[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyLK4mNnVxn3P7laJv5GxReRvw7Y94gnssVKfKWd-vaQ":3,"$f-5g_wShLVZlUggE80I_MW5rPFCEyqgBZ0dpVm3HxLsY":351,"$fRISae6UbaxNkvr2RZN1QeLrj0EqDnh9YblGt4OgzDTk":355},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":57,"crawl_stats":37,"alternatives":64,"analysis":165,"fingerprints":313},"fast-fancy-filter-3f","Fast & Fancy Filter – 3F","1.2.2","Webarea","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebarea\u002F","\u003Cp>Fast & Fancy Filter – 3F lets you filter by post meta, taxonomies, tags, categories, post types. Fields can be displayed as dropdowns, checkboxes or radio buttons.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Search with WordPress REST API.\u003C\u002Fli>\n\u003Cli>Possibility to create many different filters.\u003C\u002Fli>\n\u003Cli>Custom post types support.\u003C\u002Fli>\n\u003Cli>Shortcodes support.\u003C\u002Fli>\n\u003Cli>2 different styles.\u003C\u002Fli>\n\u003Cli>Sticky filter sidebar.\u003C\u002Fli>\n\u003Cli>Masonry layout.\u003C\u002Fli>\n\u003Cli>Metadata display settings.\u003C\u002Fli>\n\u003Cli>Fully responsive layout.\u003C\u002Fli>\n\u003C\u002Ful>\n","Post search filter using WordPress REST API.",10,1630,100,2,"2021-06-22T07:23:00.000Z","5.7.15","5.0","",[20,21,22,23,24],"ajax-filter","api-filter","filter","gallery","post-filter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-fancy-filter-3f.zip",63,1,"2026-04-21 19:03:01","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":47,"research_verified":48,"research_rounds_completed":49,"research_plan":50,"research_summary":51,"research_vulnerable_code":37,"research_fix_diff":52,"research_exploit_outline":53,"research_model_used":54,"research_started_at":55,"research_completed_at":56,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2026-6396","fast-fancy-filter-3f-cross-site-request-forgery-to-settings-modification-via-fffsavesettins-ajax-action","Fast & Fancy Filter – 3F \u003C= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action","The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() function, which handles the fff_save_settins AJAX action. This makes it possible for unauthenticated attackers to modify plugin filter settings, update arbitrary options, or create new filter posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-04-22 07:45:34",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4b5fbf2c-1231-482f-b5a5-819f31da3524?source=api-prod",[],"researched",false,3,"This research plan targets **CVE-2026-6396**, a Cross-Site Request Forgery (CSRF) vulnerability in the **Fast & Fancy Filter – 3F** plugin (versions \u003C= 1.2.2). The vulnerability allows an attacker to modify plugin settings or potentially update arbitrary WordPress options due to missing nonce verification in the AJAX handler for `fff_save_settins`.\n\n---\n\n### 1. Vulnerability Summary\n*   **Vulnerability:** Cross-Site Request Forgery (CSRF)\n*   **Vulnerable Action:** `fff_save_settins` (Note the spelling: \"settins\")\n*   **Vulnerable Function:** `saveFields()`\n*   **Nature of Flaw:** The `saveFields` function handles AJAX requests to update plugin configurations but fails to implement `check_ajax_referer()` or `wp_verify_nonce()`.\n*   **Impact:** An unauthenticated attacker can trick a logged-in administrator into visiting a malicious site that triggers a background request to the vulnerable WordPress site, leading to unauthorized configuration changes or creation of filter posts.\n\n### 2. Attack Vector Analysis\n*   **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Action:** `fff_save_settins`\n*   **HTTP Method:** `POST`\n*   **Authentication:** Requires an active administrator session (leveraged via CSRF).\n*   **Preconditions:** The attacker must trick an administrator into clicking a link or visiting a page they control.\n*   **Vulnerable Parameter:** Likely a serialized array or multiple POST fields representing settings\u002Ffields to be updated.\n\n### 3. Code Flow (Inferred from Description)\n1.  **Registration:** The plugin registers the AJAX action using:\n    `add_action('wp_ajax_fff_save_settins', 'saveFields');`\n2.  **Trigger:** An administrator's browser sends a POST request to `admin-ajax.php` with `action=fff_save_settins`.\n3.  **Execution:** The `saveFields()` function is invoked.\n4.  **Processing:**\n    *   The function likely extracts data from `$_POST`.\n    *   It may use `update_option()` to save settings or `wp_insert_post()` to create\u002Fupdate filter objects.\n    *   **Crucially:** It skips any call to `check_ajax_referer()` or `wp_verify_nonce()`, allowing the request to proceed as long as the user is authenticated (which `wp_ajax_` handles automatically).\n\n### 4. Nonce Acquisition Strategy\nAccording to the vulnerability report, **no nonce verification is present**. Therefore, no nonce is required to exploit this vulnerability. The attack succeeds purely based on the administrator's session cookies.\n\n### 5. Exploitation Strategy\nTo demonstrate the CSRF, the agent will simulate an administrator performing a request that was forged by a third party.\n\n**Step 1: Locate the AJAX Handler and Parameters**\nBefore the exploit, identify the exact parameters expected by `saveFields`.\n*   Search for the string `fff_save_settins` in the plugin directory.\n*   Analyze the `saveFields` function to see which `$_POST` keys are used (e.g., `fff_data`, `fields`, `id`, etc.).\n\n**Step 2: Construct the CSRF Payload**\nAssuming the plugin saves settings via a parameter named `settings_data` (inferred):\n\n*   **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Method:** `POST`\n*   **Content-Type:** `application\u002Fx-www-form-urlencoded`\n*   **Body:** `action=fff_save_settins&[IDENTIFIED_PARAMETER]=[MALICIOUS_VALUE]`\n\n**Step 3: Execution via Agent**\nThe agent will use `http_request` with the administrator's cookies to simulate the victim admin being CSRF'd.\n\n### 6. Test Data Setup\n1.  **Install Plugin:** Ensure `fast-fancy-filter-3f` version \u003C= 1.2.2 is active.\n2.  **Create Admin User:** Ensure a user with `administrator` role exists (default `admin`).\n3.  **Identify Target Option:** Determine which option the plugin updates (e.g., `fff_settings` or `fff_filter_config`). Note its current value using WP-CLI.\n\n### 7. Expected Results\n*   The `admin-ajax.php` request should return a `200 OK` status and potentially a success message (e.g., `{\"success\":true}` or `1`).\n*   The database state for the plugin's settings should change to reflect the attacker's payload.\n\n### 8. Verification Steps\nAfter performing the HTTP request, use WP-CLI to verify the change:\n```bash\n# Check if a specific plugin option was changed\nwp option get [OPTION_NAME_FOUND_IN_STEP_1]\n\n# If the vulnerability allows arbitrary option updates (as suggested):\nwp option get blogname # Check if it was changed to 'Hacked'\n```\n\n### 9. Alternative Approaches\nIf the plugin uses `wp_insert_post` instead of `update_option`:\n*   **Payload:** `action=fff_save_settins&post_title=Malicious+Filter&post_status=publish&post_type=fff_filter` (inferred type).\n*   **Verification:** `wp post list --post_type=fff_filter` to see if a new post was created.\n\nIf the AJAX action is `wp_ajax_nopriv_fff_save_settins` (unlikely for settings, but possible), the attack would not even require CSRF and could be performed directly.\n\n---\n\n### Step-by-Step Execution Plan for Agent:\n\n1.  **Scan Source:** \n    `grep -rn \"fff_save_settins\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Ffast-fancy-filter-3f\u002F`\n2.  **Identify Handler:** Locate the `saveFields` function in the file identified in step 1.\n3.  **Extract Parameters:** Read the code of `saveFields` to find exactly how it saves data. Look for `update_option` or `wp_insert_post`.\n4.  **Baseline Check:** \n    `wp option get [OPTION_NAME]`\n5.  **Simulate CSRF:**\n    Use `http_request` to POST to `admin-ajax.php` with the administrator's cookies and the `fff_save_settins` action.\n6.  **Final Verification:** \n    `wp option get [OPTION_NAME]` and confirm the value matches the payload.","The Fast & Fancy Filter – 3F plugin for WordPress (versions \u003C= 1.2.2) is vulnerable to Cross-Site Request Forgery (CSRF) because the saveFields function, which handles the fff_save_settins AJAX action, lacks nonce verification. This allows unauthenticated attackers to modify plugin settings, create filter posts, or potentially update arbitrary WordPress options by tricking an authenticated administrator into visiting a malicious link.","--- a\u002Ffast-fancy-filter-3f.php\n+++ b\u002Ffast-fancy-filter-3f.php\n@@ -...@@\n function saveFields() {\n+\tcheck_ajax_referer('fff_save_settings_nonce', 'nonce');\n+\tif ( ! current_user_can( 'manage_options' ) ) {\n+\t\twp_die();\n+\t}","The exploit targets the \u002Fwp-admin\u002Fadmin-ajax.php endpoint with a POST request where the action is set to fff_save_settins. Since the saveFields function does not implement check_ajax_referer() or wp_verify_nonce(), an attacker can host a malicious webpage that auto-submits a hidden form or background fetch request to this endpoint. When an authenticated administrator visits the page, the browser sends the request along with their session cookies, allowing the attacker to provide malicious values for plugin parameters (such as fff_data) that the function subsequently processes to update database options or create filter posts.","gemini-3-flash-preview","2026-04-27 14:06:09","2026-04-27 14:06:27",{"slug":58,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":59,"avg_security_score":60,"avg_patch_time_days":61,"trust_score":62,"computed_at":63},"webarea",40,74,30,76,"2026-05-20T06:59:14.646Z",[65,88,110,131,148],{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":85,"download_link":86,"security_score":13,"vuln_count":87,"unpatched_count":87,"last_vuln_date":37,"fetched_at":29},"filter-everything","Filter Everything&nbsp;— WordPress & WooCommerce Filters","1.9.2","stepasyuk","https:\u002F\u002Fprofiles.wordpress.org\u002Fstepasyuk\u002F","\u003Cp>\u003Cem>— Help visitors quickly find the content they need on your WordPress\u002FWooCommerce site.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter Everything\u003C\u002Fstrong> is a WordPress filtering plugin that \u003Cstrong>\u003Cem>provides everything needed for filtering.\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>It filters any content by virtually any criteria and includes all the options and features needed to build a filtering system.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fg1_qlJvNdsg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Complete filtering solution\u003C\u002Fh4>\n\u003Cp>The plugin includes \u003Cem>highly configurable filters\u003C\u002Fem> and also supports: sorting, keyword search, mobile-friendly filters, multiple filter layouts, different submission modes, widgets, AJAX, shortcodes, color swatches and more.\u003Cbr \u002F>\n\u003Cem>— Everything you need to build a complete filtering system.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Filters everything by anything\u003C\u002Fh4>\n\u003Cp>Allows you to filter any type of content.\u003Cbr \u002F>\nPosts • WooCommerce products • listings • events • portfolios • any custom post type.\u003Cbr \u002F>\nFiltering criteria can be virtually anything.\u003Cbr \u002F>\nPrice • brand • category • attributes • color • size • weight — virtually any other data in your content.\u003Cbr \u002F>\n\u003Cem>— Maximum flexibility.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Works with your existing content and setup\u003C\u002Fh4>\n\u003Cp>The plugin integrates easily into your existing website structure and works with standard WordPress queries, taxonomies, and custom fields (including ACF, Meta Box fields), without requiring additional tables, indexing systems, or duplicate data.\u003Cbr \u002F>\n\u003Cem>— No need to restructure your content. Just install and use it.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Compatible. Fast. Supported\u003C\u002Fh4>\n\u003Cp>It works seamlessly with your theme, page builder, and plugins, and delivers fast performance thanks to its WordPress-standards-based architecture.\u003Cbr \u002F>\nActively maintained, regularly updated, and continuously improved by the team.\u003Cbr \u002F>\n\u003Cem>— Built for reliability.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Core Features at a Glance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Filter any content\u003C\u002Fstrong>\u003Cbr \u002F>\nWorks with WooCommerce products, posts, and any custom post types on your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>All essential filtering options included\u003C\u002Fstrong>\u003Cbr \u002F>\n25+ built-in filtering options designed to cover virtually any filtering scenario.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Filter by virtually any criteria\u003C\u002Fstrong>\u003Cbr \u002F>\nFilter content by price, brand, color, category, size, weight, or any other criteria based on the data stored in taxonomies or custom fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works on any page\u003C\u002Fstrong>\u003Cbr \u002F>\nEach section of your website can have its own set of filters relevant to its content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets for page builders\u003C\u002Fstrong>\u003Cbr \u002F>\nBuilt-in Filters, Chips, and Sorting widgets for Gutenberg, Elementor, Divi, Breakdance, Beaver Builder, and other page builders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible filter layouts and display options\u003C\u002Fstrong>\u003Cbr \u002F>\nUse checkboxes, radio buttons, dropdowns, labels, color swatches, rating stars, numeric ranges, or date ranges, and display filters as horizontal toolbars or vertical panels.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible filtering modes\u003C\u002Fstrong>\u003Cbr \u002F>\nStep-by-step filtering, auto-submission, or selecting multiple filters and applying them manually.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sorting and keyword search\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow visitors to sort and search within filtered results.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-friendly and extensible\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize and extend plugin behavior using WordPress actions and filters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile-friendly\u003C\u002Fstrong>\u003Cbr \u002F>\nWorks out of the box on mobile devices.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>— And many other built-in capabilities.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Filter Everything PRO\u003C\u002Fh3>\n\u003Cp>The plugin is also available in a PRO version that significantly expands filtering capabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for filtering \u003Cstrong>any custom WP_Query\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>∞ Unlimited Filter Sets\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO tools\u003C\u002Fstrong> that help bring additional organic traffic to your website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart filtering\u003C\u002Fstrong> for WooCommerce variable and out-of-stock products\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced mobile features\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import and export\u003C\u002Fstrong> of filters, SEO Rules, and settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Duplicate Filter Sets\u003C\u002Fstrong> in one click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>— And many other powerful features available in Filter Everything PRO.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Why use filters on your website?\u003C\u002Fh3>\n\u003Cp>Filters help visitors quickly \u003Cem>find the content they need\u003C\u002Fem> in just a few clicks, especially on websites that contain large amounts of content.\u003C\u002Fp>\n\u003Cp>This improves navigation, reduces bounce rates, saves visitors’ time, and creates a better overall user experience. For high-traffic websites, efficient filtering can also help reduce server load.\u003C\u002Fp>\n","The most flexible filters plugin for WordPress & WooCommerce – filter anything.",50000,774591,92,142,"2026-03-28T14:01:00.000Z","6.9.4","4.6","5.7",[20,24,82,83,84],"product-filter","woocommerce-filter","woocommerce-product-filter","https:\u002F\u002Ffiltereverything.pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffilter-everything.1.9.2.zip",0,{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":98,"num_ratings":99,"last_updated":100,"tested_up_to":78,"requires_at_least":17,"requires_php":101,"tags":102,"homepage":18,"download_link":106,"security_score":107,"vuln_count":108,"unpatched_count":87,"last_vuln_date":109,"fetched_at":29},"ultimate-post","Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX","5.0.15","WPXPO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpxpo\u002F","\u003Cp>🥇 The #1 WordPress \u003Cstrong>News\u003C\u002Fstrong> \u003Cstrong>Magazine\u003C\u002Fstrong> and \u003Cstrong>Blogging\u003C\u002Fstrong> Solution\u003Cbr \u002F>\n📈 Highest \u003Cstrong>Post Grid\u003C\u002Fstrong> Layout Variations with vast customization options\u003Cbr \u002F>\n💕 A plugin by \u003Cstrong>WPXPO\u003C\u002Fstrong>, that empowers \u003Cstrong>60K+\u003C\u002Fstrong> businesses!\u003Cbr \u002F>\n📞 Dedicated support team with \u003Cstrong>4.9\u002F5\u003C\u002Fstrong> customer satisfaction on \u003Ca href=\"https:\u002F\u002Fuk.trustpilot.com\u002Freview\u002Fwpxpo.com\" rel=\"nofollow ugc\">\u003Cstrong>Trustpilot\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>😲 \u003Ca href=\"https:\u002F\u002Ftrypostx.wpxpo.com\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Free Demo\u003C\u002Fstrong>\u003C\u002Fa> | 🔥 \u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fpostx\u002F\" rel=\"nofollow ugc\">\u003Cstrong>PostX Pro\u003C\u002Fstrong>\u003C\u002Fa> | 📃 \u003Ca href=\"https:\u002F\u002Fwpxpo.com\u002Fdocs\u002Fpostx\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Documentation\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Ultimate News Magazines and Blogging Solution for WordPress\u003C\u002Fh3>\n\u003Cp>Blog posts and news articles are the main things on news, magazines, and blog websites. PostX takes the posts displaying to a whole new level. It has the most attractive, professional, and highly customizable layouts with various important features.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFYgSe7kgb6M?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Starter Sites – Build Sites In 3 Steps!\u003C\u002Fh3>\n\u003Cp>PostX’s Starter sites come with complete website templates that are ready to be important. You just need to explore the templates, choose the one that you like, personalize, and go live. So you can give your site a whole new makeover or impress your clients in minutes. Currently, PostX has templates for the following websites:\u003C\u002Fp>\n\u003Cp>✅ News Websites\u003Cbr \u002F>\n✅ Magazine Websites\u003Cbr \u002F>\n✅ Sports News Websites\u003Cbr \u002F>\n✅ Tech News Websites\u003Cbr \u002F>\n✅ Gaming News Websites\u003Cbr \u002F>\n✅ Crypto News Websites\u003Cbr \u002F>\n✅ Movie News Websites\u003Cbr \u002F>\n✅ Travel Blog Websites\u003Cbr \u002F>\n✅ Personal Blog Websites\u003Cbr \u002F>\n✅ Food Blog Websites\u003Cbr \u002F>\n✅ And More!\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ftemplates\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Explore Start Site Templates\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fpostx\u002Fblocks\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Gutenberg Posts Blocks\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Drag and drop Gutenberg post blocks to display your blog posts in an organized way. Choose from 40+ blocks and customize each of the elements with complete creative freedom. Or you can choose from 250+ designer-made patterns to skip the customization part. With PostX’s post blocks, you can display your posts in the following layouts:\u003C\u002Fp>\n\u003Cp>✔ Post Grid\u003Cbr \u002F>\n✔ Post List\u003Cbr \u002F>\n✔ Post Slider & Carousel\u003Cbr \u002F>\n✔ Post Carousel\u003Cbr \u002F>\n✔ Post Module\u003Cbr \u002F>\n✔ And More\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fajax-search-for-wordpress\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Ajax Search Block\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The Ajax Search Block allows you to enable a visually appealing search system for your WordPress site. So the readers can instantly find their desired content with the ajax search system.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fpostx\u002Fadvanced-query-loop\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Query Builder for Post Sorting\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>PostX’s advanced query builder helps you effortlessly display posts, pages, and custom post types for your desired layouts. Here is the list of all essential post-displaying options.\u003C\u002Fp>\n\u003Cp>✔ Display Posts Based on Category\u003Cbr \u002F>\n✔ Display Posts Based on Tags\u003Cbr \u002F>\n✔ Display Posts Based on Category and Tags\u003Cbr \u002F>\n✔ Display Specific Posts\u002FPages\u003Cbr \u002F>\n✔ Display Custom Post Types\u003Cbr \u002F>\n✔ Popular Posts\u003Cbr \u002F>\n✔ Related Posts\u003Cbr \u002F>\n✔ Recent Posts\u003Cbr \u002F>\n✔ Random Posts\u003Cbr \u002F>\n✔ Oldest Posts\u003Cbr \u002F>\n✔ Most Commented Posts\u003Cbr \u002F>\n✔ Reorder Posts\u003Cbr \u002F>\n✔ Exclude Posts\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fwordpress-post-filter\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Advanced Post Filter\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>With the Ajax post filter of PostX, users see multiple posts within the same section without reloading the whole page. You have all essential post-filtering options including:\u003C\u002Fp>\n\u003Cp>✔ Post Filter By Category\u003Cbr \u002F>\n✔ Post Filter Tags\u003Cbr \u002F>\n✔ Post Filter By\u003Cbr \u002F>\n✔ Post Filter By Author\u003Cbr \u002F>\n✔ Filter By Ascending and Descending\u003Cbr \u002F>\n✔ Filter By Custom Taxonomy\u003Cbr \u002F>\n✔ Search Filter\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fpostx\u002Fgutenberg-site-builder\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Dynamic Gutenberg Site Builder\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>PostX has the first-ever dynamic site builder for Gutenberg with dedicated templates for all essential pages. With this Gutenberg builder, you can take full control over your site and resign the following pages.\u003C\u002Fp>\n\u003Cp>✔ Home Page\u003Cbr \u002F>\n✔ Blog Posts\u003Cbr \u002F>\n✔ Archive Pages\u003Cbr \u002F>\n✔ Category Pages\u003Cbr \u002F>\n✔ Tag Pages\u003Cbr \u002F>\n✔ Author Pages\u003Cbr \u002F>\n✔ Search & Date Pages\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fajax-pagination\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Ajax Pagination\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The Ajax-powered pagination helps your readers to explore more posts in the same section or page. You can choose from three types of paginations, (load more, navigation, or numeric) and customize them as per your requirements.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fwordpress-global-styles\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Global Styles\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>It helps to override the theme styles and add PostX’s color palettes & typography to your entire site. Explore the available options and choose the style that suits your brand identity.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Ffront-end-post-submission\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Front End Submission\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Effectively manage guest writers by letting them submit posts from the front end or make custom dashboards for them with SEO optimization support. Moreover, you can add comments or corrections as like Google Docs without leaving the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dynamic Content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add custom fields created by plugins like ACF to PostX’s blocks dynamically. So you can also display custom post types with additional fields in an organized and attractive way,\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Freading-progress-bar\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Reading Progress Bar\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Display a visual presentation to highlight readers how much they read or scrolled. However, you can also add the progress bar to any page of your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fcustom-fonts-for-wordpress\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Custom Font\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Upload your desired fonts with single or multiple variations. So you can add the uploaded fonts to PostX’s blocks with full typography customization options.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fwordpress-taxonomy-image-and-color\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Taxonomy Image and Color\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Add featured images and desired colors to categories, tags, and custom post types. So you can display taxonomies as like blog posts using PostX’s taxonomy blocks.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fintegrations\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Page Builder Integration\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Liked PostX’s design variations but are not ready to switch your current page builder? Don’t worry you can still use our blocks, patterns, and home page templates with the most popular page builders including:\u003C\u002Fp>\n\u003Cp>✔ Elementor\u003Cbr \u002F>\n✔ Divi\u003Cbr \u002F>\n✔ WPBakery\u003Cbr \u002F>\n✔ Oxygen\u003Cbr \u002F>\n✔ Bricks Builder\u003Cbr \u002F>\n✔ Beaver\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\u002Fproduct\u002Fpostx\u002Ffeatures\u002Fintegrations\u002F\" rel=\"nofollow ugc\">\u003Cstrong>SEO Integration\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>PostX has built-in SEO integration that allows you to replace the default WordPress excerpt with custom meta descriptions added with the following SEO plugins:\u003C\u002Fp>\n\u003Cp>✔ Yoast\u003Cbr \u002F>\n✔ Rank Math\u003Cbr \u002F>\n✔ All-in-One SEO\u003Cbr \u002F>\n✔ Squirrly\u003Cbr \u002F>\n✔ SEOPress\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PostX Recommended Themes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PostX should work properly with all popular WordPress themes. We have personally tested with various themes. Here is a list of themes that are fully compatible with PostX.\u003C\u002Fp>\n\u003Cp>✔ Twenty Twenty-Five\u003Cbr \u002F>\n✔ Astra\u003Cbr \u002F>\n✔ Blocksy\u003Cbr \u002F>\n✔ Kadence\u003Cbr \u002F>\n✔ Generatepress\u003Cbr \u002F>\n✔ Rishi Theme\u003Cbr \u002F>\n✔ Neve\u003Cbr \u002F>\n✔ Ocean WP\u003Cbr \u002F>\n✔ Blossom Theme\u003Cbr \u002F>\n✔ Block WP\u003C\u002Fp>\n\u003Ch3>🏆 Featured by top reviewers\u003C\u002Fh3>\n\u003Cp>Check out what Paul C (WPTuts) had to say about PostX.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ffh72g1wPVa0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Check out the video of Jack Cao and learn how to create News Magazine Website for free.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FX4vKrjcSpI8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Other Plugins by WPXPO\u003C\u002Fh3>\n\u003Cp>We are glad that you are considering PostX. We have more amazing plugins that you can check out:\u003C\u002Fp>\n\u003Cp>🚚 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwow-table-rate-shipping\u002F\" rel=\"ugc\">\u003Cstrong>WowShipping 🔥:\u003C\u002Fstrong>\u003C\u002Fa> The complete table rate shipping plugin for WooCommerce, featuring 30+ flexible conditions and integrations with popular carriers like UPS, USPS, DHL, Sendle, and more.\u003C\u002Fp>\n\u003Cp>➕ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-addons\u002F\" rel=\"ugc\">\u003Cstrong>WowAddons 🔥 :\u003C\u002Fstrong>\u003C\u002Fa> The ultimate product addons plugin with 25+ extra product options, custom fields, allowing you to sell customizable products and increase average order value.\u003C\u002Fp>\n\u003Cp>🧲 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptin\u002F\" rel=\"ugc\">\u003Cstrong>WowOptin:\u003C\u002Fstrong>\u003C\u002Fa> The next-gen optin and popup builder plugin with Canva-like design flexibility and detailed audience targeting.\u003C\u002Fp>\n\u003Cp>💝 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-blocks\u002F\" rel=\"ugc\">\u003Cstrong>WowStore:\u003C\u002Fstrong>\u003C\u002Fa> An all-in-one WooCommerce solution to create professional and conversion-focused eCommerce stores.\u003C\u002Fp>\n\u003Cp>💸 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frevenue\u002F\" rel=\"ugc\">\u003Cstrong>WowRevenue:\u003C\u002Fstrong>\u003C\u002Fa> Collections of various WooCommerce discount campaigns to boost revenue by increasing the average order value.\u003C\u002Fp>\n\u003Cp>📦 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwholesalex\u002F\" rel=\"ugc\">\u003Cstrong>WholesaleX:\u003C\u002Fstrong>\u003C\u002Fa> A complete WooCommerce Wholesale solution with additional features like a bulk order form, dynamic pricing & discount rules.\u003C\u002Fp>\n\u003Ch4>Author\u003C\u002Fh4>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fwww.wpxpo.com\" rel=\"nofollow ugc\">WPXPO\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fbitbucket.org\u002Fwpstabon\u002Fultimate-post\u002Fsrc\u002Fmaster\u002F\" rel=\"nofollow ugc\">Contribute to Gutenberg Post Blocks on Bitbucket\u003C\u002Fa> and join the party.\u003C\u002Fp>\n\u003Ch4>Liked PostX?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fgutenbergpostx\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Learn from our tutorials on \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fchannel\u002FUC9I7kzTtG31YlWdG3iL42Jg\" rel=\"nofollow ugc\">YouTube Channel\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📗 Translations\u003C\u002Fh3>\n\u003Cp>PostX plugin is compatible with WPML Plugin and also it works perfectly with loco translate plugin.\u003Cbr \u002F>\nYou can Translate PostX on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fultimate-post\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.",40000,2741850,96,246,"2026-04-15T10:01:00.000Z","5.6",[20,24,103,104,105],"post-grid","post-list","post-slider","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-post.5.0.15.zip",88,24,"2026-04-15 18:53:44",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":120,"last_updated":121,"tested_up_to":78,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":129,"vuln_count":27,"unpatched_count":87,"last_vuln_date":130,"fetched_at":29},"better-post-filter-widgets-for-elementor","Better Post & Filter Widgets for Elementor","1.8.6","WP Smart Widgets","https:\u002F\u002Fprofiles.wordpress.org\u002Fnomade123456\u002F","\u003Cp>The only free Elementor plugin for unlimited pro-grade filtering of all your post content. Filter by taxonomies, custom fields, ACF, relational fields, and numeric ranges – with seamless integration, no restrictions, and full customization. Get advanced filtering features without paying for limitations.\u003C\u002Fp>\n\u003Ch3>Filter Widget Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Compatible with Elementor Pro post widget, ACF, WooCommerce and most translation plugins.\u003C\u002Fli>\n\u003Cli>True faceted filtering with real-time option availability and dynamic result counts.\u003C\u002Fli>\n\u003Cli>Filter any post type.\u003C\u002Fli>\n\u003Cli>Customizable filter items list with easy re-ordering options.\u003C\u002Fli>\n\u003Cli>Filter anything using taxonomies, custom fields\u002FACF, relational and numeric fields.\u003C\u002Fli>\n\u003Cli>Keyword search support for custom field\u002FACF.\u003C\u002Fli>\n\u003Cli>Various filter types catered to diverse use-cases: checkboxes, radio buttons, label list, dropdown, numeric range, select2 (single & multiple select).\u003C\u002Fli>\n\u003Cli>Fine-tune the filter with the choice of relation (AND or OR) between terms and parents.\u003C\u002Fli>\n\u003Cli>User-friendly more\u002Fless and toggle options, ideal for managing extensive lists.\u003C\u002Fli>\n\u003Cli>Choose how filters are applied: Auto-submission or Submit button mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsmartwidgets.com\u002Fdoc\u002Fbetter-post-and-filter-widgets\u002Ffilter-post-widgets-demo\u002F\" rel=\"nofollow ugc\">Filter Widget Demo\u003C\u002Fa> – See the filter in action.\u003C\u002Fp>\n\u003Ch3>Post Widget Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Query multiple post types at once.\u003C\u002Fli>\n\u003Cli>Do more with less – display posts, users, and taxonomies using a single widget.\u003C\u002Fli>\n\u003Cli>Effortlessly switch between a dynamic carousel or grid layout at different breakpoints.\u003C\u002Fli>\n\u003Cli>Make the most of Swiper API with advanced features such as carousel synching, parallax effects, and more.\u003C\u002Fli>\n\u003Cli>Multiple layout options, including classic, on the side, banner, template grid (loop grid), and custom HTML.\u003C\u002Fli>\n\u003Cli>Possibility to create your own loop grid, with any dynamic tags and Elementor widgets.\u003C\u002Fli>\n\u003Cli>Flexible post content options: title, content, excerpt, custom field\u002FACF, taxonomy, HTML, post meta, read more, bookmark, edit options, product price, product rating, buy now, and product badge.\u003C\u002Fli>\n\u003Cli>Flexible query system with AJAX pagination.\u003C\u002Fli>\n\u003Cli>Customize widget content and style like native Elementor widgets.\u003C\u002Fli>\n\u003Cli>Feed-style layouts with taxonomy-based grouping, ideal for magazine or news-style content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsmartwidgets.com\u002Fdoc\u002Fbetter-post-and-filter-widgets\u002Felementor-post-slider-travel-theme-demo\u002F\" rel=\"nofollow ugc\">Post Slider\u002FCarousel Demo\u003C\u002Fa> – Check out the post widget possibilities.\u003C\u002Fp>\n\u003Ch3>Create Loop Grids for Free:\u003C\u002Fh3>\n\u003Cp>Create dynamic loop grids without Elementor Pro. Design fully custom layouts using any Elementor widget and dynamic tag, while keeping full compatibility with filtering and AJAX pagination.\u003C\u002Fp>\n\u003Ch3>Exclusive Dynamic Tags:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Exclusive Repeater Field Tag: Unlock the ability to directly output ACF repeater fields in the Elementor frontend, with the flexibility to wrap each part in different HTML tags.\u003C\u002Fli>\n\u003Cli>Includes a series of dynamic tags, allowing users to fully utilize template grids with the free version.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Crafted for Seamless Elementor Integration:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Blends seamlessly with Elementor’s native interface.\u003C\u002Fli>\n\u003Cli>No disruptive branding — Enjoy a clean, streamlined interface without unnecessary distractions.\u003C\u002Fli>\n\u003Cli>Lightweight design, utilizing Elementor’s resources to minimize external dependencies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer-Friendly:\u003C\u002Fh3>\n\u003Cp>Tailor the widgets to your needs using dedicated filters and developer hooks.\u003C\u002Fp>\n\u003Ch4>Troubleshooting\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Make sure the Post Widget class name and the Filter Widget target match.\u003C\u002Fli>\n\u003Cli>Check for incompatible plugins or theme conflicts:\n\u003Col>\n\u003Cli>Temporarily switch to a default WordPress theme.\u003C\u002Fli>\n\u003Cli>Deactivate all other plugins except Elementor and Better Post & Filter Widgets.\u003C\u002Fli>\n\u003Cli>Test the filter. If it works, reactivate your plugins one by one to find the one causing the conflict.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Disable caching or optimization plugins while testing, as they can interfere with AJAX.\u003C\u002Fli>\n\u003Cli>Check the browser console for JavaScript errors (press F12 and look under the Console tab) and resolve any errors that appear.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Docs and Support\u003C\u002Fh3>\n\u003Cp>Find support for this plugin in the \u003Ca href=\"https:\u002F\u002Fwpsmartwidgets.com\u002Fdoc\u002Fbetter-post-and-filter-widgets\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>This plugin includes both compressed and uncompressed versions of CSS and JavaScript files and can be found under the \u003Ccode>\u002Fassets\u002F\u003C\u002Fcode> directory.\u003C\u002Fp>\n","The only free pro-grade Elementor filtering system for posts, taxonomies, custom fields, ACF, WooCommerce, WPML & more. Ditch paid limits!",2000,18408,17,"2026-03-26T07:46:00.000Z","6.2","7.4",[20,125,24,82,126],"elementor","woocommerce","https:\u002F\u002Fwpsmartwidgets.com\u002Fdoc\u002Fbetter-post-and-filter-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-post-filter-widgets-for-elementor.1.8.6.zip",99,"2025-08-21 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":87,"downloaded":139,"rating":13,"num_ratings":27,"last_updated":140,"tested_up_to":141,"requires_at_least":17,"requires_php":123,"tags":142,"homepage":18,"download_link":146,"security_score":13,"vuln_count":87,"unpatched_count":87,"last_vuln_date":37,"fetched_at":147},"ajax-post-search-and-filter","AJAX Post Search and Filter","1.2","Nirav Kaneriya","https:\u002F\u002Fprofiles.wordpress.org\u002Fniravkaneriya\u002F","\u003Cp>AJAX Post Search and Filter allows users to filter posts in real-time using taxonomy terms like categories, tags, or custom taxonomies. Add the filter anywhere using a simple shortcode.\u003C\u002Fp>\n\u003Ch3>Shortcode\u003C\u002Fh3>\n\u003Cp>Use this shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[post_filter post=\"post\" taxonomy=\"category, test\" logic=\"saprate\" load_type=\"button\" per_page=\"3\"]\u003Ch3>License\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin is free software, released under the GPLv2 or later license.\u003C\u002Fp>\n\u003Ch4>1.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added nonce verification and user permission checks for secure AJAX requests.\u003C\u002Fli>\n\u003Cli>Improved AJAX response handling and error fallback in JavaScript.\u003C\u002Fli>\n\u003Cli>Optimized tax query logic with support for “AND”\u002F”OR” filters.\u003C\u002Fli>\n\u003Cli>Enhanced code structure for better maintainability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fully sanitized all AJAX input data to comply with WordPress security standards.\u003C\u002Fli>\n\u003Cli>Added missing version parameters to enqueued CSS and JS to prevent browser caching issues.\u003C\u002Fli>\n\u003Cli>Refactored input handling logic to pass PHPCS validation.\u003C\u002Fli>\n\u003Cli>Minor code improvements for performance and readability.\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight and flexible AJAX-based search and filter plugin for posts. Supports multiple taxonomies and custom post types via shortcode.",376,"2025-06-28T17:27:00.000Z","6.8.5",[20,143,24,144,145],"ajax-search","shortcode","taxonomy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-post-search-and-filter.1.2.zip","2026-03-15T15:16:48.613Z",{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":87,"downloaded":156,"rating":87,"num_ratings":87,"last_updated":157,"tested_up_to":141,"requires_at_least":158,"requires_php":123,"tags":159,"homepage":163,"download_link":164,"security_score":13,"vuln_count":87,"unpatched_count":87,"last_vuln_date":37,"fetched_at":29},"ajax-smart-filter","Ajax Smart Filter","1.4","ramcraft","https:\u002F\u002Fprofiles.wordpress.org\u002Framcraft\u002F","\u003Cp>Ajax Smart Filter is a powerful, professional, real-time AJAX filtering plugin for WordPress.\u003Cbr \u002F>\nIt helps users instantly filter posts, portfolios, listings, and any custom post type — without reloading the page.\u003C\u002Fp>\n\u003Cp>Designed for speed, flexibility, and customizability, the plugin includes modern templates, search suggestions, taxonomy filters, sort options, and a complete template builder for custom layouts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎬 Live Demo:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fajaxsmartfilter.rf.gd\u002F\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Perfect for:\u003Cbr \u002F>\n– Blogs & news websites\u003Cbr \u002F>\n– Portfolios\u003Cbr \u002F>\n– Real estate listings\u003Cbr \u002F>\n– Directories\u003Cbr \u002F>\n– Job boards\u003Cbr \u002F>\n– Any content-heavy website\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>⚡ Fast AJAX Filtering\u003C\u002Fstrong>\u003Cbr \u002F>\n– Lightweight endpoint (bypasses plugin loading)\u003Cbr \u002F>\n– No page reloads\u003Cbr \u002F>\n– Smart optimized queries\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔍 Advanced Search\u003C\u002Fstrong>\u003Cbr \u002F>\n– Live search with autocomplete\u003Cbr \u002F>\n– Search title, content, or custom fields\u003Cbr \u002F>\n– Smart suggestions with images\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📂 Taxonomy Filters\u003C\u002Fstrong>\u003Cbr \u002F>\n– Categories, tags, any custom taxonomy\u003Cbr \u002F>\n– Dropdowns or tab-style filters\u003Cbr \u002F>\n– AND\u002FOR match logic\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎛️ Sorting Options\u003C\u002Fstrong>\u003Cbr \u002F>\n– Newest, Oldest\u003Cbr \u002F>\n– A–Z, Z–A\u003Cbr \u002F>\n– Popular posts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎨 Modern Templates\u003C\u002Fstrong>\u003Cbr \u002F>\n– Modern Card\u003Cbr \u002F>\n– Horizontal Card\u003Cbr \u002F>\n– Masonry Grid\u003Cbr \u002F>\n– Featured + Grid\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛠️ Custom Template Builder\u003C\u002Fstrong>\u003Cbr \u002F>\n– Custom HTML for filter bar\u003Cbr \u002F>\n– Custom HTML for result items\u003Cbr \u002F>\n– ACE code editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available Placeholders:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"search\"]\u003C\u002Fcode> – Search input with autocomplete\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"category\"]\u003C\u002Fcode> – Category dropdown\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"category-tabs\"]\u003C\u002Fcode> – Category tabs\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"tag\"]\u003C\u002Fcode> – Tag dropdown\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"tag-tabs\"]\u003C\u002Fcode> – Tag tabs\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"sort\"]\u003C\u002Fcode> – Sort dropdown\u003Cbr \u002F>\n– \u003Ccode>[filter attribute=\"apply-button\"]\u003C\u002Fcode> – Apply button\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Custom Result Item HTML\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Design your own post cards:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available Placeholders:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>{{post_id}}\u003C\u002Fcode> – Post ID number\u003Cbr \u002F>\n– \u003Ccode>{{post_title}}\u003C\u002Fcode> – Post title\u003Cbr \u002F>\n– \u003Ccode>{{post_link}}\u003C\u002Fcode> – Post permalink URL\u003Cbr \u002F>\n– \u003Ccode>{{post_slug}}\u003C\u002Fcode> – Post slug\u003Cbr \u002F>\n– \u003Ccode>{{post_excerpt}}\u003C\u002Fcode> – Post excerpt\u003Cbr \u002F>\n– \u003Ccode>{{post_content}}\u003C\u002Fcode> – Full post content\u003Cbr \u002F>\n– \u003Ccode>{{post_date}}\u003C\u002Fcode> – Formatted date\u003Cbr \u002F>\n– \u003Ccode>{{post_author}}\u003C\u002Fcode> – Author name\u003Cbr \u002F>\n– \u003Ccode>{{post_author_avatar}}\u003C\u002Fcode> – Author avatar image\u003Cbr \u002F>\n– \u003Ccode>{{post_category}}\u003C\u002Fcode> – First category name\u003Cbr \u002F>\n– \u003Ccode>{{post_categories}}\u003C\u002Fcode> – All categories (comma-separated)\u003Cbr \u002F>\n– \u003Ccode>{{post_tag}}\u003C\u002Fcode> – First tag name\u003Cbr \u002F>\n– \u003Ccode>{{post_tags}}\u003C\u002Fcode> – All tags (comma-separated)\u003Cbr \u002F>\n– \u003Ccode>{{post_image}}\u003C\u002Fcode> – Featured image HTML\u003Cbr \u002F>\n– \u003Ccode>{{post_image_url}}\u003C\u002Fcode> – Featured image URL\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🌈 Styling Options\u003C\u002Fstrong>\u003Cbr \u002F>\n– 4 filter styles: default, minimalist, sidebar, compact\u003Cbr \u002F>\n– Custom color themes\u003Cbr \u002F>\n– Show\u002Fhide title, excerpt, date, author, image\u003Cbr \u002F>\n– Excerpt length control\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔗 URL & State Management\u003C\u002Fstrong>\u003Cbr \u002F>\n– URL query string support\u003Cbr \u002F>\n– Shareable filter URLs\u003Cbr \u002F>\n– Custom parameter names\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📄 Pagination\u003C\u002Fstrong>\u003Cbr \u002F>\n– Numeric, next\u002Fprev, or both\u003Cbr \u002F>\n– Custom posts per page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with everything\u003C\u002Fstrong>\u003Cbr \u002F>\n– Any theme\u003Cbr \u002F>\n– Gutenberg & Classic Editor\u003Cbr \u002F>\n– Elementor, Divi, Beaver Builder\u003Cbr \u002F>\n– Any post type or taxonomy\u003C\u002Fp>\n","Ajax Smart Filter is a powerful, professional, real-time AJAX filtering plugin for WordPress.",469,"2025-12-27T13:20:00.000Z","6.0",[20,160,161,24,162],"custom-template-development","grid-layout","search-suggestion","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fajax-smart-filter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-smart-filter.1.4.zip",{"attackSurface":166,"codeSignals":221,"taintFlows":244,"riskAssessment":300,"analyzedAt":312},{"hooks":167,"ajaxHandlers":193,"restRoutes":212,"shortcodes":213,"cronEvents":218,"entryPointCount":219,"unprotectedCount":220},[168,174,178,183,187,191],{"type":169,"name":170,"callback":171,"file":172,"line":173},"action","admin_enqueue_scripts","fff_admin_enqueue_scripts","includes\u002Fadmin\u002Fclass-admin.php",18,{"type":169,"name":175,"callback":176,"file":172,"line":177},"admin_menu","fff_add_menu_page",21,{"type":169,"name":179,"callback":180,"file":181,"line":182},"wp_enqueue_scripts","fff_enqueue_scripts","includes\u002Ffront\u002Fclass-front.php",13,{"type":169,"name":184,"callback":185,"file":181,"line":186},"init","fff_register_post_type",16,{"type":169,"name":188,"callback":189,"file":181,"line":190},"rest_api_init","fff_register_meta_fields",19,{"type":169,"name":184,"callback":192,"file":181,"line":108},"fff_set_script_translations",[194,197,200,204,206,210],{"action":195,"nopriv":48,"callback":196,"hasNonce":48,"hasCapCheck":48,"file":172,"line":108},"fff_save_settins","saveFields",{"action":195,"nopriv":198,"callback":196,"hasNonce":48,"hasCapCheck":48,"file":172,"line":199},true,25,{"action":201,"nopriv":48,"callback":202,"hasNonce":48,"hasCapCheck":48,"file":172,"line":203},"fff_remove_filter","removeFilter",28,{"action":201,"nopriv":198,"callback":202,"hasNonce":48,"hasCapCheck":48,"file":172,"line":205},29,{"action":207,"nopriv":48,"callback":208,"hasNonce":48,"hasCapCheck":48,"file":172,"line":209},"fff_get_taxonomies","getTaxonomies",32,{"action":207,"nopriv":198,"callback":208,"hasNonce":48,"hasCapCheck":48,"file":172,"line":211},33,[],[214],{"tag":215,"callback":216,"file":181,"line":217},"ff_filter","fff_shortcode",22,[],7,6,{"dangerousFunctions":222,"sqlUsage":223,"outputEscaping":225,"fileOperations":87,"externalRequests":87,"nonceChecks":87,"capabilityChecks":87,"bundledLibraries":243},[],{"prepared":87,"raw":87,"locations":224},[],{"escaped":226,"rawEcho":219,"locations":227},191,[228,231,233,235,237,239,241],{"file":172,"line":229,"context":230},113,"raw output",{"file":172,"line":232,"context":230},141,{"file":172,"line":234,"context":230},226,{"file":172,"line":236,"context":230},286,{"file":172,"line":238,"context":230},522,{"file":172,"line":240,"context":230},524,{"file":172,"line":242,"context":230},547,[],[245,260,270,282],{"entryPoint":246,"graph":247,"unsanitizedCount":27,"severity":39},"fff_menu_page_general_content (includes\u002Fadmin\u002Fclass-admin.php:124)",{"nodes":248,"edges":258},[249,253],{"id":250,"type":251,"label":252,"file":172,"line":232},"n0","source","$_SERVER['REQUEST_URI']",{"id":254,"type":255,"label":256,"file":172,"line":232,"wp_function":257},"n1","sink","echo() [XSS]","echo",[259],{"from":250,"to":254,"sanitized":48},{"entryPoint":261,"graph":262,"unsanitizedCount":27,"severity":39},"removeFilter (includes\u002Fadmin\u002Fclass-admin.php:539)",{"nodes":263,"edges":268},[264,267],{"id":250,"type":251,"label":265,"file":172,"line":266},"$_POST",541,{"id":254,"type":255,"label":256,"file":172,"line":242,"wp_function":257},[269],{"from":250,"to":254,"sanitized":48},{"entryPoint":271,"graph":272,"unsanitizedCount":87,"severity":281},"fff_menu_page_content (includes\u002Fadmin\u002Fclass-admin.php:65)",{"nodes":273,"edges":279},[274,277],{"id":250,"type":251,"label":275,"file":172,"line":276},"$_GET",66,{"id":254,"type":255,"label":256,"file":172,"line":278,"wp_function":257},73,[280],{"from":250,"to":254,"sanitized":198},"low",{"entryPoint":283,"graph":284,"unsanitizedCount":14,"severity":281},"\u003Cclass-admin> (includes\u002Fadmin\u002Fclass-admin.php:0)",{"nodes":285,"edges":296},[286,287,288,290,292,294],{"id":250,"type":251,"label":275,"file":172,"line":276},{"id":254,"type":255,"label":256,"file":172,"line":278,"wp_function":257},{"id":289,"type":251,"label":252,"file":172,"line":232},"n2",{"id":291,"type":255,"label":256,"file":172,"line":232,"wp_function":257},"n3",{"id":293,"type":251,"label":265,"file":172,"line":266},"n4",{"id":295,"type":255,"label":256,"file":172,"line":242,"wp_function":257},"n5",[297,298,299],{"from":250,"to":254,"sanitized":198},{"from":289,"to":291,"sanitized":48},{"from":293,"to":295,"sanitized":48},{"summary":301,"deductions":302},"The \"fast-fancy-filter-3f\" v1.2.2 plugin presents a concerning security posture due to a significant number of unprotected entry points. While the plugin demonstrates good practices in areas like SQL query sanitization and output escaping, the absence of authentication checks on six out of seven identified entry points, specifically AJAX handlers, creates a substantial attack surface. The taint analysis shows flows with unsanitized paths, although these are not classified as critical or high severity, they still warrant attention as they could potentially lead to vulnerabilities if exploited in conjunction with the unprotected entry points. The lack of known vulnerabilities or CVEs in its history is a positive sign, suggesting a potentially mature codebase or a lack of past exploitation. However, this does not negate the immediate risks posed by the unprotected entry points. The plugin's strengths lie in its secure handling of SQL and most output, but the critical weakness of unprotected AJAX handlers requires immediate attention.",[303,305,308,310],{"reason":304,"points":11},"AJAX handlers without authentication checks",{"reason":306,"points":307},"Flows with unsanitized paths (taint analysis)",8,{"reason":309,"points":11},"AJAX handlers without capability checks",{"reason":311,"points":11},"No nonce checks on AJAX handlers","2026-04-16T12:47:16.207Z",{"wat":314,"direct":328},{"assetPaths":315,"generatorPatterns":321,"scriptPaths":322,"versionParams":323},[316,317,318,319,320],"\u002Fwp-content\u002Fplugins\u002Ffast-fancy-filter-3f\u002Fassets\u002Fcss\u002Ficon-style.css","\u002Fwp-content\u002Fplugins\u002Ffast-fancy-filter-3f\u002Fassets\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Ffast-fancy-filter-3f\u002Fassets\u002Fjs\u002Flottie-player.js","\u002Fwp-content\u002Fplugins\u002Ffast-fancy-filter-3f\u002Fassets\u002Fjs\u002Fadmin-scripts.js","\u002Fwp-content\u002Fplugins\u002Ffast-fancy-filter-3f\u002Fassets\u002Fimg\u002Ficon.svg",[],[318,319],[324,325,326,327],"fast-fancy-filter-3f\u002Fassets\u002Fcss\u002Ficon-style.css?ver=","fast-fancy-filter-3f\u002Fassets\u002Fcss\u002Fadmin-style.css?ver=","fast-fancy-filter-3f\u002Fassets\u002Fjs\u002Flottie-player.js?ver=","fast-fancy-filter-3f\u002Fassets\u002Fjs\u002Fadmin-scripts.js?ver=",{"cssClasses":329,"htmlComments":341,"htmlAttributes":342,"restEndpoints":344,"jsGlobals":346,"shortcodeOutput":350},[330,331,332,333,334,335,336,337,338,339,340],"fff-main-admin-title","fff-new-filter-form","fff-button","fff-saved-popup-cont","fff-popup-save-filer","fff-saved-popup","lottieanimation","fff-saved-popup-bttns","fff-btn-blue","fff-edit","fff-popup-delete-filer",[],[343],"data-lottie-src",[345],"\u002Fwp-json\u002Ffff-filter\u002F",[347,348,349],"fff_ajax_url","fff_admin_page_url","fff_plugin_url",[],{"error":198,"url":352,"statusCode":353,"statusMessage":354,"message":354},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffast-fancy-filter-3f\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":87,"versions":356},[]]