[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbcxVF_bxPD1MDApY6D8DVFafwfqzMDzD-fXWtoE3uLs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":52,"analysis":124,"fingerprints":193},"fetch-jft","Fetch JFT","1.9.1","pjaudiomv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpjaudiomv\u002F","\u003Cp>Fetch JFT is a plugin that pulls the Just For Today from jftna.org and puts it on your page or post. Use the widget Fetch JFT to add to your sidebar or footer.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [jft]\u003Cbr \u002F>\nLanguages: Danish, English, Farsi, French, German, Italian, Japanese, Portuguese, Russian, Spanish, Swedish [jft language=””]\u003Cbr \u002F>\nLayout: Table, Block [jft layout=””]\u003Cbr \u002F>\n— Shortcode parameters can be combined and accept either uppercase or lowercase\u003C\u002Fp>\n\u003Cp>EXAMPLES\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mvana.org\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mvana.org\u002Fjust-for-today\u002F\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fnewyorkna.org\u002Finformation\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fnewyorkna.org\u002Finformation\u002Fjust-for-today\u002F\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.na-ireland.org\u002Ffor-our-members\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.na-ireland.org\u002Ffor-our-members\u002Fjust-for-today\u002F\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fhillcountryna.org\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fhillcountryna.org\u002Fjust-for-today\u002F\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.otwna.org\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.otwna.org\u002Fjust-for-today\u002F\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Femeraldcoastareana.org\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Femeraldcoastareana.org\u002F\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fsuncityna.org\u002Fmembers\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fsuncityna.org\u002Fmembers\u002Fjust-for-today\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>As A Widget\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fcrossroadsarea.org\u002Fevents-activities\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fcrossroadsarea.org\u002Fevents-activities\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>MORE INFORMATION\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Ffetch-jft\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Ffetch-jft\u003C\u002Fa>\u003C\u002Fp>\n","Fetch JFT is a plugin that pulls the Just For Today from jftna.org and puts it on your page or post.",100,6657,90,2,"2025-06-06T17:39:00.000Z","6.8.5","","7.3",[20,21,22,23],"jft","just-for-today","na","narcotics-anonymous","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffetch-jft\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffetch-jft.1.9.1.zip",99,1,0,"2024-05-28 16:54:09","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":27},"CVE-2024-4419","fetch-jft-authenticated-administrator-stored-cross-site-scripting","Fetch JFT \u003C= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.8.3","1.8.4","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-05-29 05:31:25",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5aca31f5-310f-441b-8d8c-51b7bf2b0b7d?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":27,"trust_score":26,"computed_at":51},10,370,98,"2026-04-05T06:16:14.257Z",[53,66,85,98,111],{"slug":54,"name":55,"version":56,"author":7,"author_profile":8,"description":57,"short_description":58,"active_installs":28,"downloaded":59,"rating":28,"num_ratings":28,"last_updated":60,"tested_up_to":61,"requires_at_least":17,"requires_php":17,"tags":62,"homepage":63,"download_link":64,"security_score":65,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"hosted-jft","Hosted JFT","1.0.3","\u003Cp>Hosted JFT is a plugin that allows an NA Community to host their own translated version of the JFT. Add the [hosted_jft]\u003Cbr \u002F>\nshortcode to your page or use the widget Hosted JFT to add to your sidebar or footer.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [hosted_jft]\u003Cbr \u002F>\nCustom Field Name:  This is the name of the Custom Field used on your post to store the date in MM-DD format\u003Cbr \u002F>\nTimezone: This should probably just be your local timezone but can be changed in a shortcode if needed [jft jft_timezone=”Europe\u002FRome”].\u003Cbr \u002F>\nA list of supported timezones can be found here \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Ftimezones.php\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Ftimezones.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>EXAMPLES\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mvana.org\u002Fjust-for-today\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mvana.org\u002Fjust-for-today\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>As A Widget\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fcrossroadsarea.org\u002Fevents-activities\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fcrossroadsarea.org\u002Fevents-activities\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>MORE INFORMATION\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Ffetch-jft\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Ffetch-jft\u003C\u002Fa>\u003C\u002Fp>\n","Hosted JFT is a plugin that allows an NA Community to host their own translated version of the JFT. Add the [hosted_jft]",1101,"2023-05-17T21:14:00.000Z","6.2.9",[54,20,21,22,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhosted-jft\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhosted-jft.1.0.3.zip",85,{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":28,"num_ratings":28,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":83,"download_link":84,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bread","Bread","2.9.11","radius314","https:\u002F\u002Fprofiles.wordpress.org\u002Fradius314\u002F","\u003Cp>“bread” is a fork of the BMLT meeting list generator.  It allows for the creation of a meeting schedule from a BMLT server.\u003C\u002Fp>\n","A web-based tool that creates, maintains and generates a PDF meeting list from BMLT.",300,17421,"2026-02-05T14:01:00.000Z","6.9.4","6.2","8.1",[81,82,22,23],"bmlt","meeting-list","https:\u002F\u002Fbmlt.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbread.2.9.11.zip",{"slug":86,"name":86,"version":87,"author":70,"author_profile":71,"description":88,"short_description":89,"active_installs":74,"downloaded":90,"rating":11,"num_ratings":14,"last_updated":91,"tested_up_to":77,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":96,"download_link":97,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"crouton","4.1.4","\u003Cp>Crouton provides a UI for viewing recovery meetings stored in a Basic Meeting List Toolbox (BMLT) database.  Simply put a shortcode on a WordPress page to get an interactive display list of meetings.\u003Cbr \u002F>\nThis plugin provides shortcodes to view the meetings as a table, a map or insert the number of meetings and groups in specified service bodies.  Configure Crouton from the WordPress backend, using attributes in the shortcode or using query string parameters.  The admin UI contains detailed instructions.\u003C\u002Fp>\n","crouton provides a UI and more for view recovery meetings as stored in a Basic Meeting List Toolbox (BMLT) database.",34335,"2026-03-10T07:11:00.000Z","4.0","8.0",[81,82,23,95],"recovery","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcrouton\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrouton.4.1.4.zip",{"slug":99,"name":100,"version":101,"author":7,"author_profile":8,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":28,"num_ratings":28,"last_updated":106,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":107,"homepage":109,"download_link":110,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"fetch-meditation","Fetch Meditation","1.5.0","\u003Cp>Fetch Meditation is a plugin that pulls either the Spiritual Principle A Day or Just For Today and puts it on your page or post.\u003C\u002Fp>\n\u003Cp>Use one of the following shortcodes in your page or post:\u003Cbr \u002F>\n– [fetch_meditation] – General shortcode (requires book attribute)\u003Cbr \u002F>\n– [jft] – Just For Today meditation\u003Cbr \u002F>\n– [spad] – Spiritual Principle A Day meditation\u003C\u002Fp>\n\u003Cp>SHORTCODES\u003Cbr \u002F>\nBasic JFT: [jft]\u003Cbr \u002F>\nBasic SPAD: [spad]\u003Cbr \u002F>\nBoth (Tabbed): [fetch_meditation book=”both”]\u003Cbr \u002F>\nGeneral: [fetch_meditation book=”jft”]\u003Cbr \u002F>\nLayout: table, block [jft layout=”block”] or [spad layout=”table”]\u003Cbr \u002F>\nLanguage: JFT: english, french, german, italian, portuguese, russian, spanish, swedish. SPAD: english, german [jft language=”spanish”] or [spad language=”german”]\u003Cbr \u002F>\nTimezone (English Only): Any valid IANA \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Ftimezones.php\" rel=\"nofollow ugc\">timezone\u003C\u002Fa> [jft timezone=”America\u002FNew_York”]\u003Cbr \u002F>\nTheme: default, jft-style, spad-style [jft theme=”default”] or [fetch_meditation theme=”spad-style”] (Note: [jft] defaults to jft-style, [spad] defaults to spad-style)\u003Cbr \u002F>\nExcerpt: Show quote and metadata with read more link (hides paragraphs\u002Fthought) [jft excerpt=”true” read_more_url=”\u002Ffull-page\u002F”]\u003C\u002Fp>\n\u003Cp>TABBED DISPLAY (book=”both” only)\u003Cbr \u002F>\nDisplay both JFT and SPAD meditations in an interactive interface:\u003Cbr \u002F>\n– Basic (horizontal tabs): [fetch_meditation book=”both”]\u003Cbr \u002F>\n– Accordion layout: [fetch_meditation book=”both” tabs_layout=”accordion”]\u003Cbr \u002F>\n– Tabs layout (default): [fetch_meditation book=”both” tabs_layout=”tabs”]\u003C\u002Fp>\n\u003Cp>EXCERPT MODE\u003Cbr \u002F>\nShow meditation preview on front page with link to full reading.\u003Cbr \u002F>\nDisplays date, title, page, quote, and source with “Read more” link (skips paragraphs, thought, copyright).\u003Cbr \u002F>\nTypical workflow: Use excerpt on homepage, full meditation on dedicated page:\u003Cbr \u002F>\n– Homepage: [jft excerpt=”true” read_more_url=”\u002Fdaily-meditation\u002F”]\u003Cbr \u002F>\n– Full meditation page (\u002Fdaily-meditation\u002F): [jft excerpt=”false”]\u003C\u002Fp>\n\u003Cp>MORE INFORMATION\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Ffetch-meditation-wp\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Ffetch-meditation-wp\u003C\u002Fa>\u003C\u002Fp>\n","Fetch Meditation is a plugin that pulls either the Spiritual Principle A Day or Just For Today and puts it on your page or post.",70,2698,"2026-01-30T16:52:00.000Z",[81,99,20,22,108],"spad","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffetch-meditation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffetch-meditation.1.5.0.zip",{"slug":112,"name":113,"version":114,"author":7,"author_profile":8,"description":115,"short_description":116,"active_installs":104,"downloaded":117,"rating":11,"num_ratings":27,"last_updated":118,"tested_up_to":16,"requires_at_least":17,"requires_php":93,"tags":119,"homepage":122,"download_link":123,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"list-locations-bmlt","List Locations BMLT","2.4.0","\u003Cp>List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [list_locations]\u003Cbr \u002F>\nAttributes: root_server, services, recursive, state, delimiter, list, state_skip, city_skip\u003C\u002Fp>\n\u003Cp>— Shortcode parameters can be combined\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>A minimum of root_server and services attribute are required, which would return all towns for that service body seperated by a comma.\u003C\u002Fp>\n\u003Cp>Ex. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recursive:\u003C\u002Fstrong> to recurse service bodies add recursive=\"1\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" recursive=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>State:\u003C\u002Fstrong> to remove appending of the state add state=\"0\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"0\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>State Skip:\u003C\u002Fstrong> to skip the inclusion of a state when using state=\"1\" add state_skip=\"NC\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" state_skip=\"NC\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>City Skip\u003C\u002Fstrong> To skip the inclusion of a city add city_skip=\"Indianapolis\". This can be useful when mentioning a city out of order or in a different part of the text.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" city_skip=\"Indianapolis\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services:\u003C\u002Fstrong> to add multiple service bodies just seperate by a comma.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50,37,26\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Delimiter:\u003C\u002Fstrong> to change the delimiter to something besides a comma I would add delimiter=\" – \" or to create newlines between each I could do this delimiter=\"\u003Cbr>\", or delimiter=\"\u003Cp>\u003C\u002Fp>\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" delimiter=\"\u003Cbr>\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List:\u003C\u002Fstrong> You can list by the following town, county, borough, neighborhood. The default is town.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" list=\"town\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>custom_query\u003C\u002Fstrong> You can add a custom query from semantic api to filter results, for ex by format \u003Ccode>&formats=54\u003C\u002Fcode>.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" custom_query=\"&formats=54\"]\u003C\u002Fp>\n\u003Ch3>EXAMPLES\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.crna.org\u002Farea-service-committees\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.crna.org\u002Farea-service-committees\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fheartoflongislandna.org\" rel=\"nofollow ugc\">https:\u002F\u002Fheartoflongislandna.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Feanaonline.org\" rel=\"nofollow ugc\">https:\u002F\u002Feanaonline.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MORE INFORMATION\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Flist-locations-bmlt\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Flist-locations-bmlt\u003C\u002Fa>\u003C\u002Fp>\n","List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.",3112,"2025-09-12T22:24:00.000Z",[120,81,121,112,23],"basic-meeting-list-toolbox","list-locations","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flist-locations-bmlt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-locations-bmlt.2.4.0.zip",{"attackSurface":125,"codeSignals":165,"taintFlows":178,"riskAssessment":179,"analyzedAt":192},{"hooks":126,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":164,"entryPointCount":27,"unprotectedCount":28},[127,133,137,141,145,150,153],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","init","pluginSetup","fetch-jft-plugin.php",35,{"type":128,"name":134,"callback":135,"file":131,"line":136},"admin_menu","optionsMenu",41,{"type":128,"name":138,"callback":139,"file":131,"line":140},"wp_enqueue_scripts","assets",43,{"type":128,"name":142,"callback":143,"file":131,"line":144},"widgets_init","closure",45,{"type":128,"name":146,"callback":147,"file":148,"line":149},"admin_init","registerSettings","src\\Dashboard.php",12,{"type":128,"name":134,"callback":151,"file":148,"line":152},"createMenu",13,{"type":128,"name":154,"callback":155,"priority":156,"file":148,"line":157},"admin_enqueue_scripts","enqueueBackendFiles",500,14,[],[],[161],{"tag":20,"callback":162,"file":131,"line":163},"reading",44,[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":174,"fileOperations":28,"externalRequests":27,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":177},[],{"prepared":14,"raw":14,"locations":168},[169,172],{"file":170,"line":74,"context":171},"src\\Reading.php","$wpdb->query() with variable interpolation",{"file":170,"line":173,"context":171},319,{"escaped":175,"rawEcho":28,"locations":176},37,[],[],[],{"summary":180,"deductions":181},"The \"fetch-jft\" plugin v1.9.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a strong adherence to secure coding practices with 100% output escaping and no identified dangerous functions, file operations, or external HTTP requests. The limited attack surface, consisting of a single shortcode with no explicit auth checks, and the absence of taint analysis findings are also encouraging.\n\nHowever, significant concerns arise from the vulnerability history. The presence of a previously disclosed medium-severity Cross-Site Scripting (XSS) vulnerability, even though currently patched, indicates a historical weakness in input sanitization or output encoding. The lack of nonce checks and capability checks for the identified entry points (shortcode) is a notable oversight, as these are fundamental security mechanisms for preventing unauthorized actions and ensuring input integrity.\n\nWhile the current version shows improvements, the past XSS vulnerability and the absence of built-in authorization checks for its shortcode suggest potential areas for improvement. The plugin's security is heavily reliant on the fact that its sole entry point (shortcode) likely doesn't handle untrusted user input in a way that could immediately lead to issues, or that the XSS was fixed internally. A cautious approach is recommended, with ongoing monitoring for future vulnerabilities.",[182,184,187,189],{"reason":183,"points":48},"Medium severity XSS vulnerability historically",{"reason":185,"points":186},"No nonce checks on entry points",7,{"reason":188,"points":186},"No capability checks on entry points",{"reason":190,"points":191},"SQL queries not always prepared",3,"2026-03-16T21:06:15.730Z",{"wat":194,"direct":203},{"assetPaths":195,"generatorPatterns":197,"scriptPaths":198,"versionParams":200},[196],"\u002Fwp-content\u002Fplugins\u002Ffetch-jft\u002Fcss\u002Fjft.css",[],[199],"\u002Fwp-content\u002Fplugins\u002Ffetch-jft\u002Fjs\u002Fjft.js",[201,202],"fetch-jft\u002Fcss\u002Fjft.css","fetch-jft\u002Fjs\u002Fjft.js",{"cssClasses":204,"htmlComments":205,"htmlAttributes":206,"restEndpoints":209,"jsGlobals":210,"shortcodeOutput":211},[],[],[207,208],"id=\"language-container\"","id=\"layout-container\"",[],[],[212],"[jft]"]