[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsTOaTrx-S6abTXqDv1-JI7RJULgsHeKjfG628nvfkp0":3,"$faKHOGeFtF-3Y7BeEvPJE5VsK8S15wA6jNm1cls4wHTk":354,"$fYe0tsv2fxR9wsG_10eBj0Cvo4WwWGpt0BndNjEG9KZg":358},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":56,"analysis":159,"fingerprints":336},"email-shortcode","Event Espresso – Custom Email Template Shortcode","1.0.0","Aakif Kadiwala","https:\u002F\u002Fprofiles.wordpress.org\u002Fkadiwala\u002F","\u003Cp>Create a Custom Shortcode for Default Message Template of \u003Cstrong>Event&nbsp;Espresso\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Functionalities : \u003C\u002Fstrong>\u003Cbr \u002F>\n * Activate\u002FDeactivate the E-Shortcodes\u003Cbr \u002F>\n * Edit the E-Shortcodes\u003Cbr \u002F>\n * Set Dynamic\u002FStatic Value in the E-Shortcodes\u003C\u002Fp>\n","Create a Custom Shortcode for Default Message Template of Event Espresso.",10,1563,0,"2023-10-04T10:22:00.000Z","6.3.8","3.0.1","",[19,20,21,22,23],"e-shortcodes","email-shortcodes","event-espresso","message-template","template-shortcodes","http:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-shortcode.zip",64,1,"2025-04-14 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-32507","event-espresso-custom-email-template-shortcode-reflected-cross-site-scripting","Event Espresso – Custom Email Template Shortcode \u003C= 1.0.0 - Reflected Cross-Site Scripting","The Event Espresso – Custom Email Template Shortcode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.0.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-21 20:21:03",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc7b5e028-d4ea-4f6d-aee1-0e9661853d43?source=api-prod",[],false,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"kadiwala",4,50,74,30,76,"2026-05-20T10:29:01.182Z",[57,81,103,122,141],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":78,"download_link":79,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"eway-payment-gateway","Eway Payment Gateway","5.3.0","webaware","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebaware\u002F","\u003Cp>The Eway Payment Gateway adds integrations for the \u003Ca href=\"https:\u002F\u002Feway.io\u002F\" rel=\"nofollow ugc\">Eway credit card payment gateway\u003C\u002Fa> through \u003Ca href=\"https:\u002F\u002Fwww.eway.com.au\u002Ffeatures\u002Fapi-rapid-api\u002F\" rel=\"nofollow ugc\">Rapid API Direct Payments\u003C\u002Fa>. These plugins are supported:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-e-commerce\u002F\" rel=\"ugc\">WP eCommerce\u003C\u002Fa> shopping cart plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> shopping cart plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanother-wordpress-classifieds-plugin\u002F\" rel=\"ugc\">WordPress Classifieds Plugin\u003C\u002Fa> classified ads plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fevent-espresso-decaf\u002F\" rel=\"ugc\">Event Espresso 4\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Feventsmanagerpro.com\u002F\" rel=\"nofollow ugc\">Events Manager Pro\u003C\u002Fa> event bookings plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Looking for a Gravity Forms integration? Try \u003Ca href=\"https:\u002F\u002Fgfeway.webaware.net.au\u002F\" rel=\"nofollow ugc\">Gravity Forms Eway\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>card holder’s name can be different to the purchaser’s name\u003C\u002Fli>\n\u003Cli>basic data validation performed before submitting to Eway\u003C\u002Fli>\n\u003Cli>Eway transaction ID and bank authcode are recorded for successful payments\u003C\u002Fli>\n\u003Cli>supports Authorize (PreAuth) for drop-ship merchants \u002F delayed billing\u003C\u002Fli>\n\u003Cli>supports Beagle anti-fraud measures (for supporting plugins)\u003C\u002Fli>\n\u003Cli>it’s free!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>you need to install one of the ecommerce plugins listed above\u003C\u002Fli>\n\u003Cli>you need an SSL\u002FTLS certificate for your hosting account\u003C\u002Fli>\n\u003Cli>you need an account with Eway Australia\u003C\u002Fli>\n\u003Cli>this plugin uses Eway’s \u003Ca href=\"https:\u002F\u002Fwww.eway.com.au\u002Ffeatures\u002Fapi-rapid-api\u002F\" rel=\"nofollow ugc\">Rapid API Direct Payments\u003C\u002Fa>, and does not support Eway’s Responsive Shared Page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Many thanks to the generous efforts of our translators:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English (en_GB) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-gb\u002Fdefault\u002Fwp-plugins\u002Feway-payment-gateway\" rel=\"nofollow ugc\">the English (British) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d like to help out by translating this plugin, please \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Feway-payment-gateway\" rel=\"nofollow ugc\">sign up for an account and dig in\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Sponsorships\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Another WordPress Classifieds Plugin integration generously sponsored by \u003Ca href=\"https:\u002F\u002Fmichaelmajor.com.au\u002F\" rel=\"nofollow ugc\">Michael Major Media\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Events Manager Pro integration generously sponsored by \u003Ca href=\"https:\u002F\u002Fmichaelmajor.com.au\u002F\" rel=\"nofollow ugc\">Michael Major Media\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Event Espresso 4 integration generously sponsored by \u003Ca href=\"https:\u002F\u002Fwww.ruralaid.org.au\u002F\" rel=\"nofollow ugc\">Rural Aid\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Thanks for sponsoring new features for Eway Payment Gateway!\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>Information gathered for processing a credit card transaction is transmitted to Eway for processing, and in turn, Eway passes that information on to your bank. Please review \u003Ca href=\"https:\u002F\u002Fwww.eway.com.au\u002Flegal#privacy\" rel=\"nofollow ugc\">Eway’s Privacy Policy\u003C\u002Fa> for information about how that affects your website’s privacy policy. By using this plugin, you are agreeing to the terms of use for Eway.\u003C\u002Fp>\n","Take credit card payments via Eway in some popular WordPress plugins",800,66185,86,15,"2025-12-14T04:01:00.000Z","6.9.4","5.1","7.4",[74,21,75,76,77],"awpcp","events-manager","eway","woocommerce","https:\u002F\u002Fshop.webaware.com.au\u002Fdownloads\u002Feway-payment-gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feway-payment-gateway.5.3.0.zip",100,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":80,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"hide-unwanted-shortcodes","Hide Unwanted Shortcodes","1.1","Denzel Chia","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenzel_chia\u002F","\u003Cp>Have you ever switch theme or remove plugin and found that there is a lot of unwanted shortcodes left on blog, and they are showing up as \u003Ccode>[shortcode id=\"1234\"]\u003C\u002Fcode> ? In order to remove them, you will need risky database queries which is not what you want or what you can handle properly.\u003C\u002Fp>\n\u003Cp>Now you can use this plugin to prevent them from showing up on Blog. This plugin does not delete the shortcodes from your Database or Post Editor, instead it prevent them from showing up on Blog (Public View), by returning nothing to content.\u003C\u002Fp>\n\u003Cp>You can easily add and save the unwanted shortcode tag name into the plugin setting page, and the plugin will\u003Cbr \u002F>\ndo the rest. There is no need to write any functions or database queries, the plugin will hide them base on shortcode tag saved.\u003C\u002Fp>\n\u003Ch3>How to use this plugin ?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>After installation and activation, please go to Settings > Hide Unwanted Shortcodes.\u003C\u002Fli>\n\u003Cli>Click on it and you will see the textarea for filling in your unwanted shortcodes tag.\u003C\u002Fli>\n\u003Cli>Please follow additional instructions there.\u003C\u002Fli>\n\u003C\u002Fol>\n","A plugin to prevent unwanted shortcodes from showing on blog.",60,7002,3,"2016-11-30T05:31:00.000Z","4.3.34","3.0",[82,96,97,98,99],"remove-shortcode","remove-shortcodes","shortcode","shortcodes","http:\u002F\u002Fdenzeldesigns.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-unwanted-shortcodes.1.1.zip",85,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":80,"num_ratings":91,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":17,"tags":116,"homepage":17,"download_link":121,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"files-addon-for-event-espresso-4","Files Addon for Event Espresso 4","1.2.1","wordgeniee","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordgenie\u002F","\u003Cp>Files add on plugin allows to create file type question which can be used in event registration form. Attendees will be able to upload files while registerting for an event using this addon. Admin will be able to restrict the file type by setting file extensions for each question.\u003C\u002Fp>\n","Files add on plugin allows to create file upload type question which can be used in event registration form.",40,3987,"2024-04-28T15:00:00.000Z","6.5.8","4.1",[21,117,118,119,120],"file","form","questions","upload-file","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffiles-addon-for-event-espresso-4.1.2.1.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":53,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":131,"tested_up_to":70,"requires_at_least":132,"requires_php":72,"tags":133,"homepage":139,"download_link":140,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"custom-qr-code-generator","Custom QR Code Generator","1.0.3","World Web Technology","https:\u002F\u002Fprofiles.wordpress.org\u002Fworldweb\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fqrcode.worldwebtechnology.com\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fqrcode.worldwebtechnology.com\u002Fcustom-qr-code-generator-document\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa>  |  \u003Ca href=\"mailto:help.worldweb@gmail.com\" rel=\"nofollow ugc\">Support\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fwww.worldwebtechnology.com\u002F\" rel=\"nofollow ugc\">Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The “Custom QR Code Generator” plugin for WordPress is a powerful tool that allows users to easily create customizable QR codes for various purposes, including sharing links, promoting products, and providing essential information about events or social media profiles.\u003C\u002Fp>\n\u003Cp>This plugin uses the Chillerlan PHP QR Code library.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Simple to use and easy to install.\u003Cbr \u002F>\n– Clean and modern design.\u003Cbr \u002F>\n– Highly customizable to fit your needs.\u003Cbr \u002F>\n– Password protection for QR codes.\u003Cbr \u002F>\n– Import and export QR codes functionality.\u003Cbr \u002F>\n– Log user details from scanned QR codes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Best Used For\u003C\u002Fstrong>\u003Cbr \u002F>\n– Sharing Website Links.\u003Cbr \u002F>\n– Product Information.\u003Cbr \u002F>\n– Event Details.\u003Cbr \u002F>\n– Payment Information.\u003C\u002Fp>\n\u003Ch3>Installation Instructions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Unzip the downloaded zip file.\u003C\u002Fli>\n\u003Cli>Upload the included folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u003C\u002Fcode> directory of your WordPress installation.\u003C\u002Fli>\n\u003Cli>Activate the plugin via the WordPress Plugins page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>To display a specific QR code on any page or post on your website, use the following shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[cqrc_gen_qrcode_view id=\"32\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Replace “32” with the ID of the QR code you want to display.\u003C\u002Fp>\n\u003Ch3>Third party library\u003C\u002Fh3>\n\u003Col>\n\u003Cli>PHP QR Code library.\n\u003Cul>\n\u003Cli>The plugin uses the PHP QR Code generator library. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchillerlan\u002Fphp-qrcode\" rel=\"nofollow ugc\">GIT\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin utilizes the following external services for analytics and user information:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>IPinfo\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To retrieve user location data based on their IP address. This includes details such as city, region, country, and organization.\u003C\u002Fli>\n\u003Cli>For more information, please refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>User Agent Detection\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To determine the type of device (Mobile or Desktop) that the user is using.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Easily generate customizable QR codes for websites, products, and events with this user-friendly WordPress plugin.",719,"2025-12-30T13:38:00.000Z","5.6",[134,135,136,137,138],"qr-code","qr-code-generator","qr-code-in-page-post","qr-code-shortcodes","qr-code-wordpress-plugin","https:\u002F\u002Floancalc.worldwebtechnology.com\u002Fcustom-qr-code-generator-document\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-qr-code-generator.1.0.3.zip",{"slug":142,"name":143,"version":6,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":53,"downloaded":148,"rating":80,"num_ratings":27,"last_updated":149,"tested_up_to":150,"requires_at_least":151,"requires_php":17,"tags":152,"homepage":157,"download_link":158,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"event-espresso-smooth-integration","Event Espresso Smooth Integration","Jon (Kenshino)","https:\u002F\u002Fprofiles.wordpress.org\u002Fkenshino\u002F","\u003Cp>Developed for Event Espresso 4. (Not tested with EE3)\u003C\u002Fp>\n\u003Cp>Event Espresso uses it’s own routes to display Custom Post Types (eg. Events), in which many plugins do not directly account for.\u003Cbr \u002F>\nSo special meta boxes, buttons and what not sometimes do not display.\u003C\u002Fp>\n\u003Cp>Currently it adds support for GravityForms and WordPress SEO by Yoast.\u003C\u002Fp>\n\u003Ch4>GravityForms\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds ‘Add Form’ button to the WYISWYG editor. Also adds in to any custom WP_Editor instances you create in the post_type editing pages of Event Espresso 4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress SEO by Yoast\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds the SEO meta boxes that are missing from EE4. It also tries to make better calculations of your SEO score by taking into account the rest of the custom meta data you have in the post_type.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More coming as I discover them\u003C\u002Fh4>\n\u003Cp>If you would like me to integrate a plugin to Event Espresso 4, post in the support forums!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As I improve on this plugin, I will likely add settings in, in which translations will be welcomed. For now, stay still 🙂\u003C\u002Fp>\n","Developed for Event Espresso 4. (Not tested with EE3)",2737,"2015-05-02T13:37:00.000Z","4.2.39","4.0",[21,153,154,155,156],"eventespresso","gravityforms","seo","wordpress-seo","http:\u002F\u002Fwww.wingzcommunications.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fevent-espresso-smooth-integration.zip",{"attackSurface":160,"codeSignals":195,"taintFlows":253,"riskAssessment":324,"analyzedAt":335},{"hooks":161,"ajaxHandlers":191,"restRoutes":192,"shortcodes":193,"cronEvents":194,"entryPointCount":13,"unprotectedCount":13},[162,168,171,173,176,180,183,186,189],{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","plugins_loaded","anonymous","includes\u002Fclass-ee-email-shortcode.php",139,{"type":163,"name":169,"callback":165,"file":166,"line":170},"admin_enqueue_scripts",154,{"type":163,"name":169,"callback":165,"file":166,"line":172},155,{"type":163,"name":174,"callback":165,"file":166,"line":175},"admin_menu",157,{"type":177,"name":178,"callback":165,"file":166,"line":179},"filter","admin_footer_text",163,{"type":177,"name":181,"callback":165,"file":166,"line":182},"FHEE__EE_Shortcodes__shortcodes",168,{"type":177,"name":184,"callback":165,"file":166,"line":185},"FHEE__EE_Shortcodes__parser_after",169,{"type":163,"name":187,"callback":165,"file":166,"line":188},"wp_enqueue_scripts",184,{"type":163,"name":187,"callback":165,"file":166,"line":190},185,[],[],[],[],{"dangerousFunctions":196,"sqlUsage":197,"outputEscaping":200,"fileOperations":13,"externalRequests":13,"nonceChecks":91,"capabilityChecks":13,"bundledLibraries":252},[],{"prepared":198,"raw":13,"locations":199},8,[],{"escaped":201,"rawEcho":202,"locations":203},57,23,[204,207,209,211,213,215,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250],{"file":205,"line":51,"context":206},"admin\u002Fpartials\u002Fabout_e-shortcodes.php","raw output",{"file":205,"line":208,"context":206},61,{"file":205,"line":210,"context":206},82,{"file":205,"line":212,"context":206},90,{"file":205,"line":214,"context":206},94,{"file":216,"line":217,"context":206},"admin\u002Fpartials\u002Fadd_new_e-shortcodes.php",69,{"file":216,"line":219,"context":206},162,{"file":216,"line":221,"context":206},195,{"file":216,"line":223,"context":206},202,{"file":216,"line":225,"context":206},203,{"file":216,"line":227,"context":206},211,{"file":216,"line":229,"context":206},275,{"file":216,"line":231,"context":206},302,{"file":216,"line":233,"context":206},339,{"file":235,"line":111,"context":206},"admin\u002Fpartials\u002Fcustom_e-shortcodes.php",{"file":235,"line":237,"context":206},80,{"file":235,"line":239,"context":206},84,{"file":235,"line":241,"context":206},166,{"file":235,"line":243,"context":206},172,{"file":235,"line":245,"context":206},216,{"file":235,"line":247,"context":206},222,{"file":235,"line":249,"context":206},228,{"file":235,"line":251,"context":206},457,[],[254,292],{"entryPoint":255,"graph":256,"unsanitizedCount":13,"severity":291},"\u003Cadd_new_e-shortcodes> (admin\u002Fpartials\u002Fadd_new_e-shortcodes.php:0)",{"nodes":257,"edges":285},[258,263,268,272,276,278,280,283],{"id":259,"type":260,"label":261,"file":216,"line":262},"n0","source","$_POST (x2)",66,{"id":264,"type":265,"label":266,"file":216,"line":217,"wp_function":267},"n1","sink","echo() [XSS]","echo",{"id":269,"type":260,"label":270,"file":216,"line":271},"n2","$_REQUEST['id']",99,{"id":273,"type":265,"label":274,"file":216,"line":271,"wp_function":275},"n3","get_results() [SQLi]","get_results",{"id":277,"type":260,"label":270,"file":216,"line":223},"n4",{"id":279,"type":265,"label":266,"file":216,"line":223,"wp_function":267},"n5",{"id":281,"type":260,"label":282,"file":216,"line":271},"n6","$_REQUEST (x5)",{"id":284,"type":265,"label":266,"file":216,"line":225,"wp_function":267},"n7",[286,288,289,290],{"from":259,"to":264,"sanitized":287},true,{"from":269,"to":273,"sanitized":287},{"from":277,"to":279,"sanitized":287},{"from":281,"to":284,"sanitized":287},"low",{"entryPoint":293,"graph":294,"unsanitizedCount":13,"severity":291},"\u003Ccustom_e-shortcodes> (admin\u002Fpartials\u002Fcustom_e-shortcodes.php:0)",{"nodes":295,"edges":318},[296,299,300,302,303,306,309,312,313,316],{"id":259,"type":260,"label":297,"file":235,"line":298},"$_REQUEST['id'] (x2)",29,{"id":264,"type":265,"label":274,"file":235,"line":298,"wp_function":275},{"id":269,"type":260,"label":301,"file":235,"line":298},"$_REQUEST (x7)",{"id":273,"type":265,"label":266,"file":235,"line":111,"wp_function":267},{"id":277,"type":260,"label":304,"file":235,"line":305},"$_REQUEST (x2)",51,{"id":279,"type":265,"label":307,"file":235,"line":54,"wp_function":308},"update_option() [Settings Manipulation]","update_option",{"id":281,"type":260,"label":310,"file":235,"line":311},"$_REQUEST['eees_status']",229,{"id":284,"type":265,"label":266,"file":235,"line":249,"wp_function":267},{"id":314,"type":260,"label":315,"file":235,"line":251},"n8","$_REQUEST['page']",{"id":317,"type":265,"label":266,"file":235,"line":251,"wp_function":267},"n9",[319,320,321,322,323],{"from":259,"to":264,"sanitized":287},{"from":269,"to":273,"sanitized":287},{"from":277,"to":279,"sanitized":287},{"from":281,"to":284,"sanitized":287},{"from":314,"to":317,"sanitized":287},{"summary":325,"deductions":326},"The \"email-shortcode\" plugin version 1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding file operations and external HTTP requests. The presence of nonce checks and a low number of total entry points are also encouraging signs. However, the static analysis reveals that 29% of output operations are not properly escaped, which presents a potential Cross-Site Scripting (XSS) risk. Furthermore, the absence of capability checks on any entry points means that if any were discovered, they could be accessed by any user. The vulnerability history is a significant concern, with one unpatched medium-severity CVE related to XSS. The fact that the last vulnerability was in the near future (2025) and is still unpatched strongly suggests that the plugin is not actively maintained or that the developer is not addressing known security flaws promptly. While the code itself has some strengths, the unpatched vulnerability and the potential for unescaped output create a notable risk that requires immediate attention.",[327,329,332],{"reason":328,"points":68},"Unpatched medium severity CVE",{"reason":330,"points":331},"Unescaped output (29%)",6,{"reason":333,"points":334},"No capability checks on entry points",5,"2026-04-16T12:31:46.793Z",{"wat":337,"direct":346},{"assetPaths":338,"generatorPatterns":341,"scriptPaths":342,"versionParams":343},[339,340],"\u002Fwp-content\u002Fplugins\u002Femail-shortcode\u002Fadmin\u002Fcss\u002Fee-email-shortcode-admin.css","\u002Fwp-content\u002Fplugins\u002Femail-shortcode\u002Fadmin\u002Fjs\u002Fee-email-shortcode-admin.js",[],[340],[344,345],"ee-email-shortcode-admin.css?ver=","ee-email-shortcode-admin.js?ver=",{"cssClasses":347,"htmlComments":349,"htmlAttributes":350,"restEndpoints":351,"jsGlobals":352,"shortcodeOutput":353},[348],"eees_menu-title-tag",[],[],[],[],[],{"error":287,"url":355,"statusCode":356,"statusMessage":357,"message":357},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Femail-shortcode\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":359},[]]