4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":140,"fingerprints":272},"custom-strava-integration","Custom Strava Integration","1.0","floriankimmel","https:\u002F\u002Fprofiles.wordpress.org\u002Ffloriankimmel\u002F","\u003Cp>The “Custom Strava Integration” is a powerful plugin that makes integrating strava activities easy and simple. It gives you the opportunity to create output exactly the way you like it.\u003C\u002Fp>\n\u003Ch4>The Plugin\u003C\u002Fh4>\n\u003Cp>Basically what this plugin does is adding the shortcode [strava id=”[activity id]”] to your post, receiving data via Strava API v3 and filling the preconfigured template with this information.\u003C\u002Fp>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>You want full control of the shortcode’s output ? No Problem. You can specify a template at the settings page and define the positions of strava information. Therefore ‘Custom Strava Integration’ provides these placeholders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>[distance] – Overall distance of the activity\u003C\u002Fli>\n\u003Cli>[description] – Description of the activity       \u003C\u002Fli>\n\u003Cli>[duration] – Duration of the activity\u003C\u002Fli>\n\u003Cli>[elevation] – Overall elevation of the activity\u003C\u002Fli>\n\u003Cli>[location] – Location of the activity     \u003C\u002Fli>\n\u003Cli>[name] – Name of the activity     \u003C\u002Fli>\n\u003Cli>[speed] – Depending on type (ride or run) – either running pace or riding speed       \u003C\u002Fli>\n\u003Cli>[time] – Local start time of the activity\u003C\u002Fli>\n\u003Cli>[type] – Type of the activity (run – ride – swim)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can not only customize the style by using CSS features, moreover you have full control over the html output.\u003C\u002Fp>\n\u003Cp>Moreover you can choose the type of display unit (mi\u002Fft or km\u002Fm) you want to use.\u003C\u002Fp>\n\u003Ch4>Difference to other solutaions\u003C\u002Fh4>\n\u003Cp>We know that strava also does offer their own embedded widget, but this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>does not use iframes (if you want to)\u003C\u002Fli>\n\u003Cli>allows you to fully customize the content\u003C\u002Fli>\n\u003Cli>can display more information than the widget\u003C\u002Fli>\n\u003Cli>does not require you to leave the site \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can concentrate on the important things – writing good blog posts!\u003C\u002Fp>\n","This plugin provides an easy way to add your strava activities to your posts without leaving your site.",20,2352,0,"2015-09-30T06:29:00.000Z","4.3.34","3.4","",[19,20,21,22],"biking","running","shortcode","strava","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-strava-integration.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T21:01:18.815Z",[34,50,71,90,115],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":29,"last_updated":45,"tested_up_to":46,"requires_at_least":16,"requires_php":17,"tags":47,"homepage":48,"download_link":49,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"strava-ride-details","Strava Ride Details","1.2.1","Jeremy Green","https:\u002F\u002Fprofiles.wordpress.org\u002Fendocreative\u002F","\u003Cp>Strava Ride Details allows you to display Strava ride details from a specific ride in your posts and pages using a shortcode. It uses v3 of Strava’s API, and uses OAuth for authentication.\u003C\u002Fp>\n\u003Cp>The details displayed by default are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ride Name\u003C\u002Fli>\n\u003Cli>Distance\u003C\u002Fli>\n\u003Cli>Elevation Gain\u003C\u002Fli>\n\u003Cli>Moving Time\u003C\u002Fli>\n\u003Cli>Location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each of the details can be turned on or off. The details are displayed in an unordered list so you can style the elements however you would like using CSS.\u003C\u002Fp>\n\u003Cp>You can also choose to display units in mi\u002Fft or km\u002Fm.\u003C\u002Fp>\n\u003Cp>While Strava does offer their own embed widget, this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>does not require an iframe\u003C\u002Fli>\n\u003Cli>allows you to style the results to match your site\u003C\u002Fli>\n\u003Cli>will work in responsive themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default all details are display using the shortcode \u003Ccode>[strava id=\"ride_id\"]\u003C\u002Fcode>, where ride_id is the string of digits at the end of the URL when viewing a single ride on Strava.\u003C\u002Fp>\n\u003Cp>If you would like to remove a detail, just set it to false in the shortcode. For example, if you would like to show only the distance, then use this shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[strava id=\"ride_id\" name=\"false\" elevation=\"false\" moving_time=\"false\" location=\"false\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Plugin Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Log in to your Strava account and create an application [http:\u002F\u002Fwww.strava.com\u002Fdevelopers]\u003C\u002Fli>\n\u003Cli>Make sure the redirect URI of your application is the same domain as your site\u003C\u002Fli>\n\u003Cli>Copy your client ID and client secret from your application into the Strava Ride Details settings page\u003C\u002Fli>\n\u003Cli>Click “Connect with Strava” on the settings page to generate an access token\u003C\u002Fli>\n\u003Cli>Save settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Add to page\u002Fpost\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Insert \u003Ccode>[strava id=\"ride_id\"]\u003C\u002Fcode> in your post or page\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin allows you to display Strava ride details from a specific ride in your posts and pages using a shortcode.",50,4095,80,"2014-03-23T21:13:00.000Z","3.7.41",[19,21,22],"http:\u002F\u002Fwww.endocreative.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstrava-ride-details.1.2.1.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":30,"downloaded":58,"rating":59,"num_ratings":29,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":17,"tags":63,"homepage":67,"download_link":68,"security_score":69,"vuln_count":29,"unpatched_count":13,"last_vuln_date":70,"fetched_at":26},"run-log","Run Log","1.7.12","izem","https:\u002F\u002Fprofiles.wordpress.org\u002Fizem\u002F","\u003Cp>The plugin add running diary capabilities to WordPress, so you can log and display your running [and other sporting] activities in posts. Share runs, total mileage (or kilometers), total time spent running, etc. Track your shoes usage, and\u002For other sporting gear. Link and group your activities by goals.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add custom post type for logging a running activity.\u003C\u002Fli>\n\u003Cli>Log distance and duration (elevation gain and calories) for each run in custom fields of run-log posts.\u003C\u002Fli>\n\u003Cli>Calculate pace\u002Fspeed automatically.\u003C\u002Fli>\n\u003Cli>Display the above data in the post automatically.\u003C\u002Fli>\n\u003Cli>Widget and shortcode for displaying totals – distance, time, elevation gain, calories (and average pace\u002Fspeed for shortcode).\u003C\u002Fli>\n\u003Cli>Option to choose light or dark style theme, to blend with your theme.\u003C\u002Fli>\n\u003Cli>Quick embed your STRAVA and\u002For Garmin Connect activity in the post (displaying data and map from your account).\u003C\u002Fli>\n\u003Cli>Add custom taxonomies for gear (like shoes) and goals (like “sub 4 marathon”) that could be connected to run-log posts (and regular posts). You may trak distance run with shoes usage by this (as well as other gear).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cp>Support RTL languages sites.\u003C\u002Fp>\n\u003Cp>The metric system of measurement is used by default – Kilometer (km) for distance, minutes per kilometer (min\u002Fkm) for pace, kilometers per hour (km\u002Fh) for speed [and meters (m) for elevation].\u003Cbr \u002F>\nYou can change these to statute\u002Fimperial by updating plugin’s “Distance unit” option to mi (Mile).\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hebrew – full translations.\u003C\u002Fli>\n\u003Cli>English – default. Not my mother tongue, so may have some wording and spelling mistakes. Do tell me how to correct them if you find any.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>[After activating the plugin]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>To log a new run you can follow these steps:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>On the admin menu there will be a new sub-menu: “Run Log” – from it’s options, select “Add New” (or click on “Run” from the “New” sub-menu of the top menu).\u003C\u002Fli>\n\u003Cli>Enter a title for this run (as post title), write your run description (e.g. type of run, location, how you fealt, etc.) in the body. You can add media (photos, videos) if you want, as you would do with a normal post.\u003C\u002Fli>\n\u003Cli>Under the main editing area (body) you should see the “Run Log Parameters” box. There you enter the distance and duration of the run.\u003C\u002Fli>\n\u003Cli>[Optional] You may add the elevation gain and\u002For calories for that activety (at “Run Log Parameters” box).\u003C\u002Fli>\n\u003Cli>[Optional] You may add the gear you used in this run on the “Gears” box (like shoes and track shoes mileage by this).\u003C\u002Fli>\n\u003Cli>[Optional] You may add the goal, that this run is part of the road to it, on the “Goals” box (so you’ll be able to see all of them in one page, as well as the total distance\u002Ftime).\u003C\u002Fli>\n\u003Cli>[Optional] You may add your “STRAVA” or “Garmin Connect” activity ID, to embed your activity’s data and map from your account (instead of the regular plugin’s display).\u003C\u002Fli>\n\u003Cli>Publish.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you want to configure run log data (distance, duration, pace\u002Fspeed), you can do this on the “Run Log Options”, accessible via the “Run Log” admin sub-menu. There you can select between top\u002Fbottom display position, Kilometer\u002FMiles units, and pace\u002Fspeed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>To display your totals\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use \u003Ccode>[oirl_total]\u003C\u002Fcode> Shortcode with (or without) these optional attributes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>only: distance\u002Ftime\u002Felevation\u002Fcalories;\u003C\u002Fli>\n\u003Cli>year: a 4-digit year – display totals for this year only;\u003C\u002Fli>\n\u003Cli>month: 1 or 2 digits for month (may have leading zero) – display totals for this year only (mast be used in conjunction with ‘year’ attribute);\u003C\u002Fli>\n\u003Cli>hide_pace: yes\u002Fno – if ‘yes’ will not show the average pace\u002Fspeed;\u003C\u002Fli>\n\u003Cli>days_display: true\u002Ffalse – display days in total time if more then 24 hours.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All-time distance + time + average pace\u002Fspeed:\n\u003Cul>\n\u003Cli>\u003Ccode>[oirl_total]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>2015 totals without average pace\u002Fspeed (display distance + time):\n\u003Cul>\n\u003Cli>\u003Ccode>[oirl_total year=\"2015\" hide_pace=\"yes\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>January 2016 totals (distance + time + average pace\u002Fspeed):\n\u003Cul>\n\u003Cli>\u003Ccode>[oirl_total year=\"2016\" month=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>All-time distance:\n\u003Cul>\n\u003Cli>\u003Ccode>[oirl_total only=\"distance\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>All-time duration (displaying days if more then 24 hours):\n\u003Cul>\n\u003Cli>\u003Ccode>[oirl_total only=\"time\" days_display=\"yes\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Total elevation gain for 2016:\n\u003Cul>\n\u003Cli>\u003Ccode>[oirl_total only=\"elevation\" year=\"2016\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>The plugin icon was \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">Designed by Freepik\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>To Do:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add option to display elevation and calories on run-log posts.\u003C\u002Fli>\n\u003Cli>Add hart rate(?).\u003C\u002Fli>\n\u003Cli>Add how you felt scale(?).\u003C\u002Fli>\n\u003Cli>More quick embed sources (polar, suunto, runkeeper, runtastic, etc).\u003C\u002Fli>\n\u003Cli>Add API support to retrieve data automatically form: Strava, Garmin Connect, Sunto Movescount, Runkeepr, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Uninstall\u003C\u002Fh4>\n\u003Cp>This plugin doesn’t add\u002Fchange the data-base structurer, so no worry about that. Yet, it does store plugin configuration options in the ‘options’ table. These options will be removed if plugin is uninstall (deleted) trough the plugins admin screen.\u003Cbr \u002F>\nData stored by this plugin for posts (in postmeta table) will be kept.\u003C\u002Fp>\n","Add running diary capabilities - log your sport activities, track and display: distance, duration, gear (e.g. shoes), elevation gain, calories, etc.",11115,100,"2026-02-07T20:22:00.000Z","6.9.4","4.0",[64,20,65,22,66],"run-diary","sport","training-log","https:\u002F\u002Fizmirli.org\u002Frun-log\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frun-log.1.7.12.zip",99,"2025-09-10 18:53:02",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":11,"num_ratings":29,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":17,"tags":84,"homepage":88,"download_link":89,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"simply-strava","Simply Strava","1.0.4","junkins","https:\u002F\u002Fprofiles.wordpress.org\u002Fjunkins\u002F","\u003Cp>A widget to display the last several weeks of Strava activity (mileage) in a\u003Cbr \u002F>\nsidebar.\u003C\u002Fp>\n","A simple Strava widget for Wordpress",10,2783,"2013-04-20T01:32:00.000Z","3.5.2","3.4.2",[85,86,20,22,87],"cycling","gps","widget","http:\u002F\u002Fwww.njcyclist.com\u002Fsimply_strava","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-strava.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":61,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":110,"download_link":111,"security_score":112,"vuln_count":113,"unpatched_count":13,"last_vuln_date":114,"fetched_at":26},"shortcodes-ultimate","WP Shortcodes Plugin — Shortcodes Ultimate","7.4.9","Vova","https:\u002F\u002Fprofiles.wordpress.org\u002Fgn_themes\u002F","\u003Ch3>SHORTCODES ULIMATE – THE #1 SHORTCODES PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetshortcodes.com\u002F?utm_campaign=wporg&utm_medium=readme&utm_source=description\" rel=\"nofollow ugc\">Shortcodes Ultimate\u003C\u002Fa> is a huge collection of useful elements, that you can use in the post editor, text widgets or even in template files.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F507942335\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgetshortcodes.com\u002Fdocs-category\u002Fshortcodes\u002F?utm_campaign=wporg&utm_medium=readme&utm_source=features\" rel=\"nofollow ugc\">Over 50 gorgeous shortcodes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Insert shortcodes in 1 click with Live Preview\u003C\u002Fli>\n\u003Cli>Supports the Block Editor\u003C\u002Fli>\n\u003Cli>Seamlessly integrates with your theme\u003C\u002Fli>\n\u003Cli>Looks great on mobile devices\u003C\u002Fli>\n\u003Cli>Custom CSS editor is included\u003C\u002Fli>\n\u003Cli>Developer-friendly with plenty of hooks and extensive documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Included shortcodes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – allows you to show specific posts anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accordion\u003C\u002Fstrong> – simple toggle block to show\u002Fhide your content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button\u003C\u002Fstrong> – highly-customizable button with multiple styles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightbox\u003C\u002Fstrong> – a lightbox that you can use with virtually any element\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Carousel\u003C\u002Fstrong> – beautiful super-customizable image carousel\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Columns\u003C\u002Fstrong> – must-have tool for creating layouts\u003C\u002Fli>\n\u003Cli>And many more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Help\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgetshortcodes.com\u002Fdocs\u002F?utm_campaign=wporg&utm_medium=readme&utm_source=links-docs\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fshortcodes-ultimate\" rel=\"ugc\">Community Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgetshortcodes.com\u002Fsupport\u002Fopen-support-ticket\u002F?utm_campaign=wporg&utm_medium=readme&utm_source=links-support\" rel=\"nofollow ugc\">The Pro Support\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TRY THE PRO VERSION FOR FREE\u003C\u002Fh3>\n\u003Cp>Try Shortcodes Ultimate Pro risk-free for 30 days. You are fully protected by our no questions asked refund policy!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetshortcodes.com\u002Fpricing\u002F?utm_campaign=wporg&utm_medium=readme&utm_source=try-pro\" rel=\"nofollow ugc\">Upgrade to Pro\u003C\u002Fa>\u003C\u002Fp>\n","A comprehensive collection of visual components for your site",400000,24545518,98,5917,"2026-02-02T16:19:00.000Z","5.0","5.4",[106,107,108,21,109],"carousel","columns","posts","toggle","https:\u002F\u002Fgetshortcodes.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-ultimate.7.4.9.zip",88,35,"2026-04-03 19:34:03",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":17,"tags":130,"homepage":135,"download_link":136,"security_score":137,"vuln_count":138,"unpatched_count":13,"last_vuln_date":139,"fetched_at":26},"mw-wp-form","MW WP Form","5.1.0","Takashi Kitajima","https:\u002F\u002Fprofiles.wordpress.org\u002Finc2734\u002F","\u003Cp>\u003Cstrong>This plugin currently has only the minimum required maintenance releases.\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Main maintainer has been handed over from @inc2734 to @websoudan.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>MW WP Form can create mail form with a confirmation screen using shortcode.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Form created using shortcodes\u003C\u002Fli>\n\u003Cli>Using confirmation page is possible.\u003C\u002Fli>\n\u003Cli>The page changes by the same URL or individual URL are possible.\u003C\u002Fli>\n\u003Cli>Many validation rules\u003C\u002Fli>\n\u003Cli>Saving inquiry data is possible.\u003C\u002Fli>\n\u003Cli>Displaying Chart using saved inquiry data is possible.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Official\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fmw-wp-form.web-soudan.co.jp\u003C\u002Fp>\n\u003Ch4>GitHub\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fweb-soudan\u002Fmw-wp-form\u003C\u002Fp>\n\u003Ch4>The following third-party resources\u003C\u002Fh4>\n\u003Cp>Google Charts\u003Cbr \u002F>\nSource: https:\u002F\u002Fdevelopers.google.com\u002Fchart\u002F\u003C\u002Fp>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F2inc.org\" rel=\"nofollow ugc\">Takashi Kitajima\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Finc2734\" rel=\"nofollow ugc\">inc2734\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebcre-archive.com\" rel=\"nofollow ugc\">Ryujiro Yamamoto\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fryu263\" rel=\"nofollow ugc\">ryu263\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkee-non.com\" rel=\"nofollow ugc\">Tsujimoto Tomoyuki\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Ftomothumb\" rel=\"nofollow ugc\">tomothumb\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>[Naoyuki Ohata] ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnanniku\" rel=\"nofollow ugc\">nanniku\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmt8.biz\u002F\" rel=\"nofollow ugc\">Kazuto Takeshita\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmt8biz\u002F\" rel=\"nofollow ugc\">moto hachi\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.next-season.net\u002F\" rel=\"nofollow ugc\">Atsushi Ando\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnext-season\u002F\" rel=\"nofollow ugc\">NExt-Season\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvisualive.jp\u002F\" rel=\"nofollow ugc\">Kazuki Tomiyasu\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fkuck1u\u002F\" rel=\"nofollow ugc\">KUCKLU\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmypacecreator.net\u002F\" rel=\"nofollow ugc\">Kei Nomura\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmypacecreator\u002F\" rel=\"nofollow ugc\">mypacecreator\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmh35\" rel=\"nofollow ugc\">mh35\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnojimage\" rel=\"nofollow ugc\">Takashi Nojima\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fherikutu\" rel=\"nofollow ugc\">herikutu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftsucharoku\" rel=\"nofollow ugc\">tsucharoku\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ft-hamano\" rel=\"nofollow ugc\">Tetsuaki Hamano\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwildworks\u002F\" rel=\"nofollow ugc\">t-hamano\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmusus\" rel=\"nofollow ugc\">Susumu Seino\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmusus\u002F\" rel=\"nofollow ugc\">Susumu Seino\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flikr\" rel=\"nofollow ugc\">Yosuke Onoue\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Flikr\u002F\" rel=\"nofollow ugc\">likr\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyudai524\" rel=\"nofollow ugc\">Yudai Konishi\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fyudai524\u002F\" rel=\"nofollow ugc\">Yudai Konishi\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnoldorinfo\" rel=\"nofollow ugc\">takekoshi\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnoldorinfo\u002F\" rel=\"nofollow ugc\">takekoshi\u003C\u002Fa> )\u003C\u002Fli>\n\u003C\u002Ful>\n","MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving,  &hellip;",200000,1771027,86,22,"2024-03-13T02:48:00.000Z","6.4.8","6.0",[131,132,133,134,21],"confirm","form","mail","preview","https:\u002F\u002Fmw-wp-form.web-soudan.co.jp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmw-wp-form.5.1.0.zip",69,6,"2026-04-01 16:50:15",{"attackSurface":141,"codeSignals":182,"taintFlows":213,"riskAssessment":258,"analyzedAt":271},{"hooks":142,"ajaxHandlers":164,"restRoutes":174,"shortcodes":175,"cronEvents":179,"entryPointCount":180,"unprotectedCount":181},[143,149,153,158,160],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","strava_for_wp_tab","custom-strava-integration-admin.php",11,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_init","wp_strava_for_wp_settings",55,{"type":144,"name":154,"callback":155,"file":156,"line":157},"load-post.php","strava_for_wordpress_meta_box_setup","custom-strava-integration-metabox.php",5,{"type":144,"name":159,"callback":155,"file":156,"line":138},"load-post-new.php",{"type":144,"name":161,"callback":162,"file":156,"line":163},"add_meta_boxes","strava_for_wordpress_meta_box",12,[165,170],{"action":166,"nopriv":167,"callback":168,"hasNonce":167,"hasCapCheck":167,"file":156,"line":169},"next",false,"strava_next",8,{"action":171,"nopriv":167,"callback":172,"hasNonce":167,"hasCapCheck":167,"file":156,"line":173},"prev","strava_prev",9,[],[176],{"tag":22,"callback":177,"file":178,"line":157},"strava_shortcode","custom-strava-integration-shortcode.php",[],3,2,{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":212},[],{"prepared":13,"raw":13,"locations":185},[],{"escaped":13,"rawEcho":163,"locations":187},[188,192,194,196,199,200,202,203,204,206,208,210],{"file":189,"line":190,"context":191},"admin\\custom-strava-integration-connect-settings.php",15,"raw output",{"file":189,"line":193,"context":191},28,{"file":189,"line":195,"context":191},51,{"file":197,"line":198,"context":191},"admin\\custom-strava-integration-general-settings.php",14,{"file":197,"line":190,"context":191},{"file":147,"line":201,"context":191},48,{"file":156,"line":100,"context":191},{"file":156,"line":100,"context":191},{"file":156,"line":205,"context":191},102,{"file":156,"line":207,"context":191},103,{"file":156,"line":209,"context":191},134,{"file":156,"line":211,"context":191},151,[],[214,236,247],{"entryPoint":215,"graph":216,"unsanitizedCount":29,"severity":235},"strava_next (custom-strava-integration-metabox.php:165)",{"nodes":217,"edges":232},[218,223,227],{"id":219,"type":220,"label":221,"file":156,"line":222},"n0","source","$_POST['page']",166,{"id":224,"type":225,"label":226,"file":156,"line":222},"n1","transform","→ print_result()",{"id":228,"type":229,"label":230,"file":156,"line":211,"wp_function":231},"n2","sink","echo() [XSS]","echo",[233,234],{"from":219,"to":224,"sanitized":167},{"from":224,"to":228,"sanitized":167},"medium",{"entryPoint":237,"graph":238,"unsanitizedCount":29,"severity":235},"strava_prev (custom-strava-integration-metabox.php:169)",{"nodes":239,"edges":244},[240,242,243],{"id":219,"type":220,"label":221,"file":156,"line":241},170,{"id":224,"type":225,"label":226,"file":156,"line":241},{"id":228,"type":229,"label":230,"file":156,"line":211,"wp_function":231},[245,246],{"from":219,"to":224,"sanitized":167},{"from":224,"to":228,"sanitized":167},{"entryPoint":248,"graph":249,"unsanitizedCount":181,"severity":235},"\u003Ccustom-strava-integration-metabox> (custom-strava-integration-metabox.php:0)",{"nodes":250,"edges":255},[251,253,254],{"id":219,"type":220,"label":252,"file":156,"line":222},"$_POST['page'] (x2)",{"id":224,"type":225,"label":226,"file":156,"line":222},{"id":228,"type":229,"label":230,"file":156,"line":211,"wp_function":231},[256,257],{"from":219,"to":224,"sanitized":167},{"from":224,"to":228,"sanitized":167},{"summary":259,"deductions":260},"The custom-strava-integration plugin v1.0 exhibits a concerning security posture due to several critical weaknesses. While it correctly avoids dangerous functions, raw SQL queries, and external HTTP requests, its primary vulnerabilities lie in its handling of entry points. The presence of two unprotected AJAX handlers presents a significant attack surface, as attackers could potentially trigger these without proper authentication.  Furthermore, the complete lack of output escaping across all observed outputs is a severe deficiency, opening the door to Cross-Site Scripting (XSS) vulnerabilities.\n\nThe taint analysis, despite not identifying critical or high severity flows, is limited by the lack of auth checks and proper escaping. The \"flows with unsanitized paths\" is concerning, suggesting that user-supplied data is being used in a way that could lead to vulnerabilities if the entry points were properly secured. The vulnerability history shows no recorded CVEs, which is a positive sign, but this cannot be relied upon given the other identified weaknesses. A clean history does not inherently mean a plugin is secure, especially when significant security gaps are present in the code itself.\n\nIn conclusion, the plugin's reliance on unprotected AJAX handlers and the complete absence of output escaping are major security risks that overshadow the absence of known CVEs. The plugin is not recommended for production use without significant remediation of these issues. The use of prepared statements for SQL and lack of file operations are good practices, but they do not mitigate the immediate threats posed by the identified attack vectors and output handling.",[261,263,265,267,269],{"reason":262,"points":79},"Unprotected AJAX handlers",{"reason":264,"points":169},"Output escaping missing",{"reason":266,"points":157},"No nonce checks",{"reason":268,"points":157},"No capability checks",{"reason":270,"points":157},"Unsanitized paths in taint analysis","2026-03-16T23:08:35.307Z",{"wat":273,"direct":278},{"assetPaths":274,"generatorPatterns":275,"scriptPaths":276,"versionParams":277},[],[],[],[],{"cssClasses":279,"htmlComments":293,"htmlAttributes":294,"restEndpoints":299,"jsGlobals":301,"shortcodeOutput":313},[280,281,282,283,284,285,286,287,288,289,290,291,292],"activity-detail","strava-distance","strava-elevation","strava-time","strava-name","strava-location","modal","search-result","prev-nav","next-nav","nav","help","bold",[],[295,296,297,298],"id=\"strava-loading\"","id=\"strava-content\"","id=\"result-link-","data-strava-id=\"",[300],"\u002Fwp-json\u002Fstrava\u002Fv1\u002Factivities",[155,162,302,303,168,172,177,304,305,306,307,308,309,310,311,312],"strava_for_wordpress_meta_box_display","print_result","strava_distance","strava_elevation","strava_time","strava_duration","strava_name","strava_description","strava_type","strava_location","strava_speed",[314],"[strava id=\""]