[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyHE33sa95SOcvZawDsb5p82beJJqT9ISg1zSbLhLKNQ":3,"$f8eg56AYLYxOExU-w4WFtftsHPvkGG7lehTddSlGWO_Q":300,"$fA7uiSypHEEZY2Zui5sKEtXZssvjjPnuDzQgbQlokeJo":305},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":56,"analysis":112,"fingerprints":265},"ehive-search","eHive Search","2.5.1","Vernon Systems Limited","https:\u002F\u002Fprofiles.wordpress.org\u002Fvernonsystems\u002F","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin gives you the ability to add eHive search functionality to your website. When added to your site the eHive Search plugin allows your site’s visitors to search for eHive Objects. Search results can be displayed as a list view, lightbox view or both. You can optionally add an account and\u002For community filter in the eHive Access plugin’s options page so that your site returns Object Records from the given account and\u002For community only.\u003C\u002Fp>\n\u003Cp>You can configure the search options to display your choice of fields for the search results summary.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the experience you offer your users you can also install the eHive Object details plugin to allow your users to click all the way through to view the Object Records in detail. Furthermore, you can add the eHive Search widget and give your visitors the option to search eHive on every page, not just the page where you have added the plugin’s shortcode.\u003C\u002Fp>\n\u003Cp>While eHive search will function and return results without the eHive Object Details plugin, it is likely that you will want to install the eHive Object Details plugin so your users can click through and view an Object Record in detail.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin that give you the power to search eHive Objects from your WordPress website.",60,5097,100,1,"2025-11-19T01:11:00.000Z","6.8.5","3.3.1","8.2",[20,21,22,23,24],"archive","collection","ehive","history","museum","http:\u002F\u002Fdevelopers.ehive.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.5.1.zip",99,0,"2026-01-06 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47,"patch_diff_files":48,"patch_trac_url":38,"research_status":38,"research_verified":49,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":49,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-67930","ehive-search-reflected-cross-site-scripting","eHive Search \u003C= 2.5.0 - Reflected Cross-Site Scripting","The eHive Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=2.5.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-13 17:33:26",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbd43628d-1320-44a8-a397-37455096e191?source=api-prod",8,[],false,{"slug":51,"display_name":7,"profile_url":8,"plugin_count":52,"total_installs":53,"avg_security_score":13,"avg_patch_time_days":54,"trust_score":13,"computed_at":55},"vernonsystems",11,360,5,"2026-05-20T03:57:26.126Z",[57,70,80,91,102],{"slug":58,"name":59,"version":60,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":14,"last_updated":65,"tested_up_to":16,"requires_at_least":17,"requires_php":66,"tags":67,"homepage":25,"download_link":68,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":69},"ehive-access","eHive Access","2.4.2","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This is the base plugin for the suite and should be installed before you add any others eHive plugins. To get set up correctly you will also need to acquire an eHive API Key so you can securely access content from eHive. An API key can be generated by clicking the “Create Key” button in the “Edit My Profile > Api Keys” page of your eHive Account.\u003C\u002Fp>\n\u003Cp>After installing this plugin you can install any of the other eHive plugins to begin adding eHive functionality to your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","The base plugin for the eHive plugin suite.",70,4343,"2025-09-24T22:37:00.000Z","5.3",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-access.2.4.2.zip","2026-04-06T09:54:40.288Z",{"slug":71,"name":72,"version":73,"author":7,"author_profile":8,"description":74,"short_description":75,"active_installs":11,"downloaded":76,"rating":13,"num_ratings":14,"last_updated":77,"tested_up_to":16,"requires_at_least":17,"requires_php":66,"tags":78,"homepage":25,"download_link":79,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"ehive-object-details","eHive Object Details","2.4.3","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin allows you to display eHive Object details pages. This means that you can display all of the public metadata and image fields for any public eHive record.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Search plugin to allow your users to search for and view other eHive Object Records.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin to display a detail page for an eHive Object Record.",3839,"2025-09-24T23:57:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-object-details.2.4.3.zip",{"slug":81,"name":82,"version":60,"author":7,"author_profile":8,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":13,"num_ratings":14,"last_updated":87,"tested_up_to":16,"requires_at_least":17,"requires_php":66,"tags":88,"homepage":25,"download_link":89,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":90,"fetched_at":30},"ehive-objects-image-grid","eHive Objects Image Grid","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin allows you display a grid of images from eHive. The images can be filtered using a search term and some sort information. Alternatively, you can choose to display interesting, popular, or recently added images to eHive. You can choose to return only images from your account or community by configuring the “Site type” setting in the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Object details plugin to allow your users to click through to view the Object Records in detail.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides an access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin that enabled you to embed a grid of images from eHive on your site.",50,4573,"2025-09-24T23:59:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-image-grid.2.4.2.zip","2025-01-30 00:00:00",{"slug":92,"name":93,"version":94,"author":7,"author_profile":8,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":28,"num_ratings":28,"last_updated":99,"tested_up_to":16,"requires_at_least":17,"requires_php":66,"tags":100,"homepage":25,"download_link":101,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"ehive-objects-gallery-widget","eHive Objects Gallery widget","2.4.0","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This widget plugin allows you to display a gallery of Object Record images that are grouped by Object Record type. You can filter the Objects displayed by eHive account or community. This can serve to promote other Objects in a collection.\u003C\u002Fp>\n\u003Cp>Because this is a widget plugin it can be added to sidebars, footers or any other page areas that allows widgets. This also means the widget’s functionality can be made available on every page of your site.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access and eHive Search plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Object details plugin to allow your users to click through to view the Object Records in detail.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Account Details – A plugin for displaying eHive account information.\u003C\u002Fli>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A widget plugin that displays a gallery of objects arranged by category.",30,3098,"2025-09-25T03:29:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-objects-gallery-widget.2.4.0.zip",{"slug":103,"name":104,"version":60,"author":7,"author_profile":8,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":28,"num_ratings":28,"last_updated":109,"tested_up_to":16,"requires_at_least":17,"requires_php":66,"tags":110,"homepage":25,"download_link":111,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"ehive-account-details","eHive Account Details","\u003Cp>This plugin is part of a suite of plugins created by Vernon Systems Ltd., which give you the power to embed eHive functionality into your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin allows you to embed eHive Account detail pages onto your WordPress website. This means that you can display the public profile pages of eHive Account holders.\u003C\u002Fp>\n\u003Cp>Before you install this plugin you will need to install the eHive Access plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more from the eHive plugin suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To enhance the page you embed this plugin on you can also install the eHive Objects gallery widget plugin to showcase other Objects contributed by the account you are displaying.\u003C\u002Fp>\n\u003Cp>Other plugins in the suite include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>eHive Object Comments – Enables users to add comments to Object Records from your site.\u003C\u002Fli>\n\u003Cli>eHive Object Details – A plugin for displaying Object Record detail pages.\u003C\u002Fli>\n\u003Cli>eHive Objects Image Grid – Displays a grid of images from eHive filtered by certain criteria.\u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud – Displays a tag cloud from eHive.\u003C\u002Fli>\n\u003Cli>eHive Search – Allows you to search eHive.\u003C\u002Fli>\n\u003Cli>eHive Objects Gallery widget – Provides a gallery of Object Records that can be placed in your sites widget areas. \u003C\u002Fli>\n\u003Cli>eHive Objects Tag Cloud widget – Allows you to display a tag cloud in a widget area on your site.\u003C\u002Fli>\n\u003Cli>eHive Object Tags widget – A widget that displays tags for an Object Record.\u003C\u002Fli>\n\u003Cli>eHive Search widget – A widget plugin that provides access to eHive Search from a widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","A plugin that allows you to display a public profile page for an eHive account.",20,3133,"2025-09-24T23:53:00.000Z",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-account-details.2.4.2.zip",{"attackSurface":113,"codeSignals":157,"taintFlows":251,"riskAssessment":252,"analyzedAt":264},{"hooks":114,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":156,"entryPointCount":14,"unprotectedCount":28},[115,121,125,129,133,137,141,145],{"type":116,"name":117,"callback":118,"file":119,"line":120},"action","init","ehive_search_init","EHiveSearch.php",38,{"type":116,"name":122,"callback":123,"file":119,"line":124},"admin_init","ehive_search_admin_options_init",39,{"type":116,"name":126,"callback":127,"file":119,"line":128},"admin_menu","ehive_search_admin_menu",40,{"type":116,"name":130,"callback":131,"file":119,"line":132},"wp_print_styles","enqueue_styles",42,{"type":116,"name":134,"callback":135,"file":119,"line":136},"pre_get_posts","alter_post_query_var",47,{"type":138,"name":139,"callback":139,"file":119,"line":140},"filter","query_vars",1042,{"type":116,"name":142,"callback":143,"file":119,"line":144},"activate_ehive-search\u002FEHiveSearch.php","activate",1045,{"type":116,"name":146,"callback":147,"file":119,"line":148},"deactivate_ehive-search\u002FEHiveSearch.php","deactivate",1046,[],[],[152],{"tag":153,"callback":154,"file":119,"line":155},"ehive_search","ehive_search_shortcode",43,[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":250},[],{"prepared":28,"raw":28,"locations":160},[],{"escaped":162,"rawEcho":132,"locations":163},91,[164,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,238,240,242,244,246,248],{"file":119,"line":165,"context":166},292,"raw output",{"file":119,"line":168,"context":166},301,{"file":119,"line":170,"context":166},310,{"file":119,"line":172,"context":166},319,{"file":119,"line":174,"context":166},328,{"file":119,"line":176,"context":166},349,{"file":119,"line":178,"context":166},362,{"file":119,"line":180,"context":166},382,{"file":119,"line":182,"context":166},383,{"file":119,"line":184,"context":166},392,{"file":119,"line":186,"context":166},402,{"file":119,"line":188,"context":166},419,{"file":119,"line":190,"context":166},426,{"file":119,"line":192,"context":166},435,{"file":119,"line":194,"context":166},436,{"file":119,"line":196,"context":166},450,{"file":119,"line":198,"context":166},452,{"file":119,"line":200,"context":166},454,{"file":119,"line":202,"context":166},471,{"file":119,"line":204,"context":166},478,{"file":119,"line":206,"context":166},483,{"file":119,"line":208,"context":166},488,{"file":119,"line":210,"context":166},498,{"file":119,"line":212,"context":166},507,{"file":119,"line":214,"context":166},509,{"file":119,"line":216,"context":166},534,{"file":119,"line":218,"context":166},536,{"file":119,"line":220,"context":166},545,{"file":119,"line":222,"context":166},554,{"file":119,"line":224,"context":166},556,{"file":119,"line":226,"context":166},565,{"file":119,"line":228,"context":166},566,{"file":119,"line":230,"context":166},575,{"file":119,"line":232,"context":166},577,{"file":119,"line":234,"context":166},586,{"file":236,"line":237,"context":166},"templates\\eHiveSearch.php",64,{"file":236,"line":239,"context":166},79,{"file":236,"line":241,"context":166},139,{"file":236,"line":243,"context":166},141,{"file":236,"line":245,"context":166},159,{"file":236,"line":247,"context":166},191,{"file":236,"line":249,"context":166},206,[],[],{"summary":253,"deductions":254},"The ehive-search plugin version 2.5.1 demonstrates a generally good security posture with its static analysis results, notably lacking dangerous functions, external HTTP requests, and file operations. All identified entry points, including the single shortcode, do not appear to have explicit authorization checks, which is a concern. However, SQL queries are all properly prepared, mitigating risks of SQL injection. The most significant area for improvement is output escaping, with 32% of outputs not being properly escaped, potentially leading to Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history shows one past medium severity vulnerability related to XSS, which is concerning given the current output escaping issues. While the plugin has no currently unpatched vulnerabilities, the past XSS issue and the observed output escaping weakness suggest a recurring risk. Overall, the plugin benefits from strong SQL handling and a limited attack surface, but requires attention to output sanitization to prevent XSS.\n\nDespite the positive aspects like prepared SQL statements and zero critical taint flows, the 32% of unescaped output is a significant weakness. This, combined with the history of an XSS vulnerability, creates a medium-level risk. The absence of capability checks and nonce checks on the shortcode (the only identified entry point) further amplifies this risk, as it implies that any user can trigger the shortcode's functionality without proper authorization, potentially exposing them to the unescaped output. The plugin's strengths in SQL security are overshadowed by the potential for XSS due to insufficient output sanitization.",[255,257,259,261],{"reason":256,"points":47},"Unescaped output (32% of outputs)",{"reason":258,"points":54},"Shortcode without capability checks",{"reason":260,"points":54},"Shortcode without nonce checks",{"reason":262,"points":263},"History of medium severity XSS vulnerability",7,"2026-03-16T21:50:23.301Z",{"wat":266,"direct":277},{"assetPaths":267,"generatorPatterns":271,"scriptPaths":272,"versionParams":273},[268,269,270],"\u002Fwp-content\u002Fplugins\u002Fehive-search\u002Fcss\u002FeHiveAdmin.css","\u002Fwp-content\u002Fplugins\u002Fehive-search\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fehive-search\u002Fjs\u002Fmain.js",[],[269,270],[274,275,276],"ehive-search\u002Fcss\u002FeHiveAdmin.css?ver=","ehive-search\u002Fjs\u002Fadmin.js?ver=","ehive-search\u002Fjs\u002Fmain.js?ver=",{"cssClasses":278,"htmlComments":289,"htmlAttributes":292,"restEndpoints":295,"jsGlobals":296,"shortcodeOutput":298},[279,280,281,282,283,284,285,286,287,288],"ehive_search_results_wrapper","ehive_search_result_item","ehive_search_result_item_img","ehive_search_result_item_title","ehive_search_result_item_details","ehive-search-advanced-options-css","ehive-search-admin-css","ehive-search-lightbox-css","ehive-search-list-css","ehive-search-results-css",[290,291],"\u003C!-- EHive Search Result Item -->","\u003C!-- EHive Search Result Wrapper -->",[293,294],"data-ehive-search-options","data-ehive-search-id",[],[297],"window.eHiveSearchOptions",[299],"[ehive_search]",{"error":301,"url":302,"statusCode":303,"statusMessage":304,"message":304},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fehive-search\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":306,"versions":307},24,[308,313,321,329,337,344,351,359,366,374,382,390,398,406,414,422,430,438,446,454,462,470,478,486],{"version":6,"download_url":26,"svn_tag_url":309,"released_at":38,"has_diff":49,"diff_files_changed":310,"diff_lines":38,"trac_diff_url":311,"vulnerabilities":312,"is_current":301},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.5.0&new_path=%2Fehive-search%2Ftags%2F2.5.1",[],{"version":314,"download_url":315,"svn_tag_url":316,"released_at":38,"has_diff":49,"diff_files_changed":317,"diff_lines":38,"trac_diff_url":318,"vulnerabilities":319,"is_current":49},"2.5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.4.5&new_path=%2Fehive-search%2Ftags%2F2.5.0",[320],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":322,"download_url":323,"svn_tag_url":324,"released_at":38,"has_diff":49,"diff_files_changed":325,"diff_lines":38,"trac_diff_url":326,"vulnerabilities":327,"is_current":49},"2.4.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.4.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.4.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.4.4&new_path=%2Fehive-search%2Ftags%2F2.4.5",[328],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":330,"download_url":331,"svn_tag_url":332,"released_at":38,"has_diff":49,"diff_files_changed":333,"diff_lines":38,"trac_diff_url":334,"vulnerabilities":335,"is_current":49},"2.4.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.4.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.4.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.4.3&new_path=%2Fehive-search%2Ftags%2F2.4.4",[336],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":73,"download_url":338,"svn_tag_url":339,"released_at":38,"has_diff":49,"diff_files_changed":340,"diff_lines":38,"trac_diff_url":341,"vulnerabilities":342,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.4.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.4.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.4.2&new_path=%2Fehive-search%2Ftags%2F2.4.3",[343],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":60,"download_url":345,"svn_tag_url":346,"released_at":38,"has_diff":49,"diff_files_changed":347,"diff_lines":38,"trac_diff_url":348,"vulnerabilities":349,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.4.1&new_path=%2Fehive-search%2Ftags%2F2.4.2",[350],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":352,"download_url":353,"svn_tag_url":354,"released_at":38,"has_diff":49,"diff_files_changed":355,"diff_lines":38,"trac_diff_url":356,"vulnerabilities":357,"is_current":49},"2.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.4.0&new_path=%2Fehive-search%2Ftags%2F2.4.1",[358],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":94,"download_url":360,"svn_tag_url":361,"released_at":38,"has_diff":49,"diff_files_changed":362,"diff_lines":38,"trac_diff_url":363,"vulnerabilities":364,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.9&new_path=%2Fehive-search%2Ftags%2F2.4.0",[365],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":367,"download_url":368,"svn_tag_url":369,"released_at":38,"has_diff":49,"diff_files_changed":370,"diff_lines":38,"trac_diff_url":371,"vulnerabilities":372,"is_current":49},"2.3.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.8&new_path=%2Fehive-search%2Ftags%2F2.3.9",[373],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":375,"download_url":376,"svn_tag_url":377,"released_at":38,"has_diff":49,"diff_files_changed":378,"diff_lines":38,"trac_diff_url":379,"vulnerabilities":380,"is_current":49},"2.3.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.7&new_path=%2Fehive-search%2Ftags%2F2.3.8",[381],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":383,"download_url":384,"svn_tag_url":385,"released_at":38,"has_diff":49,"diff_files_changed":386,"diff_lines":38,"trac_diff_url":387,"vulnerabilities":388,"is_current":49},"2.3.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.6&new_path=%2Fehive-search%2Ftags%2F2.3.7",[389],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":391,"download_url":392,"svn_tag_url":393,"released_at":38,"has_diff":49,"diff_files_changed":394,"diff_lines":38,"trac_diff_url":395,"vulnerabilities":396,"is_current":49},"2.3.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.5&new_path=%2Fehive-search%2Ftags%2F2.3.6",[397],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":399,"download_url":400,"svn_tag_url":401,"released_at":38,"has_diff":49,"diff_files_changed":402,"diff_lines":38,"trac_diff_url":403,"vulnerabilities":404,"is_current":49},"2.3.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.4&new_path=%2Fehive-search%2Ftags%2F2.3.5",[405],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":407,"download_url":408,"svn_tag_url":409,"released_at":38,"has_diff":49,"diff_files_changed":410,"diff_lines":38,"trac_diff_url":411,"vulnerabilities":412,"is_current":49},"2.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.3&new_path=%2Fehive-search%2Ftags%2F2.3.4",[413],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":415,"download_url":416,"svn_tag_url":417,"released_at":38,"has_diff":49,"diff_files_changed":418,"diff_lines":38,"trac_diff_url":419,"vulnerabilities":420,"is_current":49},"2.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.2&new_path=%2Fehive-search%2Ftags%2F2.3.3",[421],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":423,"download_url":424,"svn_tag_url":425,"released_at":38,"has_diff":49,"diff_files_changed":426,"diff_lines":38,"trac_diff_url":427,"vulnerabilities":428,"is_current":49},"2.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.1&new_path=%2Fehive-search%2Ftags%2F2.3.2",[429],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":431,"download_url":432,"svn_tag_url":433,"released_at":38,"has_diff":49,"diff_files_changed":434,"diff_lines":38,"trac_diff_url":435,"vulnerabilities":436,"is_current":49},"2.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.3.0&new_path=%2Fehive-search%2Ftags%2F2.3.1",[437],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":439,"download_url":440,"svn_tag_url":441,"released_at":38,"has_diff":49,"diff_files_changed":442,"diff_lines":38,"trac_diff_url":443,"vulnerabilities":444,"is_current":49},"2.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.1.6&new_path=%2Fehive-search%2Ftags%2F2.3.0",[445],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":447,"download_url":448,"svn_tag_url":449,"released_at":38,"has_diff":49,"diff_files_changed":450,"diff_lines":38,"trac_diff_url":451,"vulnerabilities":452,"is_current":49},"2.1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.1.5&new_path=%2Fehive-search%2Ftags%2F2.1.6",[453],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":455,"download_url":456,"svn_tag_url":457,"released_at":38,"has_diff":49,"diff_files_changed":458,"diff_lines":38,"trac_diff_url":459,"vulnerabilities":460,"is_current":49},"2.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.1.4&new_path=%2Fehive-search%2Ftags%2F2.1.5",[461],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":463,"download_url":464,"svn_tag_url":465,"released_at":38,"has_diff":49,"diff_files_changed":466,"diff_lines":38,"trac_diff_url":467,"vulnerabilities":468,"is_current":49},"2.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.1.3&new_path=%2Fehive-search%2Ftags%2F2.1.4",[469],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":471,"download_url":472,"svn_tag_url":473,"released_at":38,"has_diff":49,"diff_files_changed":474,"diff_lines":38,"trac_diff_url":475,"vulnerabilities":476,"is_current":49},"2.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.1.2&new_path=%2Fehive-search%2Ftags%2F2.1.3",[477],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":479,"download_url":480,"svn_tag_url":481,"released_at":38,"has_diff":49,"diff_files_changed":482,"diff_lines":38,"trac_diff_url":483,"vulnerabilities":484,"is_current":49},"2.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fehive-search%2Ftags%2F2.1.1&new_path=%2Fehive-search%2Ftags%2F2.1.2",[485],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":487,"download_url":488,"svn_tag_url":489,"released_at":38,"has_diff":49,"diff_files_changed":490,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":491,"is_current":49},"2.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehive-search.2.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fehive-search\u002Ftags\u002F2.1.1\u002F",[],[492],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6}]