[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsVrfNplZeiimcJIqJhEOc7DQ22iyC5yrl8M9khMwMLA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":151,"fingerprints":913},"enable-latex","Enable Latex","1.2.16","KaizenCoders","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaizencoders\u002F","\u003Cp>Insert LaTeX formulas in your posts.\u003C\u002Fp>\n\u003Cp>Just type [latex size=0 color=000000 background=ffffff]\\\\displaystyle f_{rec} = \\\\frac{c+v_{mobile}}{c} f_{em}[\u002Flatex] in your post to show the LaTeX formula.\u003C\u002Fp>\n\u003Cp>You can configure:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>the color of the font,  \u003C\u002Fli>\n\u003Cli>the color of the background, \u003C\u002Fli>\n\u003Cli>the style of the image displayed. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin developped from the orginal plugin WP-LaTeX.\u003C\u002Fp>\n\u003Cp>This plugin is under GPL licence.\u003C\u002Fp>\n\u003Ch4>Multisite – WordPress MU\u003C\u002Fh4>\n\u003Cp>This plugin is compatible with multisite installation.\u003C\u002Fp>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Arabic (Egypt) translation provided by AmrIbrahim\u003C\u002Fli>\n\u003Cli>German (Germany) translation provided by amens\u003C\u002Fli>\n\u003Cli>English (United States), default language\u003C\u002Fli>\n\u003Cli>Farsi (Iran) translation provided by youseftabeolhojjeh\u003C\u002Fli>\n\u003Cli>French (France) translation provided by SedLex\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features of the framework\u003C\u002Fh4>\n\u003Cp>This plugin uses the SL framework. This framework eases the creation of new plugins by providing tools and frames (see dev-toolbox plugin for more info).\u003C\u002Fp>\n\u003Cp>You may easily translate the text of the plugin and submit it to the developer, send a feedback, or choose the location of the plugin in the admin panel.\u003C\u002Fp>\n\u003Cp>Have fun !\u003C\u002Fp>\n","Insert LaTeX formulas in your posts.",70,9260,100,2,"2016-04-17T09:08:00.000Z","4.5.33","3.0","",[20,21,22,23,24],"formula","latex","math","shortcode","tex","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-latex\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-latex.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58860","enable-latex-cross-site-request-forgery","Enable Latex \u003C= 1.2.16 - Cross-Site Request Forgery","The Enable Latex plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.16","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-09 22:11:07",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fee73937c-8a97-4afd-a0f6-d5e9caddc82c?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":11,"computed_at":52},"kaizencoders",14,30550,87,153,"2026-04-04T07:02:05.906Z",[54,73,96,118,134],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":28,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":69,"download_link":70,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"insert-math","Insert math","2.0","CMTV","https:\u002F\u002Fprofiles.wordpress.org\u002Fcmtv\u002F","\u003Cp>Add math support for your site. Insert block\u002Finline formulas in your text with useful and fancy modal. Watch and monitor rendered math in process of typing formula. Change formula color.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Math support on both frontend and admin panel\u003C\u002Fli>\n\u003Cli>Useful and fancy modal for inserting and editing math in posts\u003C\u002Fli>\n\u003Cli>Insert both block and inline math\u003C\u002Fli>\n\u003Cli>Changing formula color\u003C\u002Fli>\n\u003Cli>Set ID and classes for formula\u003C\u002Fli>\n\u003Cli>Automatic highlighting math in visual editor\u003C\u002Fli>\n\u003Cli>Adding x-scrollbar to block math if browser viewport is smaller then formula\u003C\u002Fli>\n\u003C\u002Ful>\n","Fast and handy insert any math formulas in your posts.",200,4406,80,"2017-08-03T05:34:00.000Z","4.8.28","4.0",[20,55,21,22,24],"https:\u002F\u002Fgithub.com\u002FCMTV\u002Fwordpress-plugin-insert-math","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finsert-math.zip",85,0,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":17,"requires_php":87,"tags":88,"homepage":18,"download_link":93,"security_score":94,"vuln_count":28,"unpatched_count":72,"last_vuln_date":95,"fetched_at":30},"mathjax-latex","MathJax-LaTeX","1.3.13","knowledgeblog","https:\u002F\u002Fprofiles.wordpress.org\u002Fknowledgeblog\u002F","\u003Cp>MathJax enables enables rendering of embedded LaTeX or MathML in HTML pages. This plugin adds this functionality to WordPress. The MathJax JavaScript is inject on-demand only to those pages which require it. This ensures that MathJax is not loaded for all pages, which will otherwise slow loading down.\u003C\u002Fp>\n\u003Cp>The MathJax JavaScript can be delivered from your own server, or you can use the Cloudflare Content Distribution Network (CDN), which is the preferred mechanism as it offers increased speed and stability over hosting the JavaScript and configuring the library yourself.\u003C\u002Fp>\n\u003Cp>You may embed latex using a variety of different syntaxes. The shortcode (https:\u002F\u002Fcodex.wordpress.org\u002FShortcode_API) syntax is preferred. So \u003Ccode>[latex]E=mc^2[\u002Flatex]\u003C\u002Fcode> will work out of the box. This also forces loading of MathJax.\u003C\u002Fp>\n\u003Cp>Additionally, you can use native MathJax syntax — \u003Ccode>$$E=mc^2$$\u003C\u002Fcode> or \u003Ccode>\\(E=mc^2\\)\u003C\u002Fcode>. However, if this is the only syntax used, the plugin must be explicitly told to load MathJax for the current page. This can be achieved by adding a \u003Ccode>[mathjax]\u003C\u002Fcode> shortcode anywhere in the post. For posts with both \u003Ccode>[latex]\u003C\u002Fcode>x\u003Ccode>[\u002Flatex]\u003C\u002Fcode> and \u003Ccode>$$x$$\u003C\u002Fcode> syntaxes this is unnecessary.\u003C\u002Fp>\n\u003Cp>You can use wp-latex syntax, \u003Ccode>$latex E=mc^2$\u003C\u002Fcode>. Parameters can be specified as with wp-latex but will be ignored. This means that MathJax-LaTeX should be a drop-in replacement for wp-latex. Because this conflicts with wp-latex, this behaviour is blocked when wp-latex is present, and must be explicitly enabled in the settings.\u003C\u002Fp>\n\u003Cp>You can also specify \u003Ccode>[nomathjax]\u003C\u002Fcode> — this will block mathjax on the current page, regardless of other tags.\u003C\u002Fp>\n\u003Cp>MathJax-LaTeX is developed on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fphillord\u002Fmathjax-latex\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>This plugin is copyright Phillip Lord, Newcastle University and is licensed under GPLv2.\u003C\u002Fp>\n","This plugin enables MathJax (http:\u002F\u002Fwww.mathjax.org) functionality for WordPress (http:\u002F\u002Fwww.wordpress.org).",10000,169356,88,11,"2025-01-14T16:50:00.000Z","6.7.5","7.0.0",[21,89,90,91,92],"mathematics","mathjax","mathml","science","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmathjax-latex.1.3.13.zip",91,"2013-03-25 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":115,"download_link":116,"security_score":94,"vuln_count":14,"unpatched_count":72,"last_vuln_date":117,"fetched_at":30},"wp-quicklatex","WP QuickLaTeX","3.8.8","advanpix","https:\u002F\u002Fprofiles.wordpress.org\u002Fadvanpix\u002F","\u003Cp>Insert formulas & graphics in the posts and comments using native LaTeX shorthands directly in the text. Inline formulas, displayed equations auto-numbering, labeling and referencing, AMS-LaTeX, \u003Ccode>TikZ\u003C\u002Fcode>, custom LaTeX preamble. No LaTeX installation required. Easily customizable using UI page. Actively developed and maintained. Visit \u003Ca href=\"http:\u002F\u002Fwww.holoborodko.com\u002Fpavel\u002Fquicklatex\u002F\" rel=\"nofollow ugc\">QuickLaTeX homepage\u003C\u002Fa> for more info.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Standard LaTeX expressions can be cut and pasted directly into WordPress posts, pages, and comments; display environments require no enclosures, other expressions require only a surrounding \u003Ccode>$..$\u003C\u002Fcode> or \u003Ccode>\\[..\\]\u003C\u002Fcode>.  No need for enclosing tags \u003Ccode>[latex] ... [\u002Flatex]\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Correct vertical positioning of inline formulas relative to baseline of surrounding text. Say “NO” to jumpy equations produced by other plugins!\u003C\u002Fli>\n\u003Cli>SVG vector graphics support, so that formulas are crisp regardless of scaling in browser.\u003C\u002Fli>\n\u003Cli>(AMS)LaTeX displayed math environments support: \u003Ccode>equation, align, gather, multiline, flalign, alignat,\u003C\u002Fcode> etc.\u003C\u002Fli>\n\u003Cli>Automatic numbering of displayed equations. Override autonumbering with \u003Ccode>\\tag{}\u003C\u002Fcode> LaTeX command.\u003C\u002Fli>\n\u003Cli>Equation hyper-referencing by standard LaTeX rules with \u003Ccode>\\label{}\u003C\u002Fcode>, \u003Ccode>\\ref{}\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Custom LaTeX document preamble, allowing added \u003Ccode>\\usepackage{}\u003C\u002Fcode> and \u003Ccode>\\newcommand{}\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>TikZ\u003C\u002Fcode> and \u003Ccode>pgfplots\u003C\u002Fcode> graphics package support.\u003C\u002Fli>\n\u003Cli>Preview formulas in comments before publishing. Additionally \u003Ca href=\"http:\u002F\u002Fblogwaffe.com\u002Fajax-comment-preview\u002F\" rel=\"nofollow ugc\">AJAX Comment Preview\u003C\u002Fa> plugin should be installed to enable this feature.\u003C\u002Fli>\n\u003Cli>Meaningful error messages for mistakes in LaTeX code.\u003C\u002Fli>\n\u003Cli>Precise font properties tuning: \u003Ccode>size, text and background color\u003C\u002Fcode>. \u003C\u002Fli>\n\u003Cli>Easy style customization using UI or CSS file.\u003C\u002Fli>\n\u003Cli>No LaTeX installation is required. \u003C\u002Fli>\n\u003Cli>QuickLaTeX.com automatically provides formula images, which are then cached on user’s server.\u003C\u002Fli>\n\u003Cli>Administrative settings page for setting global parameters; AJAX-ified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Just place LaTeX math expressions into your text and enable QuickLaTeX on the page by \u003Ccode>[latexpage]\u003C\u002Fcode> command.\u003Cbr \u002F>\nWP QuickLaTeX will convert them to high-quality images and embed into post. Inline formulas will be properly aligned with the text.\u003Cbr \u002F>\nDisplayed equations will be auto-numbered by LaTeX rules.\u003Cbr \u002F>\nTo see plugin in action please visit math-pages on my blog, e.g. \u003Ca href=\"http:\u002F\u002Fwww.holoborodko.com\u002Fpavel\u002Fnumerical-methods\u002Fnumerical-derivative\u002Fcentral-differences\u002F\" rel=\"nofollow ugc\">Central Differences\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.holoborodko.com\u002Fpavel\u002Fnumerical-methods\u002Fnumerical-integration\u002Fcubature-formulas-for-the-unit-disk\u002F\" rel=\"nofollow ugc\">Cubature formulas for the unit disk\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.holoborodko.com\u002Fpavel\u002Fnumerical-methods\u002Fnumerical-derivative\u002Fsmooth-low-noise-differentiators\u002F\" rel=\"nofollow ugc\">Smooth noise robust differentiators\u003C\u002Fa>, etc.\u003C\u002Fp>\n","Advanced LaTeX plugin. Native LaTeX syntax. Allows custom preamble, TikZ and other packages. Zoom-independent visual quality (SVG).",5000,98154,92,31,"2024-06-26T03:00:00.000Z","6.5.8","2.8",[112,113,21,22,114],"equations","gnuplot","tikz","http:\u002F\u002Fwww.holoborodko.com\u002Fpavel\u002Fquicklatex\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-quicklatex.3.8.8.zip","2024-07-01 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":17,"requires_php":18,"tags":132,"homepage":18,"download_link":133,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"simple-mathjax","Simple Mathjax","2.1.1","Samuel Coskey","https:\u002F\u002Fprofiles.wordpress.org\u002Fsgcoskey\u002F","\u003Cp>This wordpress plugin is yet another simple plugin to load the \u003Ca href=\"http:\u002F\u002Fwww.mathjax.org\" rel=\"nofollow ugc\">MathJax\u003C\u002Fa> scripts at the bottom of all of your pages. It uses a very all-inclusive mathjax configuration by default, with $’s and $$’s the default delimeters for in-line and displayed equations.\u003C\u002Fp>\n\u003Cp>A preference pane is added to the “Settings” group where you can choose whether to use MathJax version 2 or 3, change the MathJax server location (CDN) and the MathJax configuration settings. (See \u003Ca href=\"https:\u002F\u002Fdocs.mathjax.org\u002Fen\u002Flatest\u002Fweb\u002Fstart.html#configuring-mathjax\" rel=\"nofollow ugc\">the mathjax documentation\u003C\u002Fa> for details on the options available.)\u003Cbr \u002F>\nYou can also specify a LaTeX “preamble” of newcommands which will be loaded in a hidden element near the top of each page.\u003C\u002Fp>\n\u003Cp>Fork this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fboolesrings\u002FSimple-Mathjax-wordpress-plugin\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Yet another plugin to add MathJax support to your wordpress blog. Just wrap your equations inside $ signs and MathJax will render them visually.",4000,47452,94,13,"2025-09-10T09:57:00.000Z","6.8.5",[21,90],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-mathjax.2.1.1.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":13,"num_ratings":144,"last_updated":145,"tested_up_to":131,"requires_at_least":146,"requires_php":147,"tags":148,"homepage":149,"download_link":150,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"katex","KaTeX","2.2.5","Tom Churchman","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeskhue\u002F","\u003Cp>The KaTeX WordPress plugin enables you to use the fastest \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKhan\u002FKaTeX\" rel=\"nofollow ugc\">TeX math typesetting engine\u003C\u002Fa> on your WordPress website. You can include TeX inside a \u003Ccode>[katex]...[\u002Fkatex]\u003C\u002Fcode> shortcode or in a Gutenberg block. Either way the math will render beautifully on your website. When using Gutenberg blocks, the equations will render immediately inside your editor!\u003C\u002Fp>\n\u003Cp>Equations in blocks or using the \u003Ccode>[katex display=true]...[\u002Fkatex]\u003C\u002Fcode> shortcode will render on page in display mode–with bigger symbols–centered on their own line.\u003C\u002Fp>\n\u003Cp>For compatibility with other LaTeX plugins, this plugin optionally supports \u003Ccode>[latex]...[\u002Flatex]\u003C\u002Fcode> shortcodes.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkatex\" rel=\"ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Assets\u003C\u002Fh3>\n\u003Cp>This plugin includes minified assets provided by the KaTeX project.\u003Cbr \u002F>\nThe source code is available in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKaTeX\u002FKaTeX\u002Ftree\u002Fv0.16.22\" rel=\"nofollow ugc\">the KaTeX git repository on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Use the fastest math typesetting library on your website.",2000,39753,16,"2025-07-21T11:07:00.000Z","5.0","5.3",[135,21,22,90,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkatex","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkatex.2.2.5.zip",{"attackSurface":152,"codeSignals":281,"taintFlows":746,"riskAssessment":895,"analyzedAt":912},{"hooks":153,"ajaxHandlers":248,"restRoutes":272,"shortcodes":273,"cronEvents":278,"entryPointCount":279,"unprotectedCount":280},[154,160,164,167,173,176,179,182,187,190,193,196,200,202,206,209,212,215,217,219,224,228,231,235,239,244],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","init","_button_editor","core.class.php",50,{"type":155,"name":161,"callback":162,"priority":28,"file":158,"line":163},"parse_request","create_js_for_tinymce",51,{"type":155,"name":165,"callback":165,"file":158,"line":166},"admin_menu",53,{"type":168,"name":169,"callback":170,"priority":171,"file":158,"line":172},"filter","plugin_row_meta","plugin_actions",10,54,{"type":168,"name":174,"callback":174,"priority":171,"file":158,"line":175},"plugin_action_links",55,{"type":155,"name":156,"callback":177,"file":158,"line":178},"init_textdomain",56,{"type":155,"name":156,"callback":180,"file":158,"line":181},"update_plugin",58,{"type":155,"name":183,"callback":184,"priority":185,"file":158,"line":186},"wp_enqueue_scripts","javascript_front",5,61,{"type":155,"name":183,"callback":188,"priority":185,"file":158,"line":189},"css_front",62,{"type":155,"name":183,"callback":191,"file":158,"line":192},"_public_js_load",64,{"type":155,"name":183,"callback":194,"file":158,"line":195},"_public_css_load",67,{"type":155,"name":183,"callback":197,"priority":198,"file":158,"line":199},"flush_js",10000000,69,{"type":155,"name":183,"callback":201,"priority":198,"file":158,"line":11},"flush_css",{"type":155,"name":203,"callback":204,"priority":185,"file":158,"line":205},"admin_enqueue_scripts","javascript_admin",73,{"type":155,"name":203,"callback":207,"priority":185,"file":158,"line":208},"css_admin",74,{"type":155,"name":203,"callback":210,"file":158,"line":211},"_admin_js_load",76,{"type":155,"name":203,"callback":213,"file":158,"line":214},"_admin_css_load",79,{"type":155,"name":203,"callback":197,"priority":198,"file":158,"line":216},81,{"type":155,"name":203,"callback":201,"priority":198,"file":158,"line":218},82,{"type":168,"name":220,"callback":221,"priority":222,"file":158,"line":223},"the_content","the_content_SL",1000,99,{"type":168,"name":225,"callback":226,"priority":227,"file":158,"line":13},"get_the_excerpt","the_excerpt_SL",1000000,{"type":168,"name":225,"callback":229,"priority":14,"file":158,"line":230},"the_excerpt_ante_SL",101,{"type":155,"name":232,"callback":233,"file":158,"line":234},"activated_plugin","save_error_on_activation",104,{"type":168,"name":236,"callback":237,"file":158,"line":238},"mce_external_plugins","add_custom_button",702,{"type":168,"name":240,"callback":241,"priority":242,"file":158,"line":243},"mce_buttons","register_custom_button",999,703,{"type":168,"name":245,"callback":246,"file":158,"line":247},"tiny_mce_version","my_refresh_mce",704,[249,252,255,257,259,262,265,269],{"action":250,"nopriv":251,"callback":250,"hasNonce":251,"hasCapCheck":251,"file":158,"line":71},"translate_add",false,{"action":253,"nopriv":251,"callback":253,"hasNonce":251,"hasCapCheck":251,"file":158,"line":254},"translate_modify",86,{"action":256,"nopriv":251,"callback":256,"hasNonce":251,"hasCapCheck":251,"file":158,"line":50},"translate_create",{"action":258,"nopriv":251,"callback":258,"hasNonce":251,"hasCapCheck":251,"file":158,"line":83},"send_translation",{"action":260,"nopriv":251,"callback":260,"hasNonce":251,"hasCapCheck":251,"file":158,"line":261},"update_summary",89,{"action":263,"nopriv":251,"callback":264,"hasNonce":251,"hasCapCheck":251,"file":158,"line":106},"del_param","del_param_callback",{"action":266,"nopriv":251,"callback":267,"hasNonce":251,"hasCapCheck":251,"file":158,"line":268},"add_param","add_param_callback",93,{"action":270,"nopriv":251,"callback":270,"hasNonce":251,"hasCapCheck":251,"file":158,"line":271},"send_feedback",96,[],[274],{"tag":21,"callback":275,"file":276,"line":277},"latex_shortcode","enable-latex.php",41,[],9,8,{"dangerousFunctions":282,"sqlUsage":293,"outputEscaping":309,"fileOperations":27,"externalRequests":14,"nonceChecks":72,"capabilityChecks":14,"bundledLibraries":745},[283,288,291],{"fn":284,"file":285,"line":286,"context":287},"unserialize","core\\otherplugins.class.php",48,"$plugins = unserialize(@file_get_contents(dirname(__FILE__).\"\u002Fdata\u002FSLFramework_OtherPlugins_\".date('",{"fn":284,"file":285,"line":289,"context":290},128,"$res = unserialize($request['body']);",{"fn":284,"file":285,"line":292,"context":290},176,{"prepared":280,"raw":294,"locations":295},6,[296,300,302,305,307,308],{"file":297,"line":298,"context":299},"core\\templates\\my-plugin.php",106,"$wpdb->query() with variable interpolation",{"file":297,"line":301,"context":299},110,{"file":158,"line":303,"context":304},180,"$wpdb->get_var() with variable interpolation",{"file":158,"line":306,"context":304},211,{"file":276,"line":211,"context":299},{"file":276,"line":64,"context":299},{"escaped":310,"rawEcho":311,"locations":312},12,264,[313,317,319,320,322,324,326,328,329,331,333,335,337,339,341,343,345,347,349,350,351,353,354,355,356,357,358,359,360,361,362,363,365,366,367,368,369,370,371,372,373,374,375,376,379,381,384,385,386,388,390,391,392,393,394,395,396,398,399,401,402,404,405,406,408,410,412,414,416,417,418,419,421,423,425,428,429,431,432,433,435,436,437,439,440,442,443,444,445,446,448,449,450,452,454,456,458,460,462,464,466,468,470,471,473,474,475,476,477,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,496,499,500,502,503,505,507,509,510,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,542,544,546,548,550,552,554,556,557,558,559,561,563,565,567,569,571,573,575,577,579,581,583,585,587,589,590,592,594,596,598,600,602,604,606,608,610,612,614,616,618,620,622,624,626,628,630,632,634,636,638,640,642,644,646,648,650,652,654,656,657,658,660,662,664,666,667,668,669,670,672,673,675,677,679,680,682,684,685,686,687,688,690,692,694,696,698,700,702,703,705,707,709,711,712,713,715,717,718,719,720,722,724,726,728,729,731,732,733,734,736,738,739,741,743,744],{"file":314,"line":315,"context":316},"core\\admin_table.class.php",182,"raw output",{"file":314,"line":318,"context":316},189,{"file":314,"line":318,"context":316},{"file":314,"line":321,"context":316},192,{"file":314,"line":323,"context":316},193,{"file":314,"line":325,"context":316},212,{"file":314,"line":327,"context":316},219,{"file":314,"line":327,"context":316},{"file":314,"line":330,"context":316},222,{"file":314,"line":332,"context":316},223,{"file":314,"line":334,"context":316},224,{"file":314,"line":336,"context":316},225,{"file":314,"line":338,"context":316},226,{"file":314,"line":340,"context":316},227,{"file":314,"line":342,"context":316},261,{"file":314,"line":344,"context":316},277,{"file":314,"line":346,"context":316},295,{"file":314,"line":348,"context":316},364,{"file":314,"line":348,"context":316},{"file":314,"line":348,"context":316},{"file":314,"line":352,"context":316},374,{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":352,"context":316},{"file":314,"line":364,"context":316},378,{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":314,"line":364,"context":316},{"file":377,"line":378,"context":316},"core\\box.class.php",40,{"file":377,"line":380,"context":316},43,{"file":382,"line":383,"context":316},"core\\feedback.class.php",39,{"file":382,"line":378,"context":316},{"file":382,"line":277,"context":316},{"file":382,"line":387,"context":316},44,{"file":382,"line":389,"context":316},45,{"file":382,"line":172,"context":316},{"file":382,"line":175,"context":316},{"file":382,"line":208,"context":316},{"file":382,"line":211,"context":316},{"file":382,"line":214,"context":316},{"file":382,"line":216,"context":316},{"file":382,"line":397,"context":316},177,{"file":382,"line":315,"context":316},{"file":285,"line":400,"context":316},52,{"file":285,"line":172,"context":316},{"file":285,"line":403,"context":316},84,{"file":285,"line":254,"context":316},{"file":285,"line":50,"context":316},{"file":285,"line":407,"context":316},109,{"file":285,"line":409,"context":316},147,{"file":285,"line":411,"context":316},148,{"file":285,"line":413,"context":316},150,{"file":285,"line":415,"context":316},179,{"file":285,"line":303,"context":316},{"file":285,"line":315,"context":316},{"file":285,"line":318,"context":316},{"file":285,"line":420,"context":316},191,{"file":285,"line":422,"context":316},197,{"file":285,"line":424,"context":316},206,{"file":426,"line":427,"context":316},"core\\parameters.class.php",767,{"file":426,"line":427,"context":316},{"file":426,"line":430,"context":316},781,{"file":426,"line":430,"context":316},{"file":426,"line":430,"context":316},{"file":426,"line":434,"context":316},790,{"file":426,"line":434,"context":316},{"file":426,"line":434,"context":316},{"file":426,"line":438,"context":316},877,{"file":426,"line":438,"context":316},{"file":426,"line":441,"context":316},894,{"file":426,"line":441,"context":316},{"file":426,"line":441,"context":316},{"file":426,"line":441,"context":316},{"file":426,"line":441,"context":316},{"file":426,"line":447,"context":316},898,{"file":426,"line":447,"context":316},{"file":426,"line":447,"context":316},{"file":426,"line":451,"context":316},902,{"file":426,"line":453,"context":316},917,{"file":426,"line":455,"context":316},918,{"file":426,"line":457,"context":316},928,{"file":426,"line":459,"context":316},938,{"file":426,"line":461,"context":316},944,{"file":426,"line":463,"context":316},951,{"file":426,"line":465,"context":316},957,{"file":426,"line":467,"context":316},964,{"file":469,"line":189,"context":316},"core\\popup.class.php",{"file":469,"line":199,"context":316},{"file":469,"line":472,"context":316},71,{"file":469,"line":208,"context":316},{"file":469,"line":211,"context":316},{"file":469,"line":214,"context":316},{"file":469,"line":268,"context":316},{"file":478,"line":479,"context":316},"core\\progress_bar.class.php",42,{"file":478,"line":479,"context":316},{"file":478,"line":380,"context":316},{"file":478,"line":380,"context":316},{"file":478,"line":380,"context":316},{"file":478,"line":380,"context":316},{"file":478,"line":387,"context":316},{"file":478,"line":387,"context":316},{"file":478,"line":387,"context":316},{"file":478,"line":387,"context":316},{"file":478,"line":389,"context":316},{"file":478,"line":389,"context":316},{"file":478,"line":389,"context":316},{"file":478,"line":389,"context":316},{"file":478,"line":389,"context":316},{"file":478,"line":495,"context":316},49,{"file":497,"line":498,"context":316},"core\\tabs.class.php",97,{"file":497,"line":498,"context":316},{"file":497,"line":501,"context":316},102,{"file":497,"line":298,"context":316},{"file":497,"line":504,"context":316},111,{"file":497,"line":506,"context":316},118,{"file":497,"line":508,"context":316},127,{"file":497,"line":508,"context":316},{"file":497,"line":508,"context":316},{"file":497,"line":512,"context":316},133,{"file":497,"line":514,"context":316},134,{"file":297,"line":516,"context":316},292,{"file":297,"line":518,"context":316},299,{"file":297,"line":520,"context":316},312,{"file":297,"line":522,"context":316},317,{"file":297,"line":524,"context":316},320,{"file":297,"line":526,"context":316},323,{"file":297,"line":528,"context":316},328,{"file":297,"line":530,"context":316},331,{"file":297,"line":532,"context":316},334,{"file":297,"line":534,"context":316},338,{"file":297,"line":536,"context":316},386,{"file":297,"line":538,"context":316},392,{"file":540,"line":541,"context":316},"core\\translation.class.php",139,{"file":540,"line":543,"context":316},151,{"file":540,"line":545,"context":316},152,{"file":540,"line":547,"context":316},158,{"file":540,"line":549,"context":316},166,{"file":540,"line":551,"context":316},190,{"file":540,"line":553,"context":316},218,{"file":540,"line":555,"context":316},221,{"file":540,"line":330,"context":316},{"file":540,"line":334,"context":316},{"file":540,"line":338,"context":316},{"file":540,"line":560,"context":316},230,{"file":540,"line":562,"context":316},257,{"file":540,"line":564,"context":316},341,{"file":540,"line":566,"context":316},344,{"file":540,"line":568,"context":316},345,{"file":540,"line":570,"context":316},348,{"file":540,"line":572,"context":316},350,{"file":540,"line":574,"context":316},353,{"file":540,"line":576,"context":316},357,{"file":540,"line":578,"context":316},583,{"file":540,"line":580,"context":316},588,{"file":540,"line":582,"context":316},594,{"file":540,"line":584,"context":316},747,{"file":540,"line":586,"context":316},764,{"file":540,"line":588,"context":316},765,{"file":540,"line":427,"context":316},{"file":540,"line":591,"context":316},768,{"file":540,"line":593,"context":316},772,{"file":540,"line":595,"context":316},773,{"file":540,"line":597,"context":316},775,{"file":540,"line":599,"context":316},776,{"file":540,"line":601,"context":316},796,{"file":540,"line":603,"context":316},798,{"file":540,"line":605,"context":316},805,{"file":540,"line":607,"context":316},1027,{"file":540,"line":609,"context":316},1028,{"file":540,"line":611,"context":316},1047,{"file":540,"line":613,"context":316},1048,{"file":540,"line":615,"context":316},1062,{"file":540,"line":617,"context":316},1145,{"file":540,"line":619,"context":316},1148,{"file":540,"line":621,"context":316},1149,{"file":540,"line":623,"context":316},1159,{"file":540,"line":625,"context":316},1162,{"file":540,"line":627,"context":316},1165,{"file":540,"line":629,"context":316},1170,{"file":540,"line":631,"context":316},1339,{"file":540,"line":633,"context":316},1340,{"file":540,"line":635,"context":316},1358,{"file":540,"line":637,"context":316},1359,{"file":540,"line":639,"context":316},1369,{"file":540,"line":641,"context":316},1451,{"file":540,"line":643,"context":316},1454,{"file":540,"line":645,"context":316},1455,{"file":540,"line":647,"context":316},1465,{"file":540,"line":649,"context":316},1468,{"file":540,"line":651,"context":316},1471,{"file":540,"line":653,"context":316},1476,{"file":655,"line":389,"context":316},"core\\tree.class.php",{"file":655,"line":159,"context":316},{"file":655,"line":195,"context":316},{"file":655,"line":659,"context":316},77,{"file":655,"line":661,"context":316},83,{"file":655,"line":663,"context":316},116,{"file":655,"line":665,"context":316},120,{"file":655,"line":303,"context":316},{"file":655,"line":306,"context":316},{"file":158,"line":551,"context":316},{"file":158,"line":323,"context":316},{"file":158,"line":671,"context":316},203,{"file":158,"line":334,"context":316},{"file":158,"line":674,"context":316},749,{"file":158,"line":676,"context":316},757,{"file":158,"line":678,"context":316},759,{"file":158,"line":678,"context":316},{"file":158,"line":681,"context":316},762,{"file":158,"line":683,"context":316},763,{"file":158,"line":586,"context":316},{"file":158,"line":588,"context":316},{"file":158,"line":595,"context":316},{"file":158,"line":595,"context":316},{"file":158,"line":689,"context":316},842,{"file":158,"line":691,"context":316},1059,{"file":158,"line":693,"context":316},1249,{"file":158,"line":695,"context":316},1267,{"file":158,"line":697,"context":316},1300,{"file":158,"line":699,"context":316},1306,{"file":158,"line":701,"context":316},1345,{"file":158,"line":639,"context":316},{"file":158,"line":704,"context":316},1379,{"file":158,"line":706,"context":316},1382,{"file":158,"line":708,"context":316},1426,{"file":158,"line":710,"context":316},1427,{"file":158,"line":710,"context":316},{"file":158,"line":710,"context":316},{"file":158,"line":714,"context":316},1438,{"file":158,"line":716,"context":316},1439,{"file":158,"line":716,"context":316},{"file":158,"line":716,"context":316},{"file":158,"line":716,"context":316},{"file":158,"line":721,"context":316},1446,{"file":158,"line":723,"context":316},1473,{"file":158,"line":725,"context":316},1475,{"file":158,"line":727,"context":316},1635,{"file":276,"line":413,"context":316},{"file":276,"line":730,"context":316},155,{"file":276,"line":318,"context":316},{"file":276,"line":321,"context":316},{"file":276,"line":323,"context":316},{"file":276,"line":735,"context":316},195,{"file":276,"line":737,"context":316},196,{"file":276,"line":422,"context":316},{"file":276,"line":740,"context":316},201,{"file":276,"line":742,"context":316},202,{"file":276,"line":330,"context":316},{"file":276,"line":334,"context":316},[],[747,762,772,782,801,832,845,854,870,880],{"entryPoint":748,"graph":749,"unsanitizedCount":14,"severity":39},"flush (core\\admin_table.class.php:170)",{"nodes":750,"edges":760},[751,755],{"id":752,"type":753,"label":754,"file":314,"line":315},"n0","source","$_SERVER['PHP_SELF'] (x2)",{"id":756,"type":757,"label":758,"file":314,"line":315,"wp_function":759},"n1","sink","echo() [XSS]","echo",[761],{"from":752,"to":756,"sanitized":251},{"entryPoint":763,"graph":764,"unsanitizedCount":28,"severity":39},"translate_add (core\\translation.class.php:178)",{"nodes":765,"edges":770},[766,769],{"id":752,"type":753,"label":767,"file":540,"line":768},"$_POST",184,{"id":756,"type":757,"label":758,"file":540,"line":334,"wp_function":759},[771],{"from":752,"to":756,"sanitized":251},{"entryPoint":773,"graph":774,"unsanitizedCount":14,"severity":39},"translate_modify (core\\translation.class.php:243)",{"nodes":775,"edges":780},[776,779],{"id":752,"type":753,"label":777,"file":540,"line":778},"$_POST (x2)",250,{"id":756,"type":757,"label":758,"file":540,"line":570,"wp_function":759},[781],{"from":752,"to":756,"sanitized":251},{"entryPoint":783,"graph":784,"unsanitizedCount":129,"severity":39},"translate_create (core\\translation.class.php:607)",{"nodes":785,"edges":798},[786,788,792,796],{"id":752,"type":753,"label":777,"file":540,"line":787},615,{"id":756,"type":757,"label":789,"file":540,"line":790,"wp_function":791},"fopen() [File Access]",652,"fopen",{"id":793,"type":753,"label":794,"file":540,"line":795},"n2","$_POST (x11)",612,{"id":797,"type":757,"label":758,"file":540,"line":584,"wp_function":759},"n3",[799,800],{"from":752,"to":756,"sanitized":251},{"from":793,"to":797,"sanitized":251},{"entryPoint":802,"graph":803,"unsanitizedCount":831,"severity":39},"\u003Ctranslation.class> (core\\translation.class.php:0)",{"nodes":804,"edges":826},[805,807,808,809,810,814,819,822],{"id":752,"type":753,"label":806,"file":540,"line":768},"$_POST (x21)",{"id":756,"type":757,"label":758,"file":540,"line":334,"wp_function":759},{"id":793,"type":753,"label":777,"file":540,"line":787},{"id":797,"type":757,"label":789,"file":540,"line":790,"wp_function":791},{"id":811,"type":753,"label":812,"file":540,"line":813},"n4","$_POST (x8)",611,{"id":815,"type":757,"label":816,"file":540,"line":817,"wp_function":818},"n5","file_put_contents() [File Write]",982,"file_put_contents",{"id":820,"type":753,"label":777,"file":540,"line":821},"n6",610,{"id":823,"type":757,"label":824,"file":540,"line":607,"wp_function":825},"n7","file_get_contents() [SSRF\u002FLFI]","file_get_contents",[827,828,829,830],{"from":752,"to":756,"sanitized":251},{"from":793,"to":797,"sanitized":251},{"from":811,"to":815,"sanitized":251},{"from":820,"to":823,"sanitized":251},33,{"entryPoint":833,"graph":834,"unsanitizedCount":185,"severity":844},"\u003Cadmin_table.class> (core\\admin_table.class.php:0)",{"nodes":835,"edges":841},[836,837,838,840],{"id":752,"type":753,"label":754,"file":314,"line":315},{"id":756,"type":757,"label":758,"file":314,"line":315,"wp_function":759},{"id":793,"type":753,"label":839,"file":314,"line":11},"$_GET (x3)",{"id":797,"type":757,"label":758,"file":314,"line":334,"wp_function":759},[842,843],{"from":752,"to":756,"sanitized":251},{"from":793,"to":797,"sanitized":251},"low",{"entryPoint":846,"graph":847,"unsanitizedCount":14,"severity":844},"\u003Cparameters.class> (core\\parameters.class.php:0)",{"nodes":848,"edges":852},[849,851],{"id":752,"type":753,"label":777,"file":426,"line":850},245,{"id":756,"type":757,"label":758,"file":426,"line":430,"wp_function":759},[853],{"from":752,"to":756,"sanitized":251},{"entryPoint":855,"graph":856,"unsanitizedCount":28,"severity":844},"del_param_callback (core.class.php:455)",{"nodes":857,"edges":867},[858,860,863],{"id":752,"type":753,"label":767,"file":158,"line":859},461,{"id":756,"type":861,"label":862,"file":158,"line":859},"transform","→ del_param()",{"id":793,"type":757,"label":864,"file":158,"line":865,"wp_function":866},"update_option() [Settings Manipulation]",441,"update_option",[868,869],{"from":752,"to":756,"sanitized":251},{"from":756,"to":793,"sanitized":251},{"entryPoint":871,"graph":872,"unsanitizedCount":14,"severity":844},"add_param_callback (core.class.php:477)",{"nodes":873,"edges":878},[874,876],{"id":752,"type":753,"label":777,"file":158,"line":875},480,{"id":756,"type":757,"label":864,"file":158,"line":877,"wp_function":866},508,[879],{"from":752,"to":756,"sanitized":251},{"entryPoint":881,"graph":882,"unsanitizedCount":28,"severity":844},"\u003Ccore.class> (core.class.php:0)",{"nodes":883,"edges":890},[884,886,887,888,889],{"id":752,"type":753,"label":885,"file":158,"line":875},"$_POST (x3)",{"id":756,"type":757,"label":864,"file":158,"line":877,"wp_function":866},{"id":793,"type":753,"label":767,"file":158,"line":859},{"id":797,"type":861,"label":862,"file":158,"line":859},{"id":811,"type":757,"label":864,"file":158,"line":865,"wp_function":866},[891,893,894],{"from":752,"to":756,"sanitized":892},true,{"from":793,"to":797,"sanitized":251},{"from":797,"to":811,"sanitized":251},{"summary":896,"deductions":897},"The 'enable-latex' plugin exhibits a concerning security posture, largely due to a significant number of unprotected AJAX handlers and widespread issues with output escaping.  The static analysis reveals 8 AJAX handlers, all lacking authentication checks, which represent a substantial attack surface.  Furthermore, only a meager 4% of output operations are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities being present throughout the plugin's functionality. The presence of the `unserialize` function, without clear sanitization context provided in the data, is another red flag that could lead to remote code execution if improperly handled serialized data is processed.\n\nTaint analysis showed no critical or high severity flows, which is a positive sign. However, the vulnerability history, including a known medium-severity CVE that remains unpatched, suggests a pattern of past security weaknesses and a potential lack of proactive security maintenance. The plugin's history of Cross-Site Request Forgery (CSRF) vulnerabilities, coupled with the numerous unprotected AJAX endpoints, further amplifies this concern. While the plugin has some strengths, such as a moderate SQL query preparedness and no bundled libraries, the overwhelming number of unprotected entry points and poor output escaping practices create a high-risk environment.",[898,900,902,905,907,910],{"reason":899,"points":171},"Unprotected AJAX handlers",{"reason":901,"points":280},"Low output escaping coverage",{"reason":903,"points":904},"Unpatched medium CVE",15,{"reason":906,"points":171},"No nonce checks",{"reason":908,"points":909},"Dangerous function unserialize",7,{"reason":911,"points":185},"Low capability check coverage","2026-03-16T21:31:37.820Z",{"wat":914,"direct":929},{"assetPaths":915,"generatorPatterns":921,"scriptPaths":922,"versionParams":923},[916,917,918,919,920],"\u002Fwp-content\u002Fplugins\u002Fenable-latex\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fenable-latex\u002Fassets\u002Fjs\u002Fscripts.js","\u002Fwp-content\u002Fplugins\u002Fenable-latex\u002Fassets\u002Fcss\u002Ftooltip.css","\u002Fwp-content\u002Fplugins\u002Fenable-latex\u002Fassets\u002Fjs\u002Ftooltip.js","\u002Fwp-content\u002Fplugins\u002Fenable-latex\u002Fassets\u002Fjs\u002Fmathjax.js",[],[917,919,920],[924,925,926,927,928],"enable-latex\u002Fassets\u002Fcss\u002Fmain.css?ver=","enable-latex\u002Fassets\u002Fjs\u002Fscripts.js?ver=","enable-latex\u002Fassets\u002Fcss\u002Ftooltip.css?ver=","enable-latex\u002Fassets\u002Fjs\u002Ftooltip.js?ver=","enable-latex\u002Fassets\u002Fjs\u002Fmathjax.js?ver=",{"cssClasses":930,"htmlComments":934,"htmlAttributes":937,"restEndpoints":940,"jsGlobals":942,"shortcodeOutput":944},[931,932,933],"latex_object","latex_img_object","latex_img_text",[935,936],"\u003C!-- latex -->","\u003C!-- end latex -->",[938,939],"data-latex-code","data-latex-type",[941],"\u002Fwp-json\u002Fenable-latex\u002Fv1\u002Fsettings",[943],"EnableLatex",[945,946],"[latex]","[\u002Flatex]"]