[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feLQsAEvU2Nw_Aojh0QV95cvgtPUyqxt7hfe0GE0KuTU":3,"$fytHT9y_p5SPXtTgUeUyxiCTaaDT7xpdrlDOLW4_3QwM":280,"$fiq0L0d0PwGvHmy53XMhzhV1rGawOAXQBGfjyTdaeHtc":285},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":55,"analysis":111,"fingerprints":226},"ehive-objects-image-grid","eHive Objects Image Grid","2.4.2","Vernon Systems Limited","https:\u002F\u002Fprofiles.wordpress.org\u002Fvernonsystems\u002F","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin allows you display a grid of images from eHive. The images can be filtered using a search term and some sort information. Alternatively, you can choose to display interesting, popular, or recently added images to eHive. You can choose to return only images from your account or community by configuring the “Site type” setting in the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Object details plugin to allow your users to click through to view the Object Records in detail.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides an access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin that enabled you to embed a grid of images from eHive on your site.",50,4573,100,1,"2025-09-24T23:59:00.000Z","6.8.5","3.3.1","5.3",[20,21,22,23,24],"archive","collection","ehive","history","museum","http:\u002F\u002Fdevelopers.ehive.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.4.2.zip",99,0,"2025-01-30 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":14,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2024-13662","ehive-objects-image-grid-authenticated-contributor-stored-cross-site-scripting","eHive Objects Image Grid \u003C= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehive_objects_image_grid' shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.4.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-31 11:11:11",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F638d8ef6-dab0-4cfa-8ecc-af2ded3c6d79?source=api-prod",[],false,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":13,"avg_patch_time_days":53,"trust_score":13,"computed_at":54},"vernonsystems",11,360,5,"2026-05-20T01:11:25.791Z",[56,67,78,90,101],{"slug":57,"name":58,"version":6,"author":7,"author_profile":8,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":14,"last_updated":63,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":64,"homepage":25,"download_link":65,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":66},"ehive-access","eHive Access","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This is the base plugin for the suite and should be installed before you add any others eHive plugins. To get set up correctly you will also need to acquire an eHive API Key so you can securely access content from eHive. An API key can be generated by clicking the “Create Key” button in the “Edit My Profile > Api Keys” page of your eHive Account.\u003C\u002Fp>\n\u003Cp>After installing this plugin you can install any of the other eHive plugins to begin adding eHive functionality to your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","The base plugin for the eHive plugin suite.",70,4343,"2025-09-24T22:37:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-access.2.4.2.zip","2026-04-06T09:54:40.288Z",{"slug":68,"name":69,"version":70,"author":7,"author_profile":8,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":13,"num_ratings":14,"last_updated":75,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":76,"homepage":25,"download_link":77,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"ehive-object-details","eHive Object Details","2.4.3","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin allows you to display eHive Object details pages. This means that you can display all of the public metadata and image fields for any public eHive record.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Search plugin to allow your users to search for and view other eHive Object Records.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin to display a detail page for an eHive Object Record.",60,3839,"2025-09-24T23:57:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-object-details.2.4.3.zip",{"slug":79,"name":80,"version":81,"author":7,"author_profile":8,"description":82,"short_description":83,"active_installs":73,"downloaded":84,"rating":13,"num_ratings":14,"last_updated":85,"tested_up_to":16,"requires_at_least":17,"requires_php":86,"tags":87,"homepage":25,"download_link":88,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":89,"fetched_at":30},"ehive-search","eHive Search","2.5.1","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin gives you the ability to add eHive search functionality to your website. When added to your site the eHive Search plugin allows your site’s visitors to search for eHive Objects. Search results can be displayed as a list view, lightbox view or both. You can optionally add an account and\u002For community filter in the eHive Access plugin’s options page so that your site returns Object Records from the given account and\u002For community only.\u003C\u002Fp>\n\u003Cp>You can configure the search options to display your choice of fields for the search results summary.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the experience you offer your users you can also install the eHive Object details plugin to allow your users to click all the way through to view the Object Records in detail. Furthermore, you can add the eHive Search widget and give your visitors the option to search eHive on every page, not just the page where you have added the plugin’s shortcode.\u003C\u002Fp>\n\u003Cp>While eHive search will function and return results without the eHive Object Details plugin, it is likely that you will want to install the eHive Object Details plugin so your users can click through and view an Object Record in detail.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin that give you the power to search eHive Objects from your WordPress website.",5097,"2025-11-19T01:11:00.000Z","8.2",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.5.1.zip","2026-01-06 00:00:00",{"slug":91,"name":92,"version":93,"author":7,"author_profile":8,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":28,"num_ratings":28,"last_updated":98,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":99,"homepage":25,"download_link":100,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"ehive-objects-gallery-widget","eHive Objects Gallery widget","2.4.0","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This widget plugin allows you to display a gallery of Object Record images that are grouped by Object Record type. You can filter the Objects displayed by eHive account or community. This can serve to promote other Objects in a collection.\u003C\u002Fp>\n\u003Cp>Because this is a widget plugin it can be added to sidebars, footers or any other page areas that allows widgets. This also means the widget’s functionality can be made available on every page of your site.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access and eHive Search plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Object details plugin to allow your users to click through to view the Object Records in detail.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A widget plugin that displays a gallery of objects arranged by category.",30,3098,"2025-09-25T03:29:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-gallery-widget.2.4.0.zip",{"slug":102,"name":103,"version":6,"author":7,"author_profile":8,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":28,"num_ratings":28,"last_updated":108,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":109,"homepage":25,"download_link":110,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"ehive-account-details","eHive Account Details","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin allows you to embed eHive Account detail pages onto your WordPress website. This means that you can display the public profile pages of eHive Account holders.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Objects gallery widget plugin to showcase other Objects contributed by the account you are displaying.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin that allows you to display a public profile page for an eHive account.",20,3133,"2025-09-24T23:53:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-account-details.2.4.2.zip",{"attackSurface":112,"codeSignals":144,"taintFlows":211,"riskAssessment":212,"analyzedAt":225},{"hooks":113,"ajaxHandlers":136,"restRoutes":137,"shortcodes":138,"cronEvents":143,"entryPointCount":14,"unprotectedCount":28},[114,120,124,128,132],{"type":115,"name":116,"callback":117,"file":118,"line":119},"action","admin_init","ehive_objects_image_grid_admin_options_init","EHiveObjectsImageGrid.php",37,{"type":115,"name":121,"callback":122,"file":118,"line":123},"admin_menu","ehive_objects_image_grid_admin_menu",39,{"type":115,"name":125,"callback":126,"file":118,"line":127},"wp_print_styles","enqueue_styles",41,{"type":115,"name":129,"callback":130,"file":118,"line":131},"activate_ehive-objects-image-grid\u002FEHiveObjectsImageGrid.php","activate",676,{"type":115,"name":133,"callback":134,"file":118,"line":135},"deactivate_ehive-objects-image-grid\u002FEHiveObjectsImageGrid.php","deactivate",677,[],[],[139],{"tag":140,"callback":141,"file":118,"line":142},"ehive_objects_image_grid","ehive_objects_image_grid_shortcode",43,[],{"dangerousFunctions":145,"sqlUsage":146,"outputEscaping":148,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":210},[],{"prepared":28,"raw":28,"locations":147},[],{"escaped":149,"rawEcho":150,"locations":151},3,28,[152,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,200,202,204,206,208],{"file":118,"line":153,"context":154},120,"raw output",{"file":118,"line":156,"context":154},131,{"file":118,"line":158,"context":154},141,{"file":118,"line":160,"context":154},148,{"file":118,"line":162,"context":154},169,{"file":118,"line":164,"context":154},182,{"file":118,"line":166,"context":154},194,{"file":118,"line":168,"context":154},199,{"file":118,"line":170,"context":154},205,{"file":118,"line":172,"context":154},211,{"file":118,"line":174,"context":154},222,{"file":118,"line":176,"context":154},224,{"file":118,"line":178,"context":154},234,{"file":118,"line":180,"context":154},236,{"file":118,"line":182,"context":154},245,{"file":118,"line":184,"context":154},255,{"file":118,"line":186,"context":154},257,{"file":118,"line":188,"context":154},267,{"file":118,"line":190,"context":154},268,{"file":118,"line":192,"context":154},278,{"file":118,"line":194,"context":154},280,{"file":118,"line":196,"context":154},289,{"file":198,"line":199,"context":154},"templates\\eHiveObjectsImageGrid.php",83,{"file":198,"line":201,"context":154},85,{"file":198,"line":203,"context":154},86,{"file":198,"line":205,"context":154},97,{"file":198,"line":207,"context":154},98,{"file":198,"line":209,"context":154},117,[],[],{"summary":213,"deductions":214},"The \"ehive-objects-image-grid\" plugin v2.4.2 presents a mixed security posture. On the positive side, the static analysis reveals a very small attack surface, with no unprotected entry points detected. Furthermore, all SQL queries are properly prepared, and there are no indications of dangerous function usage, file operations, external HTTP requests, or bundled libraries. This suggests a generally cautious approach to certain aspects of secure coding.\n\nHowever, several areas raise concerns. The most significant is the low percentage (10%) of properly escaped output. With 31 outputs analyzed, this means a substantial number of them are likely vulnerable to Cross-Site Scripting (XSS) attacks, as indicated by the vulnerability history. The complete lack of nonce and capability checks on the identified entry points (even if limited) is also a weakness, as it leaves these functions potentially open to unauthorized execution or manipulation.\n\nThe vulnerability history, which notes one medium-severity XSS vulnerability from early 2025, reinforces the concerns around output escaping. While currently unpatched vulnerabilities are zero, the recurring nature of XSS in the past and the low output escaping rate suggest a continued risk. The plugin's strengths lie in its limited attack surface and secure handling of database operations, but the prevalent lack of output sanitization is a notable security deficiency.",[215,218,220,222],{"reason":216,"points":217},"Low output escaping percentage",8,{"reason":219,"points":53},"No nonce checks on entry points",{"reason":221,"points":53},"No capability checks on entry points",{"reason":223,"points":224},"Medium severity vulnerability history (XSS)",10,"2026-03-16T21:57:32.637Z",{"wat":227,"direct":236},{"assetPaths":228,"generatorPatterns":231,"scriptPaths":232,"versionParams":233},[229,230],"\u002Fwp-content\u002Fplugins\u002Fehive-objects-image-grid\u002Fcss\u002Fehive-objects-image-grid.css","\u002Fwp-content\u002Fplugins\u002Fehive-objects-image-grid\u002Fjs\u002Foptions.js",[],[230],[234,235],"ehive-objects-image-grid\u002Fcss\u002Fehive-objects-image-grid.css?ver=","ehive-objects-image-grid\u002Fjs\u002Foptions.js?ver=",{"cssClasses":237,"htmlComments":239,"htmlAttributes":240,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":278},[238],"ehive-options-demo-image",[],[241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274],"id=\"image_size\"","name=\"ehive_objects_image_grid_options[image_size]\"","id=\"name_enabled\"","name=\"ehive_objects_image_grid_options[name_enabled]\"","id=\"explore_type\"","name=\"ehive_objects_image_grid_options[explore_type]\"","id=\"search_term\"","name=\"ehive_objects_image_grid_options[search_term]\"","id=\"sort\"","name=\"ehive_objects_image_grid_options[sort]\"","id=\"direction\"","name=\"ehive_objects_image_grid_options[direction]\"","id=\"plugin_css_enabled\"","name=\"ehive_objects_image_grid_options[plugin_css_enabled]\"","id=\"rows\"","name=\"ehive_objects_image_grid_options[rows]\"","id=\"columns\"","name=\"ehive_objects_image_grid_options[columns]\"","id=\"css_class\"","name=\"ehive_objects_image_grid_options[css_class]\"","id=\"item_background_colour\"","name=\"ehive_objects_image_grid_options[item_background_colour]\"","id=\"item_border_colour\"","name=\"ehive_objects_image_grid_options[item_border_colour]\"","id=\"item_border_width\"","name=\"ehive_objects_image_grid_options[item_border_width]\"","id=\"image_background_colour\"","name=\"ehive_objects_image_grid_options[image_background_colour]\"","id=\"image_padding\"","name=\"ehive_objects_image_grid_options[image_padding]\"","id=\"image_border_colour\"","name=\"ehive_objects_image_grid_options[image_border_colour]\"","id=\"image_border_width\"","name=\"ehive_objects_image_grid_options[image_border_width]\"",[],[277],"eHiveObjectsImageGridOptions",[279],"[ehive_objects_image_grid]",{"error":281,"url":282,"statusCode":283,"statusMessage":284,"message":284},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fehive-objects-image-grid\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":286,"versions":287},12,[288,293,301,308,316,324,332,340,348,356,364,372],{"version":6,"download_url":26,"svn_tag_url":289,"released_at":38,"has_diff":48,"diff_files_changed":290,"diff_lines":38,"trac_diff_url":291,"vulnerabilities":292,"is_current":281},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.4.1&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.4.2",[],{"version":294,"download_url":295,"svn_tag_url":296,"released_at":38,"has_diff":48,"diff_files_changed":297,"diff_lines":38,"trac_diff_url":298,"vulnerabilities":299,"is_current":48},"2.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.4.0&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.4.1",[300],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":93,"download_url":302,"svn_tag_url":303,"released_at":38,"has_diff":48,"diff_files_changed":304,"diff_lines":38,"trac_diff_url":305,"vulnerabilities":306,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.4&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.4.0",[307],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":309,"download_url":310,"svn_tag_url":311,"released_at":38,"has_diff":48,"diff_files_changed":312,"diff_lines":38,"trac_diff_url":313,"vulnerabilities":314,"is_current":48},"2.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.3&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.4",[315],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":317,"download_url":318,"svn_tag_url":319,"released_at":38,"has_diff":48,"diff_files_changed":320,"diff_lines":38,"trac_diff_url":321,"vulnerabilities":322,"is_current":48},"2.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.2&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.3",[323],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":325,"download_url":326,"svn_tag_url":327,"released_at":38,"has_diff":48,"diff_files_changed":328,"diff_lines":38,"trac_diff_url":329,"vulnerabilities":330,"is_current":48},"2.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.1&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.2",[331],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":333,"download_url":334,"svn_tag_url":335,"released_at":38,"has_diff":48,"diff_files_changed":336,"diff_lines":38,"trac_diff_url":337,"vulnerabilities":338,"is_current":48},"2.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.0&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.1",[339],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":341,"download_url":342,"svn_tag_url":343,"released_at":38,"has_diff":48,"diff_files_changed":344,"diff_lines":38,"trac_diff_url":345,"vulnerabilities":346,"is_current":48},"2.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.4&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.3.0",[347],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":349,"download_url":350,"svn_tag_url":351,"released_at":38,"has_diff":48,"diff_files_changed":352,"diff_lines":38,"trac_diff_url":353,"vulnerabilities":354,"is_current":48},"2.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.3&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.4",[355],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":357,"download_url":358,"svn_tag_url":359,"released_at":38,"has_diff":48,"diff_files_changed":360,"diff_lines":38,"trac_diff_url":361,"vulnerabilities":362,"is_current":48},"2.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.2&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.3",[363],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":365,"download_url":366,"svn_tag_url":367,"released_at":38,"has_diff":48,"diff_files_changed":368,"diff_lines":38,"trac_diff_url":369,"vulnerabilities":370,"is_current":48},"2.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.1&new_path=%2Fehive-objects-image-grid%2Ftags%2F2.1.2",[371],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":373,"download_url":374,"svn_tag_url":375,"released_at":38,"has_diff":48,"diff_files_changed":376,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":377,"is_current":48},"2.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-objects-image-grid\u002Ftags\u002F2.1.1\u002F",[],[378],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6}]