[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5NoYbcXix9U5r3eZq13-7g01Lg4rtYil8KuPwalTczg":3,"$fyW-gxhwMLrfQjjXE-BK2BnnR4F3NCIyLESz5yeM5C-Y":216,"$fCwI-CVTKU8mqEeGCWHwn_7mSv8zdOlk9UJa0rbcM8xc":221},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":59,"crawl_stats":38,"alternatives":66,"analysis":164,"fingerprints":199},"faq-schema-block-to-accordion","Turn Yoast SEO FAQ Block to Accordion","1.0.6","yasir129","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasir129\u002F","\u003Cp>This plugin turns the Yoast SEO FAQ schema blocks into accordion. This plugin works out of the box. Upon installation and activation, it will automatically convert the Yoast SEO FAQ schema blocks into collapsible headers or accordion.\u003Cbr \u002F>\nThis plugin will convert the frequently asked questions (FAQ) block of Yoast SEO plugin into decent looking accordion.\u003C\u002Fp>\n\u003Cp>Here is a 2 min video about the plugin working\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FnfmArKHvZyc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","This plugin turns Yoast SEO FAQ block into accordion easily.",3000,25198,100,5,"2024-05-21T21:10:00.000Z","6.5.8","5.0","5.3",[20,21,22,23,24],"faq","readability","seo","yoast","yoast-seo","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffaq-schema-block-to-accordion.zip",70,1,"2026-01-16 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":48,"research_verified":49,"research_rounds_completed":50,"research_plan":51,"research_summary":52,"research_vulnerable_code":53,"research_fix_diff":54,"research_exploit_outline":55,"research_model_used":56,"research_started_at":57,"research_completed_at":58,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":49,"poc_model_used":38,"poc_verification_depth":38},"CVE-2026-24591","turn-yoast-seo-faq-block-to-accordion-authenticated-contributor-stored-cross-site-scripting","Turn Yoast SEO FAQ Block to Accordion \u003C= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Turn Yoast SEO FAQ Block to Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.6","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-27 19:23:49",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff9de638d-a645-4e4e-bf7d-514692677106?source=api-prod",[],"researched",false,3,"This exploitation research plan targets **CVE-2026-24591**, a Stored Cross-Site Scripting (XSS) vulnerability in the \"Turn Yoast SEO FAQ Block to Accordion\" plugin.\n\n---\n\n### 1. Vulnerability Summary\nThe plugin is designed to transform the standard Yoast SEO FAQ Gutenberg block into a functional accordion on the frontend. The vulnerability exists because the plugin fails to sanitize or escape the FAQ data (specifically the Question and Answer fields) when it intercepts the block rendering process to inject its accordion HTML\u002FJavaScript. Since Contributors can create and edit posts, they can inject malicious scripts into these block attributes, which then execute in the context of any user (including administrators) viewing the post.\n\n### 2. Attack Vector Analysis\n*   **Endpoint:** WordPress REST API Post endpoint (`\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts`) or the standard Post Editor (`wp-admin\u002Fpost.php`).\n*   **Vulnerable Parameter:** `post_content` (specifically the JSON attributes within the `\u003C!-- wp:yoast\u002Ffaq-block -->` Gutenberg block comment).\n*   **Authentication Level:** Authenticated (Contributor or higher).\n*   **Preconditions:** The Yoast SEO plugin must be active (so the block exists) and the vulnerable \"Turn Yoast SEO FAQ Block to Accordion\" plugin must be active to perform the unescaped rendering.\n\n### 3. Code Flow (Inferred)\n1.  **Entry Point:** The plugin likely registers a filter on `render_block` or `render_block_yoast\u002Ffaq-block`.\n2.  **Logic Path:**\n    *   The filter function (e.g., `faq_accordion_render_callback( $block_content, $block )`) is triggered when a Yoast FAQ block is rendered.\n    *   The plugin extracts the `questions` array from `$block['attrs']`.\n    *   The plugin iterates through each question object (containing `jsonQuestion` and `jsonAnswer`).\n3.  **Sink:** The plugin constructs the accordion HTML by concatenating strings or using a template, directly echoing or returning the raw `jsonQuestion` or `jsonAnswer` values without using `esc_html()` or `wp_kses()`.\n\n### 4. Nonce Acquisition Strategy\nTo save a post as a Contributor via the REST API (the most reliable method for automated PoC), a `_wpnonce` for the `wp_rest` action is required.\n\n1.  **Identify Shortcode\u002FScript:** This plugin modifies existing blocks rather than using a custom shortcode. Therefore, we should navigate to the standard post editor page.\n2.  **Navigate:** Use `browser_navigate` to `wp-admin\u002Fpost-new.php`.\n3.  **Extract Nonce:** Use `browser_eval` to extract the REST nonce from the WordPress settings object.\n    *   **Script:** `browser_eval(\"wpApiSettings.nonce\")`\n4.  **Alternative:** The nonce can also be found in the HTML source of the post editor inside the `wp-api-settings` inline script.\n\n### 5. Exploitation Strategy\nThe goal is to create a post containing a Yoast FAQ block where the question contains an XSS payload.\n\n**Step 1: Authenticate**\nLog in as a user with the **Contributor** role.\n\n**Step 2: Get REST Nonce**\nNavigate to `wp-admin\u002F` and execute `browser_eval(\"wpApiSettings.nonce\")`.\n\n**Step 3: Create Malicious Post**\nSend a `POST` request to `\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts` using the `http_request` tool.\n\n*   **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts`\n*   **Method:** `POST`\n*   **Headers:**\n    *   `Content-Type: application\u002Fjson`\n    *   `X-WP-Nonce: [EXTRACTED_NONCE]`\n*   **Payload:**\n```json\n{\n  \"title\": \"FAQ Accordion XSS Test\",\n  \"status\": \"publish\",\n  \"content\": \"\u003C!-- wp:yoast\u002Ffaq-block {\\\"questions\\\":[{\\\"id\\\":\\\"faq-question-1\\\",\\\"jsonQuestion\\\":\\\"\u003Cimg src=x onerror=alert(document.domain)>\\\",\\\"jsonAnswer\\\":\\\"This is a test answer.\\\"}]} -->\\n\u003Cdiv class=\\\"schema-faq wp-block-yoast-faq-block\\\">\u003C\u002Fdiv>\\n\u003C!-- \u002Fwp:yoast\u002Ffaq-block -->\"\n}\n```\n*Note: Even if the Contributor cannot 'publish', they can set the status to 'pending' or 'draft'. The XSS will execute during 'Preview' by an Admin.*\n\n**Step 4: Trigger the XSS**\nNavigate to the URL of the newly created post (or use `browser_navigate` to view the post as an Admin).\n\n### 6. Test Data Setup\n1.  **Plugin Installation:** Ensure `wordpress-seo` (Yoast) and `faq-schema-block-to-accordion` are installed and active.\n2.  **User Creation:**\n    *   `wp user create attacker attacker@example.com --role=contributor --user_pass=password`\n3.  **Target Content:** No pre-existing content is required, as the attacker creates the post.\n\n### 7. Expected Results\nWhen the post is viewed, the plugin's accordion rendering logic will process the `jsonQuestion` attribute. Because it is not escaped, the browser will encounter:\n```html\n\u003Cdiv class=\"accordion-title\">\n    \u003Cimg src=x onerror=alert(document.domain)>\n\u003C\u002Fdiv>\n```\nThe `alert(document.domain)` will execute immediately.\n\n### 8. Verification Steps\n1.  **Verify Storage:** Use WP-CLI to verify the payload is stored in the database:\n    *   `wp post list --post_type=post --format=ids`\n    *   `wp post get [ID] --field=post_content`\n2.  **Verify Execution:** Use `browser_navigate` to the post URL and check for the presence of the injected `\u003Cimg>` tag or the execution of the script via a `console.log` payload.\n\n### 9. Alternative Approaches\n*   **Answer Field XSS:** Inject the payload into the `jsonAnswer` field instead of `jsonQuestion`.\n    *   Payload: `\\\"jsonAnswer\\\":\\\"\u003Cscript>console.log('XSS_IN_ANSWER')\u003C\u002Fscript>\\\"`\n*   **Classic Editor \u002F Meta Injection:** If the plugin supports older versions of Yoast or custom meta, try injecting into `_yoast_wpseo_faq_questions` post meta directly using a `POST` request to `wp-admin\u002Fpost.php`.\n*   **Gutenberg Attribute Breakout:** If the plugin escapes HTML but not attributes, try:\n    *   `\"jsonQuestion\": \"Item\\\" onmouseover=\\\"alert(1)\\\" data-x=\\\"\"`","The Turn Yoast SEO FAQ Block to Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient output escaping when intercepting and rendering Yoast SEO FAQ blocks. This allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into FAQ block attributes that execute in the context of any user viewing the page.","\u002F\u002F Inferred logic based on plugin behavior described in research plan\n\u002F\u002F faq-schema-block-to-accordion\u002Ffaq-schema-block-to-accordion.php\n\nfunction faq_accordion_render_callback( $block_content, $block ) {\n    if ( isset( $block['blockName'] ) && $block['blockName'] === 'yoast\u002Ffaq-block' ) {\n        $questions = $block['attrs']['questions'];\n        $new_content = '\u003Cdiv class=\"faq-accordion-container\">';\n        \n        foreach ( $questions as $question ) {\n            \u002F\u002F Vulnerability: Attributes are concatenated into HTML without escaping\n            $new_content .= '\u003Cdiv class=\"accordion-item\">';\n            $new_content .= '\u003Cdiv class=\"accordion-title\">' . $question['jsonQuestion'] . '\u003C\u002Fdiv>';\n            $new_content .= '\u003Cdiv class=\"accordion-content\">' . $question['jsonAnswer'] . '\u003C\u002Fdiv>';\n            $new_content .= '\u003C\u002Fdiv>';\n        }\n        \n        $new_content .= '\u003C\u002Fdiv>';\n        return $new_content;\n    }\n    return $block_content;\n}\nadd_filter( 'render_block', 'faq_accordion_render_callback', 10, 2 );","--- faq-schema-block-to-accordion.php\n+++ faq-schema-block-to-accordion.php\n@@ -8,8 +8,8 @@\n         \n         foreach ( $questions as $question ) {\n             $new_content .= '\u003Cdiv class=\"accordion-item\">';\n-            $new_content .= '\u003Cdiv class=\"accordion-title\">' . $question['jsonQuestion'] . '\u003C\u002Fdiv>';\n-            $new_content .= '\u003Cdiv class=\"accordion-content\">' . $question['jsonAnswer'] . '\u003C\u002Fdiv>';\n+            $new_content .= '\u003Cdiv class=\"accordion-title\">' . wp_kses_post( $question['jsonQuestion'] ) . '\u003C\u002Fdiv>';\n+            $new_content .= '\u003Cdiv class=\"accordion-content\">' . wp_kses_post( $question['jsonAnswer'] ) . '\u003C\u002Fdiv>';\n             $new_content .= '\u003C\u002Fdiv>';\n         }","The exploit involves an authenticated attacker with Contributor-level permissions injecting a malicious payload into a Yoast SEO FAQ block's attributes.\n\n1. Authentication: Log in to the WordPress site with a Contributor role.\n2. Nonce Retrieval: Obtain a valid REST API nonce from the WordPress admin dashboard (e.g., via `wpApiSettings.nonce`).\n3. Payload Creation: Send a POST request to the `\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts` endpoint to create or update a post. The `post_content` should contain a Gutenberg block comment for a `yoast\u002Ffaq-block` with malicious scripts in its JSON attributes.\n4. Example Payload: `\u003C!-- wp:yoast\u002Ffaq-block {\"questions\":[{\"id\":\"q1\",\"jsonQuestion\":\"\u003Cimg src=x onerror=alert(document.domain)>\",\"jsonAnswer\":\"Test\"}]} -->\u003Cdiv class=\"schema-faq\">\u003C\u002Fdiv>\u003C!-- \u002Fwp:yoast\u002Ffaq-block -->`.\n5. Trigger: When an administrator or any other user views the post (either published or in draft preview), the plugin's rendering logic processes the `jsonQuestion` attribute and inserts the unescaped `\u003Cimg>` tag into the HTML, triggering the JavaScript execution.","gemini-3-flash-preview","2026-05-05 07:50:37","2026-05-05 07:50:55",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":60,"total_installs":61,"avg_security_score":62,"avg_patch_time_days":63,"trust_score":64,"computed_at":65},4,9010,83,30,82,"2026-05-19T21:22:22.170Z",[67,88,109,130,145],{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":85,"download_link":86,"security_score":13,"vuln_count":87,"unpatched_count":87,"last_vuln_date":38,"fetched_at":30},"yoast-test-helper","Yoast Test Helper","1.18","Yoast","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoast\u002F","\u003Cp>This plugin makes testing Yoast SEO, Yoast SEO add-ons and integrations and resetting the different features a lot easier. It also makes testing database migrations a lot easier as it allows you to set the database version and see if the upgrade process runs smoothly.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>This test helper plugin has several features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily enable Yoast SEO development mode.\u003C\u002Fli>\n\u003Cli>Saving and restoring Yoast SEO and Yoast SEO extension options, to test upgrade paths.\u003C\u002Fli>\n\u003Cli>Add options debug info to Yoast SEO admin pages.\u003C\u002Fli>\n\u003Cli>Reset the internal link counter, prominent words calculation and other features.\u003C\u002Fli>\n\u003Cli>Add two post types (Books and Movies) with two taxonomies (Category and Genre) each and optionally disable the block editor for them.\u003C\u002Fli>\n\u003Cli>Easily add an inline script after a selected script.\u003C\u002Fli>\n\u003Cli>Replace your \u003Ccode>.test\u003C\u002Fcode> TLD with \u003Ccode>example.com\u003C\u002Fcode> in your Schema output, so you can easily copy paste to Google’s Structured Data Testing Tool.\u003C\u002Fli>\n\u003Cli>Change the number of URLs shown in an XML Sitemap.\u003C\u002Fli>\n\u003Cli>Easily change your MyYoast URL.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you find bugs or would like to contribute, see our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYoast\u002Fyoast-test-helper\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin makes testing Yoast SEO, Yoast SEO add-ons and integrations and resetting the different features a lot easier.",60000,777860,98,12,"2025-12-01T18:28:00.000Z","6.9.4","6.4","7.2.5",[84,23,24],"development","https:\u002F\u002Fgithub.com\u002Fyoast\u002Fyoast-test-helper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyoast-test-helper.1.18.zip",0,{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":98,"num_ratings":99,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":25,"tags":103,"homepage":106,"download_link":107,"security_score":108,"vuln_count":87,"unpatched_count":87,"last_vuln_date":38,"fetched_at":30},"remove-yoast-seo-comments","Remove Yoast SEO Comments","3.1","Mitch","https:\u002F\u002Fprofiles.wordpress.org\u002Flowest\u002F","\u003Cp>A light-weight plugin which will remove the advertisement HTML comments coming from the Yoast SEO plugin, such as:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C!-- This site is optimized with the Yoast SEO plugin -->\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This is a must-have plugin if you have Yoast SEO installed.\u003C\u002Fp>\n\u003Ch4>Note:\u003C\u002Fh4>\n\u003Cp>This plugin requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-seo\u002F\" rel=\"ugc\">Yoast SEO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Like this plugin?\u003C\u002Fh4>\n\u003Cp>If you like this plugin, make sure to rate it 5 stars or donate a small amount to fully support the development.\u003C\u002Fp>\n","Removes the Yoast SEO advertisement HTML comments from your front-end source code.",10000,151729,76,16,"2018-09-25T13:24:00.000Z","4.9.29","1.2.0",[104,105,22,23,24],"remove-comments","remove-html","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-yoast-seo-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-yoast-seo-comments.zip",85,{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":77,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":25,"tags":123,"homepage":128,"download_link":129,"security_score":108,"vuln_count":87,"unpatched_count":87,"last_vuln_date":38,"fetched_at":30},"wp-seo-html-sitemap","WP SEO HTML Sitemap","0.9.6","magnatechnology","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagnatechnology\u002F","\u003Cp>If you use \u003Cstrong>WordPress SEO by Yoast Plugin\u003C\u002Fstrong> as your main SEO plugin, you may have noticed they don’t have a HTML sitemap feature. This plugin is the answer to that problem.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically uses all sitemap xml settings from the popular WordPress SEO by Yoast Plugin\u003C\u002Fli>\n\u003Cli>Choose how many columns you want to display\u003C\u002Fli>\n\u003Cli>Columns have a masonry effect and is compatible with all modern browsers\u003C\u002Fli>\n\u003Cli>Overwrite, prepend, append, and shortcode options for placement on your sitemap page\u003C\u002Fli>\n\u003Cli>Fully responsive HTML to all devices\u003C\u002Fli>\n\u003Cli>Output is multilingual friendly\u003C\u002Fli>\n\u003Cli>HTML code has passed W3C Markup Validation with 0 errors\u003C\u002Fli>\n\u003Cli>Ability to disable the plugin’s CSS\u003C\u002Fli>\n\u003Cli>Optional link to your sitemap_index.xml file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fhi5DGOu1uA0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Matt Cutts on HTML Sitemaps\u003C\u002Fh4>\n\u003Cp>When Matt Cutts (Head of Google’s Webspam Team) was asked, what is more important: “A XML sitemap or an HTML sitemap?” \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hi5DGOu1uA0\" rel=\"nofollow ugc\">YouTube Webmaster Tools Video\u003C\u002Fa> Matt answered a HTML sitemap. HTML sitemaps help both users and search engine crawlers. \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=t5LIlkhxl2s\" rel=\"nofollow ugc\">“It is always useful to have a HTML sitemap…”\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Want to see the plugin in action? \u003Ca href=\"https:\u002F\u002Friseofweb.com\u002Fsitemap\u002F\" rel=\"nofollow ugc\">Live HTML Sitemap Example\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Note: The \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-seo\u002F\" rel=\"ugc\">WordPress SEO by Yoast plugin\u003C\u002Fa> is NOT required in order to use this plugin. But this plugin does take full advantage of all settings related to the XML sitemap settings.\u003C\u002Fp>\n\u003Ch4>Known oversights:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Author Roles filtering, I do not have it setup to be able to filter out author roles.\u003C\u002Fli>\n\u003Cli>The posts are sorted by name and may not show if a specific Category is selected to not show in the sitemap XML settings in Yoast.\u003C\u002Fli>\n\u003C\u002Ful>\n","A responsive HTML sitemap that uses all of the settings for your XML sitemap in the WordPress SEO by Yoast Plugin.",6000,79072,17,"2017-11-28T10:57:00.000Z","4.4.34","3.5",[124,125,126,127,24],"google-sitemap","html-sitemap","sitemap","wpseo","http:\u002F\u002Fwww.magnatechnology.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-seo-html-sitemap.zip",{"slug":131,"name":132,"version":133,"author":7,"author_profile":8,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":13,"num_ratings":138,"last_updated":139,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":140,"homepage":25,"download_link":143,"security_score":144,"vuln_count":87,"unpatched_count":87,"last_vuln_date":38,"fetched_at":30},"turn-rank-math-faq-block-to-accordion","Turn Rank Math FAQ Block to Accordion","1.1.0","\u003Cp>This plugin not only turns the Rank Math FAQ schema blocks into accordion but also a make them accessibility-ready. This plugin works out of the box. Upon installation and activation, it will automatically convert the Rank Math FAQ schema blocks into collapsible headers or accordion.\u003Cbr \u002F>\nThis plugin will convert the frequently asked questions (FAQ) block of Rank Math SEO plugin into decent looking accordion.\u003C\u002Fp>\n\u003Cp>Here is a 2 min video about the plugin working\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FzSQr2CLIyOM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","This plugin turns Rank Math FAQ blocks into accordion easily and make them accessibility ready.",5000,28740,2,"2024-05-21T21:17:00.000Z",[20,141,142,21,22],"rank-math","rank-math-seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturn-rank-math-faq-block-to-accordion.zip",92,{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":11,"downloaded":153,"rating":154,"num_ratings":155,"last_updated":156,"tested_up_to":80,"requires_at_least":17,"requires_php":157,"tags":158,"homepage":162,"download_link":163,"security_score":13,"vuln_count":87,"unpatched_count":87,"last_vuln_date":38,"fetched_at":30},"surbma-yoast-breadcrumb-shortcode","Surbma | Yoast SEO Breadcrumb Shortcode","1.2","Surbma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsurbma\u002F","\u003Cp>A simple shortcode to include Yoast SEO’s breadcrumb function everywhere on your WordPress website. You have to install and activate the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-seo\u002F\" rel=\"ugc\">WordPress SEO by Yoast\u003C\u002Fa> plugin and enable breadcrumb option to use this shortcode.\u003C\u002Fp>\n\u003Cp>With this shortcode you can put Yoast’s fantastic breadcrumb feature manually into every post and page or even into custom post types. If your theme supports it, you can use this shortcode in your widget areas with the Text widget.\u003C\u002Fp>\n\u003Cp>The shortcode:\u003Cbr \u002F>\n    [yoast-breadcrumb]\u003C\u002Fp>\n\u003Cp>There are two parameters for this shortcode:\u003C\u002Fp>\n\u003Col>\n\u003Cli>before – The code that your breadcrumb should be prefixed with. Default value: \u003Ccode>\u003Cdiv class=\"breadcrumb\" itemprop=\"breadcrumb\">\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>after – The code that should be added on the back of your breadcrumb. Default value: \u003Ccode>\u003C\u002Fdiv>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You can read more informations about Yoast’s breadcrumb function here: \u003Ca href=\"https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002Fbreadcrumbs\u002F\" rel=\"nofollow ugc\">Yoast Breadcrumbs – WordPress Breadcrumbs\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute or help improving this plugin?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can find it on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSurbma\u002Fsurbma-yoast-breadcrumb-shortcode\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSurbma\u002Fsurbma-yoast-breadcrumb-shortcode\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You can find my other plugins and projects on GitHub:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSurbma\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSurbma\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please feel free to contribute, help or recommend any new features for my plugins, themes and other projects.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to know more about me?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Visit my webpage: \u003Ca href=\"http:\u002F\u002Fsurbma.com\u002F\" rel=\"nofollow ugc\">Surbma.com\u003C\u002Fa>\u003C\u002Fp>\n","A simple shortcode to include Yoast's breadcrumb function everywhere on your WordPress website.",37108,84,9,"2026-03-27T13:21:00.000Z","7.4",[159,160,161,23,24],"breadcrumb","shortcode","wordpress-seo","http:\u002F\u002Fsurbma.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsurbma-yoast-breadcrumb-shortcode.1.2.zip",{"attackSurface":165,"codeSignals":177,"taintFlows":184,"riskAssessment":185,"analyzedAt":198},{"hooks":166,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":87,"unprotectedCount":87},[167],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","wp_enqueue_scripts","YSFA_plugin_asset_files","faq-schema-block-to-accordion.php",26,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":87,"externalRequests":87,"nonceChecks":87,"capabilityChecks":87,"bundledLibraries":183},[],{"prepared":87,"raw":87,"locations":180},[],{"escaped":87,"rawEcho":87,"locations":182},[],[],[],{"summary":186,"deductions":187},"The static analysis of the \"faq-schema-block-to-accordion\" plugin v1.0.6 reveals an excellent security posture regarding code practices. There are no identified dangerous functions, all SQL queries utilize prepared statements, and all output is properly escaped. Furthermore, the plugin demonstrates a lack of file operations and external HTTP requests, and no taint analysis revealed any vulnerabilities. The absence of any detectable entry points like AJAX handlers, REST API routes, shortcodes, or cron events is a significant strength, as it minimizes the attack surface.",[188,191,194,196],{"reason":189,"points":190},"Unpatched CVE present",20,{"reason":192,"points":193},"Vulnerability history includes XSS",10,{"reason":195,"points":14},"No capability checks implemented",{"reason":197,"points":14},"No nonce checks implemented","2026-03-16T18:23:19.360Z",{"wat":200,"direct":209},{"assetPaths":201,"generatorPatterns":204,"scriptPaths":205,"versionParams":206},[202,203],"\u002Fwp-content\u002Fplugins\u002Ffaq-schema-block-to-accordion\u002Fassets\u002Fcss\u002Fstyle.min.css","\u002Fwp-content\u002Fplugins\u002Ffaq-schema-block-to-accordion\u002Fassets\u002Fjs\u002FYSFA-JS.min.js",[],[203],[207,208],"faq-schema-block-to-accordion\u002Fassets\u002Fcss\u002Fstyle.min.css?ver=","faq-schema-block-to-accordion\u002Fassets\u002Fjs\u002FYSFA-JS.min.js?ver=",{"cssClasses":210,"htmlComments":211,"htmlAttributes":212,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":215},[],[],[],[],[],[],{"error":217,"url":218,"statusCode":219,"statusMessage":220,"message":220},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffaq-schema-block-to-accordion\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":87,"versions":222},[]]