[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFtVE9TVr17immPpVH86EZ_73AMh5s605yjU8z4ZL3N4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":84},"flexslider-for-native-gallery","Flexslider for WordPress Native Gallery","1.9","Sarankumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fsarankumar\u002F","\u003Cp>WordPress plugin that create an awesome flexslider gallery instead of the default static thumbnails.No custom classes or extra posts necessary, just use the normal add media button and the nice gallery editor already available.\u003Cbr \u002F>\nWordPress plugin that hacks the gallery[id=”1,22,… etc “] shortcode to display a clean basic flexslider instead of the default static thumbnails.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Latest Update\u003C\u002Fstrong>\u003Cbr \u002F>\nAdded Setting option under ‘media menu setting’.\u003Cbr \u002F>\n\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n*   Enable plugin from Media Setting under Settings menu.\u003Cbr \u002F>\n*   Select image sizes to disply on gallery.\u003Cbr \u002F>\n*   No Settings required.\u003Cbr \u002F>\n*   Fully responsive gallery.\u003Cbr \u002F>\n*   Support almost all themes.\u003C\u002Fp>\n","Wordpress plugin that create an awesome flexslider gallery instead of the default static thumbnails.No custom classes or extra posts necessary, just u &hellip;",100,7635,90,4,"2017-09-29T05:36:00.000Z","4.8.28","",[],"https:\u002F\u002Fprofiles.wordpress.org\u002Fsarankumar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflexslider-for-native-gallery.1.9.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"sarankumar",12,2610,91,30,88,"2026-04-04T10:37:58.854Z",[],{"attackSurface":36,"codeSignals":61,"taintFlows":76,"riskAssessment":77,"analyzedAt":83},{"hooks":37,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":22,"unprotectedCount":22},[38,44,49,53],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_init","fsng_initialize_plugin_options","flex-admin.php",2,{"type":39,"name":45,"callback":46,"file":47,"line":48},"wp_enqueue_scripts","flexslider_scripts","fsng-index.php",28,{"type":39,"name":50,"callback":51,"file":47,"line":52},"wp_head","fsng_addScript",29,{"type":54,"name":55,"callback":56,"file":47,"line":31},"filter","the_content","fsng_replaceGallery",[],[],[],[],{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":75},[],{"prepared":22,"raw":22,"locations":64},[],{"escaped":22,"rawEcho":66,"locations":67},3,[68,71,73],{"file":42,"line":69,"context":70},64,"raw output",{"file":42,"line":72,"context":70},77,{"file":42,"line":74,"context":70},80,[],[],{"summary":78,"deductions":79},"The security posture of the flexslider-for-native-gallery plugin version 1.9 appears to be relatively strong based on the provided static analysis data. The absence of identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate a lack of dangerous functions, file operations, external HTTP requests, and importantly, all detected SQL queries utilize prepared statements, which is a critical security best practice. The vulnerability history being clear of any known CVEs further reinforces this positive outlook.\n\nHowever, a notable concern arises from the output escaping results. With 3 total outputs and 0% properly escaped, this indicates a potential for cross-site scripting (XSS) vulnerabilities. Any data rendered to the user interface without proper sanitization is susceptible to malicious input being executed within the browser. While there are no identified taint flows or capability\u002Fnonce checks, the lack of output escaping remains a significant weakness that could be exploited. The plugin's strengths lie in its limited attack surface and secure database interactions, but the identified output handling issues present a clear risk.\n\nIn conclusion, while the plugin demonstrates good practices in preventing common vulnerabilities like SQL injection and limiting its exposure points, the critical failure in output escaping introduces a tangible risk of XSS. The absence of historical vulnerabilities is positive, but it does not negate the current, identifiable code-level weakness. Addressing the output escaping issue is paramount to improving the overall security of this plugin.",[80],{"reason":81,"points":82},"0% output escaping on 3 outputs",9,"2026-03-16T20:58:48.478Z",{"wat":85,"direct":93},{"assetPaths":86,"generatorPatterns":89,"scriptPaths":90,"versionParams":92},[87,88],"\u002Fwp-content\u002Fplugins\u002Fflexslider-for-native-gallery\u002Fjquery.flexslider-min.js","\u002Fwp-content\u002Fplugins\u002Fflexslider-for-native-gallery\u002Fflexslider.css",[],[91],"jquery.flexslider-min.js",[],{"cssClasses":94,"htmlComments":98,"htmlAttributes":99,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":103},[95,96,97],"flexslider","slides","flex-caption",[],[],[],[102],"jQuery",[104,105],"\u003Cdiv class=\"flexslider\">\n\u003Cul class=\"slides\">\n\u003Cli>","\u003C\u002Fli>\n\u003C\u002Ful>\u003C\u002Fdiv>"]