[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRg-g2VNuqz1bcaDkMdgQzuEeHtslD_g1TohYSIV0Jc8":3,"$fJDHrE30z-g5A-W_6D1LyAbmupznke9zA9xQTXFtMlKU":553},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":45,"crawl_stats":35,"alternatives":50,"analysis":157,"fingerprints":519},"dooodl","Dooodl","2.3.0","noCreativity","https:\u002F\u002Fprofiles.wordpress.org\u002Fnocreativity\u002F","\u003Cp>Dooodl is a fun plugin for your blog that allows your visitors to draw a little doodle and save it to your site. It’s a bit like a guestbook but less boring and more visual, aka more fun!\u003C\u002Fp>\n\u003Cp>Show the doodles in a widget, with a shortcode, or use any plugin that allows you to show a grid\u002Flist of a custom post type. If you do this look for the custom post type, dooodl.\u003C\u002Fp>\n","Dooodl is a fun plugin for your blog that allows your visitors to draw a little doodle and save it to your site.",60,19123,86,7,"2024-07-18T12:01:00.000Z","6.6.0","2.7","",[20,21,22,23],"doodle","doodles","drawing","guestbook","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdooodl.zip",70,1,"2026-01-16 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35,"patch_diff_files":44,"patch_trac_url":35},"CVE-2025-68871","dooodl-reflected-cross-site-scripting","Dooodl \u003C= 2.3.0 - Reflected Cross-Site Scripting","The Dooodl plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=2.3.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-19 15:52:59",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F464fda21-5efe-4565-9b21-85d6c458a6a1?source=api-prod",[],{"slug":46,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"nocreativity",30,73,"2026-04-06T09:49:29.138Z",[51,77,99,116,138],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":72,"download_link":73,"security_score":74,"vuln_count":14,"unpatched_count":75,"last_vuln_date":76,"fetched_at":28},"gwolle-gb","Gwolle Guestbook","4.10.1","Marcel Pol","https:\u002F\u002Fprofiles.wordpress.org\u002Fmpol\u002F","\u003Cp>Gwolle Guestbook is the WordPress guestbook you’ve just been looking for. Beautiful and easy.\u003Cbr \u002F>\nGwolle Guestbook is not just another guestbook for WordPress. The goal is to provide an easy and slim way to integrate a guestbook into your WordPress powered site. Don’t use your ‘comment’ section the wrong way – install Gwolle Guestbook and have a real guestbook.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to use guestbook frontend with a simple form for visitors of your website.\u003C\u002Fli>\n\u003Cli>List of guestbook entries at the frontend with pagination or infinite scroll.\u003C\u002Fli>\n\u003Cli>Widget to display an excerpt of your last or your best entries.\u003C\u002Fli>\n\u003Cli>Simple and clean admin interface that integrates seamlessly into WordPress admin.\u003C\u002Fli>\n\u003Cli>Dashboard Widget to easily manage the latest entries from your Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Easy Import from other guestbooks into Gwolle Guestbook.\u003C\u002Fli>\n\u003Cli>Notification by mail when a new entry has been posted.\u003C\u002Fli>\n\u003Cli>Moderation, so that you can check an entry before it is visible in your guestbook (optional).\u003C\u002Fli>\n\u003Cli>7 anti-spam features, like Honeypot, Nonce, Form Timeout, Akismet, Stop Forum Spam and Custom Quiz Question.\u003C\u002Fli>\n\u003Cli>Simple Form Builder to select which form-fields you want to use.\u003C\u002Fli>\n\u003Cli>Simple Entry Builder with the parts of each entry that you want to show.\u003C\u002Fli>\n\u003Cli>Multiple guestbooks are possible.\u003C\u002Fli>\n\u003Cli>MultiSite is supported.\u003C\u002Fli>\n\u003Cli>Localization. Own languages can be added very easily through \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgwolle-gb\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Admins can add a reply to each entry.\u003C\u002Fli>\n\u003Cli>A log for each entry, so that you know which member of the staff released and edited a guestbook-entry to the public and when.\u003C\u002Fli>\n\u003Cli>IP-address and host-logging with link to WHOIS query site.\u003C\u002Fli>\n\u003Cli>RSS Feed.\u003C\u002Fli>\n\u003Cli>BBcode, Emoji and Smiley integration (optional).\u003C\u002Fli>\n\u003Cli>Easy uninstall routine for complete removal of all database changes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>… and all that integrated in the stylish WordPress look.\u003C\u002Fp>\n\u003Ch4>Import \u002F Export\u003C\u002Fh4>\n\u003Cp>You may have another guestbook installed. That’s great, because Gwolle Guestbook enables you to import entries easily.\u003Cbr \u002F>\nThe importer does not delete any of your data, so you can go back to your previous setup without loss of data, if you want to.\u003Cbr \u002F>\nTrying Gwolle Guestbook is as easy as 1-2-3.\u003C\u002Fp>\n\u003Cp>Import is supported from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>DMSGuestbook.\u003C\u002Fli>\n\u003Cli>WordPress comments from a specific post, page or just all comments.\u003C\u002Fli>\n\u003Cli>Gwolle Guestbook itself, with Export supported as well (CSV-file).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have a problem or a feature request, please post it on the plugin’s support forum on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fgwolle-gb\" rel=\"ugc\">wordpress.org\u003C\u002Fa>. I will do my best to respond as soon as possible.\u003C\u002Fp>\n\u003Cp>If you send me an email, I will not reply. Please use the support forum.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Translations can be added very easily through \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgwolle-gb\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>.\u003Cbr \u002F>\nYou can start translating strings there for your locale. They need to be validated though, so if there’s no validator yet, and you want to apply for being validator (PTE), please post it on the support forum.\u003Cbr \u002F>\nI will make a request on make\u002Fpolyglots to have you added as validator for this plugin\u002Flocale.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>Check out the demo at \u003Ca href=\"https:\u002F\u002Fdemo.zenoweb.nl\u002Fwordpress-plugins\u002Fgwolle-gb\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.zenoweb.nl\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Add-On\u003C\u002Fh4>\n\u003Cp>Gwolle Guestbook: The Add-On is the add-on for Gwolle Guestbook that gives extra functionality for your guestbook.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Meta Fields. Add any field you want; company, phone number, you name it.\u003C\u002Fli>\n\u003Cli>Social Media Sharing (optional).\u003C\u002Fli>\n\u003Cli>Star Ratings, with voting and display and Rich Snippets for SEO (optional).\u003C\u002Fli>\n\u003Cli>Average star rating per guestbook.\u003C\u002Fli>\n\u003Cli>Like an entry and view likes for each entry.\u003C\u002Fli>\n\u003Cli>Preview for the frontend form.\u003C\u002Fli>\n\u003Cli>Preview for the admin editor form.\u003C\u002Fli>\n\u003Cli>Automatic Refresh of guestbook list with new entries.\u003C\u002Fli>\n\u003Cli>Admin reply on the frontend with AJAX.\u003C\u002Fli>\n\u003Cli>Edit content\u002Fauthor\u002Forigin of entry on the frontend with AJAX.\u003C\u002Fli>\n\u003Cli>Report Abuse.\u003C\u002Fli>\n\u003Cli>Easy String Replacement in the default text so you can make this guestbook into a review section or anything you want.\u003C\u002Fli>\n\u003Cli>Delete button in each entry for the moderator and author (optional).\u003C\u002Fli>\n\u003Cli>Permalink button in each entry for easy access (optional).\u003C\u002Fli>\n\u003Cli>Email button to contact each author (optional).\u003C\u002Fli>\n\u003Cli>Upload Images through the form. (Only for Author, Editor and Administrator with capability ‘gwolle_gb_upload_files’) (optional).\u003C\u002Fli>\n\u003Cli>Sitemap support for popular SEO\u002FSitemap plugins.\u003C\u002Fli>\n\u003Cli>Auto Anonymize timer (optional).\u003C\u002Fli>\n\u003Cli>Auto Delete timer (optional).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can buy the Add-On at \u003Ca href=\"https:\u002F\u002Fzenoweb.nl\u002Fdownloads\u002Fgwolle-guestbook-add-on\u002F\" rel=\"nofollow ugc\">ZenoWeb Webshop\u003C\u002Fa> for only 15 Euro.\u003C\u002Fp>\n\u003Ch4>Demo with Add-On\u003C\u002Fh4>\n\u003Cp>Check out the demo with the Add-On enabled at \u003Ca href=\"https:\u002F\u002Fdemo.zenoweb.nl\u002Fwordpress-plugins\u002Fgwolle-guestbook-the-add-on\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.zenoweb.nl\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin is compatible with \u003Ca href=\"https:\u002F\u002Fwww.classicpress.net\" rel=\"nofollow ugc\">ClassicPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>This plugin is also available in \u003Ca href=\"https:\u002F\u002Fcodeberg.org\u002Fcyclotouriste\u002Fgwolle-gb\" rel=\"nofollow ugc\">Codeberg\u003C\u002Fa>.\u003C\u002Fp>\n","Gwolle Guestbook is the WordPress guestbook you've just been looking for. Beautiful and easy.",20000,1516110,96,114,"2026-02-06T09:48:00.000Z","6.9.4","4.1","7.0",[68,69,23,70,71],"gastebuch","guest-book","livre-dor","review","https:\u002F\u002Fzenoweb.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgwolle-gb.4.10.1.zip",89,0,"2025-07-09 12:49:48",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":95,"download_link":96,"security_score":87,"vuln_count":97,"unpatched_count":75,"last_vuln_date":98,"fetched_at":28},"wp-vipergb","WP-ViperGB","1.6.2","JK","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustin_k\u002F","\u003Cp>WP-ViperGB is a WordPress plugin designed to replicate the appearance and behavior of the discontinued \u003Ca href=\"http:\u002F\u002Fwww.vipergb.de.vu\u002F\" rel=\"nofollow ugc\">Viper Guestbook\u003C\u002Fa> project. It makes it easy to add a stylish and user-friendly guestbook to your blog.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create user-friendly guestbooks without writing a single line of code.\u003C\u002Fli>\n\u003Cli>Lives in a standard WordPress page and uses comments for entries, so moderation and antispam functionality works as normal.\u003C\u002Fli>\n\u003Cli>Two-View layout provides one view for submitting entries and another for reading them.\u003C\u002Fli>\n\u003Cli>Automatic paging of entries to customizable length.\u003C\u002Fli>\n\u003Cli>Show icons for country, browser, and OS in visitor signatures.\u003C\u002Fli>\n\u003Cli>Admin-panel stylesheet selector allows easy skinning to suit your theme.\u003C\u002Fli>\n\u003Cli>No bloat: Uses existing WordPress faculties so no custom database tables are required.\u003C\u002Fli>\n\u003Cli>Simple PHP template function allows programmers to manually embed standalone guestbooks in any template they wish.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a Demo, see the \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb#demo\" rel=\"nofollow ugc\">plugin’s homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Many hours have gone into developing & maintaining this plugin, far beyond my own personal needs. If you find it useful, \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb\u002F#donate\" rel=\"nofollow ugc\">a donation\u003C\u002Fa> would be greatly appreciated.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses standard WordPress comments for its entries – it is essentially a fancy whole-page comment form skin. It does not collect any data beyond that which would normally be included in standard WordPress comments. Please refer to the WordPress documentation for details on what information is stored with comments.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please direct all support requests \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb#feedback\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Create a stylish and user-friendly Guestbook for your Wordpress blog.  Designed to replicate the appearance and behavior of Viper Guestbook.",400,92358,90,4,"2024-05-23T04:52:00.000Z","6.5.8","2.5",[23,93,94],"viper-guestbook","vipergb","https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-vipergb.1.6.2.zip",3,"2024-05-23 14:23:40",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":75,"num_ratings":75,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":113,"download_link":114,"security_score":115,"vuln_count":75,"unpatched_count":75,"last_vuln_date":35,"fetched_at":28},"guestbook-generator","Guestbook Generator","0.8","Andrew DS a11n","https:\u002F\u002Fprofiles.wordpress.org\u002Fdruesome\u002F","\u003Cp>Instantly generates a guestbook for WordPress blogs based on the active theme. Once activated, click on Options > Guestbook Generator to create the guestbook.\u003C\u002Fp>\n\u003Ch3>Issues and Warnings\u003C\u002Fh3>\n\u003Cp>The latest version of Guestbook Generators work only with WordPress 2.1 and above.  If you are using a previous version (2.0), use Guestbook Generator v0.7 instead.\u003C\u002Fp>\n\u003Ch3>Future Releases\u003C\u002Fh3>\n\u003Cp>Guestbook Generator is continuously being developed and supported.  Please visit the official homepage for more news and information:\u003C\u002Fp>\n\u003Cp>[http:\u002F\u002Fwww.alleba.com\u002Fblog\u002F2006\u002F09\u002F21\u002Fwordpress-guestbook-generator-plugin\u002F WordPress Guestbook Generator]\u003C\u002Fp>\n","Instantly generates a guestbook for Wordpress blogs based on the active theme.",200,49679,"2007-03-20T19:16:00.000Z","2.1","2.0",[23],"http:\u002F\u002Fwww.alleba.com\u002Fblog\u002F2006\u002F09\u002F21\u002Fwordpress-guestbook-generator-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguestbook-generator.0.8.zip",85,{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":26,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":136,"download_link":137,"security_score":124,"vuln_count":75,"unpatched_count":75,"last_vuln_date":35,"fetched_at":28},"embed-google-drive","Embed Google Drive","1.2.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Embed a link and preview of Google Drive Documents by pasting a shared document link into the editor.\u003C\u002Fp>\n\u003Cp>No configuration is required.\u003C\u002Fp>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Copy the URL of drive document which you want to embed. Note: The document must be shared with anyone with the link.\u003C\u002Fli>\n\u003Cli>Create new post\u002Fpage or edit existing one.\u003C\u002Fli>\n\u003Cli>Paste the URL in the editor. It will automatically embed the document.\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Embed a link and preview of Google Drive Documents by pasting a shared document link into the editor.",100,6989,40,"2025-05-27T12:56:00.000Z","6.8.5","5.5","7.4",[132,22,133,134,135],"document","embed","google-drive","spreadsheet","https:\u002F\u002Fgithub.com\u002FrtCamp\u002Fembed-google-drive","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-google-drive.1.2.2.zip",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":124,"downloaded":146,"rating":124,"num_ratings":26,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":18,"tags":150,"homepage":155,"download_link":156,"security_score":115,"vuln_count":75,"unpatched_count":75,"last_vuln_date":35,"fetched_at":28},"reverse-order-comments","Reverse Order Comments","1.1.1","Tim","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimz\u002F","\u003Cp>A really simple WordPress Plugin. It provides the function \u003Ccode>ro_comments_template()\u003C\u002Fcode>, which allows the comments to be displayed in reverse order (thus the newest comments first, oldest last).\u003C\u002Fp>\n","Allows to display the comments in reverse order. Latest comment first, oldest last.",18856,"2012-07-16T18:47:00.000Z","3.4.2","1.5",[151,152,23,153,154],"comments","gstebuch","order","reverse","http:\u002F\u002Fwww.zyblog.de\u002Fwordpress-plugins\u002Freverse-order-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freverse-order-comments.1.1.1.zip",{"attackSurface":158,"codeSignals":324,"taintFlows":441,"riskAssessment":501,"analyzedAt":518},{"hooks":159,"ajaxHandlers":297,"restRoutes":310,"shortcodes":311,"cronEvents":323,"entryPointCount":255,"unprotectedCount":97},[160,165,168,172,176,180,185,189,193,197,201,204,207,210,213,216,218,222,226,230,234,238,242,246,250,256,259,262,267,271,274,279,282,285,288,293],{"type":161,"name":162,"callback":163,"file":164,"line":97},"action","widgets_init","dooodl_load_widgets","includes\\actions.php",{"type":161,"name":166,"callback":167,"priority":75,"file":164,"line":88},"init","dooodl_register_post_type",{"type":161,"name":169,"callback":170,"file":164,"line":171},"plugins_loaded","dooodl_version_check",8,{"type":161,"name":173,"callback":174,"file":164,"line":175},"admin_menu","dooodl_add_menu",9,{"type":161,"name":177,"callback":178,"file":164,"line":179},"all_admin_notices","dooodl_show_feedback_notices",10,{"type":161,"name":181,"callback":182,"priority":183,"file":164,"line":184},"current_screen","dooodl_fix_edit_menu",99999,11,{"type":161,"name":186,"callback":187,"file":164,"line":188},"add_meta_boxes","dooodl_add_metabox",12,{"type":161,"name":190,"callback":191,"file":164,"line":192},"wp_dashboard_setup","dooodl_add_dashboard_widget",13,{"type":161,"name":194,"callback":195,"file":164,"line":196},"admin_enqueue_scripts","dooodl_enqueue_admin_styles",14,{"type":161,"name":198,"callback":199,"file":164,"line":200},"admin_post_dooodl_delete","dooodl_handle_bulk_edits",16,{"type":161,"name":202,"callback":199,"file":164,"line":203},"admin_post_dooodl_approve",17,{"type":161,"name":205,"callback":199,"file":164,"line":206},"admin_post_dooodl_unapprove",18,{"type":161,"name":208,"callback":199,"file":164,"line":209},"admin_post_dooodl_restore",19,{"type":161,"name":211,"callback":199,"file":164,"line":212},"admin_post_dooodl_permadelete",20,{"type":161,"name":166,"callback":214,"file":164,"line":215},"dooodl_old_system_check",24,{"type":161,"name":166,"callback":217,"file":164,"line":47},"dooodl_add_endpoints",{"type":161,"name":219,"callback":220,"file":164,"line":221},"template_redirect","dooodl_react_to_ajax_calls",31,{"type":161,"name":223,"callback":224,"file":164,"line":225},"dooodl\u002Fcreator\u002Fpost\u002Fnew","dooodl_add_new",32,{"type":161,"name":227,"callback":228,"file":164,"line":229},"dooodl\u002Fgallery","dooodl_show_gallery",33,{"type":161,"name":231,"callback":232,"file":164,"line":233},"dooodl\u002Fcreator","dooodl_show_creator",34,{"type":161,"name":235,"callback":236,"file":164,"line":237},"dooodl_creator","dooodl_enqueue_scripts_creator",35,{"type":161,"name":239,"callback":240,"file":164,"line":241},"dooodl_gallery","dooodl_enqueue_scripts_gallery",36,{"type":161,"name":243,"callback":244,"file":164,"line":245},"dooodl\u002Fgallery\u002Fxml","dooodl_show_gallery_xml",37,{"type":161,"name":247,"callback":248,"file":164,"line":249},"dooodl\u002Fgallery\u002Fscroll","dooodl_show_gallery_scroll",38,{"type":251,"name":252,"callback":253,"priority":179,"file":254,"line":255},"filter","set-screen-option","dooodl_set_screen_options","includes\\filters.php",6,{"type":251,"name":257,"callback":258,"file":254,"line":14},"query_vars","dooodl_add_query_vars",{"type":251,"name":260,"callback":261,"priority":179,"file":254,"line":171},"post_updated_messages","dooodl_update_messages",{"type":161,"name":263,"callback":264,"file":265,"line":266},"admin_footer","dooodl_fix_css_in_menu","includes\\handlers.php",26,{"type":251,"name":268,"callback":269,"priority":26,"file":265,"line":270},"template_include","dooodl_template_hijack_gallery",163,{"type":251,"name":268,"callback":272,"priority":26,"file":265,"line":273},"dooodl_template_hijack_creator",167,{"type":161,"name":275,"callback":276,"priority":277,"file":265,"line":278},"wp_enqueue_scripts","dooodl_replace_enqueue_scripts_creator",99999999,188,{"type":161,"name":275,"callback":280,"priority":277,"file":265,"line":281},"dooodl_replace_enqueue_styles_creator",189,{"type":161,"name":275,"callback":283,"priority":277,"file":265,"line":284},"dooodl_replace_enqueue_scripts_gallery",193,{"type":161,"name":275,"callback":286,"priority":277,"file":265,"line":287},"dooodl_replace_enqueue_styles_gallery",194,{"type":161,"name":289,"callback":290,"file":291,"line":292},"admin_notices","dooodlv2_nag_migration","includes\\migration.php",45,{"type":161,"name":169,"callback":294,"priority":179,"file":295,"line":296},"initSettings","includes\\redux_config.php",22,[298,303,306],{"action":299,"nopriv":300,"callback":301,"hasNonce":300,"hasCapCheck":300,"file":164,"line":302},"dooodl-get-stats",false,"dooodlv2_migration_ajax_stats",25,{"action":304,"nopriv":300,"callback":305,"hasNonce":300,"hasCapCheck":300,"file":164,"line":266},"dooodl-batch-update","dooodlv2_migration_bach_update",{"action":307,"nopriv":300,"callback":308,"hasNonce":300,"hasCapCheck":300,"file":164,"line":309},"dooodl-database-update","dooodlv2_migration_database_update",27,[],[312,317,320],{"tag":313,"callback":314,"file":315,"line":316},"dooodl_widget","shortcode_dooodl_widget","includes\\shortcodes.php",127,{"tag":235,"callback":318,"file":315,"line":319},"shortcode_dooodl_creator",128,{"tag":239,"callback":321,"file":315,"line":322},"shortcode_dooodl_gallery",129,[],{"dangerousFunctions":325,"sqlUsage":326,"outputEscaping":334,"fileOperations":433,"externalRequests":75,"nonceChecks":75,"capabilityChecks":75,"bundledLibraries":434},[],{"prepared":26,"raw":97,"locations":327},[328,330,332],{"file":291,"line":171,"context":329},"$wpdb->get_var() with variable interpolation",{"file":291,"line":215,"context":331},"$wpdb->get_results() with variable interpolation",{"file":291,"line":333,"context":329},216,{"escaped":335,"rawEcho":336,"locations":337},15,56,[338,342,343,345,346,348,350,353,354,356,358,360,362,363,364,366,368,370,372,373,374,375,378,380,381,382,383,385,386,388,389,391,393,395,396,397,398,400,401,403,405,408,410,412,414,416,417,419,421,423,424,426,427,429,430,431],{"file":339,"line":340,"context":341},"gallery\\includes\\contentdisplay.php",39,"raw output",{"file":339,"line":126,"context":341},{"file":339,"line":344,"context":341},42,{"file":339,"line":292,"context":341},{"file":339,"line":347,"context":341},47,{"file":339,"line":349,"context":341},49,{"file":351,"line":352,"context":341},"gallery\\index.php",55,{"file":351,"line":336,"context":341},{"file":351,"line":355,"context":341},62,{"file":351,"line":357,"context":341},65,{"file":351,"line":359,"context":341},66,{"file":351,"line":361,"context":341},69,{"file":351,"line":25,"context":341},{"file":351,"line":48,"context":341},{"file":351,"line":365,"context":341},74,{"file":351,"line":367,"context":341},77,{"file":351,"line":369,"context":341},78,{"file":351,"line":371,"context":341},81,{"file":351,"line":74,"context":341},{"file":351,"line":87,"context":341},{"file":351,"line":87,"context":341},{"file":376,"line":377,"context":341},"includes\\ajax.php",170,{"file":379,"line":221,"context":341},"includes\\dashboard-widget.php",{"file":379,"line":225,"context":341},{"file":379,"line":249,"context":341},{"file":379,"line":359,"context":341},{"file":265,"line":384,"context":341},43,{"file":265,"line":384,"context":341},{"file":265,"line":387,"context":341},120,{"file":265,"line":387,"context":341},{"file":265,"line":390,"context":341},121,{"file":265,"line":392,"context":341},123,{"file":265,"line":394,"context":341},126,{"file":265,"line":394,"context":341},{"file":265,"line":319,"context":341},{"file":265,"line":322,"context":341},{"file":265,"line":399,"context":341},309,{"file":291,"line":352,"context":341},{"file":291,"line":402,"context":341},183,{"file":291,"line":404,"context":341},270,{"file":406,"line":407,"context":341},"includes\\page.dooodl-overview.php",61,{"file":406,"line":409,"context":341},67,{"file":406,"line":411,"context":341},68,{"file":413,"line":184,"context":341},"includes\\utils.php",{"file":415,"line":367,"context":341},"includes\\widget.php",{"file":415,"line":369,"context":341},{"file":415,"line":418,"context":341},79,{"file":415,"line":420,"context":341},105,{"file":415,"line":422,"context":341},106,{"file":415,"line":422,"context":341},{"file":415,"line":425,"context":341},111,{"file":415,"line":425,"context":341},{"file":415,"line":428,"context":341},112,{"file":415,"line":62,"context":341},{"file":415,"line":62,"context":341},{"file":415,"line":432,"context":341},115,2,[435,438],{"name":436,"version":35,"knownCves":437},"TinyMCE",[],{"name":439,"version":35,"knownCves":440},"Select2",[],[442,459,470,483,492],{"entryPoint":443,"graph":444,"unsanitizedCount":26,"severity":37},"dooodl_handle_bulk_edits (includes\\handlers.php:247)",{"nodes":445,"edges":457},[446,451],{"id":447,"type":448,"label":449,"file":265,"line":450},"n0","source","$_REQUEST",252,{"id":452,"type":453,"label":454,"file":265,"line":455,"wp_function":456},"n1","sink","wp_redirect() [Open Redirect]",260,"wp_redirect",[458],{"from":447,"to":452,"sanitized":300},{"entryPoint":460,"graph":461,"unsanitizedCount":26,"severity":37},"dooodl_show_feedback_notices (includes\\handlers.php:264)",{"nodes":462,"edges":468},[463,465],{"id":447,"type":448,"label":449,"file":265,"line":464},280,{"id":452,"type":453,"label":466,"file":265,"line":399,"wp_function":467},"echo() [XSS]","echo",[469],{"from":447,"to":452,"sanitized":300},{"entryPoint":471,"graph":472,"unsanitizedCount":433,"severity":37},"\u003Chandlers> (includes\\handlers.php:0)",{"nodes":473,"edges":480},[474,475,476,478],{"id":447,"type":448,"label":449,"file":265,"line":450},{"id":452,"type":453,"label":454,"file":265,"line":455,"wp_function":456},{"id":477,"type":448,"label":449,"file":265,"line":464},"n2",{"id":479,"type":453,"label":466,"file":265,"line":399,"wp_function":467},"n3",[481,482],{"from":447,"to":452,"sanitized":300},{"from":477,"to":479,"sanitized":300},{"entryPoint":484,"graph":485,"unsanitizedCount":433,"severity":37},"dooodl_show_overview_page (includes\\page.dooodl-overview.php:3)",{"nodes":486,"edges":490},[487,489],{"id":447,"type":448,"label":488,"file":406,"line":407},"$_REQUEST['page'] (x2)",{"id":452,"type":453,"label":466,"file":406,"line":407,"wp_function":467},[491],{"from":447,"to":452,"sanitized":300},{"entryPoint":493,"graph":494,"unsanitizedCount":433,"severity":500},"\u003Cpage.dooodl-overview> (includes\\page.dooodl-overview.php:0)",{"nodes":495,"edges":498},[496,497],{"id":447,"type":448,"label":488,"file":406,"line":407},{"id":452,"type":453,"label":466,"file":406,"line":407,"wp_function":467},[499],{"from":447,"to":452,"sanitized":300},"low",{"summary":502,"deductions":503},"The 'dooodl' v2.3.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points and a history of vulnerabilities. The static analysis reveals that 3 out of 6 total entry points, all of which are AJAX handlers, lack proper authentication checks. This is a critical oversight that could allow unauthenticated users to trigger potentially harmful actions. Furthermore, the taint analysis indicates all analyzed flows involve unsanitized paths, and while no critical or high severity issues were found, this suggests a general lack of input validation and sanitization throughout the codebase. The plugin's vulnerability history is also a major red flag, with one currently unpatched medium severity vulnerability related to Cross-Site Scripting. This, coupled with the lack of nonce checks and capability checks in the code signals, points to a pattern of insecure coding practices that have led to past security flaws. While the plugin does not appear to use dangerous functions, the raw SQL queries, the low percentage of properly escaped output, and the absence of nonce and capability checks on AJAX handlers are significant weaknesses that, when combined with the existing unpatched vulnerability and unprotected entry points, create a high-risk profile. The presence of bundled libraries like TinyMCE and Select2, while common, doesn't mitigate the fundamental security flaws.",[504,506,508,510,512,514,516],{"reason":505,"points":179},"Unprotected AJAX handlers",{"reason":507,"points":335},"All Taint Flows have unsanitized paths",{"reason":509,"points":203},"Unpatched Medium Vulnerability (XSS)",{"reason":511,"points":14},"SQL queries not fully prepared",{"reason":513,"points":255},"Low percentage of output escaping",{"reason":515,"points":171},"No nonce checks on AJAX handlers",{"reason":517,"points":14},"No capability checks found","2026-03-16T21:50:24.454Z",{"wat":520,"direct":532},{"assetPaths":521,"generatorPatterns":528,"scriptPaths":529,"versionParams":530},[522,523,524,525,526,527],"\u002Fwp-content\u002Fplugins\u002Fdooodl\u002Fassets\u002Fmigration_manager.js","\u002Fwp-content\u002Fplugins\u002Fdooodl\u002Fassets\u002Fadmin_style.css","\u002Fwp-content\u002Fplugins\u002Fdooodl\u002Fcreator\u002Fcss\u002Fscreen.css","\u002Fwp-content\u002Fplugins\u002Fdooodl\u002Fcreator\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fdooodl\u002Fgallery\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fdooodl\u002Fgallery\u002Fjs\u002Fscript.js",[],[522,525,527],[531],"ver=2.3.0",{"cssClasses":533,"htmlComments":537,"htmlAttributes":541,"restEndpoints":545,"jsGlobals":546,"shortcodeOutput":550},[534,535,536],"dooodl-creator-wrapper","dooodl-gallery-wrapper","dooodl-image-container",[538,539,540],"\u003C!-- Dooodl -->","\u003C!-- Dooodl Creator -->","\u003C!-- Dooodl Gallery -->",[542,543,544],"data-dooodl-ajax-url","data-dooodl-nonce","data-dooodl-image-id",[],[547,548,549],"window.dooodl_ajax_url","window.dooodl_nonce","var DooodlAdminLabels",[551,552],"[dooodl_creator]","[dooodl_gallery]",{"slug":4,"current_version":6,"total_versions":75,"versions":554},[]]