[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgpUOjvXPUNWG1LDWtqACJDfueExF-wZ1G4AT8FkLS2k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":49,"analysis":50,"fingerprints":284},"dynamic-post","Dynamic Post","5.02","Service2Client LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fservice2client\u002F","\u003Cp>Dynamic Post Plugin\u003C\u002Fp>\n\u003Cp>Get the Glue You Need to Boost Your WordPress Blog! From the creators of Dynamic Content!\u003C\u002Fp>\n\u003Cp>When you share powerful, helpful content with your customers, you build trust and start to form a relationship beyond that of money changing hands. You are giving them tools to help them grow and prosper, which is what a fruitful, productive business partnership is all about. What’s more, when they are looking to you for Thought Leadership vis a vis Dynamic Content, they’re likely to be more open about other products and services you might offer them. With this kind of stickiness, it’s a win-win for everyone.\u003C\u002Fp>\n\u003Cp>Functions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dynamic Post plugin gives you full control of the articles and they stay on your webpages\u002Fblog as long as you are a paying client.\u003C\u002Fli>\n\u003Cli>Dynamic Post plugin is an excellent choice for SEO and Marketing.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>What you get with Full Version of Plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Our Dynamic Content articles will auto post to your WordPress blog once a month.\u003C\u002Fli>\n\u003Cli>Archives starting from when you purchase Full API.\u003C\u002Fli>\n\u003Cli>Shortcodes by Category & Shortcodes Archives\u003C\u002Fli>\n\u003Cli>Article Images\u003C\u002Fli>\n\u003Cli>Auto Meta Data\u003C\u002Fli>\n\u003Cli>SEO content comes pre-optimized\u003C\u002Fli>\n\u003Cli>Custom CSS to style the look and design\u003C\u002Fli>\n\u003Cli>Shortcode allow you to place the articles anywhere on your site that you like\u003C\u002Fli>\n\u003Cli>Purchase the Full API Key \u003Ca href=\"https:\u002F\u002Fshop.service2client.com\u002Fsubscribe-now\u002Fall\u002Fdynamic-content\u002Fwordpress-content-seo-plugin-m.html\" rel=\"nofollow ugc\">Here\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Engage with these categories:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tax News – Tax Articles\u003C\u002Fli>\n\u003Cli>General Business News – Business Articles\u003C\u002Fli>\n\u003Cli>Financial Planning News – Financial Articles\u003C\u002Fli>\n\u003Cli>Stock Market News – Stock Market Articles\u003C\u002Fli>\n\u003Cli>Technology News – Technology Articles\u003C\u002Fli>\n\u003Cli>Tip of the Month \u003C\u002Fli>\n\u003Cli>Congress at Work \u003C\u002Fli>\n\u003Cli>Request a new article topic for future consideration \u003Ca href=\"mailto:sales@service2client.com\" rel=\"nofollow ugc\">Here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Order custom written articles \u003Ca href=\"https:\u002F\u002Fshop.service2client.com\u002Fsubscribe-now\u002Fall\u002Fdynamic-content\u002Fdc-trust-writer.html\" rel=\"nofollow ugc\">Here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Search & Order articles one at a time and add to your blog manually \u003Ca href=\"https:\u002F\u002Fdynamicontent.net\u002F\" rel=\"nofollow ugc\">Here\u003C\u002Fa> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: Keys are free or paid\u002Ffull. You’ll need a \u003Ca href=\"https:\u002F\u002Fshop.service2client.com\u002Fsubscribe-now\u002Fall\u002Fdynamic-content\u002Fwordpress-content-seo-plugin-m.html\" rel=\"nofollow ugc\">Service2client.com Full API Key\u003C\u002Fa> to get all the features.\u003C\u002Fp>\n\u003Cp>Tags: blog financial articles content,CPA blog articles content, tax blog articles content,financial articles for my blog, accountant business articles content\u003C\u002Fp>\n","Dynamic Post will automatically publish free articles or syndicate articles to your blog once a month.",100,9483,1,"2025-07-31T18:11:00.000Z","6.8.5","3.0","",[19,20,21,22,23],"accountant-business-articles-content","blog-financial-articles-content","cpa-blog-articles-content","financial-articles-for-my-blog","tax-blog-articles-content","https:\u002F\u002Fwww.service2client.com\u002Fdynamicpost","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdynamic-post.5.02.zip",78,"2025-04-16 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-39522","dynamic-post-missing-authorization-to-authenticated-subscriber-settings-update","Dynamic Post \u003C= 4.10 - Missing Authorization to Authenticated (Subscriber+) Settings Update","The Dynamic Post plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.",null,"\u003C=4.10","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-04-22 19:35:28",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F66294c25-d715-42f2-b249-5ef68ae92cca?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},"service2client",30,79,"2026-04-05T23:08:14.457Z",[],{"attackSurface":51,"codeSignals":167,"taintFlows":269,"riskAssessment":270,"analyzedAt":283},{"hooks":52,"ajaxHandlers":140,"restRoutes":155,"shortcodes":156,"cronEvents":164,"entryPointCount":165,"unprotectedCount":166},[53,58,64,68,72,76,80,83,87,91,96,100,103,107,110,114,118,123,126,130,133,137],{"type":54,"name":55,"callback":55,"file":56,"line":57},"action","init","post-types\\post_type_dynamic_post.php",16,{"type":59,"name":60,"callback":61,"priority":62,"file":56,"line":63},"filter","get_attached_file","replace_attached_file",10,522,{"type":59,"name":65,"callback":66,"priority":62,"file":56,"line":67},"wp_get_attachment_url","replace_attachment_url",523,{"type":59,"name":69,"callback":70,"file":56,"line":71},"posts_where","query_attachments",524,{"type":59,"name":73,"callback":74,"priority":62,"file":56,"line":75},"wp_get_attachment_image_src","replace_attachment_image_src",525,{"type":54,"name":77,"callback":78,"file":56,"line":79},"admin_head","wordprax_admin_head_data",721,{"type":54,"name":81,"callback":78,"file":56,"line":82},"wp_head",722,{"type":59,"name":84,"callback":85,"file":56,"line":86},"admin_post_thumbnail_html","thumbnail_url_field",735,{"type":54,"name":88,"callback":89,"priority":62,"file":56,"line":90},"save_post","thumbnail_url_field_save",736,{"type":59,"name":92,"callback":93,"priority":94,"file":56,"line":95},"post_thumbnail_html","thumbnail_external_replace",20,737,{"type":59,"name":97,"callback":98,"priority":11,"file":56,"line":99},"the_content","add_responsive_class",844,{"type":54,"name":81,"callback":101,"file":56,"line":102},"wordprax_show_contentimage",849,{"type":59,"name":104,"callback":105,"priority":62,"file":56,"line":106},"wp_kses_allowed_html","dp_allow_iframe_for_imported_content",917,{"type":54,"name":55,"callback":108,"file":56,"line":109},"renewPostCode",938,{"type":54,"name":111,"callback":111,"file":112,"line":113},"admin_init","settings.php",13,{"type":54,"name":115,"callback":116,"file":112,"line":117},"admin_menu","add_menu",14,{"type":54,"name":119,"callback":120,"file":121,"line":122},"wp_enqueue_scripts","include_dynamic_post_scripts_for_frontend","wp_plugin_dynamic_post.php",250,{"type":54,"name":81,"callback":124,"file":121,"line":125},"display_custom_css",252,{"type":59,"name":127,"callback":128,"priority":62,"file":121,"line":129},"get_canonical_url","closure",270,{"type":54,"name":81,"callback":131,"file":121,"line":132},"meta_keywords_and_desc",285,{"type":54,"name":134,"callback":135,"file":121,"line":136},"wp_footer","display_disclaimer_summary",315,{"type":59,"name":97,"callback":138,"file":121,"line":139},"display_disclaimer_article_after_individual_post_content",341,[141,146,148,151,152],{"action":142,"nopriv":143,"callback":142,"hasNonce":144,"hasCapCheck":144,"file":56,"line":145},"api_call",true,false,17,{"action":142,"nopriv":144,"callback":142,"hasNonce":144,"hasCapCheck":144,"file":56,"line":147},18,{"action":149,"nopriv":143,"callback":149,"hasNonce":144,"hasCapCheck":144,"file":56,"line":150},"check_api_type",19,{"action":149,"nopriv":144,"callback":149,"hasNonce":144,"hasCapCheck":144,"file":56,"line":94},{"action":153,"nopriv":144,"callback":153,"hasNonce":144,"hasCapCheck":144,"file":121,"line":154},"dynaDeactivatefinal",409,[],[157,160],{"tag":4,"callback":158,"file":112,"line":159},"create_dynamic_post_shortcode",498,{"tag":161,"callback":162,"file":112,"line":163},"dynamic-posts","create_dynamic_post_shortcode_archive",570,[],7,5,{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":184,"fileOperations":267,"externalRequests":267,"nonceChecks":13,"capabilityChecks":171,"bundledLibraries":268},[],{"prepared":170,"raw":171,"locations":172},6,4,[173,176,179,181],{"file":56,"line":174,"context":175},32,"$wpdb->get_results() with variable interpolation",{"file":56,"line":177,"context":178},63,"$wpdb->query() with variable interpolation",{"file":56,"line":180,"context":178},628,{"file":121,"line":182,"context":183},51,"$wpdb->get_var() with variable interpolation",{"escaped":185,"rawEcho":186,"locations":187},12,39,[188,191,193,195,197,199,201,203,205,207,209,212,214,216,218,220,222,224,226,228,230,232,234,236,238,239,241,243,245,247,249,251,253,255,257,259,261,263,265],{"file":56,"line":189,"context":190},496,"raw output",{"file":56,"line":192,"context":190},633,{"file":56,"line":194,"context":190},634,{"file":56,"line":196,"context":190},643,{"file":56,"line":198,"context":190},683,{"file":56,"line":200,"context":190},684,{"file":56,"line":202,"context":190},693,{"file":112,"line":204,"context":190},154,{"file":112,"line":206,"context":190},180,{"file":112,"line":208,"context":190},372,{"file":210,"line":211,"context":190},"setting_template\\settings.php",28,{"file":210,"line":213,"context":190},37,{"file":210,"line":215,"context":190},115,{"file":210,"line":217,"context":190},208,{"file":210,"line":219,"context":190},209,{"file":210,"line":221,"context":190},222,{"file":210,"line":223,"context":190},227,{"file":210,"line":225,"context":190},228,{"file":210,"line":227,"context":190},229,{"file":210,"line":229,"context":190},259,{"file":210,"line":231,"context":190},266,{"file":210,"line":233,"context":190},278,{"file":210,"line":235,"context":190},283,{"file":210,"line":237,"context":190},284,{"file":210,"line":132,"context":190},{"file":210,"line":240,"context":190},312,{"file":210,"line":242,"context":190},319,{"file":210,"line":244,"context":190},329,{"file":210,"line":246,"context":190},334,{"file":210,"line":248,"context":190},384,{"file":210,"line":250,"context":190},392,{"file":210,"line":252,"context":190},397,{"file":210,"line":254,"context":190},445,{"file":210,"line":256,"context":190},446,{"file":121,"line":258,"context":190},261,{"file":121,"line":260,"context":190},296,{"file":121,"line":262,"context":190},300,{"file":121,"line":264,"context":190},330,{"file":121,"line":266,"context":190},700,2,[],[],{"summary":271,"deductions":272},"The \"dynamic-post\" v5.02 plugin exhibits several significant security concerns, particularly regarding its attack surface and output escaping. While the plugin avoids dangerous functions and has limited external requests, a substantial portion of its AJAX handlers (5 out of 5) lack proper authentication checks. This creates a wide entry point for potential attackers to exploit.  Furthermore, only 24% of output escapes are properly implemented, leaving the door open for cross-site scripting (XSS) vulnerabilities. The vulnerability history reveals a concerning pattern of missing authorization, with a currently unpatched medium severity vulnerability of this type, indicating a recurring issue that has not been fully addressed.\n\nDespite strengths like a good percentage of prepared SQL statements and a single nonce check, the plugin's security posture is weakened by its exposed AJAX endpoints and insufficient output sanitization. The lack of taint analysis data doesn't provide a complete picture, but the static analysis clearly points to areas needing immediate attention. The presence of an unpatched CVE, specifically related to missing authorization, further elevates the risk.  A balanced conclusion would highlight the potential for exploitation due to unprotected AJAX endpoints and poor output escaping, coupled with the ongoing risk from the unpatched vulnerability.",[273,275,278,281],{"reason":274,"points":62},"Unprotected AJAX handlers",{"reason":276,"points":277},"Low percentage of properly escaped output",8,{"reason":279,"points":280},"Currently unpatched medium severity CVE",15,{"reason":282,"points":166},"Large attack surface without auth checks","2026-03-16T20:32:25.667Z",{"wat":285,"direct":291},{"assetPaths":286,"generatorPatterns":288,"scriptPaths":289,"versionParams":290},[287],"\u002Fwp-content\u002Fplugins\u002Fdynamic-post\u002Fassets\u002Fajaxloader.gif",[],[],[],{"cssClasses":292,"htmlComments":299,"htmlAttributes":300,"restEndpoints":304,"jsGlobals":305,"shortcodeOutput":307},[293,294,295,296,297,298],"dynaHeadClass","modal_body","input-row","dynaRadio","textarea","submit-row",[],[301,302,303],"id=\"runDynamic_deact\"","id=\"dynaContent\"","id=\"dynaAjax\"",[],[306],"PLUGIN_PATH_DP",[]]