[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJFZLO4Q488Lj5AumHO7zJhMATik_TyDaX22CAx_dgwE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":54,"analysis":160,"fingerprints":210},"display-during-conditional-shortcode","Display During Conditional Shortcode","2.0","Gabriel Serafini","https:\u002F\u002Fprofiles.wordpress.org\u002Fgserafini\u002F","\u003Cp>Display content conditionally based on a schedule. Choose from three scheduling modes:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Date Range\u003C\u002Fstrong> – Show content between specific start and end dates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurring\u003C\u002Fstrong> – Show content on specific days of the week during a time window\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom\u003C\u002Fstrong> – Use PHP strtotime expressions for flexible scheduling\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Gutenberg Block\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>Display During\u003C\u002Fstrong> block provides a visual editor with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sidebar controls for all three scheduling modes\u003C\u002Fli>\n\u003Cli>Date\u002Ftime pickers for start and end dates\u003C\u002Fli>\n\u003Cli>Day-of-week checkboxes for recurring schedules\u003C\u002Fli>\n\u003Cli>Live status indicator (active\u002Finactive)\u003C\u002Fli>\n\u003Cli>Optional fallback message when content is hidden\u003C\u002Fli>\n\u003Cli>Copy as Shortcode toolbar button\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>[display_during]\u003C\u002Fcode> shortcode works in the Classic Editor and anywhere shortcodes are supported.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Date range:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [display_during start_day_time=”June 1, 2026 8:00 am” end_day_time=”December 31, 2026 11:59 pm”]Content here[\u002Fdisplay_during]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recurring schedule (new in 2.0):\u003C\u002Fstrong>\u003Cbr \u002F>\n    [display_during days=”mon,wed,fri” start_time=”09:00″ end_time=”17:00″]Office hours content[\u002Fdisplay_during]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Custom strtotime:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [display_during start_day_time=”Sun 8:00 am” end_day_time=”Mon 8:00 pm”]Weekend content[\u002Fdisplay_during]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With fallback message:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [display_during end_day_time=”June 1, 2026″]Register now![display_during_message]Registration has closed.[\u002Fdisplay_during_message][\u002Fdisplay_during]\u003C\u002Fp>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>start_day_time\u003C\u002Fcode> – When to start showing content (strtotime string or date)\u003C\u002Fli>\n\u003Cli>\u003Ccode>end_day_time\u003C\u002Fcode> – When to stop showing content\u003C\u002Fli>\n\u003Cli>\u003Ccode>days\u003C\u002Fcode> – Comma-separated days for recurring mode (mon,tue,wed,thu,fri,sat,sun)\u003C\u002Fli>\n\u003Cli>\u003Ccode>start_time\u003C\u002Fcode> – Start time for recurring mode (HH:MM format)\u003C\u002Fli>\n\u003Cli>\u003Ccode>end_time\u003C\u002Fcode> – End time for recurring mode (HH:MM format)\u003C\u002Fli>\n\u003Cli>\u003Ccode>timezone_location\u003C\u002Fcode> – PHP timezone identifier (defaults to site timezone)\u003C\u002Fli>\n\u003Cli>\u003Ccode>message\u003C\u002Fcode> – Plain text fallback message (legacy; use nested shortcode for rich content)\u003C\u002Fli>\n\u003C\u002Ful>\n","Show or hide content based on date ranges, recurring day\u002Ftime schedules, or custom strtotime expressions. Includes a Gutenberg block and shortcode.",200,4538,100,3,"2026-02-07T00:49:00.000Z","6.9.4","6.1","7.0",[20,21,22,23,24],"block","conditional","display","schedule","shortcode","https:\u002F\u002Fsharethepractice.org\u002Fplugins\u002Fdisplay-during-conditional-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-during-conditional-shortcode.2.0.zip",99,1,0,"2026-02-17 15:37:04","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28},"CVE-2025-6460","display-during-conditional-shortcode-authenticated-contributor-stored-cross-site-scripting-via-message-parameter","Display During Conditional Shortcode \u003C= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter","The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2","1.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-18 04:35:44",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fad39a3b0-5434-4595-a052-4b6e4adb2247?source=api-prod",{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":27,"avg_patch_time_days":52,"trust_score":27,"computed_at":53},"gserafini",2,210,4,"2026-04-05T01:50:21.537Z",[55,77,94,111,135],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":50,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":75,"download_link":76,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"vk-dynamic-if-block","VK Dynamic If Block","1.5.0","Vektor,Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Fvektor-inc\u002F","\u003Cp>VK Dynamic If Block is a custom WordPress block, primarily designed for FSE, that allows users to display Inner Block based on specified conditions. With this block, you can show or hide Inner Block depending on various conditions, such as whether the current page is the front page or a single post, the post type, or the value of a Custom Field.\u003C\u002Fp>\n","VK Dynamic If Block displays its Inner Blocks based on specified conditions, such as whether the current page is the front page or a single post, the  &hellip;",3000,22699,"2025-10-27T19:26:00.000Z","6.8.5","6.4","7.4",[70,71,72,73,74],"conditional-branch","conditional-display","custom-field","dynamic-block","if","https:\u002F\u002Fgithub.com\u002Fvektor-inc\u002Fvk-dynamic-if-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvk-dynamic-if-block.1.5.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":29,"num_ratings":29,"last_updated":87,"tested_up_to":16,"requires_at_least":88,"requires_php":68,"tags":89,"homepage":92,"download_link":93,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"timefly","TimeFly","0.2.1","LaughterOnWater","https:\u002F\u002Fprofiles.wordpress.org\u002Flaughteronwater\u002F","\u003Cp>TimeFly adds powerful time-based visibility control to WordPress through a custom block that automatically shows or hides content based on your schedule. Perfect for announcements, seasonal promotions, business hours, and any content that should only be visible during specific times.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Three Visibility Modes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Show Until – Content visible now, hidden after specified date\u002Ftime\u003C\u002Fli>\n\u003Cli>Show From – Content hidden now, visible after specified date\u002Ftime\u003C\u002Fli>\n\u003Cli>Show Between – Content only visible within specific date\u002Ftime range\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Flexible Scheduling:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One-time schedules for specific dates\u003C\u002Fli>\n\u003Cli>Recurring weekly schedules for business hours or regular events\u003C\u002Fli>\n\u003Cli>Support for complex recurring patterns\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User-Friendly Interface:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time visibility status preview in editor\u003C\u002Fli>\n\u003Cli>Site timezone awareness with current time display\u003C\u002Fli>\n\u003Cli>Visual status indicators (visible\u002Fhidden\u002Fmisconfigured)\u003C\u002Fli>\n\u003Cli>Validation to prevent invalid date ranges\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Developer Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clean, semantic HTML output\u003C\u002Fli>\n\u003Cli>SEO-friendly (hidden content absent from HTML)\u003C\u002Fli>\n\u003Cli>Works with any WordPress block inside\u003C\u002Fli>\n\u003Cli>Professional code quality and documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display “We’re Open!” during business hours\u003C\u002Fli>\n\u003Cli>Show seasonal promotions during specific dates\u003C\u002Fli>\n\u003Cli>Hide outdated announcements automatically\u003C\u002Fli>\n\u003Cli>Display event information only until event date\u003C\u002Fli>\n\u003Cli>Show different content for weekdays vs weekends\u003C\u002Fli>\n\u003Cli>Create time-sensitive calls-to-action\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Add a TimeFly block to any page or post\u003C\u002Fli>\n\u003Cli>Select your visibility mode (Show Until, Show From, or Show Between)\u003C\u002Fli>\n\u003Cli>Choose one-time or recurring weekly pattern\u003C\u002Fli>\n\u003Cli>Configure your dates and times\u003C\u002Fli>\n\u003Cli>Add your content inside the block\u003C\u002Fli>\n\u003Cli>Publish – content automatically appears\u002Fdisappears on schedule\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All scheduling uses your WordPress site timezone for accurate visibility control.\u003C\u002Fp>\n\u003Ch4>Technical Details\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Uses WordPress block editor (Gutenberg)\u003C\u002Fli>\n\u003Cli>Server-side rendering for security and performance\u003C\u002Fli>\n\u003Cli>Transient caching for efficient block scanning\u003C\u002Fli>\n\u003Cli>No database tables created\u003C\u002Fli>\n\u003Cli>Lightweight with minimal performance impact\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports, please visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftimefly\u002F\" rel=\"ugc\">WordPress.org support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Developer Information\u003C\u002Fh3>\n\u003Cp>TimeFly is built with modern WordPress development practices:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>React-based block editor interface\u003C\u002Fli>\n\u003Cli>Server-side rendering with PHP\u003C\u002Fli>\n\u003Cli>WordPress coding standards compliant\u003C\u002Fli>\n\u003Cli>Comprehensive PHPDoc documentation\u003C\u002Fli>\n\u003Cli>Security-first approach with proper sanitization\u003C\u002Fli>\n\u003Cli>Performance-optimized with transient caching\u003C\u002Fli>\n\u003Cli>Accessibility-ready with ARIA attributes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Source Code\u003C\u002Fh4>\n\u003Cp>The compiled JavaScript in \u003Ccode>\u002Fbuild\u002Findex.js\u003C\u002Fcode> is built from human-readable source files in the \u003Ccode>\u002Fsrc\u003C\u002Fcode> directory of the plugin. Source files include block.json, edit.js, save.js, render.php, and SCSS stylesheets. The build process uses @wordpress\u002Fscripts. All source code is included in the plugin distribution.\u003C\u002Fp>\n\u003Cp>The plugin is open for contributions and feature suggestions. Visit the support forum to participate in development discussions.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>TimeFly does not collect, store, or transmit any user data. All scheduling information is stored locally in your WordPress database as part of block content. No external services are contacted. No cookies are set. No analytics are tracked.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by LaughterOnWater with a focus on code quality, user experience, and WordPress best practices.\u003C\u002Fp>\n","Control when content appears on your WordPress site with dynamic time-based visibility scheduling.",10,206,"2026-02-08T16:42:00.000Z","6.0",[20,21,23,90,91],"time-based","visibility","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftimefly.0.2.1.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":29,"downloaded":102,"rating":29,"num_ratings":29,"last_updated":103,"tested_up_to":16,"requires_at_least":104,"requires_php":68,"tags":105,"homepage":99,"download_link":110,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"time-limited-content-access","Time-Limited Content Access","1.0","Usama Khalid","https:\u002F\u002Fprofiles.wordpress.org\u002Fusamakhalid14\u002F","\u003Cp>This plugin allows WordPress site owners to display or hide any content block using a \u003Ccode>[timecoac_timed_content]\u003C\u002Fcode> shortcode based on date\u002Ftime conditions. It’s lightweight, no extra settings, and respects WordPress timezone.\u003C\u002Fp>\n\u003Cp>It is:\u003Cbr \u002F>\n– Lightweight (no settings screen)\u003Cbr \u002F>\n– Easy to use\u003C\u002Fp>\n\u003Cp>Useful for:\u003Cbr \u002F>\n– Limited-time offers\u003Cbr \u002F>\n– Event-specific announcements\u003Cbr \u002F>\n– Scheduled content visibility\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Example:\u003Cbr \u002F>\n    [timecoac_timed_content start=”2025-06-01 09:00″ end=”2025-06-15 18:00″]This content is time-limited[\u002Ftimecoac_timed_content]\u003C\u002Fp>\n","Show or hide content based on a date\u002Ftime range using a simple shortcode.",291,"2025-12-15T06:40:00.000Z","5.0",[106,107,108,24,109],"conditional-content","content-visibility","scheduled-content","time","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftime-limited-content-access.1.0.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":16,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":92,"download_link":132,"security_score":133,"vuln_count":50,"unpatched_count":29,"last_vuln_date":134,"fetched_at":31},"widget-logic","Widget Logic","6.0.9","Widgetlogic.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwidgetlogics\u002F","\u003Cp>This plugin gives every widget an extra control field called “Widget logic” that lets you control the pages that the widget will appear on. The text field lets you use WP’s \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">Conditional Tags\u003C\u002Fa>, or any general PHP code.\u003C\u002Fp>\n\u003Cp>The configuring and options are in the usual widget admin interface.\u003C\u002Fp>\n\u003Cp>BIG UPDATE:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Now you can control widget in Gutenberg Widgets editor as well as in Classic Editor. It is just as easy as before but also in gutenberg view.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Pre-installed widgets let you add special widget with one click of the mouse. First pre-installed widget is Live Match that let you add widget of one random live football game with real time score updates (teams logos, livescore, minute of the match, tournament name). And more interesting widgets to come!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>NOTE ON DEFAULT FUNCTIONS:\u003C\u002Fstrong> Widget Logic includes a whitelist of common WordPress conditional tags and safe functions. If you need additional WordPress functions that are not currently whitelisted, please create a topic in our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwidget-logic\u002F\" rel=\"ugc\">support forum\u003C\u002Fa> to request them. We regularly add commonly requested functions in new releases.\u003C\u002Fp>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>Aside from logic against your widgets, there are three options added to the foot of the widget admin page (see screenshots).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Use ‘wp_reset_query’ fix — Many features of WP, as well as the many themes and plugins out there, can mess with the conditional tags, such that is_home is NOT true on the home page. This can often be fixed with a quick wp_reset_query() statement just before the widgets are called, and this option puts that in for you rather than having to resort to code editing\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Load logic — This option allows you to set the point in the page load at which your widget logic if first checked. Pre v.50 it was when the ‘wp_head’ trigger happened, ie during the creation of the HTML’s HEAD block. Many themes didn’t call wp_head, which was a problem. From v.50 it happens, by default, as early as possible, which is as soon as the plugin loads. You can now specify these ‘late load’ points (in chronological order):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>after the theme loads (after_setup_theme trigger)\u003C\u002Fli>\n\u003Cli>when all PHP loaded (wp_loaded trigger)\u003C\u002Fli>\n\u003Cli>after query variables set (parse_query) – this is the default\u003C\u002Fli>\n\u003Cli>during page header (wp_head trigger)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You may need to delay the load if your logic depends on functions defined, eg in the theme functions.php file. Conversely you may want the load early so that the widget count is calculated correctly, eg to show an alternative layour or content when a sidebar has no widgets.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Don’t cache widget logic results — From v .58 the widget logic code should only execute once, but that might cause unexpected results with some themes, so this option is here to turn that behaviour off. (The truth\u002Ffalse of the code will be evaluated every time the sidebars_widgets filter is called.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom PHP Functions — From v.6.0.6 you can use the \u003Ccode>widget_logic_allowed_functions\u003C\u002Fcode> filter to add custom PHP functions that will be allowed in Widget Logic fields. By default, only WordPress conditional tags and a whitelist of safe functions are available. This filter allows you to extend the functionality and use your own custom functions.\u003C\u002Fp>\n\u003Cp>To add a custom function, add the following code to your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('widget_logic_allowed_functions', 'my_allowed_functions');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>function my_allowed_functions($functions) {\u003Cbr \u002F>\n    $functions[] = ‘\u003Cem>my_custom_function_name\u003C\u002Fem>‘;\u003Cbr \u002F>\n    return $functions;\u003Cbr \u002F>\n}`\u003C\u002Fp>\n\u003Cp>You can add multiple functions by using one wrapper function:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('widget_logic_allowed_functions', 'my_allowed_functions');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>function my_allowed_functions($functions) {\u003Cbr \u002F>\n    $functions[] = ‘is_special_page’;\u003Cbr \u002F>\n    $functions[] = ‘is_user_verified’;\u003Cbr \u002F>\n    $functions[] = ‘get_sidebar_title’;\u003Cbr \u002F>\n    return $functions;\u003Cbr \u002F>\n}`\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IMPORTANT NOTE ON VARIABLES:\u003C\u002Fstrong> Widget Logic is designed to work with simple data types (strings, numbers, booleans). If you need to use complex variables, global state, or conditional logic that depends on many factors, create a custom function in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file and call it from Widget Logic:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Good approach (in functions.php):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`function is_special_page() {\nglobal $post;\n$special_ids = array(5, 10, 15);\n$conditions = some_complex_function();\n\nreturn is_page() && in_array($post->ID, $special_ids) && $conditions;\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>}`\u003C\u002Fp>\n\u003Cp>Then in Widget Logic field, simply use: \u003Ccode>is_special_page()\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Less ideal approach (in Widget Logic field):\u003C\u002Fstrong>\u003Cbr \u002F>\nAvoid putting complex logic directly in the Widget Logic field. Keep it simple and let your custom function handle the complexity. This keeps your widget settings clean and maintainable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Interaction with External Services\u003C\u002Fh4>\n\u003Cp>Widget Logic uses the external service to obtain up-to-date information about the results of football matches. \u003Ca href=\"https:\u002F\u002Fwidgetlogic.org\" rel=\"nofollow ugc\">widgetlogic.org\u003C\u002Fa> is a source of sports information, that provides a wide range of information about football, including various leagues, tournaments, and championships from around the world.\u003C\u002Fp>\n\u003Cp>The functioning of the \u003Ca href=\"https:\u002F\u002Fwidgetlogic.org\" rel=\"nofollow ugc\">widgetlogic.org\u003C\u002Fa> service is based on delivering real-time data about selected matches without the need to refresh the page. This means that data is automatically updated without requiring page reload. This approach ensures users quick and uninterrupted access to the latest sports data without the effort of manually updating information, allowing them to stay informed about ongoing events in real-time.\u003C\u002Fp>\n\u003Ch3>Writing Logic Code\u003C\u002Fh3>\n\u003Cp>The text in the ‘Widget logic’ field can be full PHP code and should return ‘true’ when you need the widget to appear. If there is no ‘return’ in the text, an implicit ‘return’ is added to the start and a ‘;’ is added on the end. (This is just to make single statements like is_home() more convenient.)\u003C\u002Fp>\n\u003Ch4>The Basics\u003C\u002Fh4>\n\u003Cp>Make good use of \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">WP’s own conditional tags\u003C\u002Fa>. You can vary and combine code using:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>!\u003C\u002Fcode> (NOT) to \u003Cstrong>reverse\u003C\u002Fstrong> the logic, eg \u003Ccode>!is_home()\u003C\u002Fcode> is TRUE when this is NOT the home page.\u003C\u002Fli>\n\u003Cli>\u003Ccode>||\u003C\u002Fcode> (OR) to \u003Cstrong>combine\u003C\u002Fstrong> conditions. \u003Ccode>X OR Y\u003C\u002Fcode> is TRUE when either X is true or Y is true.\u003C\u002Fli>\n\u003Cli>\u003Ccode>&&\u003C\u002Fcode> (AND) to make conditions \u003Cstrong>more specific\u003C\u002Fstrong>. \u003Ccode>X AND Y\u003C\u002Fcode> is TRUE when both X is true and Y is true.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are lots of great code examples on the WP forums, and on WP sites across the net. But the WP Codex is also full of good examples to adapt, such as \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fin_category#Testing_if_a_post_is_in_a_descendant_category\" rel=\"nofollow ugc\">Test if post is in a descendent category\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>is_home()\u003C\u002Fcode> — just the main blog page\u003C\u002Fli>\n\u003Cli>\u003Ccode>!is_page('about')\u003C\u002Fcode> — everywhere EXCEPT this specific WP ‘page’\u003C\u002Fli>\n\u003Cli>\u003Ccode>!is_user_logged_in()\u003C\u002Fcode> — shown when a user is not logged in\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_category(array(5,9,10,11))\u003C\u002Fcode> — category page of one of the given category IDs\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_single() && in_category('baked-goods')\u003C\u002Fcode> — single post that’s in the category with this slug\u003C\u002Fli>\n\u003Cli>\u003Ccode>current_user_can('level_10')\u003C\u002Fcode> — admin only widget\u003C\u002Fli>\n\u003Cli>\u003Ccode>strpos($_SERVER['HTTP_REFERER'], \"google.com\")!=false\u003C\u002Fcode> — widget to show when clicked through from a google search\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_category() && custom_function_to_check_the_category()\u003C\u002Fcode> — category page that’s a descendent of category 5\u003C\u002Fli>\n\u003Cli>\u003Ccode>custom_function_from_functions_php_to_check_the_page()\u003C\u002Fcode> — WP page that is a child of page 77\u003C\u002Fli>\n\u003Cli>\u003Ccode>custom_function_from_functions_php_to_check_the_page_child_of(13)\u003C\u002Fcode> — home page OR the page that’s a child of page 13\u003C\u002Fli>\n\u003C\u002Ful>\n","Widget Logic lets you control on which pages widgets appear using WP's conditional tags.",100000,3242040,88,188,"2026-01-15T09:43:00.000Z","3.0","5.4",[127,128,129,130,131],"blocks","conditional-tags","gutenberg-widgets","sidebar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-logic.6.0.9.zip",95,"2025-06-09 00:00:00",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":92,"tags":150,"homepage":156,"download_link":157,"security_score":158,"vuln_count":14,"unpatched_count":29,"last_vuln_date":159,"fetched_at":31},"wp-show-posts","WP Show Posts","1.1.6","Tom","https:\u002F\u002Fprofiles.wordpress.org\u002Fedge22\u002F","\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>This plugin is only receiving security updates at this time. Check out our \u003Ca href=\"https:\u002F\u002Fgenerateblocks.com\u002F\" rel=\"nofollow ugc\">GenerateBlocks\u003C\u002Fa> plugin for a more modern solution.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"WP Show Posts\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F175638957?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Cp>WP Show Posts allows you to display posts anywhere on your website using an easy to use shortcode.\u003C\u002Fp>\n\u003Cp>You can pull posts from any post type like WooCommerce, Easy Digital Downloads etc..\u003C\u002Fp>\n\u003Cp>This plugin works with any theme.\u003C\u002Fp>\n\u003Cp>Here are the features in the free version:\u003C\u002Fp>\n\u003Ch4>Posts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Post type\u003C\u002Fli>\n\u003Cli>Taxonomy\u003C\u002Fli>\n\u003Cli>Terms\u003C\u002Fli>\n\u003Cli>Posts per page\u003C\u002Fli>\n\u003Cli>Pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Columns\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Columns\u003C\u002Fli>\n\u003Cli>Columns gutter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Images\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show images\u003C\u002Fli>\n\u003Cli>Image width\u003C\u002Fli>\n\u003Cli>Image height\u003C\u002Fli>\n\u003Cli>Image alignment\u003C\u002Fli>\n\u003Cli>Image location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Content\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Content type (excerpt or full post)\u003C\u002Fli>\n\u003Cli>Excerpt length\u003C\u002Fli>\n\u003Cli>Include title\u003C\u002Fli>\n\u003Cli>Read more text\u003C\u002Fli>\n\u003Cli>Read more button class\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Meta\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Include author\u003C\u002Fli>\n\u003Cli>Author location\u003C\u002Fli>\n\u003Cli>Include date\u003C\u002Fli>\n\u003Cli>Date location\u003C\u002Fli>\n\u003Cli>Include terms\u003C\u002Fli>\n\u003Cli>Terms location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Author ID\u003C\u002Fli>\n\u003Cli>Exclude current\u003C\u002Fli>\n\u003Cli>Post ID\u003C\u002Fli>\n\u003Cli>Exclude post ID\u003C\u002Fli>\n\u003Cli>Ignore sticky posts\u003C\u002Fli>\n\u003Cli>Offset\u003C\u002Fli>\n\u003Cli>Order\u003C\u002Fli>\n\u003Cli>Order by\u003C\u002Fli>\n\u003Cli>Status\u003C\u002Fli>\n\u003Cli>Meta key\u003C\u002Fli>\n\u003Cli>Meta value\u003C\u002Fli>\n\u003Cli>Tax operator\u003C\u002Fli>\n\u003Cli>No results message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Our *Pro* version has these features\u003C\u002Fh4>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"WP Show Posts Pro\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F175660953?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpshowposts.com\u002F\" title=\"Check out Pro\" rel=\"nofollow ugc\">Check out Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Posts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>AJAX pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Columns\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Masonry\u003C\u002Fli>\n\u003Cli>Featured post\u003C\u002Fli>\n\u003Cli>Background color\u003C\u002Fli>\n\u003Cli>Background color hover\u003C\u002Fli>\n\u003Cli>Border color\u003C\u002Fli>\n\u003Cli>Border color hover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Images\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Image overlay color\u003C\u002Fli>\n\u003Cli>Image overlay icon\u003C\u002Fli>\n\u003Cli>Image hover effect\u003C\u002Fli>\n\u003Cli>Image lightbox\u003C\u002Fli>\n\u003Cli>Image lightbox gallery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Content\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Read more style\u003C\u002Fli>\n\u003Cli>Read more color\u003C\u002Fli>\n\u003Cli>Content link color\u003C\u002Fli>\n\u003Cli>Content link color hover\u003C\u002Fli>\n\u003Cli>Content text color\u003C\u002Fli>\n\u003Cli>Title color\u003C\u002Fli>\n\u003Cli>Title color hover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Meta\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Meta color\u003C\u002Fli>\n\u003Cli>Meta color hover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Social\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Twitter color + hover\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Facebook color + hover\u003C\u002Fli>\n\u003Cli>Google+\u003C\u002Fli>\n\u003Cli>Google+ color + hover\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Pinterest color + hover\u003C\u002Fli>\n\u003Cli>Love it\u003C\u002Fli>\n\u003Cli>Alignment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out GeneratePress, our awesome WordPress theme! (https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgeneratepress)\u003C\u002Fp>\n","Add posts to your website from any post type using a simple shortcode.",70000,604723,94,80,"2024-04-16T19:12:00.000Z","6.1.10","4.5",[151,152,153,154,155],"display-posts-shortcode","gallery","portfolio","post-columns","show-posts","https:\u002F\u002Fwpshowposts.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-show-posts.1.1.6.zip",90,"2024-04-16 00:00:00",{"attackSurface":161,"codeSignals":191,"taintFlows":199,"riskAssessment":200,"analyzedAt":209},{"hooks":162,"ajaxHandlers":180,"restRoutes":181,"shortcodes":182,"cronEvents":190,"entryPointCount":50,"unprotectedCount":29},[163,169,176],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","init","stp_display_during_register_blocks","display-during-conditional-shortcode.php",264,{"type":170,"name":171,"callback":172,"priority":173,"file":174,"line":175},"filter","the_editor_content","stp_blocks_to_shortcodes_for_classic",5,"includes\\classic-editor-compat.php",55,{"type":170,"name":177,"callback":178,"priority":173,"file":174,"line":179},"content_save_pre","stp_shortcodes_to_blocks_on_save",209,[],[],[183,186],{"tag":184,"callback":185,"file":167,"line":122},"display_during","stp_display_during_shortcode",{"tag":187,"callback":188,"file":167,"line":189},"display_during_message","stp_display_during_message_shortcode",189,[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":198},[],{"prepared":29,"raw":29,"locations":194},[],{"escaped":196,"rawEcho":29,"locations":197},24,[],[],[],{"summary":201,"deductions":202},"The 'display-during-conditional-shortcode' v2.0 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates good practices by having no known dangerous functions, using prepared statements for all SQL queries, and ensuring all output is properly escaped. The absence of file operations, external HTTP requests, and a clean taint analysis with zero critical or high severity flows further bolster this positive assessment. The plugin also has no known unpatched vulnerabilities, which is a significant strength.\n\nHowever, there are areas for improvement. The lack of nonce checks and capability checks on its entry points (shortcodes in this case) represents a potential concern. While the static analysis indicates zero unprotected entry points, the absence of these common security mechanisms means that the plugin's logic might be susceptible to being triggered by unauthenticated or unauthorized users if not properly handled by the surrounding WordPress environment. The history of a past Cross-Site Scripting (XSS) vulnerability, even if patched, warrants continued vigilance and code review to prevent recurrence.\n\nIn conclusion, the plugin is well-developed from a code quality and vulnerability mitigation perspective, with excellent handling of SQL and output. The primary area of concern lies in the potential for unauthorized invocation of its shortcode functionality due to the absence of explicit nonce and capability checks. While the vulnerability history is currently clean, the past XSS issue serves as a reminder of the importance of ongoing security auditing.",[203,205,207],{"reason":204,"points":173},"Missing nonce checks on shortcodes",{"reason":206,"points":173},"Missing capability checks on shortcodes",{"reason":208,"points":14},"Past Cross-Site Scripting vulnerability history","2026-03-16T20:28:04.221Z",{"wat":211,"direct":220},{"assetPaths":212,"generatorPatterns":215,"scriptPaths":216,"versionParams":217},[213,214],"\u002Fwp-content\u002Fplugins\u002Fdisplay-during-conditional-shortcode\u002Fbuild\u002Findex.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-during-conditional-shortcode\u002Fbuild\u002Findex.asset.php",[],[],[218,219],"display-during-conditional-shortcode\u002Fbuild\u002Findex.js?ver=","display-during-conditional-shortcode\u002Fbuild\u002Findex.asset.php?ver=",{"cssClasses":221,"htmlComments":222,"htmlAttributes":223,"restEndpoints":225,"jsGlobals":226,"shortcodeOutput":228},[],[],[224],"data-block=\"display-during-conditional-shortcode\u002Fdisplay-during\"",[],[227],"window.stp_display_during_timezone_options",[229,230],"[display_during]","[display_during_message]"]