[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL80rQv2UDOcldYSF5ZeN6jzdyysNPlnr2Eqq_fJPQJQ":3,"$fYW3jrwu6pZBnWCtS4oFO9nLWjcrY5lITGey1G-1CmQA":368,"$fB91yti1zBGHw5fPkznotUaldIdDAFc5rIk_7NxNSTVc":372},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":127,"fingerprints":343},"cvmh-simple-slideshow","Simple Slideshow","1.2.15","cvmh","https:\u002F\u002Fprofiles.wordpress.org\u002Fcvmh\u002F","\u003Cp>A very simple slideshow.\u003C\u002Fp>\n\u003Ch4>Current features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Only fade effect\u003C\u002Fli>\n\u003Cli>Customizable (duration, description fields, slide link …)\u003C\u002Fli>\n\u003Cli>Arrows \u002F dots navigation\u003C\u002Fli>\n\u003Cli>Slide description with add\u002Fdelete fields\u003C\u002Fli>\n\u003Cli>Slide categories option\u003C\u002Fli>\n\u003Cli>Drag & drop ordering\u003C\u002Fli>\n\u003Cli>Shortcode\u003C\u002Fli>\n\u003Cli>Widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Looking for a WordPress agency? Contact us: \u003Ca href=\"http:\u002F\u002Fwww.agence-web-cvmh.fr\" rel=\"nofollow ugc\">agence web WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to uninstall CVMH Simple Slideshow\u003C\u002Fh3>\n\u003Cp>To uninstall CVMH Simple Slideshow, you just have to de-activate the plugin from the plugins list.\u003C\u002Fp>\n","Add a slideshow on your site.",70,8918,80,3,"2022-01-26T19:36:00.000Z","5.9.13","3.6","",[20,21],"jquery","slideshow","http:\u002F\u002Fwww.agence-web-cvmh.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcvmh-simple-slideshow.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":33,"computed_at":35},5,180,81,30,"2026-06-03T01:22:54.171Z",[37,57,73,91,105],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":55,"download_link":56,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"wp-cycle","WP-Cycle","0.1.13","Nathan Rice","https:\u002F\u002Fprofiles.wordpress.org\u002Fnathanrice\u002F","\u003Cp>The WP-Cycle plugin allows you to upload images from your computer, which will then be used to generate a jQuery Cycle Plugin slideshow of the images.\u003C\u002Fp>\n\u003Cp>Each image can also be given a URL which, when the image is active in the slideshow, will be used as an anchor wrapper around the image, turning the image into a link to the URL you specified.  The slideshow is set to pause when the user hovers over the slideshow images, giving them ample time to click the link.\u003C\u002Fp>\n\u003Cp>Images can also be deleted via the plugins Administration page.\u003C\u002Fp>\n","This plugin creates an image slideshow in your theme, using the jQuery Cycle plugin. You can upload\u002Fdelete images via the administration panel, and di &hellip;",3000,235562,72,12,"2012-08-15T03:09:00.000Z","3.4.2","3.0",[53,54,21],"images","jquery-cycle","http:\u002F\u002Fwww.nathanrice.net\u002Fplugins\u002Fwp-cycle\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-cycle.0.1.13.zip",{"slug":21,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":25,"num_ratings":25,"last_updated":66,"tested_up_to":67,"requires_at_least":51,"requires_php":18,"tags":68,"homepage":71,"download_link":72,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"Slideshow","0.1","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>The Slideshow plugin gives you a shortcode called \u003Ccode>[slideshow]\u003C\u002Fcode>, which pulls any image attachments for a post (or any post type) and formats them into a nicely-designed slideshow.\u003C\u002Fp>\n\u003Cp>The Slideshow plugin was originally developed as a feature of the \u003Ca href=\"http:\u002F\u002Fdevpress.com\u002Fthemes\u002Fnews\" title=\"News WordPress theme\" rel=\"nofollow ugc\">News theme\u003C\u002Fa> (if you’re using that theme, please don’t install this plugin).  Realizing that users sometimes switch themes, we wanted to give those users a way to continue using their slideshows with other themes.  This also allows us to make the slideshow feature something that anyone can use, even if they’re not using one of our themes.\u003C\u002Fp>\n","A shortcode for displaying a slideshow of image attachments for a post.",1000,110878,"2017-11-28T14:07:00.000Z","3.0.5",[69,20,70,21],"javascript","shortcode","http:\u002F\u002Fdevpress.com\u002Fplugins\u002Fslideshow","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslideshow.0.1.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":25,"num_ratings":25,"last_updated":83,"tested_up_to":84,"requires_at_least":51,"requires_php":18,"tags":85,"homepage":89,"download_link":90,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"all-in-one-slideshow","All-In-One Slideshow","1.3.3","wptom","https:\u002F\u002Fprofiles.wordpress.org\u002Fhellysium\u002F","\u003Cp>You can combine 27 transition and 8 easing effects! The plugin comes with package of 8 cufon fonts. You can easlily add new fonts. Choose between arrow and numbered navigation. Or use both at once. Try out how easy it is to customize this slideshow gallery without knowledge of programming.\u003Cbr \u002F>\n Please, go to the \u003Ca href=\"http:\u002F\u002Flizatom.com\u002Fwordpress-plugin\u002Fall-in-one-slideshow\u002F\" rel=\"nofollow ugc\">All-In-One Slideshow\u003C\u002Fa>‘s page to get more info.\u003C\u002Fp>\n\u003Ch3>Contributors\u002FChangelog\u003C\u002Fh3>\n\u003Cpre>\u003Ccode> Version   Date       Changes\n\n 1.0.0     2010\u002F11\u002F29 Initial release\n 1.1.0     2010\u002F11\u002F29 minor fix\n 1.2.0     2010\u002F12\u002F01 conflict with custom menus solved.\n 1.2.1     2010\u002F12\u002F02 identifier #nav changed to #aio-nav, added upload tutorial, fixed 'settings link'. I apologize for the 3rd update in 3 days but I just want all users to be satisfied with the plugin. thank you!\n 1.3.0     2011\u002F02\u002F02 one more save button, option to load scripts\u002Fstyles only when you need them\n 1.3.1     bug fix for 1.3.0\n 1.3.2     cufon-yui 1.09i, minor changes, tested on WordPress 3.3\n 1.3.3     minor changes\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Thanks to all who sent bug reports and ideas for\u003Cbr \u002F>\nimprovements.\u003C\u002Fp>\n","All-In-One Slideshow plugin implements jCycle, Easing and Cufon scripts into the highly customizable slideshow gallery.",100,40412,"2012-02-05T14:42:00.000Z","3.3.2",[86,87,88,54,21],"easing","gallery","jcycle","http:\u002F\u002Flizatom.com\u002Fwordpress-plugin\u002Fall-in-one-slideshow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-slideshow.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":81,"downloaded":99,"rating":81,"num_ratings":14,"last_updated":100,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":101,"homepage":103,"download_link":104,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"wp-cycle-plus-captions","WP-Cycle Plus Captions","0.4.5","Snub_Fighter","https:\u002F\u002Fprofiles.wordpress.org\u002Ftech-squawkers\u002F","\u003Cp>The WP-Cycle Plus Captions plugin allows you to upload images from your computer, which will then be used to generate a jQuery Cycle Plugin slideshow.\u003C\u002Fp>\n\u003Cp>Each image can be given a URL, the active image will then work just like your basic text link. The slideshow is set to pause when the user hovers over the slideshow images, giving them ample time to click the link.\u003C\u002Fp>\n\u003Cp>New!\u003C\u002Fp>\n\u003Cp>Now each image can now be assigned a caption. Each caption will display below its parent image as they rotate.\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>Internet Explorer Display issue\u003C\u002Fh4>\n\u003Cp>Images may appear blank or hidden. Check your themes style sheet for IMG { max-width:100%; } and comment or remove it.\u003C\u002Fp>\n\u003Ch3>WP-Cycle Changelog\u003C\u002Fh3>\n\u003Ch4>0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial Release\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added automatic defaults database insertion\u003C\u002Fli>\n\u003Cli>Added [wp_cycle] shortcode\u003C\u002Fli>\n\u003Cli>Buggy release, ended up reverting to 0.1\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Unreleased version, used for testing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added stable [wp_cycle] shortcode\u003C\u002Fli>\n\u003Cli>Added transition duration control to settings\u003C\u002Fli>\n\u003Cli>Added transition delay control to settings\u003C\u002Fli>\n\u003Cli>Added new options to the defaults array (for filtering)\u003C\u002Fli>\n\u003Cli>Changed some wording in the settings\u003C\u002Fli>\n\u003Cli>Upgraded jQuery Cycle plugin from 2.63 to 2.65\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.4\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added empty alt tag to images to pass vaidation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.5\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed the error that got produced when trying to loop through a non-array variable (duh!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.6\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed the shortcode positioning problem\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.7\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Upgraded jQuery Cycle plugin from 2.65 to 2.81\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.8\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added \u003Ccode>position: relative;\u003C\u002Fcode> to the slideshow div\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.9\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Moved script and args to the \u003Ccode>wp_footer\u003C\u002Fcode> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.10\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed minor bug from 0.1.9\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.11\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Moved WP-Cycle menu location from “Plugins” to “Media”\u003C\u002Fli>\n\u003Cli>Updated the menu registration to comply with new roles methodology.\u003C\u002Fli>\n\u003Cli>Added “Settings” link on plugins page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.1.12\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Updated jQuery Cycle plugin to 2.99\u003C\u002Fli>\n\u003C\u002Ful>\n","The WP-Cycle Plus Captions plugin allows you to upload images from your computer, which will then be used to generate a jQuery Cycle Plugin slideshow.",8676,"2013-02-06T19:26:00.000Z",[102,53,54,21],"captions","http:\u002F\u002Fwww.tech-squawkers.com\u002Fwp-cycle-plus-captions\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-cycle-plus-captions.0.4.5.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":18,"tags":120,"homepage":125,"download_link":126,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"simple-content-slider","Simple Content Slider \u002F Slideshow","1.0.2","Arthur Ronconi","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebarthur\u002F","\u003Cp>A responsive content slider and slideshow plug-in for jQuery with features like touch and CSS3 transitions.\u003C\u002Fp>\n\u003Cp>This is an essential plugin for your WordPress websites:\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive slideshow\u003C\u002Fli>\n\u003Cli>Content slides (images, texts, videos, etc)\u003C\u002Fli>\n\u003Cli>Slide or Fade effect\u003C\u002Fli>\n\u003Cli>Uses SlidesJS 3.0\u003C\u002Fli>\n\u003Cli>Each slide is a post type\u003C\u002Fli>\n\u003Cli>Shortcode makes it easy\u003C\u002Fli>\n\u003Cli>Function the_slideshow() can be used in hardcode\u003C\u002Fli>\n\u003Cli>Exemple: the_slideshow(“cat=10”);\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Showcase\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Facademiaciadocorpo.net\u002F\" rel=\"nofollow ugc\">academiaciadocorpo.net\u003C\u002Fa> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Simplicity is the ultimate sophistication” — Da Vinci\u003C\u002Fp>\n\u003Cp>Visit: http:\u002F\u002Faraujo.cc\u002F\u003C\u002Fp>\n","A simple and responsive content slider and slideshow plug-in for jQuery with features like touch and CSS3 transitions.",90,13289,56,4,"2016-07-15T04:51:00.000Z","4.5.33","4.5.3",[121,122,123,21,124],"jquery-slider","slide","slider","slidesjs","http:\u002F\u002Faraujo.cc\u002Fportfolio\u002Fsimple-content-slider-slideshow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-content-slider.1.0.2.zip",{"attackSurface":128,"codeSignals":218,"taintFlows":314,"riskAssessment":332,"analyzedAt":342},{"hooks":129,"ajaxHandlers":204,"restRoutes":210,"shortcodes":211,"cronEvents":215,"entryPointCount":216,"unprotectedCount":217},[130,136,142,146,150,155,159,163,168,172,177,181,185,189,193,197,200],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","init","cvmh_slideshow_init","cvmh-simple-slideshow.php",31,{"type":131,"name":137,"callback":138,"priority":139,"file":140,"line":141},"add_meta_boxes","cvmh_slideshow_3rd_remove_yoast_seo_meta_box",100000,"includes\\3rd-party\\wordpress-seo.php",7,{"type":131,"name":143,"callback":144,"file":140,"line":145},"admin_head-edit.php","cvmh_slideshow_3rd_hide_yoast_seo_filter_box",17,{"type":131,"name":147,"callback":148,"priority":139,"file":140,"line":149},"post_submitbox_start","cvmh_slideshow_3rd_hide_yoast_seo_score",36,{"type":131,"name":151,"callback":152,"file":153,"line":154},"widgets_init","register","includes\\classes\\widget.php",62,{"type":131,"name":156,"callback":157,"file":158,"line":141},"admin_menu","cvmh_slideshow_admin_menu","includes\\functions\\admin.php",{"type":131,"name":160,"callback":161,"file":158,"line":162},"admin_enqueue_scripts","cvmh_slideshow_admin_enqueue",16,{"type":164,"name":165,"callback":166,"file":158,"line":167},"filter","plugin_action_links_cvmh-simple-slideshow\u002Fcvmh-simple-slideshow.php","cvmh_slideshow_admin_add_action_links",44,{"type":131,"name":169,"callback":170,"file":158,"line":171},"manage_posts_custom_column","cvmh_slideshow_admin_display_columns",87,{"type":131,"name":173,"callback":174,"priority":175,"file":158,"line":176},"save_post","cvmh_slideshow_admin_save",20,146,{"type":131,"name":178,"callback":179,"file":158,"line":180},"admin_init","cvmh_slideshow_admin_refresh",212,{"type":131,"name":182,"callback":183,"file":184,"line":116},"wp_enqueue_scripts","cvmh_slideshow_front_enqueues","includes\\functions\\front.php",{"type":164,"name":186,"callback":187,"file":188,"line":116},"get_previous_post_where","cvmh_slideshow_order_previous_post_where","includes\\functions\\order.php",{"type":164,"name":190,"callback":191,"file":188,"line":192},"get_previous_post_sort","cvmh_slideshow_order_previous_post_sort",15,{"type":164,"name":194,"callback":195,"file":188,"line":196},"get_next_post_where","cvmh_slideshow_order_next_post_where",25,{"type":164,"name":198,"callback":199,"file":188,"line":149},"get_next_post_sort","cvmh_slideshow_order_next_post_sort",{"type":131,"name":201,"callback":202,"file":188,"line":203},"pre_get_posts","cvmh_slideshow_order_pre_get_posts",46,[205],{"action":206,"nopriv":207,"callback":208,"hasNonce":207,"hasCapCheck":207,"file":158,"line":209},"update-menu-order",false,"cvmh_slideshow_admin_update_menu_order",172,[],[212],{"tag":4,"callback":213,"file":184,"line":214},"cvmh_slideshow_front_shortcode",10,[],2,1,{"dangerousFunctions":219,"sqlUsage":220,"outputEscaping":232,"fileOperations":25,"externalRequests":25,"nonceChecks":216,"capabilityChecks":216,"bundledLibraries":313},[],{"prepared":25,"raw":116,"locations":221},[222,225,227,231],{"file":158,"line":223,"context":224},191,"$wpdb->get_results() with variable interpolation",{"file":158,"line":226,"context":224},215,{"file":228,"line":229,"context":230},"uninstall.php",24,"$wpdb->query() with variable interpolation",{"file":228,"line":196,"context":230},{"escaped":116,"rawEcho":233,"locations":234},51,[235,238,240,241,242,243,245,246,248,250,252,254,256,258,260,262,264,266,268,269,270,272,273,274,275,276,278,279,281,282,283,285,286,288,289,290,291,293,294,295,297,300,301,302,303,305,307,308,309,310,312],{"file":153,"line":236,"context":237},40,"raw output",{"file":153,"line":239,"context":237},41,{"file":153,"line":239,"context":237},{"file":153,"line":239,"context":237},{"file":153,"line":239,"context":237},{"file":153,"line":244,"context":237},55,{"file":153,"line":115,"context":237},{"file":153,"line":247,"context":237},57,{"file":158,"line":249,"context":237},94,{"file":158,"line":251,"context":237},95,{"file":158,"line":253,"context":237},102,{"file":158,"line":255,"context":237},104,{"file":158,"line":257,"context":237},105,{"file":158,"line":259,"context":237},113,{"file":158,"line":261,"context":237},118,{"file":158,"line":263,"context":237},124,{"file":158,"line":265,"context":237},129,{"file":184,"line":267,"context":237},75,{"file":184,"line":267,"context":237},{"file":184,"line":267,"context":237},{"file":184,"line":271,"context":237},77,{"file":184,"line":271,"context":237},{"file":184,"line":271,"context":237},{"file":184,"line":271,"context":237},{"file":184,"line":13,"context":237},{"file":184,"line":277,"context":237},93,{"file":184,"line":277,"context":237},{"file":184,"line":280,"context":237},103,{"file":184,"line":280,"context":237},{"file":184,"line":280,"context":237},{"file":284,"line":175,"context":237},"views\\metabox-slide.php",{"file":284,"line":34,"context":237},{"file":284,"line":287,"context":237},39,{"file":284,"line":167,"context":237},{"file":284,"line":203,"context":237},{"file":284,"line":203,"context":237},{"file":284,"line":292,"context":237},49,{"file":284,"line":292,"context":237},{"file":284,"line":292,"context":237},{"file":284,"line":296,"context":237},60,{"file":298,"line":299,"context":237},"views\\settings.php",28,{"file":298,"line":299,"context":237},{"file":298,"line":299,"context":237},{"file":298,"line":236,"context":237},{"file":298,"line":304,"context":237},50,{"file":298,"line":306,"context":237},52,{"file":298,"line":296,"context":237},{"file":298,"line":171,"context":237},{"file":298,"line":171,"context":237},{"file":298,"line":311,"context":237},88,{"file":298,"line":311,"context":237},[],[315],{"entryPoint":316,"graph":317,"unsanitizedCount":25,"severity":331},"\u003Csettings> (views\\settings.php:0)",{"nodes":318,"edges":328},[319,323],{"id":320,"type":321,"label":322,"file":298,"line":236},"n0","source","$_SERVER['REQUEST_URI']",{"id":324,"type":325,"label":326,"file":298,"line":236,"wp_function":327},"n1","sink","echo() [XSS]","echo",[329],{"from":320,"to":324,"sanitized":330},true,"low",{"summary":333,"deductions":334},"The cvmh-simple-slideshow plugin v1.2.15 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, indicating a generally stable past, the static analysis reveals several areas for concern. The presence of an unprotected AJAX handler significantly increases the attack surface, providing a direct entry point for malicious actors without proper authentication. Furthermore, the plugin heavily relies on raw SQL queries without prepared statements, which is a critical vulnerability that could lead to SQL injection attacks. The low percentage of properly escaped output suggests that user-supplied data might be reflected directly in the output, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. Although there are no critical taint flows or dangerous functions identified, the combination of these weaknesses, particularly the unprotected AJAX handler and un-prepared SQL queries, presents a moderate to high risk that requires attention.",[335,338,340],{"reason":336,"points":337},"Unprotected AJAX handler present",8,{"reason":339,"points":141},"100% of SQL queries use raw statements",{"reason":341,"points":31},"Low percentage of properly escaped output","2026-03-16T21:37:48.426Z",{"wat":344,"direct":355},{"assetPaths":345,"generatorPatterns":348,"scriptPaths":349,"versionParams":352},[346,347],"\u002Fwp-content\u002Fplugins\u002Fcvmh-simple-slideshow\u002Fassets\u002Fcss\u002Fadmin.min.css","\u002Fwp-content\u002Fplugins\u002Fcvmh-simple-slideshow\u002Fassets\u002Fjs\u002Fadmin.min.js",[],[350,351],"..\u002F..\u002Fassets\u002Fjs\u002Fadmin.min.js","..\u002F..\u002Fassets\u002Fcss\u002Fadmin.min.css",[353,354],"cvmh-slideshow-admin.min.js?ver=","cvmh-slideshow-admin.min.css?ver=",{"cssClasses":356,"htmlComments":358,"htmlAttributes":359,"restEndpoints":364,"jsGlobals":365,"shortcodeOutput":367},[357],"cvmh_slideshow_admin",[],[360,361,362,363],"data-cvmh_slideshow_width","data-cvmh_slideshow_height","data-cvmh_slideshow_duration","data-cvmh_slideshow_show_nav",[],[366],"cvmhTranslate",[],{"error":330,"url":369,"statusCode":370,"statusMessage":371,"message":371},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcvmh-simple-slideshow\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":25,"versions":373},[]]