[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhpKHZ4WTSPDiukYtLNlDQ7a0hBM1aAas5OBXKZbuaU4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":52,"crawl_stats":35,"alternatives":59,"analysis":172,"fingerprints":293},"dot-htmlphpxml-etc-pages","Dot html,php,xml etc pages","1.0","karimmughal","https:\u002F\u002Fprofiles.wordpress.org\u002Fkarimmughal\u002F","\u003Cp>This plugin allows you to create custom URLs for ur pages, for your WordPress blog. This Plugin Adds .php, html, .xml etc SIGNATURE Extension to Your Pages Like http:\u002F\u002Fwww.yoursitename.com\u002Fyourpage.php,.html,xml any signature. WARNING: FIRST DEACTIVATE THE OTHER EXTENSION PAGES PLUGIN.  Just Activate The Plugin And Setting The Pages Through Setting->Dot html,php,xml etc pages.\u003C\u002Fp>\n\u003Ch3>Powered By\u003C\u002Fh3>\n\u003Cp>KSM (http:\u002F\u002Fksmughal.com)\u003C\u002Fp>\n","Dot html,php,xml etc pages This plugin create any format of pages.",100,8616,0,"2012-08-19T08:55:00.000Z","3.4.2","2.3","",[19,20,21,22],"html","pages","php","signature","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdot-htmlphpxml-etc-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdot-htmlphpxml-etc-pages.zip",42,2,"2025-07-07 00:00:00","2026-03-15T15:16:48.613Z",[30,44],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-52779","dot-htmlphpxml-etc-pages-reflected-cross-site-scripting-2","Dot html,php,xml etc pages \u003C= 1.0 - Reflected Cross-Site Scripting","The Dot html,php,xml etc pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-16 18:43:35",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7b3e9ff7-c33b-4e47-8dfb-120577b815f2?source=api-prod",{"id":45,"url_slug":46,"title":33,"description":47,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":48,"updated_date":49,"references":50,"days_to_patch":35},"CVE-2025-48112","dot-htmlphpxml-etc-pages-reflected-cross-site-scripting","The Dot html,php,xml etc pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","2025-05-16 00:00:00","2025-05-21 20:33:37",[51],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6b7cf194-f7e8-4776-ab14-77d9ad05b966?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":55,"avg_patch_time_days":56,"trust_score":57,"computed_at":58},3,210,71,30,74,"2026-04-04T19:17:14.485Z",[60,85,104,126,148],{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":11,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":80,"download_link":81,"security_score":82,"vuln_count":83,"unpatched_count":83,"last_vuln_date":84,"fetched_at":28},"append-extensions-on-pages","Append extensions on Pages","1.1.2","Suresh Kumar Mukhiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsureshhardiya\u002F","\u003Cp>This plugin helps to appends .html on the wordpress pages when used with permalink. If you are a developer then you can modify this plugin to use any extension you want.\u003C\u002Fp>\n\u003Cp>You can choose the extension you want to have on your pages when used with permalik. Availble choices are .jsp, .htm, .html, .asp, .ror. Every time new extension is used, please make sure to refresh permalink.\u003C\u002Fp>\n","This plugin helps to appends .html or .asp or .htm etc on the wordpress pages when used with permalink.",900,11890,7,"2017-09-09T10:53:00.000Z","4.8.28","3.1",[75,76,77,78,79],"html-on-permalink","add-aspx-on-pages","add-html-on-pages","add-php-on-pages","append-html-on-pages","http:\u002F\u002Fwww.skmukhiya.com.np","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappend-extensions-on-pages.zip",63,1,"2025-09-22 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":11,"num_ratings":26,"last_updated":95,"tested_up_to":72,"requires_at_least":96,"requires_php":17,"tags":97,"homepage":101,"download_link":102,"security_score":103,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"html-php-pages-and-posts","Custom HTML\u002FPHP Post Templates","2.0.0","Stephen AfamO","https:\u002F\u002Fprofiles.wordpress.org\u002Fstephenafamo\u002F","\u003Cp>This plugin allows you to use any HTML or PHP file as the template for any page or post.\u003C\u002Fp>\n\u003Cp>Simply upload the file and select it.\u003Cbr \u002F>\nYou can upload custom js and css files into the media library and link to them from the HTML file.\u003C\u002Fp>\n\u003Cp>Options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Overwrite All: You overwrite the entire theme and use your custom file\u003C\u002Fli>\n\u003Cli>Overwrite Content: Keeps the header, footer, sidebar, e.t.c. Simply overwrites the body of the page or post\u003C\u002Fli>\n\u003Cli>Above Content: Your custom content is simply added to the top of the page content\u003C\u002Fli>\n\u003Cli>Below Content: You custom content is placed just beneath the page content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Adding support for custom post types\u003C\u002Fh4>\n\u003Cp>By default the pulugin works with pages and posts, however, go to the settings to enable it on any other registered post type.\u003C\u002Fp>\n\u003Cp>use the \u003Ccode>hppp_post_types\u003C\u002Fcode> filter to add more post types.\u003C\u002Fp>\n\u003Cp>Like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    public function post_type_modify ($post_types) {\n        $post_types[] = 'custom_post_type';\n        return $post_types;\n    }\n\n    add_filter( 'hppp_post_types', 'post_type_modify' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Use your HTML or PHP files for any page or post.",60,8262,"2017-07-09T19:42:00.000Z","3.0.1",[98,99,100,19,21],"custom-pages","custom-posts","custom-templates","http:\u002F\u002Fwww.github.com\u002Fstephenafamo\u002Fhtml-php-pages-and-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-php-pages-and-posts.2.0.0.zip",85,{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":124,"download_link":125,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"html-sitemap","HTML Page Sitemap","1.3.9","Angelo Mandato","https:\u002F\u002Fprofiles.wordpress.org\u002Famandato\u002F","\u003Cp>This simple plugin adds an HTML (Not XML) sitemap of your pages (not posts) by using the shortcode \u003Ccode>[html_sitemap]\u003C\u002Fcode>. This plugin can display a sitemap with specific depths, from a specific parent page and include\u002Fexclude specific pages by ID. The sitemap uses the unordered HTML list tags \u003Ccode>\u003Cul>\u003C\u002Fcode> and \u003Ccode>\u003Cli>\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Shortcode attributes include \u003Ccode>sort_column\u003C\u002Fcode>, \u003Ccode>sort_order\u003C\u002Fcode>, \u003Ccode>exclude\u003C\u002Fcode>, \u003Ccode>include\u003C\u002Fcode>, \u003Ccode>depth\u003C\u002Fcode>, \u003Ccode>child_of\u003C\u002Fcode>, \u003Ccode>meta_key\u003C\u002Fcode>, \u003Ccode>meta_value\u003C\u002Fcode>, \u003Ccode>authors\u003C\u002Fcode>, \u003Ccode>number\u003C\u002Fcode>,  \u003Ccode>offset\u003C\u002Fcode>, \u003Ccode>post_type\u003C\u002Fcode>,  and \u003Ccode>post_status\u003C\u002Fcode> parameters from the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_list_pages\" rel=\"nofollow ugc\">\u003Ccode>wp_list_pages\u003C\u002Fcode>\u003C\u002Fa> function. In addition you can also set \u003Ccode>class\u003C\u002Fcode>, \u003Ccode>id\u003C\u002Fcode>, and \u003Ccode>ordered_list_type\u003C\u002Fcode> to further customize the html page sitemap.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin is perfect for those who use WordPress as a CMS.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Shortcode Tag Attribute Options\u003C\u002Fh3>\n\u003Cp>The following wp_list_pages tag attribute options are supported:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>authors\u003C\u002Fcode> — Comma-separated list of author IDs. Default empty (all authors).\u003C\u002Fli>\n\u003Cli>\u003Ccode>child_of\u003C\u002Fcode> — ID of child page, ‘CURRENT’, or ‘PARENT’. The value ‘CURRENT’ will use the current page ID. The value ‘PARENT’ will use the current page parent ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>depth\u003C\u002Fcode> — -1 (any depth), 0 (all pages), 1 (top-level pages only), 2 (top-level and 2nd level pages only), etc.\u003C\u002Fli>\n\u003Cli>\u003Ccode>date_format\u003C\u002Fcode> — e.g. ‘l, F j, Y’. See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fdocumentation\u002Farticle\u002Fcustomize-date-and-time-format\u002F\" rel=\"ugc\">WordPress Date Format\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ccode>exclude\u003C\u002Fcode> — Comma-separated list of page IDs to exclude.\u003C\u002Fli>\n\u003Cli>\u003Ccode>include\u003C\u002Fcode> — Comma-separated list of page IDs to include.\u003C\u002Fli>\n\u003Cli>\u003Ccode>item_spacing\u003C\u002Fcode> — Whether to preserve whitespace within the menu’s HTML. Accepts ‘preserve’ or ‘discard’.\u003C\u002Fli>\n\u003Cli>\u003Ccode>meta_key\u003C\u002Fcode> — Limits output to pages having a specific custom field key. \u003C\u002Fli>\n\u003Cli>\u003Ccode>meta_value\u003C\u002Fcode> — Limits output to pages having a specific custom field value.\u003C\u002Fli>\n\u003Cli>\u003Ccode>number\u003C\u002Fcode> — Limits the number of links displayed (SQL LIMIT).\u003C\u002Fli>\n\u003Cli>\u003Ccode>offset\u003C\u002Fcode> — Skips a specific number of pages before displaying the list.\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_type\u003C\u002Fcode> — Post type to query for. Default ‘page’\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_status\u003C\u002Fcode> — Comma-separated list or array of post statuses to include. Default ‘publish’\u003C\u002Fli>\n\u003Cli>\u003Ccode>show_date\u003C\u002Fcode> — Whether to display the page publish or modified date for each page. Accepts ‘modified’ or any other value. An empty value hides the date.\u003C\u002Fli>\n\u003Cli>\u003Ccode>sort_column\u003C\u002Fcode> — Comma-separated list of column names to sort the pages by. Accepts ‘post_author’, ‘post_date’, ‘post_title’, ‘post_name’, ‘post_modified’, ‘post_modified_gmt’, ‘menu_order’, ‘post_parent’, ‘ID’, ‘rand’, or ‘comment_count’. Default ‘post_title’.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please see documentation for the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_list_pages\" rel=\"nofollow ugc\">\u003Ccode>wp_list_pages\u003C\u002Fcode>\u003C\u002Fa> function for reference.\u003C\u002Fp>\n\u003Cp>In addition the following tag attributes are available exclusively for this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> — Specify class values for the initial HTML Page Sitemap \u003Ccode>\u003Cul>\u003C\u002Fcode> list tag.\u003C\u002Fli>\n\u003Cli>\u003Ccode>id\u003C\u002Fcode> — Specify ID values for the initial HTML Page Sitemap \u003Ccode>\u003Cul>\u003C\u002Fcode> list tag.\u003C\u002Fli>\n\u003Cli>\u003Ccode>ordered_list_type\u003C\u002Fcode> — Specify the ordered list type. Accepts ”, ‘1’, ‘A’, ‘a’, ‘I’, and ‘i’. Default empty value will display an unordered list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The \u003Ccode>ordered_list_type\u003C\u002Fcode> attribute options in more detail:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>ordered_list_type=\"\"\u003C\u002Fcode> — The list items will be unordered\u003C\u002Fli>\n\u003Cli>\u003Ccode>ordered_list_type=\"1\"\u003C\u002Fcode> — The list items will be numbered with numbers\u003C\u002Fli>\n\u003Cli>\u003Ccode>ordered_list_type=\"A\"\u003C\u002Fcode> — The list items will be numbered with uppercase letters\u003C\u002Fli>\n\u003Cli>\u003Ccode>ordered_list_type=\"a\"\u003C\u002Fcode> — The list items will be numbered with lowercase letters\u003C\u002Fli>\n\u003Cli>\u003Ccode>ordered_list_type=\"I\"\u003C\u002Fcode> — The list items will be numbered with uppercase roman numbers\u003C\u002Fli>\n\u003Cli>\u003Ccode>ordered_list_type=\"i\"\u003C\u002Fcode> — The list items will be numbered with lowercase roman numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: This plugin only works with Hierarchical Custom Post Types such as \u003Ccode>pages\u003C\u002Fcode>. This plugin will not work if your post type is not hierarchical. Not setting an ordered_list_type will use an unordered list (default).\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cp>First example shows how to add a sitemap for the entire site.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will add a sitemap to a page displaying a depth limit of 3 and exclude page ID 708.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap depth=3 exclude=708]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will add a sitemap to a page displaying only children and grandchildren of the current page.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap depth=2 child_of=CURRENT]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will add a sitemap to a page displaying children and grandchildren of the parent page (would include the curent page as well).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap depth=2 child_of=PARENT]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will add a sitemap displaying the page modified date with the pages sorted by the menu order number.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap show_date=modified sort_column=menu_order]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode excluding multiple pages with ids 708, 1024 and 42.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap exclude=\"708,1024,42\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will add a class attribute to the \u003Ccode>\u003Cul>\u003C\u002Fcode> tag.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap class=\"custom-class\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will add an id attribute to the \u003Ccode>\u003Cul>\u003C\u002Fcode> tag.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap id=\"custom-element-id\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode will display an ordered list using lowercase letters with a depth of 1.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap ordered_list_type=\"a\" depth=1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example shortcode with roman numbering in capitalization, with custom field “featured-list” and custom value “yes”\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[html_sitemap ordered_list_type=\"I\" meta_key=featured-list meta_value=yes sort_column=post_date]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For the latest information visit the website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.pluginspodcast.com\u002Fplugins\u002Fhtml-page-sitemap\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.pluginspodcast.com\u002Fplugins\u002Fhtml-page-sitemap\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fangelo.mandato.com\" rel=\"nofollow ugc\">Angelo Mandato\u003C\u002Fa>, founder of \u003Ca href=\"https:\u002F\u002Fwww.painlessanalytics.com\" rel=\"nofollow ugc\">Painless Analytics\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.frontpup.com\" rel=\"nofollow ugc\">FrontPup\u003C\u002Fa> – Plugin author\u003C\u002Fp>\n","Adds an HTML (Not XML) sitemap of your pages (not posts) by entering the shortcode [html_sitemap], perfect for those who use WordPress as a CMS.",10000,379036,86,22,"2026-02-11T09:30:00.000Z","6.9.4","3.7","5.4",[105,121,20,122,123],"page","shortcode","sitemap","http:\u002F\u002Fwww.pluginspodcast.com\u002Fplugins\u002Fhtml-page-sitemap\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-sitemap.1.3.9.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":141,"tags":142,"homepage":146,"download_link":147,"security_score":103,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"code-widget","Code Widget","1.0.15","Sharaz Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharaz\u002F","\u003Cp>Code Widget is simple widget allows you to insert any arbitrary Text\u002FHTML  and run  PHP Code or Short Code. This Widget parses PHP code  into simple text and much more.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003Cbr \u002F>\nThis plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsharazghouri1\" rel=\"nofollow ugc\">Sharaz Shahid\u003C\u002Fa>\u003C\u002Fp>\n","Code widget help  to  add  Short Code, PHP Code, HTML, and Simple Text in widget.",4000,60271,98,35,"2022-06-11T11:06:00.000Z","6.1.0","4.0","7.0",[143,19,21,144,145],"code","short-code","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-widget.1.0.15.zip",{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":136,"num_ratings":158,"last_updated":159,"tested_up_to":117,"requires_at_least":160,"requires_php":161,"tags":162,"homepage":167,"download_link":168,"security_score":169,"vuln_count":170,"unpatched_count":13,"last_vuln_date":171,"fetched_at":28},"wp-simple-html-sitemap","WP Simple HTML Sitemap","3.8","Ashish Ajani","https:\u002F\u002Fprofiles.wordpress.org\u002Fashishajani\u002F","\u003Cp>HTML sitemap helps website visitors navigating through a website. Simple HTML Sitemap plugin provides facility to generate shortcode and show HTML sitemap using generated shortcode. If you are running WordPress website having large number of CMS pages and blogs, this plugin can be really useful for you. This plugin is very simple and easy to use, yet it provides various configuration options to generate sitemap shortcode and place it anywhere on the website.\u003C\u002Fp>\n\u003Ch4>Features Overview\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to install and configure\u003C\u002Fli>\n\u003Cli>Offers wide variety of settings for pages and posts\u003C\u002Fli>\n\u003Cli>Helpful in SEO as Google still values the HTML sitemap\u003C\u002Fli>\n\u003Cli>Provides options to generate shortcode and use on any page or post\u003C\u002Fli>\n\u003Cli>Allows interlinking pages and post easily\u003C\u002Fli>\n\u003Cli>Allows saving generated short code for the reuse\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Page shortcode example and parameters\u003C\u002Fh4>\n\u003Cp>Here is an example of shortcode to generate HTML Sitemap for pages\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wshs_list post_type=\"page\" name=\"Page Sitemap\" order_by=\"title\" show_image=\"true\" image_width=\"30\" image_height=\"30\" content_limit=\"140\" show_date=\"true\" date=\"created\" date_format=\"F j, Y\" depth=\"4\" layout=\"single-column\" position=\"left\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Explanation of parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>post_type=”page” – This shortcode will generate HTML sitemap of pages\u003C\u002Fli>\n\u003Cli>name=”Page Sitemap” – You can specify sitemap heading (title)\u003C\u002Fli>\n\u003Cli>order_by=”title” – Pages will be ordered by title alphabetically in ascending order\u003C\u002Fli>\n\u003Cli>order=”asc” – Values can be asc or desc\u003C\u002Fli>\n\u003Cli>child_of=”” – To specify the parent page by adding parent page ID\u003C\u002Fli>\n\u003Cli>show_image=”true” – A small image of all pages will be included, if it is not available then placeholder image will be shown\u003C\u002Fli>\n\u003Cli>image_width=”30″ – Images will be 30 pixels wider\u003C\u002Fli>\n\u003Cli>image_height=”30″ – Height of the image will be 30 pixels\u003C\u002Fli>\n\u003Cli>content_limit=”140″ – Excerpt will be included under the post title with maximum 140 characters\u003C\u002Fli>\n\u003Cli>show_date=”true” – The date will appear for all items in the sitemap\u003C\u002Fli>\n\u003Cli>date=”created” – Date when the page was created\u003C\u002Fli>\n\u003Cli>date_format=”F j, Y” – How the date will appear (in this case it will be like June 29, 2018)\u003C\u002Fli>\n\u003Cli>layout=”single-column” – To show the sitemap in single column or in two columns\u003C\u002Fli>\n\u003Cli>position=”left” – For two-columns, you can choose to show sitemap in left or right column\u003C\u002Fli>\n\u003Cli>horizontal=”true” – This will generate sitemap having horizontal view\u003C\u002Fli>\n\u003Cli>separator=” |” – Allows to add separator like ‘|’ or ‘\u002F’  or ‘\\’\u003C\u002Fli>\n\u003Cli>exclude=”100,122,155″ – Comma separated list of post IDs to exclude from the sitemap.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Post shortcode example and parameters\u003C\u002Fh4>\n\u003Cp>Here is an example of shortcode to generate HTML Sitemap for posts\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wshs_list post_type=\"post\" name=\"Post Sitemap\" order_by=\"title\" show_image=\"true\" image_width=\"30\" image_height=\"30\" content_limit=\"140\" show_date=\"true\" date=\"created\" date_format=\"F j, Y\" layout=\"single-column\" taxonomy=\"category\" terms=\"wordpress-plugins\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Explanation of parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>post_type=”post” – This shortcode will generate HTML sitemap of posts\u003C\u002Fli>\n\u003Cli>name=”Post Sitemap” – You can specify sitemap heading (title)\u003C\u002Fli>\n\u003Cli>order_by=”title” – Posts will be ordered by title alphabetically in ascending order\u003C\u002Fli>\n\u003Cli>show_image=”true” – A small image of all pages will be included, if it is not\u003C\u002Fli>\n\u003Cli>image_width=”30″ – Images will be 30 pixels wider\u003C\u002Fli>\n\u003Cli>image_height=”30″ – Height of the image will be 30 pixels\u003C\u002Fli>\n\u003Cli>content_limit=”140″ – Excerpt will be included under the post title with maximum 140 characters\u003C\u002Fli>\n\u003Cli>show_date=”true” – The date will appear for all items in the sitemap\u003C\u002Fli>\n\u003Cli>date=”created” – Date when the page was created\u003C\u002Fli>\n\u003Cli>date_format=”F j, Y” – How the date will appear (in this case it will be like June 29, 2018)\u003C\u002Fli>\n\u003Cli>layout=”full” – To show the sitemap in full page or in half view\u003C\u002Fli>\n\u003Cli>position=”left” – For half layout, you can choose to show sitemap in left or right column\u003C\u002Fli>\n\u003Cli>taxonomy=”category” – To include custom taxonomy\u003C\u002Fli>\n\u003Cli>terms=”wordpress-plugins” – To include term of the custom taxonomy\u003C\u002Fli>\n\u003Cli>horizontal=”true” – This will generate sitemap having horizontal view\u003C\u002Fli>\n\u003Cli>separator=” |” – Allows to add separator like ‘|’ or ‘\u002F’  or ‘\\’\u003C\u002Fli>\n\u003Cli>exclude=”100,122,155″ – Comma separated list of post IDs to exclude from the sitemap.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Important note: If you like to generate a sitemap having both posts and pages, you need to use two shortcodes. One for the pages and another for the posts.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>If you like learn more about shortcode parameters and other configuration options available at admin area, please take a look at here \u003Ca href=\"https:\u002F\u002Ffreelancer-coder.com\u002Fwp-simple-html-sitemap-plugin\" rel=\"nofollow ugc\">Simple HTML Sitemap Plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please feel free to connect with me in case if you find any difficulties using this plugin, I’ll remain attentive to comments. You can use this form to connect with me \u003Ca href=\"https:\u002F\u002Ffreelancer-coder.com\u002Fcontact-wordpress-developer\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ffreelancer-coder.com\u002Fcontact-wordpress-developer\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Using Simple HTML Sitemap plugin, you can add HTML Sitemap anywhere on the website using Shortcode.",2000,34037,10,"2026-02-25T07:53:00.000Z","6.0","7.4",[163,164,165,166,123],"html-sitemap-plugin","html-sitemap-shortcode","post-and-pages-sitemap","simple-html-sitemap","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-simple-html-sitemap\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-html-sitemap.3.8.zip",94,6,"2025-04-01 00:00:00",{"attackSurface":173,"codeSignals":202,"taintFlows":218,"riskAssessment":281,"analyzedAt":292},{"hooks":174,"ajaxHandlers":198,"restRoutes":199,"shortcodes":200,"cronEvents":201,"entryPointCount":13,"unprotectedCount":13},[175,181,185,187,193],{"type":176,"name":177,"callback":178,"file":179,"line":180},"action","admin_menu","AddPanel","dot-pages.php",19,{"type":176,"name":182,"callback":183,"file":179,"line":184},"init","SaveSettings",21,{"type":176,"name":182,"callback":186,"file":179,"line":115},"dot_pages_func",{"type":188,"name":189,"callback":190,"priority":191,"file":179,"line":192},"filter","mod_rewrite_rules","AddRewriteRules",999,26,{"type":188,"name":194,"callback":195,"priority":196,"file":179,"line":197},"user_trailingslashit","no_page_slash",66,27,[],[],[],[],{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":206,"fileOperations":13,"externalRequests":13,"nonceChecks":83,"capabilityChecks":13,"bundledLibraries":217},[],{"prepared":13,"raw":13,"locations":205},[],{"escaped":13,"rawEcho":207,"locations":208},4,[209,212,214,216],{"file":179,"line":210,"context":211},91,"raw output",{"file":179,"line":213,"context":211},105,{"file":179,"line":215,"context":211},106,{"file":179,"line":215,"context":211},[],[219,235,262],{"entryPoint":220,"graph":221,"unsanitizedCount":83,"severity":37},"DotPagesSettings (dot-pages.php:88)",{"nodes":222,"edges":232},[223,227],{"id":224,"type":225,"label":226,"file":179,"line":210},"n0","source","$_POST['notice']",{"id":228,"type":229,"label":230,"file":179,"line":210,"wp_function":231},"n1","sink","echo() [XSS]","echo",[233],{"from":224,"to":228,"sanitized":234},false,{"entryPoint":236,"graph":237,"unsanitizedCount":13,"severity":261},"SaveSettings (dot-pages.php:70)",{"nodes":238,"edges":256},[239,242,245,249,251,254],{"id":224,"type":225,"label":240,"file":179,"line":241},"$_POST['dot_pages_enable']",72,{"id":228,"type":229,"label":243,"file":179,"line":241,"wp_function":244},"update_option() [Settings Manipulation]","update_option",{"id":246,"type":225,"label":247,"file":179,"line":248},"n2","$_POST['dot_pages_slug']",73,{"id":250,"type":229,"label":243,"file":179,"line":248,"wp_function":244},"n3",{"id":252,"type":225,"label":253,"file":179,"line":57},"n4","$_POST['dot_pages_mode']",{"id":255,"type":229,"label":243,"file":179,"line":57,"wp_function":244},"n5",[257,259,260],{"from":224,"to":228,"sanitized":258},true,{"from":246,"to":250,"sanitized":258},{"from":252,"to":255,"sanitized":258},"low",{"entryPoint":263,"graph":264,"unsanitizedCount":13,"severity":261},"\u003Cdot-pages> (dot-pages.php:0)",{"nodes":265,"edges":276},[266,267,268,269,270,271,272,274],{"id":224,"type":225,"label":240,"file":179,"line":241},{"id":228,"type":229,"label":243,"file":179,"line":241,"wp_function":244},{"id":246,"type":225,"label":247,"file":179,"line":248},{"id":250,"type":229,"label":243,"file":179,"line":248,"wp_function":244},{"id":252,"type":225,"label":253,"file":179,"line":57},{"id":255,"type":229,"label":243,"file":179,"line":57,"wp_function":244},{"id":273,"type":225,"label":226,"file":179,"line":210},"n6",{"id":275,"type":229,"label":230,"file":179,"line":210,"wp_function":231},"n7",[277,278,279,280],{"from":224,"to":228,"sanitized":258},{"from":246,"to":250,"sanitized":258},{"from":252,"to":255,"sanitized":258},{"from":273,"to":275,"sanitized":258},{"summary":282,"deductions":283},"The 'dot-htmlphpxml-etc-pages' plugin v1.0 presents a mixed security picture.  On the positive side, the plugin boasts a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, all of which are unprotected.  Furthermore, it utilizes prepared statements for all SQL queries and includes a nonce check, demonstrating an awareness of some fundamental security practices.  However, significant concerns arise from the static analysis.  Critically, 100% of output is not properly escaped, which is a major red flag for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history.  The presence of one flow with an unsanitized path in the taint analysis, while not critical or high severity, still indicates a potential weakness in input handling.\n\nThe plugin's vulnerability history is particularly alarming. With two known medium-severity CVEs, both currently unpatched, and a common vulnerability type being Cross-Site Scripting (XSS), it strongly suggests a recurring pattern of insecure output handling. The fact that these vulnerabilities are not only present but also remain unpatched indicates a lack of ongoing security maintenance and a high likelihood of exploitation. While the limited attack surface is a positive, the unpatched XSS vulnerabilities and the unescaped output create a substantial risk, overshadowing the good practices observed in other areas. This plugin should be treated with extreme caution due to the high probability of exploitable XSS flaws.",[284,287,289],{"reason":285,"points":286},"Two unpatched CVEs (medium severity)",20,{"reason":288,"points":286},"0% output properly escaped",{"reason":290,"points":291},"Flow with unsanitized path",5,"2026-03-16T20:44:25.568Z",{"wat":294,"direct":299},{"assetPaths":295,"generatorPatterns":296,"scriptPaths":297,"versionParams":298},[],[],[],[],{"cssClasses":300,"htmlComments":301,"htmlAttributes":302,"restEndpoints":307,"jsGlobals":308,"shortcodeOutput":309},[],[],[303,304,305,306],"name=\"dot_pages_enable\"","name=\"dot_pages_slug\"","name=\"dot_pages_mode\"","id=\"dot_pages_slug\"",[],[],[]]