[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSAcP91Te_MToBwMirfNmxjnmQqJcjHET20eB1c-UcVs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":73,"crawl_stats":36,"alternatives":80,"analysis":166,"fingerprints":501},"fable-extra","Fable Extra","1.0.11","WPFable","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfable\u002F","\u003Cp>Used for WP Fable Themes.\u003C\u002Fp>\n","Used for WP Fable Themes.",4000,33583,0,"2026-01-13T06:31:00.000Z","6.9.4","5.2","5.6",[19,20,21,22,23],"content","data","demo","import","widgets","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffable-extra.1.0.11.zip",92,3,"2025-04-25 00:00:00","2026-03-15T15:16:48.613Z",[31,47,59],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-46468","fable-extra-unauthenticated-local-file-inclusion","Fable Extra \u003C= 1.0.6 - Unauthenticated Local File Inclusion","The Fable Extra plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",null,"\u003C=1.0.6","1.0.7","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-04-30 22:06:28",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5b67a9ce-44ad-4438-a545-84ca69e2ef47?source=api-prod",6,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":52,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":28,"updated_date":56,"references":57,"days_to_patch":46},"CVE-2025-46539","fable-extra-unauthenticated-sql-injection","Fable Extra \u003C= 1.0.6 - Unauthenticated SQL Injection","The Fable Extra plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-30 22:06:55",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa95f5aa7-6ff1-4ebf-9b5a-17ad784eefe7?source=api-prod",{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":64,"cvss_score":65,"cvss_vector":66,"vuln_type":67,"published_date":68,"updated_date":69,"references":70,"days_to_patch":72},"CVE-2025-46447","fable-extra-authenticated-contributor-stored-cross-site-scripting","Fable Extra \u003C= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Fable Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-24 00:00:00","2025-04-30 21:30:51",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F71c17349-41d6-4c6f-b8ff-69ac818c2903?source=api-prod",7,{"slug":74,"display_name":7,"profile_url":8,"plugin_count":75,"total_installs":76,"avg_security_score":77,"avg_patch_time_days":78,"trust_score":77,"computed_at":79},"wpfable",8,7500,99,5,"2026-04-04T02:10:54.859Z",[81,102,117,137,152],{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":72,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":13,"last_vuln_date":101,"fetched_at":29},"rara-one-click-demo-import","Rara One Click Demo Import","1.3.4","Rara Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fraratheme\u002F","\u003Cp>Do you love the demos of the themes made by Rara Theme? Or, need a guideline for setting up the themes?\u003C\u002Fp>\n\u003Cp>Then, all you need is this plugin!\u003C\u002Fp>\n\u003Cp>Rara One Click Demo Import plugin will help you import the demo content, including settings of the widgets and the customizer, with a click.\u003C\u002Fp>\n\u003Cp>The demo content will make your website look like the preview of a theme so that you get a basic guideline for making your website.\u003C\u002Fp>\n\u003Cp>Once installed and activated, Rara One Click Demo Import will be accessible through \u003Cstrong>Appearance > Rara Demo Import\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>If you use Premium themes made by Rara Themes, go to Pro Theme Demo Import tab and just click on ‘Import Now’ button and your website will look like the demo of the activated theme in no time.\u003C\u002Fp>\n\u003Cp>If you use free themes made by Rara Themes, download the demo files from your \u003Ca href=\"https:\u002F\u002Frarathemes.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">Theme Documentation\u003C\u002Fa> page, upload it using ‘Upload Demo File’ button on this plugin, and click Import Now. As simple as that.\u003C\u002Fp>\n\u003Cp>You can find the detail documentation \u003Ca href=\"https:\u002F\u002Frarathemes.com\u002Fblog\u002Fimport-demo-content-rara-themes\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you need help, contact our support team \u003Ca href=\"https:\u002F\u002Frarathemes.com\u002Fsupport-ticket\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is based on the ‘Theme Demo Import’ plugin by Themely, https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-demo-import\u002F\u003C\u002Fp>\n\u003Cp>As well as the improved WP Import 2.0 plugin by @humanmade, https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Rara One Click Demo Import uses the script of\u003Cbr \u002F>\n‘Theme Demo Import’ plugin by Themely,\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-demo-import\u002F\u003Cbr \u002F>\nLicensed under the GNU General Public License v2.0,\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Rara One Click Demo Import uses ‘WordPress Importer’ plugin script\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer\u003Cbr \u002F>\n(C) 2016 @humanmade\u003Cbr \u002F>\nLicensed under the GNU General Public License v2.0,\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>Rara One Click Demo Import is distributed under the terms of the GNU GPL.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation; either version 2 of the License, or\u003Cbr \u002F>\nany later version (at your own risk).\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along\u003Cbr \u002F>\nwith this program; if not, write to the Free Software Foundation, Inc.,\u003Cbr \u002F>\n51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","Make your website look like the live demo of the theme with a click!",20000,878760,54,"2024-11-21T11:28:00.000Z","6.7.5","6.0","7.4",[19,20,21,22,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frara-one-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frara-one-click-demo-import.1.3.4.zip",91,1,"2022-04-21 13:36:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":15,"requires_at_least":24,"requires_php":17,"tags":113,"homepage":114,"download_link":115,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"skt-themes-demo-importer","SKT Themes Demo Import","1.7","sonalsinha21","https:\u002F\u002Fprofiles.wordpress.org\u002Fsonalsinha21\u002F","\u003Cp>Live demo content can be imported quickly in just one click including all widgets and settings. To establish a new website, this plugin provides a a basic layout plus it speed up the process of development.\u003C\u002Fp>\n\u003Cp>In \u003Cstrong>APPEARANCE > SKT Import Content\u003C\u002Fstrong>, it will built up the page.\u003C\u002Fp>\n\u003Cp>The three files upload inputs will be presented if you are using the theme that do not have any import filed predefined.\u003C\u002Fp>\n\u003Cp>Demo content XML file needs to be uploaded as first file is important, for the real demo import.\u003C\u002Fp>\n\u003Cp>The second one is not that much important. however for widgets import you will be asked for a WIE or JSON file. With the help of this you can create a file \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-importer-exporter\u002F\" rel=\"ugc\">Widget Importer & Exporter\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>The third option is also not mandatory. thus the customizer settings will be imported, select the DAT file that can be easily generated from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustomizer-export-import\u002F\" rel=\"ugc\">Customizer Export\u002FImport\u003C\u002Fa> plugin (from the same theme if and only if the export file was created than only the customizer settings will be imported.).\u003C\u002Fp>\n","Live demo content can be imported quickly in just one click including all widgets and settings.",5000,48623,"2026-01-15T05:48:00.000Z",[19,20,21,22,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fskt-themes-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskt-themes-demo-importer.zip",100,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":110,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":17,"tags":131,"homepage":132,"download_link":133,"security_score":134,"vuln_count":135,"unpatched_count":135,"last_vuln_date":136,"fetched_at":29},"theme-demo-import","Theme Demo Import","1.1.3","themely","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemely\u002F","\u003Cp>Quickly import demo content, widgets and settings for your new theme. This provides a basic layout to build your website and speed up the development process.\u003C\u002Fp>\n\u003Cp>This plugin will create a page in \u003Cstrong>APPEARANCE > Import Demo Content\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>If the theme you are using does not have any predefined import files, then you will be presented with three file upload inputs.\u003C\u002Fp>\n\u003Cp>First one is required and you will have to upload a demo content XML file, for the actual demo import.\u003C\u002Fp>\n\u003Cp>The second one is optional and will ask you for a WIE or JSON file for widgets import. You create that file using the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-importer-exporter\u002F\" rel=\"ugc\">Widget Importer & Exporter\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>The third one is also optional and will import the customizer settings, select the DAT file which you can generate from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustomizer-export-import\u002F\" rel=\"ugc\">Customizer Export\u002FImport\u003C\u002Fa> plugin (the customizer settings will be imported only if the export file was created from the same theme).\u003C\u002Fp>\n\u003Cp>This plugin is based off the ‘One Click Demo Import’ plugin by @capuderg and @cyman, https:\u002F\u002Fgithub.com\u002Fproteusthemes\u002Fone-click-demo-import.\u003C\u002Fp>\n\u003Cp>As well as the improved WP Import 2.0 plugin by @humanmade, https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Theme Demo Import uses ‘One Click Demo Import’ plugin script\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fproteusthemes\u002Fone-click-demo-import\u003Cbr \u002F>\n(C) 2016 ProteusThemes.com\u003Cbr \u002F>\nLicensed under the GNU General Public License v2.0,\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Theme Demo Import uses ‘WordPress Importer’ plugin script\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer\u003Cbr \u002F>\n(C) 2016 @humanmade\u003Cbr \u002F>\nLicensed under the GNU General Public License v2.0,\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>Theme Demo Import, Copyright 2016 Ishmael ‘Hans’ Desjarlais\u003C\u002Fp>\n\u003Cp>Theme Demo Import is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation; either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along\u003Cbr \u002F>\nwith this program; if not, write to the Free Software Foundation, Inc.,\u003Cbr \u002F>\n51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","Quickly import demo content, widgets and settings in one click. Made for theme authors to simplify importing demo content for their users.",258193,60,4,"2024-07-03T11:04:00.000Z","6.5.8","4.7",[19,20,21,22,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-demo-import.zip",49,2,"2023-08-09 00:00:00",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":145,"downloaded":146,"rating":13,"num_ratings":13,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":17,"tags":150,"homepage":24,"download_link":151,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"gradient-starter-templates","Starter Templates by Gradient Themes","1.2.8","Gradient Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fgradientthemes\u002F","\u003Cp>Setup your site theme from \u003Ca href=\"https:\u002F\u002Fwww.gradientthemes.com\u002F\" rel=\"nofollow ugc\">Gradient Themes\u003C\u002Fa> site with template library dummy data easily. Import settings, widgets and content with one click. Gradient Sterter Templates requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-import\u002F\" rel=\"ugc\">Advanced Import\u003C\u002Fa> Plugin to work normally.\u003C\u002Fp>\n\u003Cp>While you use Gradient Sterter Templates to import demo starter site, Images and demo files are fetches from respected theme Demo Sites form Gradient Themes. This helps you to import starter dmeo site with a single click. You must accept \u003Ca href=\"https:\u002F\u002Fwww.gradientthemes.com\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">terms\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.gradientthemes.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">privacy\u003C\u002Fa> to use Gradient Sterter Templates Plugin.\u003C\u002Fp>\n","Setup you site with dummy data easily. Import settings, widgets and content with one click.  Your dummy data must have ZIP file of xml, dat and wie fi &hellip;",3000,125930,"2025-07-18T10:32:00.000Z","6.8.5","4.9",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgradient-starter-templates.zip",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":160,"downloaded":161,"rating":162,"num_ratings":127,"last_updated":163,"tested_up_to":148,"requires_at_least":24,"requires_php":95,"tags":164,"homepage":24,"download_link":165,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"flawless-themes-demo-importer","Flawless Themes Demo Importer","1.0.19","flawlesstheme","https:\u002F\u002Fprofiles.wordpress.org\u002Fflawlesstheme\u002F","\u003Cp>Flawless Themes Demo Importer plugin helps you import demo content for various free themes of \u003Ca href=\"http:\u002F\u002Fflawlessthemes.com\u002F\" rel=\"nofollow ugc\">flawlessthemes\u003C\u002Fa> . Flawless Themes are dedicated to creating high quality, easy to use WordPress themes. If you want to import demo content for any of the flawless Themes free version, then this is the plugin for you. Remember this only works with Flawless Themes (themes) . This plugin is based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\" rel=\"ugc\">One Click Demo Import Plugin\u003C\u002Fa>. Install the Flawless Theme Demo Importer Plugin, One Click Demo Import Plugin and you are good to go.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F\u003C\u002Fp>\n","Flawless Themes Demo Importer plugin helps you import demo content for various free themes of flawlessthemes . Flawless Themes are dedicated to creati &hellip;",1000,44730,46,"2025-07-28T11:28:00.000Z",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflawless-themes-demo-importer.1.0.19.zip",{"attackSurface":167,"codeSignals":399,"taintFlows":459,"riskAssessment":484,"analyzedAt":500},{"hooks":168,"ajaxHandlers":335,"restRoutes":388,"shortcodes":389,"cronEvents":398,"entryPointCount":349,"unprotectedCount":280},[169,175,179,184,186,189,191,193,198,203,207,211,215,219,223,227,231,235,237,239,244,247,250,254,258,261,265,269,273,278,282,286,290,294,298,302,307,312,315,317,320,323,326,328,332],{"type":170,"name":171,"callback":172,"file":173,"line":174},"action","init","fable_extra_init","fable-extra.php",70,{"type":170,"name":176,"callback":177,"file":173,"line":178},"plugins_loaded","fable_extra_woo_feature",98,{"type":170,"name":180,"callback":181,"file":182,"line":183},"Fable_Extra_Shopire_frontpage","fable_extra_shopire_frontpage_sections","inc\\themes\\buycart\\buycart.php",27,{"type":170,"name":180,"callback":181,"file":185,"line":183},"inc\\themes\\easybuy\\easybuy.php",{"type":170,"name":180,"callback":181,"file":187,"line":188},"inc\\themes\\eazyshop\\eazyshop.php",25,{"type":170,"name":180,"callback":181,"file":190,"line":183},"inc\\themes\\ekart\\ekart.php",{"type":170,"name":180,"callback":181,"file":192,"line":188},"inc\\themes\\minicart\\minicart.php",{"type":170,"name":194,"callback":195,"file":196,"line":197},"wp_enqueue_scripts","desert_shopire_user_custom_style","inc\\themes\\shopire\\custom-style.php",29,{"type":170,"name":199,"callback":200,"file":201,"line":202},"customize_register","shopire_blog_customize_setting","inc\\themes\\shopire\\customizer\\shopire-blog-section.php",241,{"type":170,"name":199,"callback":204,"file":205,"line":206},"shopire_product_cat_customize_setting","inc\\themes\\shopire\\customizer\\shopire-cat-section.php",208,{"type":170,"name":199,"callback":208,"file":209,"line":210},"shopire_cta_customize_setting","inc\\themes\\shopire\\customizer\\shopire-cta-section.php",200,{"type":170,"name":199,"callback":212,"file":213,"line":214},"fable_extra_shopire_footer_customize_settings","inc\\themes\\shopire\\customizer\\shopire-footer-section.php",121,{"type":170,"name":199,"callback":216,"file":217,"line":218},"shopire_information_customize_setting","inc\\themes\\shopire\\customizer\\shopire-information-section.php",133,{"type":170,"name":199,"callback":220,"file":221,"line":222},"shopire_popular_product_customize_setting","inc\\themes\\shopire\\customizer\\shopire-popular-product-section.php",253,{"type":170,"name":199,"callback":224,"file":225,"line":226},"fable_extra_shopire_site_selective_partials","inc\\themes\\shopire\\customizer\\shopire-selective-refresh.php",73,{"type":170,"name":199,"callback":228,"file":229,"line":230},"shopire_slider_customize_setting","inc\\themes\\shopire\\customizer\\shopire-slider-section.php",270,{"type":170,"name":232,"callback":232,"file":233,"line":234},"shopire_footer_top","inc\\themes\\shopire\\customizer-repeater-default.php",312,{"type":170,"name":180,"callback":181,"file":236,"line":188},"inc\\themes\\shopire\\shopire.php",{"type":170,"name":180,"callback":181,"file":238,"line":183},"inc\\themes\\shopway\\shopway.php",{"type":170,"name":194,"callback":240,"priority":241,"file":242,"line":243},"register_assets",10,"inc\\woo-features\\fable-extra-compare-wishlist.php",74,{"type":170,"name":245,"callback":171,"priority":13,"file":242,"line":246},"after_setup_theme",81,{"type":170,"name":245,"callback":248,"priority":13,"file":242,"line":249},"fable_extra_wc_compare_wishlist_install",83,{"type":170,"name":194,"callback":251,"file":252,"line":253},"fable_extra_product_search_scripts_styles","inc\\woo-features\\fable-extra-product-search.php",18,{"type":170,"name":255,"callback":256,"priority":77,"file":252,"line":257},"create_term","fable_extra_edit_product_term",102,{"type":170,"name":259,"callback":256,"priority":77,"file":252,"line":260},"edit_term",103,{"type":170,"name":262,"callback":263,"priority":77,"file":252,"line":264},"delete_term","fable_extra_delete_product_term",104,{"type":170,"name":266,"callback":267,"priority":77,"file":252,"line":268},"save_post","fable_extra_save_post_product_action",106,{"type":170,"name":270,"callback":271,"file":252,"line":272},"widgets_init","register_product_search_widget",257,{"type":170,"name":274,"callback":275,"file":276,"line":277},"wp_footer","fable_extra_quick_view","inc\\woo-features\\fable-extra-quick-view.php",145,{"type":170,"name":279,"callback":279,"priority":280,"file":281,"line":78},"fable_extra_woocompare_add_button_loop",12,"inc\\woo-features\\includes\\compare\\buttons.php",{"type":170,"name":283,"callback":284,"priority":285,"file":281,"line":72},"woocommerce_single_product_summary","fable_extra_woocompare_add_button_single",35,{"type":170,"name":194,"callback":287,"file":288,"line":289},"fable_extra_woocompare_setup_plugin","inc\\woo-features\\includes\\compare\\compare.php",20,{"type":170,"name":291,"callback":292,"file":293,"line":280},"woocommerce_settings_start","fable_extra_woocompare_register_settings","inc\\woo-features\\includes\\compare\\settings.php",{"type":170,"name":295,"callback":296,"file":293,"line":297},"woocommerce_settings_fable_extra_woocompare_list","fable_extra_woocompare_render_settings_page",13,{"type":170,"name":299,"callback":300,"file":293,"line":301},"woocommerce_update_options_fable_extra_woocompare_list","fable_extra_woocompare_update_options",14,{"type":303,"name":304,"callback":305,"file":293,"line":306},"filter","woocommerce_settings_tabs_array","fable_extra_woocompare_register_settings_tab",17,{"type":303,"name":308,"callback":309,"file":310,"line":311},"template_include","view_template","inc\\woo-features\\includes\\templater.php",53,{"type":170,"name":313,"callback":313,"priority":280,"file":314,"line":78},"fable_extra_woowishlist_add_button_loop","inc\\woo-features\\includes\\wishlist\\buttons.php",{"type":170,"name":283,"callback":316,"priority":285,"file":314,"line":72},"fable_extra_woowishlist_add_button_single",{"type":170,"name":291,"callback":318,"file":319,"line":280},"fable_extra_woowishlist_register_settings","inc\\woo-features\\includes\\wishlist\\settings.php",{"type":170,"name":321,"callback":322,"file":319,"line":297},"woocommerce_settings_fable_extra_woowishlist","fable_extra_woowishlist_render_settings_page",{"type":170,"name":324,"callback":325,"file":319,"line":301},"woocommerce_update_options_fable_extra_woowishlist","fable_extra_woowishlist_update_options",{"type":303,"name":304,"callback":327,"file":319,"line":306},"fable_extra_woowishlist_register_settings_tab",{"type":170,"name":194,"callback":329,"file":330,"line":331},"fable_extra_woowishlist_setup_plugin","inc\\woo-features\\includes\\wishlist\\wishlist.php",19,{"type":170,"name":171,"callback":333,"file":330,"line":334},"fable_extra_woowislist_session_to_db",30,[336,341,343,345,346,350,352,355,357,361,362,366,368,372,374,378,379,383,384,387],{"action":337,"nopriv":338,"callback":337,"hasNonce":339,"hasCapCheck":338,"file":252,"line":340},"fable_extra_search_product",false,true,251,{"action":337,"nopriv":339,"callback":337,"hasNonce":339,"hasCapCheck":338,"file":252,"line":342},252,{"action":275,"nopriv":338,"callback":344,"hasNonce":339,"hasCapCheck":338,"file":276,"line":78},"fable_extra_quick_view_callback",{"action":275,"nopriv":339,"callback":344,"hasNonce":339,"hasCapCheck":338,"file":276,"line":46},{"action":347,"nopriv":338,"callback":348,"hasNonce":338,"hasCapCheck":338,"file":288,"line":349},"fable_extra_woocompare_add_to_list","fable_extra_woocompare_process_button_action",22,{"action":347,"nopriv":339,"callback":348,"hasNonce":338,"hasCapCheck":338,"file":288,"line":351},23,{"action":353,"nopriv":338,"callback":354,"hasNonce":338,"hasCapCheck":338,"file":288,"line":188},"fable_extra_woocompare_remove","fable_extra_woocompare_process_remove_button_action",{"action":353,"nopriv":339,"callback":354,"hasNonce":338,"hasCapCheck":338,"file":288,"line":356},26,{"action":358,"nopriv":338,"callback":359,"hasNonce":338,"hasCapCheck":338,"file":288,"line":360},"fable_extra_woocompare_empty","fable_extra_woocompare_process_empty_button_action",28,{"action":358,"nopriv":339,"callback":359,"hasNonce":338,"hasCapCheck":338,"file":288,"line":197},{"action":363,"nopriv":338,"callback":364,"hasNonce":338,"hasCapCheck":338,"file":288,"line":365},"fable_extra_woocompare_update","fable_extra_woocompare_process_ajax",31,{"action":363,"nopriv":339,"callback":364,"hasNonce":338,"hasCapCheck":338,"file":288,"line":367},32,{"action":369,"nopriv":338,"callback":370,"hasNonce":338,"hasCapCheck":338,"file":288,"line":371},"fable_extra_compare_get_fragments","fable_extra_woocompare_update_fragments",523,{"action":369,"nopriv":339,"callback":370,"hasNonce":338,"hasCapCheck":338,"file":288,"line":373},524,{"action":375,"nopriv":338,"callback":376,"hasNonce":339,"hasCapCheck":338,"file":330,"line":377},"fable_extra_woowishlist_add","fable_extra_woowishlist_process_button_action",21,{"action":375,"nopriv":339,"callback":376,"hasNonce":339,"hasCapCheck":338,"file":330,"line":349},{"action":380,"nopriv":338,"callback":381,"hasNonce":339,"hasCapCheck":338,"file":330,"line":382},"fable_extra_woowishlist_remove","fable_extra_woowishlist_process_remove_button_action",24,{"action":380,"nopriv":339,"callback":381,"hasNonce":339,"hasCapCheck":338,"file":330,"line":188},{"action":385,"nopriv":338,"callback":386,"hasNonce":338,"hasCapCheck":338,"file":330,"line":183},"fable_extra_woowishlist_update","fable_extra_woowishlist_process_ajax",{"action":385,"nopriv":339,"callback":386,"hasNonce":338,"hasCapCheck":338,"file":330,"line":360},[],[390,394],{"tag":391,"callback":392,"file":393,"line":127},"fable_extra_woo_compare_table","fable_extra_woocompare_shortcode","inc\\woo-features\\includes\\compare\\shortcode.php",{"tag":395,"callback":396,"file":397,"line":127},"fable_extra_woo_wishlist_table","fable_extra_woowishlist_shortcode","inc\\woo-features\\includes\\wishlist\\shortcode.php",[],{"dangerousFunctions":400,"sqlUsage":411,"outputEscaping":417,"fileOperations":100,"externalRequests":13,"nonceChecks":78,"capabilityChecks":100,"bundledLibraries":458},[401,404,407,409],{"fn":402,"file":252,"line":174,"context":403},"unserialize","$unserialized = @unserialize( $categories );",{"fn":402,"file":330,"line":405,"context":406},68,"$list = unserialize( $list );",{"fn":402,"file":330,"line":408,"context":406},238,{"fn":402,"file":330,"line":410,"context":406},278,{"prepared":135,"raw":100,"locations":412},[413],{"file":414,"line":415,"context":416},"inc\\woo-features\\includes\\install.php",114,"$wpdb->get_var() with variable interpolation",{"escaped":418,"rawEcho":377,"locations":419},380,[420,423,424,426,428,430,432,434,436,437,439,440,441,442,444,446,448,450,451,453,456],{"file":252,"line":421,"context":422},42,"raw output",{"file":252,"line":421,"context":422},{"file":252,"line":425,"context":422},245,{"file":252,"line":427,"context":422},280,{"file":252,"line":429,"context":422},282,{"file":252,"line":431,"context":422},291,{"file":252,"line":433,"context":422},314,{"file":252,"line":435,"context":422},330,{"file":252,"line":435,"context":422},{"file":252,"line":438,"context":422},331,{"file":252,"line":438,"context":422},{"file":276,"line":356,"context":422},{"file":276,"line":226,"context":422},{"file":276,"line":443,"context":422},76,{"file":276,"line":445,"context":422},84,{"file":281,"line":447,"context":422},55,{"file":281,"line":449,"context":422},59,{"file":314,"line":91,"context":422},{"file":314,"line":452,"context":422},58,{"file":454,"line":455,"context":422},"inc\\woo-features\\templates\\single-product\\related.php",313,{"file":454,"line":457,"context":422},329,[],[460,476],{"entryPoint":461,"graph":462,"unsanitizedCount":13,"severity":475},"fable_extra_quick_view_callback (inc\\woo-features\\fable-extra-quick-view.php:8)",{"nodes":463,"edges":473},[464,468],{"id":465,"type":466,"label":467,"file":276,"line":241},"n0","source","$_POST (x3)",{"id":469,"type":470,"label":471,"file":276,"line":351,"wp_function":472},"n1","sink","echo() [XSS]","echo",[474],{"from":465,"to":469,"sanitized":339},"low",{"entryPoint":477,"graph":478,"unsanitizedCount":13,"severity":475},"\u003Cfable-extra-quick-view> (inc\\woo-features\\fable-extra-quick-view.php:0)",{"nodes":479,"edges":482},[480,481],{"id":465,"type":466,"label":467,"file":276,"line":241},{"id":469,"type":470,"label":471,"file":276,"line":351,"wp_function":472},[483],{"from":465,"to":469,"sanitized":339},{"summary":485,"deductions":486},"The \"fable-extra\" plugin v1.0.11 presents a mixed security posture. While it demonstrates good practices such as a high percentage of properly escaped output and a lack of external HTTP requests, significant concerns arise from its attack surface and past vulnerability history. The presence of 12 unprotected AJAX handlers is a major weakness, providing numerous potential entry points for attackers without proper authentication.  Furthermore, the use of the `unserialize` function, while not directly flagged by taint analysis in this version, is a known dangerous function that historically has led to vulnerabilities if not handled with extreme care, especially when processing untrusted input.\n\nThe plugin's vulnerability history is particularly alarming. With 3 known CVEs, including a critical and a high severity vulnerability, it indicates a pattern of insecure coding practices. The types of past vulnerabilities (RFI, SQL Injection, XSS) are common and severe, suggesting recurring weaknesses in input validation and sanitization. The fact that the last vulnerability was very recent (April 2025) and that none are currently unpatched is a positive sign, but the historical prevalence of critical issues cannot be ignored. Overall, the plugin has some strengths in modern development practices, but the large number of unprotected entry points and its history of serious vulnerabilities make it a notable security risk.",[487,489,491,494,496,498],{"reason":488,"points":241},"High number of unprotected AJAX handlers",{"reason":490,"points":75},"Use of dangerous function (unserialize)",{"reason":492,"points":493},"History of critical severity CVEs",15,{"reason":495,"points":241},"History of high severity CVEs",{"reason":497,"points":78},"History of medium severity CVEs",{"reason":499,"points":78},"SQL queries with low prepared statement usage","2026-03-16T18:10:56.323Z",{"wat":502,"direct":521},{"assetPaths":503,"generatorPatterns":512,"scriptPaths":513,"versionParams":514},[504,505,506,507,508,509,510,511],"\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fcss\u002Ffable-extra-woocompare.css","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fjs\u002Ffable-extra-woocompare.js","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fjs\u002Ffable-extra-woocompare.min.js","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fcss\u002Ftablesaw.css","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fjs\u002Ftablesaw.js","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fjs\u002Ftablesaw.min.js","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fjs\u002Ftablesaw-init.js","\u002Fwp-content\u002Fplugins\u002Ffable-extra\u002Finc\u002Fwoo-features\u002Fassets\u002Fjs\u002Ftablesaw-init.min.js",[],[505,506,508,509,510,511],[515,516,517,518,519,520],"fable-extra\u002Fstyle.css?ver=","fable-extra-woocompare.css?ver=","fable-extra-woocompare.js?ver=","tablesaw.css?ver=","tablesaw.js?ver=","tablesaw-init.js?ver=",{"cssClasses":522,"htmlComments":523,"htmlAttributes":524,"restEndpoints":525,"jsGlobals":526,"shortcodeOutput":528},[],[],[],[],[527],"fableExtraWoocompare",[]]