[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd1n6Uny2lWg1toBZlTpnw3079eC6Cy_Yf0beg0hbD6Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":39,"fingerprints":356},"expandable-banners","Expandable Banners","1.5","Melodic Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelodicmedia\u002F","\u003Cp>Expandable Banners is an easy to use WordPress plugin that allows you to create banners that expand overtop of web content.\u003Cbr \u002F>\nSimply upload your banner which can be an image, flash or HTML, or HTML5 code, set your variables, preview and deploy.\u003Cbr \u002F>\nCustomize it by adding your own close or open button.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Now in 9 Languages: French, Spanish, Portuguese, German, Dutch, Italian, Russian, Arabic, Turkish,\u003C\u002Fli>\n\u003Cli>No coding required!\u003C\u002Fli>\n\u003Cli>Mobile Responsive: All images and HTML banners are responsive.\u003C\u002Fli>\n\u003Cli>Banner format can be: JPG, GIF, PNG, SWF, HTML or HTML5.\u003C\u002Fli>\n\u003Cli>Show only on certain screen sizes.\u003C\u002Fli>\n\u003Cli>Click to open, or Rollover to open.\u003C\u002Fli>\n\u003Cli>Close button on the outside or inside.\u003C\u002Fli>\n\u003Cli>Use our close buttons or Upload your own Close Button\u003C\u002Fli>\n\u003Cli>Paste any HTML code from: (Aweber, GetResponse, iContact, Youtube, Twitter, Facebook and more)\u003C\u002Fli>\n\u003Cli>Set your URL (Open in a new window or not)\u003C\u002Fli>\n\u003Cli>Set the Dimensions\u003C\u002Fli>\n\u003Cli>Set where you want them to be placed. (top of page, middle of page, inside a post etc.)\u003C\u002Fli>\n\u003Cli>Change the speed of the animation when it opens.\u003C\u002Fli>\n\u003Cli>Add an Auto-open or Auto-Close\u003C\u002Fli>\n\u003Cli>Create Text Banners\u003C\u002Fli>\n\u003Cli>Rollover to open, Rolloff to close.\u003C\u002Fli>\n\u003Cli>Auto-play a Youtube Video On Rollover.\u003C\u002Fli>\n\u003Cli>Add a cookie to show only once per day.\u003C\u002Fli>\n\u003Cli>Free Upgrades\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Links\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.expandablebanners.com\" rel=\"nofollow ugc\">Main Website & Live Examples\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.expandablebanners.com\u002Fsupport.php\" rel=\"nofollow ugc\">Support\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.expandablebanners.com\u002Fexpandablebanners_wordpress.php\" rel=\"nofollow ugc\">Plugin page\u003C\u002Fa> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>NOTE: Certain features are exclusive to the Full Version of Expandable Banners.\u003Cbr \u002F>\n* Expand in any Direction\u003Cbr \u002F>\n* Save an unlimited amount of banners\u003Cbr \u002F>\n* Full Stats, including: daily, weekly, monthly with a 6 month history.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Portuguese\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003C\u002Ful>\n","The easiest way to create expandable banners for your site. Unlimited creativity! 9 Languages!",10,3018,100,1,"2016-02-11T07:12:00.000Z","4.4.34","3.8","",[20,4,21,22,23],"expandable-ads","expanding-ads","expanding-banners","html5-expandable-banners","http:\u002F\u002Fexpandablebanners.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpandable-banners.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"melodicmedia",2,20,30,84,"2026-04-05T09:45:55.253Z",[],{"attackSurface":40,"codeSignals":109,"taintFlows":205,"riskAssessment":346,"analyzedAt":355},{"hooks":41,"ajaxHandlers":78,"restRoutes":106,"shortcodes":107,"cronEvents":108,"entryPointCount":95,"unprotectedCount":95},[42,48,52,56,61,65,69,74],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","plugins_loaded","exp_load_plugin_textdomain","expandablebanner.php",16,{"type":43,"name":49,"callback":50,"file":46,"line":51},"wp_enqueue_scripts","exp_expandablehead",17,{"type":43,"name":53,"callback":54,"file":46,"line":55},"wp_footer","exp_expandablediv",18,{"type":57,"name":58,"callback":59,"priority":11,"file":46,"line":60},"filter","plugin_row_meta","exp_plugin_meta_links",19,{"type":57,"name":62,"callback":63,"priority":11,"file":46,"line":64},"upgrader_pre_install","exp_backup",628,{"type":57,"name":66,"callback":67,"priority":11,"file":46,"line":68},"upgrader_post_install","exp_recover",629,{"type":43,"name":70,"callback":71,"file":72,"line":73},"admin_menu","exp_menu","expandableoptions.php",3,{"type":43,"name":75,"callback":76,"file":72,"line":77},"admin_init","exp_expandableoptions_init",4,[79,84,88,92,96,100,102,104],{"action":80,"nopriv":81,"callback":82,"hasNonce":81,"hasCapCheck":81,"file":72,"line":83},"exp_submit",false,"exp_submit_callback",5,{"action":85,"nopriv":81,"callback":86,"hasNonce":81,"hasCapCheck":81,"file":72,"line":87},"exp_uplimage","exp_uplimage_callback",6,{"action":89,"nopriv":81,"callback":90,"hasNonce":81,"hasCapCheck":81,"file":72,"line":91},"exp_clicks","exp_clicks_callback",7,{"action":93,"nopriv":81,"callback":94,"hasNonce":81,"hasCapCheck":81,"file":72,"line":95},"exp_impressions","exp_impressions_callback",8,{"action":97,"nopriv":81,"callback":98,"hasNonce":81,"hasCapCheck":81,"file":72,"line":99},"exp_opens","exp_opens_callback",9,{"action":89,"nopriv":101,"callback":90,"hasNonce":81,"hasCapCheck":81,"file":72,"line":11},true,{"action":93,"nopriv":101,"callback":94,"hasNonce":81,"hasCapCheck":81,"file":72,"line":103},11,{"action":97,"nopriv":101,"callback":98,"hasNonce":81,"hasCapCheck":81,"file":72,"line":105},12,[],[],[],{"dangerousFunctions":110,"sqlUsage":111,"outputEscaping":113,"fileOperations":103,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":204},[],{"prepared":55,"raw":27,"locations":112},[],{"escaped":114,"rawEcho":115,"locations":116},862,43,[117,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202],{"file":46,"line":118,"context":119},172,"raw output",{"file":46,"line":121,"context":119},174,{"file":46,"line":123,"context":119},179,{"file":46,"line":125,"context":119},180,{"file":46,"line":127,"context":119},182,{"file":46,"line":129,"context":119},190,{"file":46,"line":131,"context":119},192,{"file":46,"line":133,"context":119},197,{"file":46,"line":135,"context":119},198,{"file":46,"line":137,"context":119},200,{"file":46,"line":139,"context":119},206,{"file":46,"line":141,"context":119},209,{"file":46,"line":143,"context":119},216,{"file":46,"line":145,"context":119},217,{"file":46,"line":147,"context":119},219,{"file":46,"line":149,"context":119},225,{"file":46,"line":151,"context":119},228,{"file":46,"line":153,"context":119},239,{"file":46,"line":155,"context":119},242,{"file":46,"line":157,"context":119},267,{"file":46,"line":159,"context":119},393,{"file":72,"line":161,"context":119},137,{"file":72,"line":163,"context":119},347,{"file":72,"line":165,"context":119},414,{"file":72,"line":167,"context":119},688,{"file":72,"line":169,"context":119},690,{"file":72,"line":171,"context":119},696,{"file":72,"line":173,"context":119},697,{"file":72,"line":175,"context":119},699,{"file":72,"line":177,"context":119},707,{"file":72,"line":179,"context":119},709,{"file":72,"line":181,"context":119},714,{"file":72,"line":183,"context":119},715,{"file":72,"line":185,"context":119},717,{"file":72,"line":187,"context":119},723,{"file":72,"line":189,"context":119},726,{"file":72,"line":191,"context":119},733,{"file":72,"line":193,"context":119},734,{"file":72,"line":195,"context":119},736,{"file":72,"line":197,"context":119},742,{"file":72,"line":199,"context":119},745,{"file":72,"line":201,"context":119},811,{"file":72,"line":203,"context":119},901,[],[206,223,241,260,274,288,301,311],{"entryPoint":207,"graph":208,"unsanitizedCount":14,"severity":222},"exp_uplimage_callback (expandableoptions.php:82)",{"nodes":209,"edges":220},[210,215],{"id":211,"type":212,"label":213,"file":72,"line":214},"n0","source","$_FILES",98,{"id":216,"type":217,"label":218,"file":72,"line":161,"wp_function":219},"n1","sink","echo() [XSS]","echo",[221],{"from":211,"to":216,"sanitized":81},"medium",{"entryPoint":224,"graph":225,"unsanitizedCount":60,"severity":222},"exp_preview (expandableoptions.php:498)",{"nodes":226,"edges":238},[227,230,231,235],{"id":211,"type":212,"label":228,"file":72,"line":229},"$_POST (x19)",596,{"id":216,"type":217,"label":218,"file":72,"line":167,"wp_function":219},{"id":232,"type":212,"label":233,"file":72,"line":234},"n2","$_POST (x113)",570,{"id":236,"type":217,"label":218,"file":72,"line":237,"wp_function":219},"n3",757,[239,240],{"from":211,"to":216,"sanitized":81},{"from":232,"to":236,"sanitized":101},{"entryPoint":242,"graph":243,"unsanitizedCount":33,"severity":259},"exp_clicks_callback (expandableoptions.php:13)",{"nodes":244,"edges":256},[245,247,251,252],{"id":211,"type":212,"label":246,"file":72,"line":60},"$_POST",{"id":216,"type":217,"label":248,"file":72,"line":249,"wp_function":250},"get_row() [SQLi]",22,"get_row",{"id":232,"type":212,"label":246,"file":72,"line":60},{"id":236,"type":217,"label":253,"file":72,"line":254,"wp_function":255},"query() [SQLi]",26,"query",[257,258],{"from":211,"to":216,"sanitized":81},{"from":232,"to":236,"sanitized":81},"high",{"entryPoint":261,"graph":262,"unsanitizedCount":33,"severity":259},"exp_impressions_callback (expandableoptions.php:36)",{"nodes":263,"edges":271},[264,266,268,269],{"id":211,"type":212,"label":246,"file":72,"line":265},42,{"id":216,"type":217,"label":248,"file":72,"line":267,"wp_function":250},45,{"id":232,"type":212,"label":246,"file":72,"line":265},{"id":236,"type":217,"label":253,"file":72,"line":270,"wp_function":255},49,[272,273],{"from":211,"to":216,"sanitized":81},{"from":232,"to":236,"sanitized":81},{"entryPoint":275,"graph":276,"unsanitizedCount":33,"severity":259},"exp_opens_callback (expandableoptions.php:59)",{"nodes":277,"edges":285},[278,280,282,283],{"id":211,"type":212,"label":246,"file":72,"line":279},65,{"id":216,"type":217,"label":248,"file":72,"line":281,"wp_function":250},68,{"id":232,"type":212,"label":246,"file":72,"line":279},{"id":236,"type":217,"label":253,"file":72,"line":284,"wp_function":255},72,[286,287],{"from":211,"to":216,"sanitized":81},{"from":232,"to":236,"sanitized":81},{"entryPoint":289,"graph":290,"unsanitizedCount":73,"severity":259},"exp_submit_callback (expandableoptions.php:152)",{"nodes":291,"edges":298},[292,293,295,297],{"id":211,"type":212,"label":246,"file":72,"line":141},{"id":216,"type":217,"label":253,"file":72,"line":294,"wp_function":255},343,{"id":232,"type":212,"label":296,"file":72,"line":141},"$_POST (x2)",{"id":236,"type":217,"label":218,"file":72,"line":163,"wp_function":219},[299,300],{"from":211,"to":216,"sanitized":81},{"from":232,"to":236,"sanitized":81},{"entryPoint":302,"graph":303,"unsanitizedCount":14,"severity":259},"exp_main_option (expandableoptions.php:968)",{"nodes":304,"edges":309},[305,308],{"id":211,"type":212,"label":306,"file":72,"line":307},"$_POST['did']",1000,{"id":216,"type":217,"label":253,"file":72,"line":307,"wp_function":255},[310],{"from":211,"to":216,"sanitized":81},{"entryPoint":312,"graph":313,"unsanitizedCount":35,"severity":259},"\u003Cexpandableoptions> (expandableoptions.php:0)",{"nodes":314,"edges":339},[315,317,318,320,321,323,325,328,330,333,335,337],{"id":211,"type":212,"label":316,"file":72,"line":60},"$_POST (x3)",{"id":216,"type":217,"label":248,"file":72,"line":249,"wp_function":250},{"id":232,"type":212,"label":319,"file":72,"line":60},"$_POST (x4)",{"id":236,"type":217,"label":253,"file":72,"line":254,"wp_function":255},{"id":322,"type":212,"label":213,"file":72,"line":214},"n4",{"id":324,"type":217,"label":218,"file":72,"line":161,"wp_function":219},"n5",{"id":326,"type":212,"label":327,"file":72,"line":141},"n6","$_POST (x21)",{"id":329,"type":217,"label":218,"file":72,"line":163,"wp_function":219},"n7",{"id":331,"type":212,"label":332,"file":72,"line":234},"n8","$_POST (x122)",{"id":334,"type":217,"label":218,"file":72,"line":237,"wp_function":219},"n9",{"id":336,"type":212,"label":306,"file":72,"line":307},"n10",{"id":338,"type":217,"label":253,"file":72,"line":307,"wp_function":255},"n11",[340,341,342,343,344,345],{"from":211,"to":216,"sanitized":81},{"from":232,"to":236,"sanitized":81},{"from":322,"to":324,"sanitized":81},{"from":326,"to":329,"sanitized":81},{"from":331,"to":334,"sanitized":101},{"from":336,"to":338,"sanitized":81},{"summary":347,"deductions":348},"The \"expandable-banners\" plugin v1.5 presents a mixed security posture.  On the positive side, the plugin demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows a high rate of proper output escaping. It also has no known past vulnerabilities, suggesting a history of careful development. However, a significant concern arises from its attack surface. The plugin exposes 8 AJAX handlers, all of which lack any authentication or capability checks. Furthermore, the taint analysis reveals 8 flows with unsanitized paths, with 6 identified as high severity. This combination of unprotected entry points and high-severity unsanitized data flows creates a substantial risk of unauthorized data manipulation or code execution if an attacker can trigger these AJAX actions.",[349,351,353],{"reason":350,"points":34},"8 AJAX handlers without auth checks",{"reason":352,"points":34},"6 High severity unsanitized taint flows",{"reason":354,"points":11},"No Nonce checks on AJAX handlers","2026-03-17T00:53:21.085Z",{"wat":357,"direct":366},{"assetPaths":358,"generatorPatterns":361,"scriptPaths":362,"versionParams":365},[359,360],"\u002Fwp-content\u002Fplugins\u002Fexpandable-banners\u002Fexpandablebanners.js","\u002Fwp-content\u002Fplugins\u002Fexpandable-banners\u002Fswfobject\u002Fswfobject.js",[],[363,364],"wp-content\u002Fplugins\u002Fexpandable-banners\u002Fexpandablebanners.js","wp-content\u002Fplugins\u002Fexpandable-banners\u002Fswfobject\u002Fswfobject.js",[],{"cssClasses":367,"htmlComments":369,"htmlAttributes":370,"restEndpoints":375,"jsGlobals":376,"shortcodeOutput":377},[368],"show",[],[371,372,373,374],"id=\"tmp_exp_\"","id=\"ExpAd2_\"","style=\"position:absolute;\"","style=\"display:hidden\"",[],[],[]]