[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxlI4mkFWHfPIzQLov9TtTc0PiWiPafsp4fgqKUnj7CM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":62,"crawl_stats":38,"alternatives":70,"analysis":169,"fingerprints":256},"facebook-like-send-button","FireCask Like & Share Button","1.3","Alex Moss","https:\u002F\u002Fprofiles.wordpress.org\u002Falexmoss\u002F","\u003Cp>Insert the Facebook Like and\u002For Send button to any post, page or template with this simple plugin. Also lets you add them via shortcode anywhere in your site!\u003C\u002Fp>\n\u003Cp>Simply install the plugin and follow the instructions on the Settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffirecask.com\u002Fservices\u002Fdevelopment\u002Fwordpress\u002F\" rel=\"nofollow ugc\">WordPress Development\u003C\u002Fa> by FireCask.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also insert the comment box as a shortcode into any post, page or template and use your own settings for each time you do it! Simply use the shortcode [fbcomments]\u003C\u002Fp>\n","Insert the Facebook Like and\u002For Send button to any post, page or template with this simple plugin. Also lets you add them via shortcode anywhere in yo …",400,48401,54,7,"2025-01-20T22:06:00.000Z","6.7.5","5.2","",[20,21,22,23,24],"facebook","facebook-like","facebook-like-button","like","like-button","https:\u002F\u002Ffirecask.com\u002Fservices\u002Fdevelopment\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-like-send-button.zip",91,2,0,"2025-01-20 22:58:31","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-11226","firecask-like-share-button-authenticated-contributor-stored-cross-site-scripting-via-width-parameter","FireCask Like & Share Button \u003C= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter","The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-21 11:09:48",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5b9d61cd-1955-40d0-99b4-c75f480733f8?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2023-25783","peadigs-like-share-button-authenticated-administrator-stored-cross-site-scripting","Peadig's Like & Share Button \u003C= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Peadig's Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.1.5","1.2",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-02-15 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d8e0ad2-3cfb-443f-9958-9639d0745dd7?source=api-prod",342,{"slug":63,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},"alexmoss",11,3650,83,249,67,"2026-04-04T15:32:04.373Z",[71,93,111,128,146],{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":89,"download_link":90,"security_score":91,"vuln_count":47,"unpatched_count":29,"last_vuln_date":92,"fetched_at":31},"easy-facebook-like-box","Easy Social Box \u002F Page Plugin","4.1.4","iamshehryar","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamshehryar\u002F","\u003Cp>Easy Social box display facebook like box. it enable Facebook Page owners to attract and gain Likes from their own website. The Social Box enables users to see page likes, recent posts from the page and Like button and which of friends like this page too.\u003C\u002Fp>\n\u003Ch4>Options\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Facebook Page URL – enter an URL address of your Facebook fan page.\u003C\u002Fli>\n\u003Cli>Width – set the width of the like box in pixels.\u003C\u002Fli>\n\u003Cli>Height – Set the height of like box in pixels.\u003C\u002Fli>\n\u003Cli>Show Faces – choose show or hide faces.\u003C\u002Fli>\n\u003Cli>Posts – choose show or hide lastest posts from your facebook fan page.\u003C\u002Fli>\n\u003Cli>Cover Photo – choose show or hide Cover Photo.\u003C\u002Fli>\n\u003Cli>Support different locales.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Now Shortcode is available in Easy Social Box and User can easily create shortcode by using widget.\u003C\u002Fp>\n\u003Cp>[easy-fb-like-box url=”enter your facebook page url” width=”set your width” height=”set your height” theme=”choose one theme light or dark” faces=”choose true or false” header=”choose ture or false” posts=”choose true or false” border=”choose true or false”]\u003C\u002Fp>\n\u003Ch4>Follow Me\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fiamshehryar\" title=\"follow me\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n","Easy Social box display facebook like box. it enable Facebook Page owners to attract and gain Likes from their own website.",5000,143642,78,12,"2024-05-29T18:39:00.000Z","6.5.8","2.8.6",[72,21,87,22,88],"facebook-like-box","facebook-like-for-wordpress","http:\u002F\u002Factivebizsolutions.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-facebook-like-box.4.1.4.zip",92,"2023-01-25 00:00:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":29,"num_ratings":29,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":108,"download_link":109,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ra-socialize-button","RA-Socialize Button","2.2","thewarlog","https:\u002F\u002Fprofiles.wordpress.org\u002Fthewarlog\u002F","\u003Cp>To attract people from google, twitter and facebook by adding like button.\u003Cbr \u002F>\nThis plugin lets you dramatically increase your traffic.\u003C\u002Fp>\n\u003Cp>To put it simple, it automatically publishes each new post of your blog to the Facebook newsfeed of your readers and to the feed of readers from similar blogs.\u003C\u002Fp>\n\u003Cp>What’s so cool about that? It notifies people around the globe who are interested specifically by the subject of your new blog posts. It does it in a very simple and compelling way, which brings additional traffic to your blog.\u003C\u002Fp>\n","RA-Socialize Button adds a Google+, twitter and facebook button to your blog post.",20,12860,"2012-02-17T15:55:00.000Z","3.3.2","3.3.1",[20,21,22,107,23],"fb","http:\u002F\u002Fblog.ecafechat.com\u002Frashids-socialize-button\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fra-socialize-button.2.2.zip",85,{"slug":112,"name":113,"version":6,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":101,"downloaded":118,"rating":119,"num_ratings":28,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":126,"download_link":127,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"yet-another-social-plugin","Yet Another Social Plugin","Marvie Pons","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarviepons\u002F","\u003Cp>Yet Another Social Plugin is a simple plugin for WordPress that allows users to display social networking share buttons on their blog. Currently, the Google +1, Facebook Like, Twitter Share, Pinterest Pin Button, and LinkedIn Share buttons are supported.\u003C\u002Fp>\n\u003Cp>This plugin shows the share buttons above or below each posts. Easy customization and positioning of the buttons in the Options page. The buttons also provides a current count of how many times the article has been shared.\u003C\u002Fp>\n\u003Cp>Plugin by \u003Ca href=\"http:\u002F\u002Ftutskid.com\u002F\" rel=\"nofollow ugc\">TutsKid | WordPress Tutorials, Themes, Plugins, and More\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with Yet Another Social Plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Add social networking share buttons above or below each posts. Easy customization and positioning of the buttons in the Options page.",11340,90,"2014-04-27T10:18:00.000Z","3.9.40","3.0",[124,20,22,23,125],"button","sharing","http:\u002F\u002Ftutskid.com\u002Fyet-another-social-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyet-another-social-plugin.1.3.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":29,"downloaded":136,"rating":29,"num_ratings":29,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":144,"download_link":145,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"embed-page-facebook","Easy Embed Page Widget","1.0.4","Apsara Aruna","https:\u002F\u002Fprofiles.wordpress.org\u002Fapsaraaruna\u002F","\u003Cp>This is simple plugin of showing your Facebook page with ‘Like’ button in your web . Easy to use.\u003C\u002Fp>\n\u003Cp>Also see my other plugins\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-youtube-subscribtion\u002F\" title=\"Youtube Subscribe Widget\" rel=\"ugc\">Youtube Subscribe Widget\u003C\u002Fa> \u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsocial-link-on-footer\u002F\" title=\"Social Link on Footer\" rel=\"ugc\">Social Link on Footer\u003C\u002Fa> \u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsocial-profile-link\u002F\" title=\"Social Profiles Link\" rel=\"ugc\">Social Profiles Link\u003C\u002Fa>\u003C\u002Fp>\n","This is widget of showing Facebook page embedded in your website.short code [embed_facebook]",1498,"2021-03-20T04:53:00.000Z","5.7.15","4.6","5.6.0",[20,21,22,142,143],"social-link","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-embed-page-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-page-facebook.1.0.4.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":156,"num_ratings":157,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":161,"tags":162,"homepage":165,"download_link":166,"security_score":167,"vuln_count":28,"unpatched_count":29,"last_vuln_date":168,"fetched_at":31},"cardoza-facebook-like-box","Easy Social Like Box – Popup – Sidebar Widget","4.8","johnnash1975","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnnash1975\u002F","\u003Cp>WP Facebook Like Box is a social plugin that enables Facebook Page owners to attract and gain Likes from their own website. The Facebook Like Box WordPress Plugin enables helps users to:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>See how many users already like your Page, and which of their friends like it too\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Read recent posts from the Page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Like the Page with one click, without needing to visit the Page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add like button for the posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode to display the facebook like box on any page or post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode to display the facebook posts like on any page or post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Translation enabled by using I18n.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Note: To get Best “Facebook Like Box plugin” output use width is 292px & Height is 210px.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Thanks for downloading and installing my plugin.\u003C\u002Fp>\n\u003Cp>Support Page: https:\u002F\u002Fjohnn.info\u002F\u003C\u002Fp>\n\u003Cp>If you have any suggestions or feedback, please post it in the following link.\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>Translation is enabled for this plugin. If someone interested in translating this plugin please visit the following link and post in the comments section with your contact email. Thanks.\u003C\u002Fp>\n\u003Ch4>Translated languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Danish (Translated by Simon Bogh)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>French (Translated by Laurent Verpeet)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>German (Translated by Peter Kaulfuss)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Hungarian (Translated by Varanka Zoltan)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Italian (Transalted by Claudio Chesselli)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Spanish (Translated by Oscar S. G. Saldarriaga)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Tamil (Translated by Vinoj Cardoza)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Facebook Like Box Plugin enables you to display the facebook page likes in sidebar widget or popup. Display like button for the posts.",7000,477054,88,18,"2025-05-14T17:05:00.000Z","6.8.5","5.0","7.2",[21,87,163,164,24],"facebook-likebox","fb-like-box","https:\u002F\u002Fjohnnash.info\u002Ffacebook-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcardoza-facebook-like-box.4.8.zip",98,"2024-06-05 12:59:33",{"attackSurface":170,"codeSignals":213,"taintFlows":241,"riskAssessment":242,"analyzedAt":255},{"hooks":171,"ajaxHandlers":205,"restRoutes":206,"shortcodes":207,"cronEvents":212,"entryPointCount":47,"unprotectedCount":29},[172,178,182,188,192,197,201],{"type":173,"name":174,"callback":175,"file":176,"line":177},"action","admin_init","fbls_init","class-admin.php",9,{"type":173,"name":179,"callback":180,"file":176,"line":181},"admin_menu","show_fbls_options",34,{"type":183,"name":184,"callback":185,"file":186,"line":187},"filter","language_attributes","fbls_schema","class-frontend.php",4,{"type":173,"name":189,"callback":190,"file":186,"line":191},"wp_head","fblsgraphinfo",31,{"type":173,"name":193,"callback":194,"priority":195,"file":186,"line":196},"wp_footer","fbmllssetup",100,56,{"type":183,"name":198,"callback":199,"priority":195,"file":186,"line":200},"the_content","fbls_button",102,{"type":183,"name":202,"callback":203,"file":186,"line":204},"widget_text","do_shortcode",158,[],[],[208],{"tag":209,"callback":210,"file":186,"line":211},"fbls","fbls_shortcode",159,[],{"dangerousFunctions":214,"sqlUsage":215,"outputEscaping":217,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":240},[],{"prepared":29,"raw":29,"locations":216},[],{"escaped":218,"rawEcho":219,"locations":220},23,10,[221,224,226,227,229,231,233,235,237,239],{"file":176,"line":222,"context":223},60,"raw output",{"file":176,"line":225,"context":223},303,{"file":176,"line":225,"context":223},{"file":176,"line":228,"context":223},371,{"file":176,"line":230,"context":223},383,{"file":176,"line":232,"context":223},396,{"file":186,"line":234,"context":223},27,{"file":186,"line":236,"context":223},28,{"file":186,"line":238,"context":223},50,{"file":186,"line":238,"context":223},[],[],{"summary":243,"deductions":244},"The 'facebook-like-send-button' plugin v1.3 exhibits a mixed security posture.  On the positive side, the static analysis reveals no detected dangerous functions, no SQL queries that are not prepared, no file operations, and no external HTTP requests. The limited attack surface, consisting of a single shortcode with no apparent unprotected entry points, is also a strength. However, there are significant concerns. The absence of nonce checks and capability checks, especially given the plugin's interaction with user input via a shortcode, creates a potential for various attacks if not handled carefully within the shortcode itself.  Furthermore, 30% of output is not properly escaped, which is a substantial portion and strongly suggests a risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history further amplifies these concerns, with two past medium-severity CVEs, both related to XSS. The fact that the last vulnerability was in early 2025 and is now marked as 'currently unpatched' (this might be a typo in the provided data and likely means the CVEs exist but have patches available, or the plugin version is vulnerable) is worrying, especially as the common vulnerability type points to XSS. The lack of taint analysis data is also a gap that prevents a deeper understanding of potential data manipulation risks.",[245,248,251,253],{"reason":246,"points":247},"Unescaped output detected",6,{"reason":249,"points":250},"Missing nonce checks",5,{"reason":252,"points":250},"Missing capability checks",{"reason":254,"points":219},"Past medium severity XSS vulnerabilities","2026-03-16T19:42:03.612Z",{"wat":257,"direct":263},{"assetPaths":258,"generatorPatterns":259,"scriptPaths":260,"versionParams":262},[],[],[261],"\u002F\u002Fconnect.facebook.net\u002F%options['language']%\u002Fsdk.js#xfbml=1&appId=%options['appID']%&version=v2.3",[],{"cssClasses":264,"htmlComments":267,"htmlAttributes":269,"restEndpoints":278,"jsGlobals":279,"shortcodeOutput":280},[265,266],"fb-like","fb-comments",[268],"\u003C!-- Like & Share Button: https:\u002F\u002Ffirecask.com\u002Fservices\u002Fdevelopment\u002Fwordpress\u002F -->",[270,271,272,273,274,275,276,277],"data-href","data-layout","data-action","data-show-faces","data-share","data-num-posts","data-width","data-colorscheme",[],[],[281,282,283],"\u003Cdiv class=\"fb-like\" ","\u003Cdiv class=\"fb-comments\" ","\u003Cfb:like "]