[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fc6uesCNYOAmX3pJWGgsTM1hRseKfxwAfAQvETLQkxMk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":136,"fingerprints":200},"extend-kses","Extend KSES","2.3","tierrainnovation","https:\u002F\u002Fprofiles.wordpress.org\u002Ftierrainnovation\u002F","\u003Cp>This is a modified version (under the MIT License) of a plugin originally developed by \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fwww.tierra-innovation.com\u002F\" rel=\"nofollow ugc\">Tierra Innovation\u003C\u002Fa>\u003C\u002Fstrong> for \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fwww.wnet.org\u002F\" rel=\"nofollow ugc\">WNET.org\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>This plugin extends the HTML functionalify of the WordPress kses.php file, which states the allowable HTML that the post\u002Fpage content editor will accept.  It allows the site administrator to check pre-defined HTML tags that can also be allowed via the editor.  Tags include: \u003Ccode>object\u003C\u002Fcode>, \u003Ccode>embed\u003C\u002Fcode>, \u003Ccode>param\u003C\u002Fcode>, \u003Ccode>iframe\u003C\u002Fcode>, \u003Ccode>map\u003C\u002Fcode> and extensions have been added to the \u003Ccode>div\u003C\u002Fcode> and \u003Ccode>img\u003C\u002Fcode> tags.\u003C\u002Fp>\n\u003Cp>Keep in mind, that by checking a tag, you are making it acceptable to post said HTML and save it.  If your users also post content, it is important that you make sure you are not enabling any malicious HTML from wreaking havoc to your environment.  If there is a tag that is missing or that you would like us to add and support, feel free to leave a comment in our \u003Cstrong>\u003Ca href=\"http:\u002F\u002Ftierra-innovation.com\u002Fwordpress-cms\u002Fplugins\u002Fextend-kses\u002F#respond\" rel=\"nofollow ugc\">support\u003C\u002Fa>\u003C\u002Fstrong> area for this plugin.\u003C\u002Fp>\n","This plugin extends the HTML functionality of the kses.php file inside wp-includes by allowing additional html tags.",10,3387,0,"2010-10-19T23:50:00.000Z","3.0.5","2.7","",[19,20],"kses","tiny-mce","http:\u002F\u002Fwww.tierra-innovation.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextend-kses.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},7,110,30,84,"2026-04-04T13:43:17.841Z",[34,55,78,98,118],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":53,"download_link":54,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"re-add-text-justify-button","Re-Add Text Justify Button","0.1.4","Salvatore Cordiano","https:\u002F\u002Fprofiles.wordpress.org\u002Fparallelit\u002F","\u003Cp>This plugin allows to re-add text justify button in the WYSIWYG on WordPress 4.7+\u003C\u002Fp>\n","The most simple plugin to re-add text justify on WordPress 4.7+",20000,211531,100,4,"2020-08-21T07:09:00.000Z","5.5.18","4.7",[50,51,20,52],"justify","mce","wysiwyg","https:\u002F\u002Fgithub.com\u002Fsalvatorecordiano\u002Fre-add-text-justify-button\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fre-add-text-justify-button.0.1.4.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":17,"tags":70,"homepage":76,"download_link":77,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"visual-editor-custom-buttons","Visual Editor Custom Buttons","1.6.0.3","cyberduck","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberduck\u002F","\u003Cp>Looking for a fast and easy way to add custom buttons to the WordPress Visual Editor? Look no further. With this plugin you can easily add your own custom buttons in the Visual Editor, as well as the HTML Editor. You can then add HTML code to the button, either as a wrap (before, after) or as a single block. On top of that you can, from within the plugin, set the CSS so you can view the effect of the button directly in the Visual Editor.\u003C\u002Fp>\n\u003Cp>The plugin comes with a large number of ready to use button icons, but you can also add your own.\u003C\u002Fp>\n\u003Cp>Visual Editor Custom Buttons. The perfect plugin for customizing the Visual Editor, add special features and simplify the content update process for the novice user.\u003C\u002Fp>\n","Visual Editor Custom Buttons lets you add custom buttons to the Wordpress Visual Editor.",4000,153855,92,37,"2023-05-26T08:52:00.000Z","6.2.9","4.9",[71,72,73,74,75],"buttons","custom","rich-editor","tiny-mce-editor","visual-editor","http:\u002F\u002Feborninteractive.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisual-editor-custom-buttons.1.6.0.3.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":96,"download_link":97,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"cf7-mce","Contact Form 7 Tiny MCE","1.1.0","Bastien Ho","https:\u002F\u002Fprofiles.wordpress.org\u002Fbastho\u002F","\u003Cp>Add tiny MCE to ContactForm7 editor\u003C\u002Fp>\n","Add tiny MCE to ContactForm7 editor",400,13564,"2015-08-14T13:34:00.000Z","4.3.34","3.1",[92,93,94,95,20],"cf7","contact-form-7","editor","form","http:\u002F\u002Fecolosites.eelv.fr\u002Fcf7mce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-mce.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":44,"downloaded":106,"rating":44,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":116,"download_link":117,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"allow-javascript-in-text-widgets","Allow Javascript in Text Widgets","0.3","Philip John","https:\u002F\u002Fprofiles.wordpress.org\u002Fphilipjohn\u002F","\u003Cp>Replaces the default text widget with one that allows Javascript so you can do basic things like add Google Ads to your sidebar without using other plugins.\u003C\u002Fp>\n\u003Cp>Important: It’s only intended for Multisite. If you use it in standard WordPress and it doesn’t work or breaks something don’t expect any sympathy.\u003C\u002Fp>\n","Replaces the default text widget with one that allows Javascript so you can do basic things like add Google Ads to your sidebar without using other pl …",11242,2,"2014-09-03T20:15:00.000Z","4.0.38","3.2.1",[112,113,19,114,115],"filter","javascript","text-widget","widget","http:\u002F\u002Fphilipjohn.co.uk\u002F#pj-better-multisite-text-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fallow-javascript-in-text-widgets.0.3.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":15,"requires_at_least":129,"requires_php":17,"tags":130,"homepage":134,"download_link":135,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"tinymce-signature","TinyMCE Signature","0.6","keighl","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeighl\u002F","\u003Cp>Automatically adds a signature to your posts. Configurable via TinyMCE on the profile page.\u003C\u002Fp>\n\u003Ch4>Use\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Edit your signature from Users -> Your Profile\u003C\u002Fli>\n\u003Cli>Choose to display the signature by default on posts or pages.\u003C\u002Fli>\n\u003Cli>Override signature on specific posts\u002Fpages via the edit page. \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For any issues you’re having with TinyMCE Signature, or if you’d like to suggest a feature, visit the \u003Ca href=\"http:\u002F\u002Fwwwkeighl.com\u002Fplugins\u002Ftinymce-signature\u002F\" title=\"Plugin homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>.\u003C\u002Fp>\n","Automatically adds a signature to your posts. Configurable via TinyMCE on the profile page.",80,12003,"2010-04-28T21:51:00.000Z","2.8",[131,132,133,20],"author","rich-edit","signature","http:\u002F\u002Fwww.keighl.com\u002Fplugins\u002Ftinymce-signature","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftinymce-signature.zip",{"attackSurface":137,"codeSignals":148,"taintFlows":159,"riskAssessment":186,"analyzedAt":199},{"hooks":138,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":13,"unprotectedCount":13},[139],{"type":140,"name":141,"callback":142,"file":143,"line":66},"action","admin_menu","modify_kses_menu","extend-kses.php",[],[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":152,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":158},[],{"prepared":13,"raw":13,"locations":151},[],{"escaped":13,"rawEcho":153,"locations":154},1,[155],{"file":143,"line":156,"context":157},180,"raw output",[],[160,178],{"entryPoint":161,"graph":162,"unsanitizedCount":153,"severity":177},"update_kses_options (extend-kses.php:77)",{"nodes":163,"edges":174},[164,169],{"id":165,"type":166,"label":167,"file":143,"line":168},"n0","source","$_REQUEST[$option]",94,{"id":170,"type":171,"label":172,"file":143,"line":168,"wp_function":173},"n1","sink","update_option() [Settings Manipulation]","update_option",[175],{"from":165,"to":170,"sanitized":176},false,"low",{"entryPoint":179,"graph":180,"unsanitizedCount":153,"severity":177},"\u003Cextend-kses> (extend-kses.php:0)",{"nodes":181,"edges":184},[182,183],{"id":165,"type":166,"label":167,"file":143,"line":168},{"id":170,"type":171,"label":172,"file":143,"line":168,"wp_function":173},[185],{"from":165,"to":170,"sanitized":176},{"summary":187,"deductions":188},"The extend-kses plugin, version 2.3, exhibits a strong security posture in several key areas. The static analysis shows no known dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, significantly reducing common attack vectors. Furthermore, the absence of any known CVEs and its clean vulnerability history suggest a history of secure development and maintenance. This overall picture points to a plugin that has been developed with security in mind, avoiding many pitfalls common in WordPress plugin development.\n\nHowever, the analysis does highlight a significant concern regarding output escaping. With 100% of identified outputs not being properly escaped, there's a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by the plugin that originates from user input or external sources could potentially be rendered in the browser without proper sanitization, allowing an attacker to inject malicious scripts. Additionally, the taint analysis reveals two flows with unsanitized paths, which, although not classified as critical or high severity in this specific scan, warrants attention as it indicates potential avenues for data to be processed insecurely. The complete lack of nonce and capability checks across all identified entry points is also a weakness, as it implies that potentially sensitive operations, if they were to exist or be introduced, might not be adequately protected against unauthorized execution.",[189,192,195,197],{"reason":190,"points":191},"All identified outputs are not properly escaped",8,{"reason":193,"points":194},"Taint analysis shows 2 flows with unsanitized paths",5,{"reason":196,"points":194},"No nonce checks detected",{"reason":198,"points":194},"No capability checks detected","2026-03-16T23:50:20.470Z",{"wat":201,"direct":206},{"assetPaths":202,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[],[],[],[],{"cssClasses":207,"htmlComments":208,"htmlAttributes":209,"restEndpoints":210,"jsGlobals":211,"shortcodeOutput":212},[],[],[],[],[],[213],"\u003Cdiv id='icon-options-general' class='icon32'>\u003Cimg src='http:\u002F\u002Ftierra-innovation.com\u002Fwordpress-cms\u002Flogos\u002Fsrc\u002Fextend-kses\u002F2.2\u002Fdefault.gif' alt='' title='' \u002F>\u003Cbr \u002F>\u003C\u002Fdiv>"]