[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsWg-MREJSFwxaqINCaokYJuvYiKglHcko-eF76d-ssE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":55,"analysis":158,"fingerprints":198},"featured-image","Featured Image","2.2","Mervin Praison","https:\u002F\u002Fprofiles.wordpress.org\u002Fmervinpraison\u002F","\u003Cp>Add featured image to any part of the website, on each individual post\u002Fpage. Very Easy to Implement. Provides you with a featured image shortcode [ featured-img ] , code and Featured Image widget.\u003C\u002Fp>\n\u003Cp>Paste the Code or the Shortcode on any part of the website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Very Easy to implement.\u003C\u002Fli>\n\u003Cli>Simple Shortcode Available\u003C\u002Fli>\n\u003Cli>Easy code Implementation inside loop and outside loop.\u003C\u002Fli>\n\u003Cli>Widge Avaliable\u003C\u002Fli>\n\u003Cli>Featured Image Caption\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmer.vin\u002Fwordpress-featured-image\" rel=\"nofollow ugc\">WordPress Featured Image\u003C\u002Fa> Documentation By \u003Ca href=\"https:\u002F\u002Fmer.vin\u002F\" rel=\"nofollow ugc\">Mervin\u003C\u002Fa> Praison\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fseomanageruk.com\" rel=\"nofollow ugc\">SEO Manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Version history\u003C\u002Fh3>\n\u003Ch4>version 2.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Security: Fixed Stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-12019)\u003C\u002Fli>\n\u003Cli>Fixed: Added missing global $post in caption function\u003C\u002Fli>\n\u003Cli>Improved: Enhanced security with proper output escaping\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>version 2.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>global $post fix\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Version 2.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added Featured Image Caption\u003C\u002Fli>\n\u003Cli>Added Alt Text for images\u003C\u002Fli>\n\u003Cli>Fixed Bugs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Version 1.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial release version.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add featured image to any part of the website, on each individual post\u002Fpage. Very Easy to Implement. Shortcode and widget available.",1000,67477,88,8,"2025-11-08T08:43:00.000Z","6.8.5","3.0","",[4,20,21,22,23],"image","seo","shortcode","widget","https:\u002F\u002Fmer.vin\u002Fwordpress-featured-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeatured-image.2.2.zip",99,1,0,"2025-11-10 15:23:26","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-12019","featured-image-authenticated-admin-stored-cross-site-scripting","Featured Image \u003C= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting","The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-13 15:54:10",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffa16605a-12bd-48a8-b9a9-db53bf3c2c39?source=api-prod",3,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},"mervinpraison",7,2500,100,266,79,"2026-04-04T06:21:11.517Z",[56,79,99,121,139],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":27,"unpatched_count":28,"last_vuln_date":78,"fetched_at":30},"ultimate-posts-widget","Ultimate Posts Widget","2.3.2","cl272","https:\u002F\u002Fprofiles.wordpress.org\u002Fcl272\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fultimate-posts-widget\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fultimate-posts-widget\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr \u002F>\n(this trick works for all plugins in the WP repo – just replace “wordpress” with “tastewp” in the URL)\u003C\u002Fp>\n\u003Cp>UPDATE: Plugin ownership changed for this plugin. We are currently evaluating possible enhancements for it. Stay tuned! If you have any suggestions yourself, please let us know in the Support Forum.\u003C\u002Fp>\n\u003Cp>Note: This is a \u003Cstrong>classic widget\u003C\u002Fstrong> type, in order for it to work on the latest version of WordPress you will need \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F\" rel=\"ugc\">Classic Widgets\u003C\u002Fa> plugin installed on your site.\u003C\u002Fp>\n\u003Cp>The ultimate widget for displaying posts, custom post types or sticky posts with an array of options to customize the display.\u003C\u002Fp>\n\u003Cp>Designed for both the average user and developer, Ultimate Posts Widgets aims to provide flexibility and ease of use for displaying any kinds of posts within your widget areas. An array of widget options are available as well as hooks, filters and custom templates for more advanced customization.\u003C\u002Fp>\n\u003Ch4>Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Filter by categories\u003C\u002Fli>\n\u003Cli>Filter by current category\u003C\u002Fli>\n\u003Cli>Filter by tags\u003C\u002Fli>\n\u003Cli>Filter by current tag\u003C\u002Fli>\n\u003Cli>Filter by custom post types\u003C\u002Fli>\n\u003Cli>Filter by sticky posts\u003C\u002Fli>\n\u003Cli>Select number of posts to display\u003C\u002Fli>\n\u003Cli>Display title\u003C\u002Fli>\n\u003Cli>Display publish date\u002Ftime with custom format options\u003C\u002Fli>\n\u003Cli>Display post author and link\u003C\u002Fli>\n\u003Cli>Display post comment count\u003C\u002Fli>\n\u003Cli>Display excerpt or full content\u003C\u002Fli>\n\u003Cli>Display read more link with custom label\u003C\u002Fli>\n\u003Cli>Display featured image and at any size\u003C\u002Fli>\n\u003Cli>Display post categories\u003C\u002Fli>\n\u003Cli>Display post tags\u003C\u002Fli>\n\u003Cli>Display custom fields\u003C\u002Fli>\n\u003Cli>Add text or HTML before and after posts list\u003C\u002Fli>\n\u003Cli>Add CSS class to widget\u003C\u002Fli>\n\u003Cli>Add widget title link\u003C\u002Fli>\n\u003Cli>Change excerpt length (in words)\u003C\u002Fli>\n\u003Cli>Order by date, title, number of comments, random or a custom field\u003C\u002Fli>\n\u003Cli>Exclude current post from the list\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-posts-widget\u002Ffaq\u002F\" rel=\"ugc\">FAQ tab\u003C\u002Fa> for documentation on custom templates, hooks, common issues, and more.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For help please ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fultimate-posts-widget\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Enjoy this plugin? \u003Ca href=\"https:\u002F\u002Fsellcodes.com\u002F5U4SICyc\" rel=\"nofollow ugc\">Send a tip to support development\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is part of the Inisev product family – \u003Ca href=\"https:\u002F\u002Finisev.com\" rel=\"nofollow ugc\">check out our other products\u003C\u002Fa>.\u003C\u002Fp>\n","The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.",10000,492332,90,55,"2024-07-17T01:21:00.000Z","6.6.5","3.5",[72,4,73,74,23],"custom-post-types","recent-posts","sticky-posts","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-posts-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-posts-widget.2.3.2.zip",92,"2024-02-13 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":17,"requires_php":18,"tags":93,"homepage":18,"download_link":97,"security_score":98,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"widget-builder","Widget Builder","1.6.2","Modern Tribe, Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoderntribe\u002F","\u003Cp>Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Create admin dashboard widgets \u003Cstrong>NEW!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Title and Description\u003C\u002Fli>\n\u003Cli>Customize “Read More” link text\u003C\u002Fli>\n\u003Cli>Very versatile. All fields are optional.\u003C\u002Fli>\n\u003Cli>Supports override of template so that you can override the template for your theme!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tested on PHP 5.2.17, 5.3.14 & 5.4.4 and WP 3.3 & 3.4.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported and we will do our best to help you. In return we simply as 3 things:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Help Out. If you see a question on the forum you can help with or have a great idea and want to code it up and submit a patch, that would be just plain awesome and we will shower you with praise. Might even be a good way to get to know us and lead to some paid work if you freelance.  Also, we are happy to post translations if you provide them.\u003C\u002Fli>\n\u003Cli>Donate – if this is generating enough revenue to support our time it makes all the difference in the world\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=R8H3DD84PWAQ2\u003C\u002Fli>\n\u003Cli>Support us by buying our Premium plugins. In particular, check out our Events Calendar Pro http:\u002F\u002Ftri.be\u002Fwordpress-events-calendar-pro\u002F\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Note: gear vector art used in the WordPress.org banner were created by http:\u002F\u002Fwww.opengraphicdesign.com\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Ch4>Dashboard Widgets\u003C\u002Fh4>\n\u003Cp>Select ‘Available As Dashboard Widget’ in the widget editor to enable a widget as a dashboard widget. If you do not want this widget showing in the available widgets list for sidebar placement, select ‘Disable Sidebar Widget’.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Cp>The Widget Builder comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “tribe_widget_builder” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>Alternatively you can point to a path of your choosing using the filter ‘tribe_widget_builder_widget.php’.\u003C\u002Fp>\n\u003Ch4>Filter widget query args\u003C\u002Fh4>\n\u003Cp>Filter your query arguments or get_posts altogether for granular fine tuning your listing of widgets or in the case of MU install restricting the builder to one site.\u003C\u002Fp>\n\u003Cp>The following filters are available for override\u003Cbr \u002F>\n    ‘tribe_widget_builder_get_posts_args’ \u002F\u002F customize the widget query parameters\u003Cbr \u002F>\n    ‘tribe_widget_builder_get_posts’ \u002F\u002F change the get_posts() query\u003C\u002Fp>\n","Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).",600,43832,74,10,"2015-08-21T16:35:00.000Z","4.3.34",[94,4,95,96,23],"admin","sidebar","simple","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-builder.1.6.2.zip",85,{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":51,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":119,"download_link":120,"security_score":98,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"paj-featured-image-owl-carousel","PAJ Featured Image Owl Carousel \u002F Slider","1.2.1","phillip2532","https:\u002F\u002Fprofiles.wordpress.org\u002Fphillip2532\u002F","\u003Cp>PAJ Featured Image Owl Carousel is an easy to use plugin to display featured images from posts, pages and custom post types as a carousel. It can also be used as a basic slider by setting the number of slides to 1.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fgreenorbwebdesign.co.uk\u002Fpaj-carousel-plugin\u002F\" rel=\"nofollow ugc\">View Documentation and live Demos »\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display featured images from posts, pages or custom post types as an Owl carousel.\u003C\u002Fli>\n\u003Cli>Option to display post heading, post excerpt and post author etc.\u003C\u002Fli>\n\u003Cli>Option to choose excerpt length.\u003C\u002Fli>\n\u003Cli>Font size and colour options\u003C\u002Fli>\n\u003Cli>Each slide is a link back to the post or custom post type.\u003C\u002Fli>\n\u003Cli>Select from different categories\u003C\u002Fli>\n\u003Cli>Easy installable\u003C\u002Fli>\n\u003Cli>Fully responsive OWL Carousel.\u003C\u002Fli>\n\u003Cli>Mobile, Tablet touch supported.\u003C\u002Fli>\n\u003Cli>Mouse drag option\u003C\u002Fli>\n\u003Cli>Multiple Carousels on same page with different content.\u003C\u002Fli>\n\u003Cli>Uses SrcSet along with column number to improve google page speed results.\u003C\u002Fli>\n\u003Cli>Use with shortcode or as a Siteorigin widget.\u003C\u002Fli>\n\u003Cli>2 navigation styles\u003C\u002Fli>\n\u003Cli>Image hover or boxed layout\u003C\u002Fli>\n\u003Cli>Options to choose number of slides on desktop, tablet and mobile\u003C\u002Fli>\n\u003Cli>Gap between slides option\u003C\u002Fli>\n\u003Cli>option to make images equal heights\u003C\u002Fli>\n\u003Cli>you can add a title for each carousel\u003C\u002Fli>\n\u003C\u002Ful>\n","Responsive feature image Carousel slider for posts and pages, use with shortcode or SiteOrigin Widgets Bundle by SiteOrigin.",80,4289,2,"2020-04-06T14:24:00.000Z","5.4.19","4.0.1","5.6",[115,116,20,117,118],"carousel","featured-image-carousel","responsive-carousel","siteorigin-widget","https:\u002F\u002Fgreenorbwebdesign.co.uk\u002Fpaj-carousel-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaj-featured-image-owl-carousel.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":51,"num_ratings":109,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":18,"download_link":138,"security_score":98,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"raw-latest-posts-widget","Latest Posts Widget","1.1","ravidhu","https:\u002F\u002Fprofiles.wordpress.org\u002Fravidhu\u002F","\u003Cp>List the lastest posts from a category or from all categories:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The excerpt of each post can be displayed.\u003C\u002Fli>\n\u003Cli>The date of each post can be displayed.\u003C\u002Fli>\n\u003Cli>The number of posts that you want to display can be fixed.\u003C\u002Fli>\n\u003Cli>The categories of the post can be displayed (if one category is selected, the selected one is not displayed).\u003C\u002Fli>\n\u003Cli>The featured image can be display or, if it is not set, the first image of the post is selected.\u003C\u002Fli>\n\u003Cli>The image can be displayed before or after the title.\u003C\u002Fli>\n\u003C\u002Ful>\n","List the lastest posts from a category.",40,3139,"2014-10-13T18:35:00.000Z","4.0.38","3.0.1",[135,136,4,137,23],"categories","category","list-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraw-latest-posts-widget.1.1.zip",{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":147,"downloaded":148,"rating":89,"num_ratings":46,"last_updated":149,"tested_up_to":150,"requires_at_least":133,"requires_php":18,"tags":151,"homepage":156,"download_link":157,"security_score":98,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"new-popular-posts-widget","New Popular Posts Widget","1.0.0","Rashadul Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Frashadul91\u002F","\u003Cp>This is a standard widget like others to show your most popular posts with featured image based on views of your post. Put it in any of your widget area from your WordPress dashboard and the it will automatically show 5 most popular posts which will be visited most after the activation of the widget.So, after activation of the widget, visit a post of your website and see, it will show below the popular post title.\u003C\u002Fp>\n","Popular Posts Widget with featured image will list blog posts based on views of the posts.",30,3444,"2016-12-13T15:47:00.000Z","4.7.32",[152,153,154,155,23],"popular-post","popular-post-with-featured-image","popular-posts","popular-posts-with-featured-image","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-popular-posts-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnew-popular-posts-widget.zip",{"attackSurface":159,"codeSignals":174,"taintFlows":186,"riskAssessment":187,"analyzedAt":197},{"hooks":160,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":173,"entryPointCount":109,"unprotectedCount":28},[],[],[],[164,169],{"tag":165,"callback":166,"file":167,"line":168},"featured-img","getting_featured_img","featured-image.php",53,{"tag":170,"callback":171,"file":167,"line":172},"featured-img-caption","getting_featured_img_caption",89,[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":185},[],{"prepared":28,"raw":28,"locations":177},[],{"escaped":46,"rawEcho":109,"locations":179},[180,183],{"file":167,"line":181,"context":182},58,"raw output",{"file":167,"line":184,"context":182},94,[],[],{"summary":188,"deductions":189},"The \"featured-image\" plugin version 2.2 exhibits a generally good security posture, with no critical or high-severity vulnerabilities identified in its current state and a strong adherence to secure coding practices such as prepared statements for SQL queries. The static analysis shows a relatively small attack surface consisting of only two shortcodes, and importantly, no unprotected entry points were found. The plugin also avoids dangerous functions, file operations, and external HTTP requests.  However, a notable concern is the presence of a past medium-severity vulnerability related to Cross-Site Scripting (XSS). While this vulnerability is reported as patched, its existence suggests a potential for input sanitization weaknesses that could be re-introduced or missed in future updates. Additionally, the 60% proper output escaping rate, while not critically low, indicates that a minority of outputs are not being adequately sanitized, which could still pose a risk if those outputs are user-controllable and displayed without proper context.",[190,192,195],{"reason":191,"points":90},"Past medium XSS vulnerability",{"reason":193,"points":194},"Inconsistent output escaping (40% not properly escaped)",5,{"reason":196,"points":194},"No nonce checks present","2026-03-16T18:45:58.125Z",{"wat":199,"direct":204},{"assetPaths":200,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[],[],[],[],{"cssClasses":205,"htmlComments":206,"htmlAttributes":207,"restEndpoints":209,"jsGlobals":210,"shortcodeOutput":211},[],[],[208],"id=\"featured-img-id\"",[],[],[212,213,214],"\u003Cdiv id=\"featured-img-id\">\u003Cimg src=","\u003Cimg src=","alt="]