[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-48T9t21Gi6wfNGGgAz5-QxNypNHVT-8LJGXDkmohO8":3,"$f-swrjEjuEa_ROWMZE2KbqNDZVWZQMSEvSSAsopzUvkU":297,"$fdMTnSmcRejRxz9a0bBS_EQfXe_8NXBAxv2bwewEtCOk":301},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":61,"crawl_stats":35,"alternatives":67,"analysis":177,"fingerprints":273},"dsgvo-leaflet-map","DSGVO snippet for Leaflet Map and its Extensions","3.4","hupe13","https:\u002F\u002Fprofiles.wordpress.org\u002Fhupe13\u002F","\u003Ch3>GDPR\u003C\u002Fh3>\n\u003Cp>According to the GDPR, the user must actively agree if content is to be loaded from third-party servers.\u003Cbr \u002F>\nThe WordPress plugins \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fleaflet-map\u002F\" rel=\"ugc\">Leaflet Map\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fextensions-leaflet-map\u002F\" rel=\"ugc\">Extensions for Leaflet Map\u003C\u002Fa> are loading content from the defined tile servers as well as unpkg.com.\u003Cbr \u002F>\nThis plugin requests the user’s permission to load the maps.\u003Cbr \u002F>\nYou can customize the text and use it on your own responsibility.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-translation-for-polylang\u002F\" rel=\"ugc\">Theme and plugin translation for Polylang (TTfP)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Documentation in \u003Ca href=\"https:\u002F\u002Fleafext.de\u002Fdoku\u002Fdsgvo\u002F\" rel=\"nofollow ugc\">German\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fleafext.de\u002Fen\u002Fdoku\u002Fdsgvo\u002F\" rel=\"nofollow ugc\">English\u003C\u002Fa> and an \u003Ca href=\"https:\u002F\u002Fleafext.de\u002Fextra\u002Fdsgvo-example\u002F\" rel=\"nofollow ugc\">example\u003C\u002Fa>.\u003C\u002Fp>\n","Respect the DSGVO \u002F GDPR when you use Leaflet Map and Extensions for Leaflet Map.",100,2613,1,"2026-03-23T21:31:00.000Z","7.0","6.2","8.2",[19,20,21],"dsgvo","gdpr","leaflet","https:\u002F\u002Fleafext.de\u002Fen\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.3.4.zip",99,0,"2026-03-23 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":44,"patch_diff_files":45,"patch_trac_url":35,"research_status":51,"research_verified":52,"research_rounds_completed":44,"research_plan":53,"research_summary":54,"research_vulnerable_code":55,"research_fix_diff":56,"research_exploit_outline":57,"research_model_used":58,"research_started_at":59,"research_completed_at":60,"research_error":35,"poc_status":35,"poc_video_id":35,"poc_summary":35,"poc_steps":35,"poc_tested_at":35,"poc_wp_version":35,"poc_php_version":35,"poc_playwright_script":35,"poc_exploit_code":35,"poc_has_trace":52,"poc_model_used":35,"poc_verification_depth":35},"CVE-2026-4389","dsgvo-snippet-for-leaflet-map-and-its-extensions-authenticated-contributor-stored-cross-site-scripting-via-unset-attribu","DSGVO snippet for Leaflet Map and its Extensions \u003C= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute","The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes (`unset`, `before`, `after`). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=3.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-26 04:28:48",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdfeaff92-165a-4006-8e52-a99ae6b68dd9?source=api-prod",3,[46,47,48,49,50],"README.md","admin.php","dsgvo-leaflet-map.php","php\u002Fleaflet-map.php","php\u002Ftime-delete.php","researched",false,"This research plan targets a Stored Cross-Site Scripting (XSS) vulnerability in the **DSGVO snippet for Leaflet Map and its Extensions** plugin (CVE-2026-4389). The vulnerability allows Contributor-level users to inject malicious scripts into pages via unescaped shortcode attributes.\n\n---\n\n### 1. Vulnerability Summary\nThe plugin provides shortcodes to display cookie-related information or forms. In `php\u002Ftime-delete.php`, the functions `leafext_get_cookie_time` and `leafext_form_delete_cookie` process attributes for the `[leafext-cookie-time]` and `[leafext-delete-cookie]` shortcodes. The attributes `unset`, `before`, and `after` are concatenated directly into the output `$content` without any sanitization (e.g., `wp_kses`) or output escaping (e.g., `esc_html`).\n\n### 2. Attack Vector Analysis\n*   **Shortcodes**: `[leafext-cookie-time]` and `[leafext-delete-cookie]`\n*   **Vulnerable Attributes**: `unset`, `before`, `after`\n*   **Authentication**: Contributor or higher (anyone who can create\u002Fedit posts).\n*   **Payload Mechanism**: The payload is stored in the post content as a shortcode attribute. It executes in the browser of any user (including Administrators) viewing the page.\n*   **Preconditions**: \n    *   To trigger the `unset` attribute, the visitor must **not** have the `leafext` cookie set.\n    *   To trigger the `before` and `after` attributes, the visitor **must** have the `leafext` cookie set.\n\n### 3. Code Flow\n1.  **Entry Point**: `add_shortcode` registers `leafext-cookie-time` and `leafext-delete-cookie` in `php\u002Ftime-delete.php`.\n2.  **Processing**: When `do_shortcode()` encounters these tags, it calls `leafext_get_cookie_time($atts, $content)` or `leafext_form_delete_cookie($atts, $content)`.\n3.  **Attribute Extraction**: The functions check for the `unset`, `before`, and `after` keys in the `$atts` array.\n4.  **Vulnerable Sink**:\n    *   In `leafext_get_cookie_time`:\n        ```php\n        $before = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . $atts['before'] : ''; \u002F\u002F Sink 1\n        $after  = isset( $atts['after'] ) ? $atts['after'] . '\u003C\u002Fdiv>' : ''; \u002F\u002F Sink 2\n        \u002F\u002F ...\n        $content = $before . $content . $after;\n        \u002F\u002F ... or ...\n        $content = isset( $atts['unset'] ) ? $atts['unset'] : ''; \u002F\u002F Sink 3\n        return $content;\n        ```\n5.  **Execution**: The returned unescaped string is rendered in the final HTML response.\n\n### 4. Nonce Acquisition Strategy\nNo WordPress nonce is required to **exploit** the XSS rendering, as shortcode attributes are processed whenever a post is viewed. However, to test the `before`\u002F`after` attribute path (which requires the `leafext` cookie), we may need to set the cookie.\n\n**Setting the `leafext` Cookie**:\nThe plugin sets this cookie in `leafext_setcookie` (in `php\u002Fleaflet-map.php`) if a POST request is made with the `leafext_button` parameter and a valid nonce.\n1.  Create a page with `[leaflet-map]`.\n2.  The plugin's filter `leafext_query_cookie` will render a form containing a nonce field: \n    `wp_nonce_field( 'leafext_dsgvo', 'leafext_dsgvo_okay', true, false )`.\n3.  Use `browser_navigate` to view the page.\n4.  Use `browser_eval` to extract the nonce: \n    `document.querySelector('input[name=\"leafext_dsgvo_okay\"]').value`.\n5.  Perform an `http_request` (POST) to the same page with `leafext_button=1&leafext_dsgvo_okay=[NONCE]`.\n\n### 5. Exploitation Strategy\nWe will demonstrate the XSS via the `unset` attribute as it is the simplest vector.\n\n#### Step 1: Contributor Login\nUse the `http_request` tool to log in as a Contributor.\n\n#### Step 2: Create Malicious Post\nCreate a post containing the payload.\n*   **Action**: `POST \u002Fwp-admin\u002Fpost-new.php` or use `wp-cli`.\n*   **Payload**: `[leafext-cookie-time unset='\u003Cscript>alert(\"CVE-2026-4389-XSS\")\u003C\u002Fscript>']`\n\n#### Step 3: Trigger XSS\nNavigate to the newly created post as an unauthenticated user (to ensure no cookie exists).\n*   **Tool**: `http_request` (GET).\n*   **Verification**: Check if the response body contains the raw `\u003Cscript>` tag.\n\n### 6. Test Data Setup\n1.  **Contributor User**: `wp user create contributor contributor@example.com --role=contributor --user_pass=password`\n2.  **Plugin Dependency**: Ensure `leaflet-map` and `extensions-leaflet-map` are active (required by `leafext_plugin_active` checks).\n3.  **Target Post**:\n    ```bash\n    wp post create --post_type=post --post_status=publish --post_author=[ID] --post_title=\"GDPR Test\" --post_content='[leafext-cookie-time unset=\"\u003Cimg src=x onerror=alert(document.domain)>\"]'\n    ```\n\n### 7. Expected Results\n*   The `leafext_get_cookie_time` function returns the value of the `unset` attribute directly.\n*   The HTML response will contain: `\u003Cimg src=x onerror=alert(document.domain)>`.\n*   In a browser context, the JavaScript `alert` will trigger.\n\n### 8. Verification Steps\n1.  **HTTP Response Check**:\n    ```bash\n    # Capture response\n    curl -s http:\u002F\u002Flocalhost:8080\u002F?p=[POST_ID] | grep \"onerror=alert\"\n    ```\n2.  **Browser Verification**:\n    Use `browser_navigate` to the post URL and check for an alert dialog using `browser_eval`.\n\n### 9. Alternative Approaches\n*   **`before` attribute**: If the `unset` attribute is patched or fails, target `before` by setting the cookie first.\n    *   Payload: `[leafext-cookie-time before='\u003Csvg onload=alert(1)>']`\n*   **`leafext-delete-cookie` shortcode**:\n    *   Payload: `[leafext-delete-cookie unset='\u003Cscript>alert(\"delete-cookie-xss\")\u003C\u002Fscript>']`\n    *   This function (in `php\u002Ftime-delete.php`) follows the exact same logic as the first shortcode.","The plugin is vulnerable to Stored Cross-Site Scripting via several shortcode attributes ('unset', 'before', 'after') used in the '[leafext-cookie-time]' and '[leafext-delete-cookie]' shortcodes. Authenticated attackers with contributor-level permissions can inject arbitrary JavaScript that executes in the browser of any user viewing the affected post or page.","\u002F\u002F php\u002Ftime-delete.php\n\n\u002F\u002F line 35\n\t\t\t$before = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . $atts['before'] : '';\n\t\t\t$after  = isset( $atts['after'] ) ? $atts['after'] . '\u003C\u002Fdiv>' : '';\n\n\t\t\t$content = $before . $content . $after;\n\n\t\t} else {\n\t\t\t$content = isset( $atts['unset'] ) ? $atts['unset'] : '';\n\t\t}\n\n---\n\n\u002F\u002F php\u002Ftime-delete.php\n\n\u002F\u002F line 81\n\t\t\t$before   = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . $atts['before'] : '';\n\t\t\t$after    = isset( $atts['after'] ) ? $atts['after'] . '\u003C\u002Fdiv>' : '';\n\n\t\t\t$content = $before . $content . $after;\n\t\t} else {\n\t\t\t$content = isset( $atts['unset'] ) ? $atts['unset'] : '';\n\t\t}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fadmin.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fadmin.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fadmin.php\t2025-06-24 20:07:16.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fadmin.php\t2026-03-22 21:09:40.000000000 +0000\n@@ -24,7 +24,7 @@\n \tadd_action( 'admin_menu', 'leafext_dsgvo_add_page', 90 );\n \n \tfunction leafext_dsgvo_init() {\n-\t\tadd_settings_section( 'leafext_dsgvo', '', '', 'leafext_settings_dsgvo' );\n+\t\tadd_settings_section( 'leafext_dsgvo', '', '__return_empty_string', 'leafext_settings_dsgvo' );\n \t\t$fields = leafext_dsgvo_params();\n \t\tforeach ( $fields as $field ) {\n \t\t\tadd_settings_field(\n@@ -36,12 +36,19 @@\n \t\t\t\t$field['param'],\n \t\t\t);\n \t\t}\n-\t\t\u002F\u002F https:\u002F\u002Fstackoverflow.com\u002Fa\u002F77545721\n \t\t$leafext_dsgvo = get_option( 'leafext_dsgvo' );\n \t\tif ( $leafext_dsgvo === false ) {\n-\t\t\tadd_option( 'leafext_dsgvo', '' );\n+\t\t\tadd_option( 'leafext_dsgvo', array() );\n \t\t}\n-\t\tregister_setting( 'leafext_settings_dsgvo', 'leafext_dsgvo', 'leafext_validate_dsgvo' );\n+\t\tregister_setting(\n+\t\t\t'leafext_settings_dsgvo',\n+\t\t\t'leafext_dsgvo',\n+\t\t\tarray(\n+\t\t\t\t'type'              => 'array',\n+\t\t\t\t'sanitize_callback' => 'leafext_validate_dsgvo',\n+\t\t\t\t'default'           => array(),\n+\t\t\t)\n+\t\t);\n \t}\n \tadd_action( 'admin_init', 'leafext_dsgvo_init' );\n \n@@ -229,11 +236,6 @@\n \t\tforeach ( $tabs as $tab ) {\n \t\t\techo '\u003Ca href=\"' . esc_url( '?page=' . LEAFEXT_DSGVO_PLUGIN_NAME . '&tab=' . $tab['tab'] ) . '\" class=\"nav-tab';\n \t\t\t$active = ( $active_tab === $tab['tab'] ) ? ' nav-tab-active' : '';\n-\t\t\tif ( isset( $tab['strpos'] ) ) {\n-\t\t\t\tif ( strpos( $active_tab, $tab['strpos'] ) !== false ) {\n-\t\t\t\t\t$active = ' nav-tab-active';\n-\t\t\t\t}\n-\t\t\t}\n \t\t\techo esc_attr( $active );\n \t\t\techo '\">' . esc_html( $tab['title'] ) . '\u003C\u002Fa>' . \"\\n\";\n \t\t}\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fdsgvo-leaflet-map.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fdsgvo-leaflet-map.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fdsgvo-leaflet-map.php\t2026-03-05 16:13:20.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fdsgvo-leaflet-map.php\t2026-03-23 21:30:00.000000000 +0000\n@@ -3,8 +3,8 @@\n  * Plugin Name:       DSGVO snippet for Leaflet Map and its Extensions\n  * Description:       Respect the DSGVO \u002F GDPR when you use Leaflet Map and Extensions for Leaflet Map.\n  * Plugin URI:        https:\u002F\u002Fleafext.de\u002Fen\u002F\n- * Version:           3.3\n- * Requires PHP:      8.1\n+ * Version:           3.4\n+ * Requires PHP:      8.2\n  * Requires Plugins:  leaflet-map, extensions-leaflet-map\n  * Author:            hupe13\n  * Author URI:        https:\u002F\u002Fleafext.de\u002Fen\u002F\n@@ -27,13 +27,14 @@\n \u002F\u002F string $plugin_file, bool $markup = true, bool $translate = true\n $leafext_plugin_data = get_plugin_data( __FILE__, true, false );\n define( 'LEAFEXT_DSGVO_PLUGIN_VERSION', $leafext_plugin_data['Version'] );\n-\n if ( ! function_exists( 'leafext_plugin_active' ) ) {\n \tfunction leafext_plugin_active( $slug ) {\n-\t\t$plugins   = get_option( 'active_plugins' );\n-\t\t$is_active = preg_grep( '\u002F^.*\\\u002F' . $slug . '\\.php$\u002F', $plugins );\n-\t\tif ( count( $is_active ) === 1 ) {\n-\t\t\treturn true;\n+\t\t$plugins = get_option( 'active_plugins' );\n+\t\tif ( is_array( $plugins ) ) {\n+\t\t\t$is_active = preg_grep( '\u002F^.*\\\u002F' . $slug . '\\.php$\u002F', $plugins );\n+\t\t\tif ( count( $is_active ) === 1 ) {\n+\t\t\t\treturn true;\n+\t\t\t}\n \t\t}\n \t\t$plugins = get_site_option( 'active_sitewide_plugins' );\n \t\tif ( is_array( $plugins ) ) {\n@@ -86,7 +87,7 @@\n \t\t\t\t)\n \t\t\t);\n \t\t\t\u002F\u002F phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- it is an WP Error\n-\t\t\twp_die( $error, '', wp_kses_post( $error->get_error_data() ) );\n+\t\t\twp_die( $error, '', $error->get_error_data() );\n \t\t}\n \t}\n \tregister_activation_hook( __FILE__, 'leafext_extensions_require' );\n@@ -103,4 +104,4 @@\n \t\treturn $actions;\n \t}\n }\n-add_filter( 'plugin_action_links', 'leafext_disable_dsgvo_activation', 10, 4 );\n+add_filter( 'plugin_action_links', 'leafext_disable_dsgvo_activation', 10, 2 );\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fphp\u002Fleaflet-map.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fphp\u002Fleaflet-map.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fphp\u002Fleaflet-map.php\t2026-03-04 20:19:08.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fphp\u002Fleaflet-map.php\t2026-03-22 21:09:40.000000000 +0000\n@@ -69,7 +69,7 @@\n \t\t\t'httponly' => true,\n \t\t\t'samesite' => 'Strict', \u002F\u002F None || Lax  || Strict\n \t\t);\n-\t\tsetcookie( 'leafext', time(), $arr_cookie_options );\n+\t\tsetcookie( 'leafext', (string) time(), $arr_cookie_options );\n \t\t$_COOKIE['leafext'] = time();\n \t}\n }\n@@ -131,7 +131,7 @@\n \n \t\tif ( ! isset( $leafext_okay ) ) {\n \t\t\t$leafext_okay = true;\n-\t\t\t$form = true;\n+\t\t\t$form         = true;\n \t\t} else {\n \t\t\t$count = filter_var( $settings['count'], FILTER_VALIDATE_BOOLEAN );\n \t\t\tif ( $count ) {\n@@ -131,7 +131,7 @@\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fphp\u002Ftime-delete.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fphp\u002Ftime-delete.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.3\u002Fphp\u002Ftime-delete.php\t2026-03-04 20:19:08.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdsgvo-leaflet-map\u002F3.4\u002Fphp\u002Ftime-delete.php\t2026-03-23 21:11:56.000000000 +0000\n@@ -21,18 +21,18 @@\n \n \t\t\t$gmt = isset( $atts['gmt'] ) ? $atts['gmt'] : 0;\n \t\t\tif ( $gmt ) {\n-\t\t\t\t$content = gmdate( $format, $cookie_time );\n+\t\t\t\t$content = gmdate( $format, (int) $cookie_time );\n \t\t\t} else {\n-\t\t\t\t$content = wp_date( $format, $cookie_time );\n+\t\t\t\t$content = wp_date( $format, (int) $cookie_time );\n \t\t\t}\n \n-\t\t\t$before = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . $atts['before'] : '';\n-\t\t\t$after  = isset( $atts['after'] ) ? $atts['after'] . '\u003C\u002Fdiv>' : '';\n+\t\t\t$before = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . wp_kses_post( $atts['before'] ) : '';\n+\t\t\t$after = isset( $atts['after'] ) ? wp_kses_post( $atts['after'] ) . '\u003C\u002Fdiv>' : '';\n \n \t\t\t$content = $before . $content . $after;\n \n \t\t} else {\n-\t\t\t$content = isset( $atts['unset'] ) ? $atts['unset'] : '';\n+\t\t\t$content = isset( $atts['unset'] ) ? wp_kses_post( $atts['unset'] ) : '';\n \t\t}\n \t}\n \treturn $content;\n@@ -64,19 +64,19 @@\n \t\t\t$content .= wp_nonce_field( 'leafext_dsgvo', 'leafext_dsgvo_cookie', true, false );\n \t\t\tif ( isset( $atts['link'] ) ) {\n \t\t\t\t$content .= '\u003Cinput type=\"hidden\" value=\"' . esc_attr( $submit ) . '\" name=\"leafext_cookie_button\" \u002F>';\n-\t\t\t\t$content .= '&nbsp;\u003Ca href=\"javascript:;\" onclick=\"parentNode.submit();\">' . $submit . '\u003C\u002Fa>&nbsp;';\n+\t\t\t\t$content .= '&nbsp;\u003Ca href=\"javascript:;\" onclick=\"parentNode.submit();\">' . esc_html( $submit ) . '\u003C\u002Fa>&nbsp;';\n \t\t\t} else {\n \t\t\t\t$content .= '\u003Cdiv class=\"submit leafext-dsgvo-submit leafext-dsgvo-delete-submit\">';\n \t\t\t\t$content .= '\u003Cinput type=\"submit\" aria-label=\"Submit ' . esc_attr( $submit ) . '\" value=\"' . esc_attr( $submit ) . '\" name=\"leafext_cookie_button\" \u002F>';\n \t\t\t\t$content .= '\u003C\u002Fdiv>';\n \t\t\t}\n \t\t\t$content .= '\u003C\u002Fform>';\n-\t\t\t$before   = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . $atts['before'] : '';\n-\t\t\t$after    = isset( $atts['after'] ) ? $atts['after'] . '\u003C\u002Fdiv>' : '';\n+\t\t\t$before = isset( $atts['before'] ) ? '\u003Cdiv class=\"cookietext\">' . wp_kses_post( $atts['before'] ) : '';\n+\t\t\t$after = isset( $atts['after'] ) ? wp_kses_post( $atts['after'] ) . '\u003C\u002Fdiv>' : '';\n \n \t\t\t$content = $before . $content . $after;\n \t\t} else {\n-\t\t\t$content = isset( $atts['unset'] ) ? $atts['unset'] : '';\n+\t\t\t$content = isset( $atts['unset'] ) ? wp_kses_post( $atts['unset'] ) : '';\n \t\t}\n \t}\n \treturn $content;\n@@ -100,7 +100,7 @@\n \t\t\t\t\t\t'httponly' => true,\n \t\t\t\t\t\t'samesite' => 'Strict', \u002F\u002F None || Lax  || Strict\n \t\t\t\t\t);\n-\t\t\t\t\tsetcookie( 'leafext', time(), $arr_cookie_options );\n+\t\t\t\t\tsetcookie( 'leafext', (string) time(), $arr_cookie_options );\n \t\t\t\t\tif ( isset( $_POST['origin'] ) ) {\n \t\t\t\t\t\theader( 'Location: ' . esc_url_raw( wp_unslash( $_POST['origin'] ) ) );\n \t\t\t\t\t\texit;","1. Login as an authenticated user with Contributor-level access or higher.\n2. Create or edit a post and insert a shortcode using a malicious payload in the 'unset', 'before', or 'after' attributes. For example: `[leafext-cookie-time unset=\"\u003Cscript>alert('XSS')\u003C\u002Fscript>\"]`.\n3. Publish or update the post.\n4. Access the post as a visitor. \n   - To trigger the 'unset' attribute payload, the visitor must not have the 'leafext' cookie set.\n   - To trigger the 'before' or 'after' attributes, the visitor must have previously accepted the GDPR notice to set the 'leafext' cookie.\n5. The payload will execute in the user's browser as the attribute value is rendered directly into the page content without escaping.","gemini-3-flash-preview","2026-04-17 23:39:37","2026-04-17 23:40:01",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":62,"total_installs":63,"avg_security_score":24,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},4,2110,59,87,"2026-05-20T06:04:00.954Z",[68,93,115,136,158],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":88,"download_link":89,"security_score":90,"vuln_count":91,"unpatched_count":25,"last_vuln_date":92,"fetched_at":27},"gdpr-cookie-compliance","GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law","5.0.11","Moove Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fmooveagency\u002F","\u003Cp>\u003Cstrong>Prepare your website for cookie consent requirements related to GDPR, CCPA, DSGVO, EU cookie law and notice requirements with this incredibly powerful, easy-to-use, well supported and 100% free WordPress plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Local Data Storage\u003C\u002Fstrong> – all user data is stored locally on your website only – we do not collect or store any of your user data on our servers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple\u003C\u002Fstrong> to use — install & setup in seconds\u003C\u002Fli>\n\u003Cli>Give your users \u003Cstrong>full control\u003C\u002Fstrong> over cookies stored on their computer, including the ability for users to \u003Cstrong>revoke their consent\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Direct integration of \u003Cstrong>GTM, Google Analytics, Meta Pixel, GTM4WP\u003C\u002Fstrong> and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Consent Mode v2\u003C\u002Fstrong> fully supported\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully customisable\u003C\u002Fstrong> – upload your own logo, colours, fonts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully editable\u003C\u002Fstrong> – change all text\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible\u003C\u002Fstrong> – decide which scripts will be loaded by default or only when the user gives consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>‘Accept’\u003C\u002Fstrong>, \u003Cstrong>‘Reject’\u003C\u002Fstrong>, ‘Close’ and ‘Settings’ buttons & you can also change their order\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consent expiration\u003C\u002Fstrong> settings\u003C\u002Fli>\n\u003Cli>Link to \u003Cstrong>Privacy Policy\u003C\u002Fstrong> page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile responsive\u003C\u002Fstrong> design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO friendly\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Optimized for \u003Cstrong>WCAG & ADA\u003C\u002Fstrong> accessibility guidelines\u003C\u002Fli>\n\u003Cli>WPML, QTranslate, WP Multilang, TranslatePress and Polylang compatible, .pot file for translations included\u003C\u002Fli>\n\u003Cli>Supports all major \u003Cstrong>caching\u003C\u002Fstrong> servers and plugins\u003C\u002Fli>\n\u003Cli>Available in \u003Cstrong>22 languages\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Optimised for PHP 7 and PHP 8\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium Features Available\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Log\u003C\u002Fstrong> – stores user consent information to prove that consent was given\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-location\u003C\u002Fstrong> – the Cookie Consent Banner can be shown to visitors from the European Union or selected countries only (ie. Canada, California etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Site Kit integration\u003C\u002Fstrong> – our plugin supports the Google Site Kit natively\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cookie wall \u002F Full-screen layout\u003C\u002Fstrong> – if enabled, the Cookie Consent Banner will be display in a full screen mode, and force users to either accept or reject cookies before they can see your content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export & import settings\u003C\u002Fstrong> – transfer your custom settings between sites with ease\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Multisite features\u003C\u002Fstrong> – you can manage the plugin settings globally, and clone them from one site to another within your multi-site setup. You can also sync users consent between individual subsites on your multisite network\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accept on Scroll \u002F Hide timer\u003C\u002Fstrong> – allow users to accept cookies by scrolling down the page OR by setting a timer (ie. Hide banner after 5 seconds)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Renew Consent\u003C\u002Fstrong> – ask users to renew their consent if there is a change in privacy or cookie policy on your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iFrame Blocker\u003C\u002Fstrong> – blocks users from viewing 3rd party resources (such as Youtube) until they accept cookies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Language Specific Scripts\u003C\u002Fstrong> – insert different Tag Manager Scripts for different languages, supports WPML and other language plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Shortcodes\u003C\u002Fstrong> that can be added to your ‘Privacy & Cookie Policy’ and allow your users to manage their consent with ease.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Cookie Banner\u003C\u002Fstrong> allows you to hide the Cookie Notice Banner on selected pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cookie Declaration\u003C\u002Fstrong> allows you to declare the exact type of cookies that your site uses, including the cookie name, provider, purpose and expiration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics\u003C\u002Fstrong> – stats and charts showing you how many users accepted your cookies (all anonymous)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fast Premium Support\u003C\u002Fstrong> from our friendly team\u003C\u002Fli>\n\u003Cli>\u003Cstrong>12 months\u003C\u002Fstrong> of premium updates included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fgdpr-cookie-compliance\u002F\" rel=\"nofollow ugc\">Download Premium Add-on here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Demo Video\u003C\u002Fh3>\n\u003Cp>You can view a demo of the plugin here:\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F255655268\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“The only free GDPR plugin that actually works.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-only-free-gdpr-plugin-that-actually-works\u002F\" rel=\"ugc\">Jamie\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“One of the best GDPR implementation for WordPress.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fone-of-the-best-gdpr-implementation-for-wordpress\u002F\" rel=\"ugc\">webinvaders\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“The best free solution for GDPR.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-best-free-solution-for-the-gdpr\u002F\" rel=\"ugc\">Distrix\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Great plugin, great support. I’ve tried many, this is probably the best for multisite installations.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-plugin-great-support-1157\u002F\" rel=\"ugc\">pattihis\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Live Examples\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You can choose to setup our cookie plugin in any way that you like. \u003C\u002Fli>\n\u003Cli>We have created the plugin with as much flexibility as possible as organisations interpret the Cookie Law and Cookie Consent Policy differently.\u003C\u002Fli>\n\u003Cli>A few examples of how you can setup our plugin in various ways are below:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>OPTION A\u003C\u002Fstrong>\u003Cbr \u002F>\nNo cookies are stored on users’ computers until the user accepts cookies.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fgdpr-cookie-compliance\u002F\" rel=\"nofollow ugc\">Example 1\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>OPTION B\u003C\u002Fstrong>\u003Cbr \u002F>\nThe ‘Full-Screen \u002F Cookie Wall’ option is used (a premium feature).\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.teneo.net\u002F\" rel=\"nofollow ugc\">Example 2\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>OTHER OPTIONS\u003C\u002Fstrong>\u003Cbr \u002F>\nThere are many other settings available that you can use to create your own unique Cookie Consent Banner and satisfy the Cookie Compliance Law – our plugin is very flexible.\u003C\u002Fp>\n\u003Ch3>Custom Layout\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You can also create your own custom front-end layout.\u003C\u002Fli>\n\u003Cli>Simply copy the “gdpr-modules” folder from the plugin directory to your theme directory. \u003C\u002Fli>\n\u003Cli>If you do this, your changes will be retained even if you update the plugin in future. \u003C\u002Fli>\n\u003Cli>Any customisation should be implemented by experienced developers only.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Flexible\u003C\u002Fh3>\n\u003Cp>Our cookie plugin is very flexible and especially useful in preparing your site for the following cookie law, data protection and privacy regulations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong>: The General Data Protection Regulation, ePrivacy Directive, ePrivacy Regulation (European Union)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CCPA\u003C\u002Fstrong>: The California Consumer Privacy Act (California, United States)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PECR\u003C\u002Fstrong>: The Privacy and Electronic Communications Regulations (UK)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AAP\u003C\u002Fstrong>: Australia’s Privacy Principles (Australia)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PIPEDA\u003C\u002Fstrong>: The Personal Information Protection and Electronic Documents Act (Canada) \u003C\u002Fli>\n\u003Cli>\u003Cstrong>LGPD\u003C\u002Fstrong>: The Brazilian General Data Protection Law (Brazil)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>VCDPA, CPRA, ICO, GPDP, DSGVO, BfDl, CNIL, AEPD, PDPB, DPA, PDPA, DPA, PDPA, TTDSG, POPIA , APA, ePrivacy, COPPA, CASL, Australian Privacy Principles, The Marco Civil Privacy Act 1988\u003C\u002Fstrong> and other cookie law, data protection and privacy regulations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002F\" rel=\"nofollow ugc\">Moove Agency\u003C\u002Fa> is a premium supplier of quality WordPress plugins, services and support. \u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Visit our WordPress site\u003C\u002Fa> to learn more.\u003C\u002Fp>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>THIS PLUGIN DOES NOT MAKE YOUR WEBSITE COMPLIANT. YOU ARE RESPONSIBLE FOR ENSURING THAT ALL COOKIE LAW REQUIREMENTS ARE MET ON YOUR WEBSITE.\u003C\u002Fli>\n\u003C\u002Ful>\n","Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo &hellip;",300000,12266494,92,204,"2026-02-02T13:03:00.000Z","6.9.4","4.5","6.4",[85,86,87,19,20],"ccpa","cookie-banner","cookie-consent","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgdpr-cookie-compliance\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgdpr-cookie-compliance.5.0.11.zip",97,9,"2025-02-23 00:00:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":76,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":81,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":111,"download_link":112,"security_score":113,"vuln_count":62,"unpatched_count":25,"last_vuln_date":114,"fetched_at":27},"host-webfonts-local","OMGF | GDPR\u002FDSGVO Compliant, Faster Google Fonts. Easy.","6.3.4","Daan van den Bergh","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaanvandenbergh\u002F","\u003Cp>\u003Cstrong>OMGF can be downloaded for free without any paid subscription from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhost-webfonts-local\u002F\" rel=\"ugc\">the official WordPress repository\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>How could using fonts via Google’s service possibly run afoul of GDPR? The fact of the matter is that, when a font is requested by the user’s browser, their IP is logged by Google and used for analytics.\u003Cbr \u002F>\n  — Lifehacker\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Leverage Browser Cache\u003C\u002Fstrong>, \u003Cstrong>reduce DNS lookups\u002Frequests\u003C\u002Fstrong>, \u003Cstrong>reduce Cumulative Layout Shift\u003C\u002Fstrong> and make your Google Fonts \u003Cstrong>100% GDPR-compliant\u003C\u002Fstrong> with OMGF!\u003C\u002Fp>\n\u003Cp>OMGF is written with performance and user-friendliness in mind. It uses the Google Fonts API to automatically cache the fonts your theme and plugins use to \u003Cstrong>minimize DNS requests\u003C\u002Fstrong> and speed up your WordPress website.\u003C\u002Fp>\n\u003Ch4>How Does It Work?\u003C\u002Fh4>\n\u003Cp>After installing and configuring the plugin, OMGF will automatically start looking for Google Fonts whenever a page is requested on your website.\u003C\u002Fp>\n\u003Cp>All Google Fonts are listed in the \u003Cstrong>Optimize Local Fonts\u003C\u002Fstrong> section of OMGF’s settings screen. There, you can choose to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>Preload\u003C\u002Fem> fonts to \u003Cstrong>reduce Cumulative Layout Shift\u003C\u002Fstrong> above the fold.\u003C\u002Fli>\n\u003Cli>\u003Cem>Unload\u003C\u002Fem> fonts that’re not used by you, your theme, and\u002For plugins.\u003C\u002Fli>\n\u003Cli>Set a \u003Cem>Fallback Font Stack\u003C\u002Fem> (OMGF Pro required), to further \u003Cstrong>reduce Cumulative Layout Shift\u003C\u002Fstrong>, or\u003C\u002Fli>\n\u003Cli>Enable \u003Cem>Magic Fallbacks\u003C\u002Fem> (OMGF Pro required), to automatically generate mathematically tuned system font fallbacks that match your Google Fonts’ exact proportions, eliminating \u003Cstrong>layout shift\u003C\u002Fstrong> while fonts load.\u003C\u002Fli>\n\u003Cli>\u003Cem>Replace\u003C\u002Fem> (OMGF Pro required) font-families with system fonts to \u003Cstrong>speed up loading times\u003C\u002Fstrong>!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Other Features include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The \u003Cstrong>integrated Google Fonts checker\u003C\u002Fstrong> notifies you if a plugin or your theme has added Google Fonts (e.g., after an update) it can’t process.\u003C\u002Fli>\n\u003Cli>The \u003Cstrong>Performance Checker\u003C\u002Fstrong> automatically monitors your Google Fonts’ performance and notifies you about potential improvements in 4 areas:\n\u003Cul>\n\u003Cli>\u003Cstrong>Unused subsets\u003C\u002Fstrong> — subsets that are downloaded but never used, increasing \u003Cstrong>Total Blocking Time\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unused font styles\u002Fweights\u003C\u002Fstrong> — font variants that are loaded but not used, causing \u003Cstrong>unused CSS\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Missing preloads\u003C\u002Fstrong> — fonts used above the fold that aren’t preloaded, increasing \u003Cstrong>Largest Contentful Paint\u003C\u002Fstrong> and \u003Cstrong>First Contentful Paint\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cumulative Layout Shift\u003C\u002Fstrong> — layout shift caused by fonts loading after the page is rendered.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Variable Fonts\u003C\u002Fstrong> support,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Resource Hints\u003C\u002Fstrong> (preload, preconnect, dns-prefetch) pointing to \u003Ccode>fonts.googleapis.com\u003C\u002Fcode> or\u003Cbr \u002F>\n  fonts.gstatic.com,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Ensure text remains visible during webfont load\u003C\u002Fstrong> by forcing the \u003Cem>font-display\u003C\u002Fem> attribute to your Google Fonts,\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ensure text remains visible during webfont load\u003C\u002Fstrong> by forcing the \u003Cem>font-display\u003C\u002Fem> attribute to all your other fonts! (OMGF Pro required),\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Features in OMGF Pro\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Optimize\u003C\u002Fstrong> automatically detects which fonts, subsets, and weights are actually used on each page — preloading the ones that matter and removing the ones that don’t, to \u003Cstrong>eliminate render-blocking resources\u003C\u002Fstrong> and \u003Cstrong>reduce unused CSS\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Magic Fallbacks\u003C\u002Fstrong> generates mathematically tuned system font fallbacks that match your Google Fonts’ exact proportions, eliminating \u003Cstrong>layout shift\u003C\u002Fstrong> while fonts load.\u003C\u002Fli>\n\u003Cli>Automatically configures itself to make sure all externally hosted Google Fonts on your site are hosted locally. OMGF Pro supports:\n\u003Cul>\n\u003Cli>\u003Ccode>@font-face\u003C\u002Fcode> and \u003Ccode>@import\u003C\u002Fcode> statements inside \u003Cstrong>inline \u003Ccode>\u003Cstyle>\u003C\u002Fcode> blocks\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>\u003Ccode>@font-face\u003C\u002Fcode> and \u003Ccode>@import\u003C\u002Fcode> statements inside \u003Cstrong>local stylesheets\u003C\u002Fstrong> loaded by e.g. your theme and\u002For plugins,\u003C\u002Fli>\n\u003Cli>\u003Ccode>@font-face\u003C\u002Fcode> and \u003Ccode>@import\u003C\u002Fcode> statements inside \u003Cstrong>externally hosted stylesheets\u003C\u002Fstrong> loaded by your theme and\u002For\u003Cbr \u002F>\nplugins,\u003C\u002Fli>\n\u003Cli>Web Font Loader (\u003Ccode>webfont.js\u003C\u002Fcode>),\u003C\u002Fli>\n\u003Cli>Async Google Fonts (loaded using JS)\u003C\u002Fli>\n\u003Cli>Material Icons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite\u003C\u002Fstrong> and \u003Cstrong>WPML\u003C\u002Fstrong> support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelabel stylesheets\u003C\u002Fstrong>, which removes branding and comments from the stylesheets to further reduce the size.\u003C\u002Fli>\n\u003Cli>Modify your fonts’ \u003Ccode>src: url()\u003C\u002Fcode> attribute to fully integrate with your configuration,\n\u003Cul>\n\u003Cli>Use this to serve fonts and the stylesheets from your CDN, or\u003C\u002Fli>\n\u003Cli>To serve fonts from an alternative path (e.g. when you’re using Security through Obscurity plugins like WP Hide,\u003Cbr \u002F>\netc.), or\u003C\u002Fli>\n\u003Cli>Anything you like!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Mode\u003C\u002Fstrong>, which allows you to easily migrate between Development, Staging\u002FTesting, Acceptance and Production\u003Cbr \u002F>\nenvironments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>\u003Ca href=\"https:\u002F\u002Fdaan.dev\u002Fwordpress\u002Fomgf-pro\u002F\" rel=\"nofollow ugc\">Purchase OMGF Pro\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdaan.dev\u002Fdocs\u002Fomgf-pro\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdaan.dev\u002Fdocs\u002Fomgf-pro\u002Ftested-themes-plugins\u002F\" rel=\"nofollow ugc\">Tested Plugins & Themes\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n","OMGF automagically caches the Google Fonts used by your theme\u002Fplugins locally. No configuration (or brains) required!",9824737,94,211,"2026-04-13T17:08:00.000Z","5.9","7.3",[108,19,109,20,110],"cache","fonts","google","https:\u002F\u002Fdaan.dev\u002Fwordpress\u002Fomgf\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-webfonts-local.6.3.4.zip",96,"2024-01-02 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":81,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":134,"download_link":135,"security_score":11,"vuln_count":25,"unpatched_count":25,"last_vuln_date":35,"fetched_at":27},"disable-remove-google-fonts","Disable and Remove Google Fonts | GDPR & DSGVO friendly","1.8.2","fontsplugin","https:\u002F\u002Fprofiles.wordpress.org\u002Ffontsplugin\u002F","\u003Cp>Improve frontend performance by disabling \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Folympus-google-fonts\u002F\" rel=\"ugc\">Google Fonts\u003C\u002Fa> loaded by themes and plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking to Host Google Fonts locally? Check out \u003Ca href=\"https:\u002F\u002Ffontsplugin.com\u002Fdrgf-upgrade\u002F\" rel=\"nofollow ugc\">Fonts Plugin Pro\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>While this plugin removes Google Fonts from as many themes and plugins as possible, some require additional steps, we have detailed those here: \u003Ca href=\"https:\u002F\u002Ffontsplugin.com\u002Fremove-disable-google-fonts\u002F\" rel=\"nofollow ugc\">Remove Google Fonts from WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>After installing this plugin, clear your website cache and test your site using the free \u003Ca href=\"https:\u002F\u002Ffontsplugin.com\u002Fgoogle-fonts-checker\" rel=\"nofollow ugc\">Google Fonts Checker\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>New “Check Google Fonts” Feature\u003C\u002Fh4>\n\u003Cp>This plugin now includes a new “Check Google Fonts” feature. This feature allows you to check if Google Fonts are being loaded on your website. It does this by capturing the full HTML of the current page and checking for Google Fonts references.\u003C\u002Fp>\n\u003Cp>To use this feature, simply click the “Check Google Fonts” button in the admin bar. This will open a new window\u002Ftab with the results.\u003C\u002Fp>\n\u003Cp>The results will show you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The number of Google Fonts that are being loaded\u003C\u002Fli>\n\u003Cli>The URLs of the Google Fonts that are being loaded\u003C\u002Fli>\n\u003Cli>The source of the Google Fonts that are being loaded\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin will work with all WordPress themes and has been specifically tested with the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Twenty Twelve\u003C\u002Fli>\n\u003Cli>Twenty Thirteen\u003C\u002Fli>\n\u003Cli>Twenty Fourteen\u003C\u002Fli>\n\u003Cli>Twenty Fifteen\u003C\u002Fli>\n\u003Cli>Twenty Sixteen\u003C\u002Fli>\n\u003Cli>Twenty Seventeen\u003C\u002Fli>\n\u003Cli>Twenty Nineteen\u003C\u002Fli>\n\u003Cli>Twenty Twenty\u003C\u002Fli>\n\u003Cli>Twenty Twenty-One\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Two\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Three\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Four\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Five\u003C\u002Fli>\n\u003Cli>Acabado\u003C\u002Fli>\n\u003Cli>Avada\u003C\u002Fli>\n\u003Cli>Blocksy\u003C\u002Fli>\n\u003Cli>ColorMag\u003C\u002Fli>\n\u003Cli>Divi Extra\u003C\u002Fli>\n\u003Cli>Enfold\u003C\u002Fli>\n\u003Cli>GeneratePress\u003C\u002Fli>\n\u003Cli>Hestia\u003C\u002Fli>\n\u003Cli>Hueman\u003C\u002Fli>\n\u003Cli>JupiterX\u003C\u002Fli>\n\u003Cli>Kadence\u003C\u002Fli>\n\u003Cli>Neve\u003C\u002Fli>\n\u003Cli>OnePress\u003C\u002Fli>\n\u003Cli>Shapely\u003C\u002Fli>\n\u003Cli>Stackable\u003C\u002Fli>\n\u003Cli>Storefront\u003C\u002Fli>\n\u003Cli>Sydney\u003C\u002Fli>\n\u003Cli>Vantage\u003C\u002Fli>\n\u003Cli>Zerif Lite\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It will also remove Google Fonts loaded by the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>Redux\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>Elementor\u003C\u002Fli>\n\u003Cli>GroovyMenu\u003C\u002Fli>\n\u003Cli>Kadence Blocks\u003C\u002Fli>\n\u003Cli>Beaver Builder\u003C\u002Fli>\n\u003Cli>Revolution Slider\u003C\u002Fli>\n\u003Cli>Ajax Search Lite & Pro\u003C\u002Fli>\n\u003Cli>WPBakery (Visual Composer)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>As well as improving page load speed, removing Google Font references can also aid with GDPR and DSGVO compliance.\u003C\u002Fp>\n\u003Ch4>Bugs\u003C\u002Fh4>\n\u003Cp>If you find an issue with this plugin, please let us know \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-remove-google-fonts#new-post\" rel=\"ugc\">here\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>Anyone is welcome to contribute to this plugin.\u003C\u002Fp>\n\u003Cp>There are various ways you can contribute:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Raise an \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-remove-google-fonts#new-post\" rel=\"ugc\">Issue\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Translate the Disable and Remove Google Fonts plugin into \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fdisable-remove-google-fonts\u002F\" rel=\"nofollow ugc\">different languages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Provide feedback and suggestions on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-remove-google-fonts#new-post\" rel=\"ugc\">enhancements\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Improve frontend performance by disabling Google Fonts. GDPR and DSGVO friendly.",100000,2851341,90,46,"2026-01-19T16:05:00.000Z","4.8","",[131,19,20,132,133],"disable-google-fonts","google-fonts","optimize","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-remove-google-fonts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-remove-google-fonts.1.8.2.zip",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":146,"num_ratings":147,"last_updated":148,"tested_up_to":81,"requires_at_least":149,"requires_php":150,"tags":151,"homepage":154,"download_link":155,"security_score":102,"vuln_count":156,"unpatched_count":25,"last_vuln_date":157,"fetched_at":27},"shariff","Shariff Wrapper","4.6.18","3UU","https:\u002F\u002Fprofiles.wordpress.org\u002F3uu\u002F","\u003Cp>The “original” share buttons automatically transmit data of your visitors to the social network sites as soon as they visit your website. They do not need to click on a share button for this and therefore have no choice, if they want their data to be send. The German computer magazine c’t has developed “Shariff” \u003Ccode>(ʃɛɹɪf)\u003C\u002Fcode> that follows the General Data Protection Regulation (GDPR – Regulation (EU) 2016\u002F679). This plugin adapts the Shariff concept and provides an easy to use solution for WordPress. We currently support\u003Cbr \u002F>\n31 services in 25 languages:\u003Cbr \u002F>\nBitcoin, Bluesky, Buffer, Diaspora, Facebook, Flipboard, Info, Linkedin,\u003Cbr \u002F>\nmailto, Mastodon, Mewe, Mix, Odnoklassniki, Patreon, Paypal, Paypal.me,\u003Cbr \u002F>\nPinterest, Pocket, Printer, Reddit, RSS, SMS, Telegram, Threema, Tumblr,\u003Cbr \u002F>\nTwitter, VK, Wallabag, Weibo, Whatsapp, Xing\u003C\u002Fp>\n\u003Cp>For more information about the Shariff project check out the original \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fheiseonline\u002Fshariff\" rel=\"nofollow ugc\">GitHub project\u003C\u002Fa> and read about the project itself \u003Ca href=\"http:\u002F\u002Fct.de\u002Fshariff\" rel=\"nofollow ugc\">c’t information page\u003C\u002Fa> (in German).\u003C\u002Fp>\n\u003Cp>You can automatically add share buttons to posts, pages, the main blog page, product sites and many more as well as use it as a widget or add the shortcode \u003Ccode>[shariff]\u003C\u002Fcode> manually to your pages or themes.\u003C\u002Fp>\n","Shariff provides share buttons that respect the privacy of your visitors and follow the General Data Protection Regulation (GDPR).",40000,1101287,98,101,"2026-04-15T23:26:00.000Z","4.9","7.4",[19,20,152,137,153],"share-buttons","sharing","https:\u002F\u002Fwordpress.org\u002Fplugins-wp\u002Fshariff\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshariff.4.6.18.zip",6,"2024-06-19 00:00:00",{"slug":159,"name":160,"version":161,"author":162,"author_profile":163,"description":164,"short_description":165,"active_installs":166,"downloaded":167,"rating":113,"num_ratings":168,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":172,"tags":173,"homepage":129,"download_link":175,"security_score":176,"vuln_count":25,"unpatched_count":25,"last_vuln_date":35,"fetched_at":27},"selfhost-google-fonts","Self-Hosted Google Fonts","1.0.1","asadkn","https:\u002F\u002Fprofiles.wordpress.org\u002Fasadkn\u002F","\u003Cp>An easy way to self-host all your Google Fonts for increased Privacy or to meet a law requirement.\u003Cbr \u002F>\nTheme and plugin authors are often unwilling to offer a self-hosted method and it’s quite laborious to download and upload each of the required font.\u003C\u002Fp>\n\u003Cp>This plugin makes it all easy. It will scan all CSS on your site and automagically download and host on your server the necessary Google Web Fonts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Converts all Google Font enqueues to locally hosted CSS files.\u003C\u002Fli>\n\u003Cli>Scans and converts any inline style tags using @imports for fonts.\u003C\u002Fli>\n\u003Cli>Processes all the local CSS files that weren’t properly enqueued (bad authors?).\u003C\u002Fli>\n\u003Cli>While doing so, downloads all the required Google Fonts to your server.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic self-hosted fonts with no effort.\u003C\u002Fli>\n\u003Cli>Compatible with all themes and plugins.\u003C\u002Fli>\n\u003Cli>Supports IE9+ and all modern browsers.\u003C\u002Fli>\n\u003Cli>Optimized code benchmarked for performance.\u003C\u002Fli>\n\u003Cli>Built-in cache for processing.\u003C\u002Fli>\n\u003Cli>Compatible with cache plugins and Autoptimize.\u003C\u002Fli>\n\u003Cli>API and hooks for theme & plugin authors.\u003C\u002Fli>\n\u003Cli>Uses unicode-range for optimized fonts when using multiple subsets. Google officially does this too, but other solutions for downloading fonts don’t support this.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Dev Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Cache\u003C\u002Fem>: The most common reason for a failure. If you have a cache plugin, clear the caches.\u003C\u002Fp>\n\u003Cp>It will not work with JS solutions like WebFont Loader. If you’re a developer, you can still use this plugin’s API to get the needed CSS and files to convert your WebFont Loader. I will post instructions on support forums if there’s interest.\u003C\u002Fp>\n","Automatically self-host all the Google Fonts on your site. Plug and play.",30000,153397,40,"2018-06-15T05:34:00.000Z","4.9.29","4.0","5.4",[19,20,132,174],"typography","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fselfhost-google-fonts.zip",85,{"attackSurface":178,"codeSignals":231,"taintFlows":242,"riskAssessment":269,"analyzedAt":272},{"hooks":179,"ajaxHandlers":215,"restRoutes":216,"shortcodes":217,"cronEvents":230,"entryPointCount":44,"unprotectedCount":25},[180,185,188,194,199,203,207,211],{"type":181,"name":182,"callback":183,"priority":125,"file":47,"line":184},"action","admin_menu","leafext_dsgvo_add_page",24,{"type":181,"name":186,"callback":187,"file":47,"line":126},"admin_init","leafext_dsgvo_init",{"type":189,"name":190,"callback":191,"priority":192,"file":48,"line":193},"filter","plugin_action_links","leafext_disable_dsgvo_activation",10,106,{"type":181,"name":195,"callback":196,"file":197,"line":198},"init","leafext_setcookie","php\\leaflet-map.php",76,{"type":189,"name":200,"callback":201,"priority":192,"file":197,"line":202},"pre_do_shortcode_tag","closure",78,{"type":189,"name":204,"callback":205,"priority":192,"file":197,"line":206},"do_shortcode_tag","leafext_query_cookie",196,{"type":181,"name":208,"callback":209,"priority":192,"file":197,"line":210},"wp_footer","leafext_dequeue_missing",242,{"type":181,"name":195,"callback":212,"file":213,"line":214},"leafext_delete_cookie","php\\time-delete.php",113,[],[],[218,223,226],{"tag":219,"callback":220,"file":221,"line":222},"leafext-cookie","leafext_restricted","php\\shortcode.php",36,{"tag":224,"callback":225,"file":213,"line":168},"leafext-cookie-time","leafext_get_cookie_time",{"tag":227,"callback":228,"file":213,"line":229},"leafext-delete-cookie","leafext_form_delete_cookie",84,[],{"dangerousFunctions":232,"sqlUsage":233,"outputEscaping":235,"fileOperations":25,"externalRequests":25,"nonceChecks":44,"capabilityChecks":13,"bundledLibraries":241},[],{"prepared":25,"raw":25,"locations":234},[],{"escaped":236,"rawEcho":13,"locations":237},68,[238],{"file":47,"line":239,"context":240},212,"raw output",[],[243,261],{"entryPoint":244,"graph":245,"unsanitizedCount":25,"severity":260},"leafext_delete_cookie (php\\time-delete.php:86)",{"nodes":246,"edges":257},[247,252],{"id":248,"type":249,"label":250,"file":213,"line":251},"n0","source","$_POST['origin']",105,{"id":253,"type":254,"label":255,"file":213,"line":251,"wp_function":256},"n1","sink","header() [Header Injection]","header",[258],{"from":248,"to":253,"sanitized":259},true,"low",{"entryPoint":262,"graph":263,"unsanitizedCount":25,"severity":260},"\u003Ctime-delete> (php\\time-delete.php:0)",{"nodes":264,"edges":267},[265,266],{"id":248,"type":249,"label":250,"file":213,"line":251},{"id":253,"type":254,"label":255,"file":213,"line":251,"wp_function":256},[268],{"from":248,"to":253,"sanitized":259},{"summary":270,"deductions":271},"The \"dsgvo-leaflet-map\" plugin v3.3 demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, file operations, and external HTTP requests are all positive indicators. The code also shows excellent practices with 100% of SQL queries using prepared statements and 99% of outputs being properly escaped. The presence of nonce checks and capability checks on its entry points further strengthens its defense against common web attacks.\n\nFurthermore, the plugin's vulnerability history is entirely clean, with no recorded CVEs of any severity. This suggests a commitment to security by the developers or a lack of discovered vulnerabilities, which is a good sign for a mature plugin. The taint analysis also found no critical or high severity issues with unsanitized paths.\n\nOverall, the plugin appears to be developed with security in mind, following best practices for input validation and output escaping. Its minimal attack surface (3 shortcodes) and lack of known vulnerabilities make it a low-risk plugin. However, it's always advisable to maintain vigilance and ensure the plugin remains updated as new security threats emerge.",[],"2026-03-16T21:20:25.930Z",{"wat":274,"direct":285},{"assetPaths":275,"generatorPatterns":278,"scriptPaths":279,"versionParams":281},[276,277],"\u002Fwp-content\u002Fplugins\u002Fdsgvo-leaflet-map\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fdsgvo-leaflet-map\u002Fcss\u002Fleaflet-map-dsgvo.css",[],[280],"\u002Fwp-content\u002Fplugins\u002Fdsgvo-leaflet-map\u002Fjs\u002Fleaflet-map-dsgvo.js",[282,283,284],"dsgvo-leaflet-map\u002Fcss\u002Fadmin.css?ver=","dsgvo-leaflet-map\u002Fcss\u002Fleaflet-map-dsgvo.css?ver=","dsgvo-leaflet-map\u002Fjs\u002Fleaflet-map-dsgvo.js?ver=",{"cssClasses":286,"htmlComments":287,"htmlAttributes":288,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":296},[],[],[289,290,291,292,293],"name=\"leafext_dsgvo[text]\"","name=\"leafext_dsgvo[mapurl]\"","name=\"leafext_dsgvo[cookie]\"","name=\"leafext_dsgvo[count]\"","name=\"leafext_dsgvo[okay]\"",[],[],[],{"error":259,"url":298,"statusCode":299,"statusMessage":300,"message":300},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdsgvo-leaflet-map\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":302,"versions":303},13,[304,309,317,325,333,341,349,357,365,373,381,389,397],{"version":6,"download_url":23,"svn_tag_url":305,"released_at":35,"has_diff":52,"diff_files_changed":306,"diff_lines":35,"trac_diff_url":307,"vulnerabilities":308,"is_current":259},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.3&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.4",[],{"version":310,"download_url":311,"svn_tag_url":312,"released_at":35,"has_diff":52,"diff_files_changed":313,"diff_lines":35,"trac_diff_url":314,"vulnerabilities":315,"is_current":52},"3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.2&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.3",[316],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":318,"download_url":319,"svn_tag_url":320,"released_at":35,"has_diff":52,"diff_files_changed":321,"diff_lines":35,"trac_diff_url":322,"vulnerabilities":323,"is_current":52},"3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.1&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.2",[324],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":326,"download_url":327,"svn_tag_url":328,"released_at":35,"has_diff":52,"diff_files_changed":329,"diff_lines":35,"trac_diff_url":330,"vulnerabilities":331,"is_current":52},"3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.0&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.1",[332],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":334,"download_url":335,"svn_tag_url":336,"released_at":35,"has_diff":52,"diff_files_changed":337,"diff_lines":35,"trac_diff_url":338,"vulnerabilities":339,"is_current":52},"3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.4&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F3.0",[340],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":342,"download_url":343,"svn_tag_url":344,"released_at":35,"has_diff":52,"diff_files_changed":345,"diff_lines":35,"trac_diff_url":346,"vulnerabilities":347,"is_current":52},"2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.3.1&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.4",[348],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":350,"download_url":351,"svn_tag_url":352,"released_at":35,"has_diff":52,"diff_files_changed":353,"diff_lines":35,"trac_diff_url":354,"vulnerabilities":355,"is_current":52},"2.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.2.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F2.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.3&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.3.1",[356],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":358,"download_url":359,"svn_tag_url":360,"released_at":35,"has_diff":52,"diff_files_changed":361,"diff_lines":35,"trac_diff_url":362,"vulnerabilities":363,"is_current":52},"2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.2&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.3",[364],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":366,"download_url":367,"svn_tag_url":368,"released_at":35,"has_diff":52,"diff_files_changed":369,"diff_lines":35,"trac_diff_url":370,"vulnerabilities":371,"is_current":52},"2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.1&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.2",[372],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":374,"download_url":375,"svn_tag_url":376,"released_at":35,"has_diff":52,"diff_files_changed":377,"diff_lines":35,"trac_diff_url":378,"vulnerabilities":379,"is_current":52},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.0&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.1",[380],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":382,"download_url":383,"svn_tag_url":384,"released_at":35,"has_diff":52,"diff_files_changed":385,"diff_lines":35,"trac_diff_url":386,"vulnerabilities":387,"is_current":52},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F1.1&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F2.0",[388],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":390,"download_url":391,"svn_tag_url":392,"released_at":35,"has_diff":52,"diff_files_changed":393,"diff_lines":35,"trac_diff_url":394,"vulnerabilities":395,"is_current":52},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-leaflet-map%2Ftags%2F1.0&new_path=%2Fdsgvo-leaflet-map%2Ftags%2F1.1",[396],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6},{"version":398,"download_url":399,"svn_tag_url":400,"released_at":35,"has_diff":52,"diff_files_changed":401,"diff_lines":35,"trac_diff_url":35,"vulnerabilities":402,"is_current":52},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-leaflet-map.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-leaflet-map\u002Ftags\u002F1.0\u002F",[],[403],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":6}]