[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyUX_01kV0R0IEqKnh9LXBS91xcJ5sPNVvTTyZaSyExU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":52,"analysis":121,"fingerprints":296},"dadevarzan-common","Dadevarzan WordPress Common","2.2.3","Dadevarzan","https:\u002F\u002Fprofiles.wordpress.org\u002Fdadevarzan\u002F","\u003Cp>Dadevarzan Common Plugin\u003Cbr \u002F>\n– Add file ShortCode For ACF\u003Cbr \u002F>\n    \u003Ccode>[acf-file field=\"ACF_Field\" property=\"size\"]\u003Cbr \u002F>\n[acf-file field=\"ACF_Field\" property=\"url\"]\u003Cbr \u002F>\n[acf-file field=\"ACF_Field\" property=\"title\"]\u003Cbr \u002F>\n[acf-file field=\"ACF_Field\" property=\"filename\"]\u003Cbr \u002F>\n[acf-file field=\"ACF_Field\" property=\"type\"]\u003Cbr \u002F>\n[acf-file field=\"ACF_Field\" property=\"caption\"]\u003Cbr \u002F>\n[acf-file field=\"ACF_Field\" property=\"description\"]\u003C\u002Fcode>\u003Cbr \u002F>\n– Add ShortCode For Date Filter in Archives\u003Cbr \u002F>\n    \u003Ccode>[dv-date-filter post_type=\"post\"]\u003C\u002Fcode>\u003Cbr \u002F>\n– Add ShortCode to display All taxonomies hierarchically in an unordered list style\u003Cbr \u002F>\n    \u003Ccode>[dv-all-tax taxonomy=\"taxonomy_slug\"]\u003C\u002Fcode>\u003Cbr \u002F>\n– Add ShortCode to display related taxonomies to a specific post\u003Cbr \u002F>\n    \u003Ccode>[dv-tax slug='TAXONOMY_SLUG' field='term_id|name|slug' seperator=',']\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display product attribute short codes for single page\u003Cbr \u002F>\n    \u003Ccode>[display_attribute attribute=\"color\"]\u003C\u002Fcode>    \u003C\u002Fli>\n\u003Cli>Enabled mega menu in beaver theme\u003C\u002Fli>\n\u003Cli>Allowed access to Appearance > Menu and Widgets to Editor & Shop manager roles\u003C\u002Fli>\n\u003Cli>Allowed access to Gravity forms to Editor & Shop manager roles\u003C\u002Fli>\n\u003Cli>Added Banner image, International title and Catalog file to WooCommerce product with ACF\u003C\u002Fli>\n\u003Cli>Added Banner image to WooCommerce product Category and Tag with ACF\u003C\u002Fli>\n\u003Cli>Added Ability to use shortcode in Beaver builder custom CSS class\u003C\u002Fli>\n\u003Cli>Added Dadevarzan Custom Font Icon to Beaver builder Icon set.\u003C\u002Fli>\n\u003Cli>Added lots of farsi\u002Fpersian Fonts to Beaver builder.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>Enhance your Dadevarzan WordPress site with custom shortcodes, Persian fonts, and WooCommerce enhancements. Supports ACF, taxonomy display, date filtering, and Beaver Builder integration.\u003C\u002Fp>\n","Dadevarzan Common Plugin",700,16502,0,"2025-08-25T12:45:00.000Z","6.8.5","4.4.0","7.4",[19,20,21,22,23],"common","dadehvarzan","dadevarzan","wordpress","wp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdadevarzan-common","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdadevarzan-common.zip",99,1,"2025-09-03 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-58632","dadevarzan-wordpress-common-authenticated-contributor-stored-cross-site-scripting","Dadevarzan WordPress Common \u003C= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Dadevarzan WordPress Common plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.2.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-09 22:36:09",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1a2acbf7-ec3f-44d7-b166-ad0745a2e9ad?source=api-prod",7,{"slug":21,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":45,"trust_score":50,"computed_at":51},19,2160,87,91,"2026-04-04T02:42:26.195Z",[53,70,84,98,109],{"slug":54,"name":55,"version":56,"author":7,"author_profile":8,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":13,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":67,"download_link":68,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"dadevarzan-woo-common","Dadevarzan Common for Woocommerce","1.1.2","\u003Cp>Dadevarzan custom shortcodes and common functionalites for Woocommerce.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Displaying Woocommerce Product Gallery images\u003Cbr \u002F>\n[dv_wc_product_images count=’1′ size=’medium’]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Woocommerce sorting product selectbox\u003Cbr \u002F>\n[dv_display_product_sorting]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Woocommerce variation swatches based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-variation-swatches\u002F\" rel=\"ugc\">Variation Swatches for WooCommerce\u003C\u002Fa>,\u003Cbr \u002F>\n[dv_wc_product_variation_swatches term=’ATTRIBUTE-SLUG’ type=’color|image|button’]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Attribute Table outside of default WooCommerce tabs\u003Cbr \u002F>\n[dv_product_additional_information]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Product Review outside of default WooCommerce tabs\u003Cbr \u002F>\n[dv_display_product_review]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Woocommerce Compaire based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-smart-compare\u002F\" rel=\"ugc\">WPC Smart Compare for WooCommerce\u003C\u002Fa>,\u003Cbr \u002F>\n[dv_product_compaire]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Woocommerce Wishlist based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-smart-wishlist\u002F\" rel=\"ugc\">WPC Smart Wishlist for WooCommerce\u003C\u002Fa>,\u003Cbr \u002F>\n[dv_product_wishlist]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Woocommerce Product Discount budge if os sales,\u003Cbr \u002F>\n[dv_display_product_discount]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Displaying Woocommerce stock status based on \u003Ca href=\"https:\u002F\u002Fdocs.wpbeaverbuilder.com\u002Fbeaver-themer\u002Ffield-connections\u002Fuse-conditional-shortcode-to-test-for-presence-of-content-themer\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa>,\u003Cbr \u002F>\n[wpbb-if  post:custom_field key=’_stock_status’ exp=’equals’ value=’outofstock’]\u003Cbr \u002F>\n\u003Cdiv class=\"dv-stock_status dv-outofstock\">ناموجود\u003C\u002Fdiv>\u003Cbr \u002F>\n[wpbb-else]\u003Cbr \u002F>\n\u003Cdiv class=\"dv-stock_status dv-instock\">موجود\u003C\u002Fdiv>\u003Cbr \u002F>\n[\u002Fwpbb-if]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Added \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-variation-swatches\u002F\" rel=\"ugc\">Variation and Swatches\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsearchandfilter.com\u002F\" rel=\"nofollow ugc\">Search & Filter Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Dadevarzan custom shortcodes and common functionalites for Woocommerce.",200,2624,"2023-01-02T11:51:00.000Z","6.1.10","5.0.0","7.2",[20,21,66,22,23],"woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdadevarzan-woo-common","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdadevarzan-woo-common.zip",85,{"slug":71,"name":72,"version":73,"author":7,"author_profile":8,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":13,"num_ratings":13,"last_updated":78,"tested_up_to":79,"requires_at_least":16,"requires_php":64,"tags":80,"homepage":82,"download_link":83,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"dadevarzan-wp-gallery","Dadevarzan WordPress Gallery","1.2.3","\u003Cp>Dadevarzan Gallery Post Type\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Gallery Post Type\u003C\u002Fli>\n\u003Cli>Gallery custom Fields\u003C\u002Fli>\n\u003Cli>Gallery Capabilities\u003C\u002Fli>\n\u003Cli>Registering theme layouts\u003C\u002Fli>\n\u003C\u002Ful>\n","Dadevarzan Gallery Post Type",100,2488,"2022-05-31T11:43:00.000Z","6.0.0",[20,21,81,22,23],"gallery","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdadevarzan-wp-gallery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdadevarzan-wp-gallery.zip",{"slug":85,"name":86,"version":87,"author":7,"author_profile":8,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":93,"requires_at_least":16,"requires_php":64,"tags":94,"homepage":96,"download_link":97,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"dadevarzan-wp-tender","Dadevarzan WordPress Tender","1.2.7","\u003Cp>Dadevarzan Tender Post Type\u003Cbr \u002F>\n– Tender Post Type\u003Cbr \u002F>\n– Tender Fields\u003Cbr \u002F>\n– Tender Category\u003Cbr \u002F>\n– Tender Capabilities\u003Cbr \u002F>\n– Registering theme layouts\u003C\u002Fp>\n","Dadevarzan Tender Post Type",90,3456,"2023-01-30T08:59:00.000Z","6.1.0",[20,21,95,22,23],"tender","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdadevarzan-wp-tender","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdadevarzan-wp-tender.zip",{"slug":99,"name":100,"version":73,"author":7,"author_profile":8,"description":101,"short_description":102,"active_installs":90,"downloaded":103,"rating":13,"num_ratings":13,"last_updated":104,"tested_up_to":79,"requires_at_least":16,"requires_php":64,"tags":105,"homepage":107,"download_link":108,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"dadevarzan-wp-video","Dadevarzan WordPress Video","\u003Cp>Dadevarzan Video Post Type\u003Cbr \u002F>\n– Video Post Type\u003Cbr \u002F>\n– Video Fields\u003Cbr \u002F>\n– Video Category\u003Cbr \u002F>\n– Video Capabilities\u003Cbr \u002F>\n– Registering theme layouts\u003C\u002Fp>\n","Dadevarzan Video Post Type",2150,"2022-05-31T11:57:00.000Z",[20,21,106,22,23],"video","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdadevarzan-wp-video","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdadevarzan-wp-video.zip",{"slug":110,"name":111,"version":73,"author":7,"author_profile":8,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":13,"num_ratings":13,"last_updated":116,"tested_up_to":79,"requires_at_least":16,"requires_php":64,"tags":117,"homepage":119,"download_link":120,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"dadevarzan-wp-personnel","Dadevarzan WordPress Personnel","\u003Cp>Dadevarzan Personnel Post Type\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Personnel Post Type\u003C\u002Fli>\n\u003Cli>Personnel custom Fields\u003C\u002Fli>\n\u003Cli>Personnel Capabilities\u003C\u002Fli>\n\u003Cli>Personnel Category\u003C\u002Fli>\n\u003Cli>Registering theme layouts\u003C\u002Fli>\n\u003C\u002Ful>\n","Dadevarzan Personnel Post Type",60,2085,"2022-05-31T11:47:00.000Z",[20,21,118,22,23],"personnel","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdadevarzan-wp-personnel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdadevarzan-wp-personnel.zip",{"attackSurface":122,"codeSignals":274,"taintFlows":282,"riskAssessment":283,"analyzedAt":295},{"hooks":123,"ajaxHandlers":210,"restRoutes":217,"shortcodes":218,"cronEvents":273,"entryPointCount":258,"unprotectedCount":27},[124,130,134,141,145,148,152,154,160,164,168,171,176,179,184,187,191,193,195,198,202,206,208],{"type":125,"name":126,"callback":127,"file":128,"line":129},"action","plugins_loaded","dv_initialize_plugin","dadevarzan-common.php",82,{"type":125,"name":131,"callback":132,"file":133,"line":47},"acf\u002Finit","DV_acf::google_api_key","includes\\class-acf.php",{"type":135,"name":136,"callback":137,"priority":138,"file":139,"line":140},"filter","user_has_cap","add_required_caps",10,"includes\\class-capability-management.php",13,{"type":125,"name":142,"callback":143,"priority":138,"file":139,"line":144},"admin_head","remove_appearance_menu_items",14,{"type":125,"name":142,"callback":146,"priority":138,"file":139,"line":147},"appearance_redirect",15,{"type":125,"name":149,"callback":150,"priority":26,"file":139,"line":151},"admin_bar_menu","hide_admin_bar_customize",16,{"type":135,"name":136,"callback":137,"priority":138,"file":139,"line":153},64,{"type":125,"name":155,"callback":156,"priority":157,"file":158,"line":159},"wp_head","add_meta_tags",2,"includes\\class-dadevarzan.php",20,{"type":125,"name":161,"callback":162,"file":158,"line":163},"pre_get_posts","filter_posts_by_date",21,{"type":135,"name":165,"callback":166,"file":158,"line":167},"fl_builder_column_custom_class","do_shortcode",23,{"type":135,"name":169,"callback":166,"file":158,"line":170},"fl_builder_module_custom_class",24,{"type":125,"name":172,"callback":173,"priority":138,"file":174,"line":175},"init","DV_FLFont::customize","includes\\class-fl-font.php",6,{"type":125,"name":177,"callback":178,"file":174,"line":45},"wp_enqueue_scripts","DV_FLFont::add_stylesheets",{"type":135,"name":180,"callback":181,"priority":138,"file":182,"line":183},"walker_nav_menu_start_el","DV_FLMegaMenu::navigation_description","includes\\class-fl-mega-menu.php",12,{"type":135,"name":185,"callback":186,"file":182,"line":144},"wp_nav_menu","menu_shortcodes",{"type":135,"name":188,"callback":189,"file":190,"line":140},"fl_theme_system_fonts","DV_Font::customize","includes\\class-font.php",{"type":135,"name":192,"callback":189,"file":190,"line":144},"fl_builder_font_families_system",{"type":125,"name":177,"callback":194,"file":190,"line":151},"DV_Font::add_stylesheets",{"type":125,"name":196,"callback":194,"file":190,"line":197},"admin_enqueue_scripts",17,{"type":125,"name":199,"callback":200,"file":201,"line":147},"admin_init","add_gravity_cap","includes\\class-gravity.php",{"type":125,"name":161,"callback":203,"file":204,"line":205},"DV_WooCommerce::search_product_by_sku","includes\\class-WooCommerce.php",11,{"type":125,"name":172,"callback":207,"file":204,"line":140},"DV_WooCommerce::add_fields",{"type":125,"name":172,"callback":209,"file":204,"line":144},"DV_WooCommerce::add_taxonomy_fields",[211],{"action":212,"nopriv":213,"callback":214,"hasNonce":213,"hasCapCheck":213,"file":215,"line":216},"dv_reload_icons",false,"reload_icons","includes\\class-dadevarzan-iconfonts.php",26,[],[219,222,225,228,231,234,237,241,243,246,249,252,255,259,263,267,270],{"tag":220,"callback":221,"file":133,"line":140},"acf-if","if_shortcode",{"tag":223,"callback":224,"file":133,"line":144},"acf-loop","loop_shortcode",{"tag":226,"callback":227,"file":133,"line":147},"acf-nested-loop","nested_loop_shortcode",{"tag":229,"callback":230,"file":133,"line":151},"acf-file","file_shortcode",{"tag":220,"callback":232,"file":233,"line":45},"add_if_shortcode","includes\\class-asf-shortcode.php",{"tag":223,"callback":235,"file":233,"line":236},"add_loop_shortcode",8,{"tag":238,"callback":239,"file":240,"line":175},"dv-powered-by","add_poweredby_shortcode","includes\\class-dadevarzan-shortcode.php",{"tag":238,"callback":242,"file":158,"line":140},"add_powered_by_shortcode",{"tag":244,"callback":245,"file":158,"line":144},"dv-child-pages","list_child_pages",{"tag":247,"callback":248,"file":158,"line":147},"dv-tax","list_custom_taxonomy",{"tag":250,"callback":251,"file":158,"line":151},"dv-all-tax","list_all_custom_taxonomy",{"tag":253,"callback":254,"file":158,"line":197},"blog","blog_info",{"tag":256,"callback":257,"file":158,"line":258},"dv-date-filter","date_filter_form",18,{"tag":260,"callback":261,"file":262,"line":45},"dv-jdate","jdate_shortcode","includes\\class-date-shortcode.php",{"tag":264,"callback":265,"file":266,"line":140},"user-if","is_user_logged_in","includes\\class-user.php",{"tag":268,"callback":269,"file":266,"line":144},"user-info","user_shortcode",{"tag":271,"callback":272,"file":204,"line":183},"display_attribute","display_product_attribute",[],{"dangerousFunctions":275,"sqlUsage":276,"outputEscaping":278,"fileOperations":157,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":281},[],{"prepared":13,"raw":13,"locations":277},[],{"escaped":279,"rawEcho":13,"locations":280},58,[],[],[],{"summary":284,"deductions":285},"The 'dadevarzan-common' plugin version 2.2.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL query sanitation and output escaping, with 100% of both being properly handled. The absence of dangerous functions, external HTTP requests, and bundled libraries is also a strength. However, significant concerns arise from the attack surface, particularly the presence of one AJAX handler without authentication checks. This creates an unprotected entry point that could be exploited by an attacker to trigger unintended actions or gather information.\n\nThe vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability, which, while currently patched, indicates a potential for such issues to arise. The lack of nonce checks and capability checks further exacerbates the risk associated with the unprotected AJAX handler, as there are no built-in mechanisms to verify the legitimacy of requests or the user's permissions. While the static analysis did not reveal critical or high severity taint flows in this specific version, the combination of an exposed AJAX endpoint and historical vulnerability patterns warrants careful consideration.\n\nIn conclusion, while the plugin has made strides in secure coding practices for SQL and output handling, the unprotected AJAX entry point and the historical XSS vulnerability represent notable weaknesses. The absence of comprehensive authorization checks on all entry points, especially the identified AJAX handler, is the most pressing security concern. This version is not critically vulnerable in its current static analysis, but the potential for exploitation exists due to the exposed functionality.",[286,288,291,293],{"reason":287,"points":45},"Unprotected AJAX handler",{"reason":289,"points":290},"No nonce checks",5,{"reason":292,"points":290},"No capability checks",{"reason":294,"points":45},"Medium severity vulnerability history","2026-03-16T19:24:04.214Z",{"wat":297,"direct":303},{"assetPaths":298,"generatorPatterns":300,"scriptPaths":301,"versionParams":302},[299],"\u002Fwp-content\u002Fplugins\u002Fdadevarzan-common\u002Fpublic\u002Fcss\u002FIRANSansWeb.css",[],[],[],{"cssClasses":304,"htmlComments":305,"htmlAttributes":306,"restEndpoints":307,"jsGlobals":308,"shortcodeOutput":309},[],[],[],[],[],[]]