[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKgPKuER4ipRbhCCE49CDMmRk2pVY389UsZmq8kKE5SE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":367},"focus-slider","Focus – Featured Posts Widget & Shortcode","1.0","Jeffrey Carandang","https:\u002F\u002Fprofiles.wordpress.org\u002Fphpbits\u002F","\u003Ch3>Featured Posts Content via Shortcode\u003C\u002Fh3>\n\u003Cp>The easiest way to add Featured Posts Slider on every WordPress site using shortcodes and\u002For widgets. \u003Cstrong>Focus\u003C\u002Fstrong> gives you the simplest way to add and edit featured contents shortcode via media WordPress frame.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F178769345\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Featured Posts Slider Widget\u003C\u002Fh3>\n\u003Cp>Smoothly integrated on WordPress Widgets to provide you excellent option to add Featured Posts Widget Slider on any of your sidebar contents. Powered by tabbed-options for easiest accessible options to change slider settings.\u003C\u002Fp>\n\u003Ch3>Customizer Ready WordPress Featured Posts Plugin\u003C\u002Fh3>\n\u003Cp>Beginner ready! You can add the featured posts widget directly via customizer to see the changes live!\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple and Easiest to user Interface\u003C\u002Fli>\n\u003Cli>Add Responsive WordPress Featured Posts Slider via Shortcode\u003C\u002Fli>\n\u003Cli>Featured Posts Slider Widget\u003C\u002Fli>\n\u003Cli>Fully Responsive\u003C\u002Fli>\n\u003Cli>Fast and Lightweight Slider\u003C\u002Fli>\n\u003Cli>Featured Image Support\u003C\u002Fli>\n\u003Cli>Mobile Touch Navigation Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Visit the plugin official website for more info and live demo : \u003Ca href=\"http:\u002F\u002Ffocus-wp.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Ffocus-wp.com\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Follow the developer \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fphpbits\" rel=\"nofollow ugc\">@Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Other \u003Ca href=\"https:\u002F\u002Fphpbits.net\u002Fplugins\u002F\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Spotlight your Posts using Focus - a multi purpose WordPress Featured Slider Widgets and Shortcode Plugin to display your posts elegantly.",30,2846,96,4,"","4.7.32","4.0",[],"http:\u002F\u002Ffocus-wp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffocus-slider.zip",100,0,null,"2026-03-15T10:48:56.248Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":11,"trust_score":31,"computed_at":32},"phpbits",7,4840,87,85,"2026-04-04T06:02:04.392Z",[],{"attackSurface":35,"codeSignals":178,"taintFlows":326,"riskAssessment":353,"analyzedAt":366},{"hooks":36,"ajaxHandlers":157,"restRoutes":169,"shortcodes":170,"cronEvents":175,"entryPointCount":176,"unprotectedCount":177},[37,44,48,53,57,61,65,67,70,74,78,83,87,91,96,99,103,107,111,115,117,120,123,127,130,133,136,138,141,145,149,153],{"type":38,"name":39,"callback":40,"priority":41,"file":42,"line":43},"action","wp_enqueue_scripts","enqueue",999,"core\\functions.enqueue.php",13,{"type":38,"name":45,"callback":46,"priority":41,"file":42,"line":47},"admin_enqueue_scripts","admin_enqueue",14,{"type":38,"name":49,"callback":50,"file":51,"line":52},"plugins_loaded","init","core\\functions.media-frame.php",10,{"type":54,"name":55,"callback":55,"file":51,"line":56},"filter","media_upload_tabs",25,{"type":38,"name":58,"callback":59,"file":51,"line":60},"media_upload_focuswp_media","media_upload_tab__iframe",27,{"type":38,"name":62,"callback":63,"file":64,"line":47},"admin_notices","admin_messages","core\\functions.notices.php",{"type":38,"name":45,"callback":40,"file":66,"line":43},"core\\functions.screen.php",{"type":38,"name":68,"callback":69,"file":66,"line":47},"admin_menu","screen_page",{"type":38,"name":71,"callback":72,"file":66,"line":73},"activated_plugin","redirect",15,{"type":38,"name":75,"callback":76,"file":66,"line":77},"admin_head","remove_menu",16,{"type":54,"name":79,"callback":80,"priority":81,"file":66,"line":82},"admin_footer_text","admin_footer",1,17,{"type":38,"name":50,"callback":84,"file":85,"line":86},"register_shortcode","core\\functions.shortcodes.php",20,{"type":38,"name":88,"callback":89,"priority":52,"file":85,"line":90},"focuswp_slide_head","slide_head",21,{"type":38,"name":92,"callback":93,"priority":94,"file":85,"line":95},"focuswp_slide_content","slide_image",8,22,{"type":38,"name":92,"callback":97,"priority":52,"file":85,"line":98},"slide_content",23,{"type":38,"name":100,"callback":101,"priority":52,"file":85,"line":102},"focuswp_content_meta","slide_meta",24,{"type":38,"name":104,"callback":105,"priority":81,"file":85,"line":106},"focuswp_widget_display","widget_display",26,{"type":54,"name":108,"callback":109,"priority":81,"file":85,"line":110},"focuswp_item_classes","item_classes",29,{"type":38,"name":112,"callback":113,"file":114,"line":86},"admin_init","add_editor_styles","core\\functions.tinymce.php",{"type":38,"name":75,"callback":116,"file":114,"line":90},"scripts_head",{"type":54,"name":118,"callback":118,"file":114,"line":119},"mce_external_plugins",39,{"type":54,"name":121,"callback":121,"file":114,"line":122},"mce_buttons",40,{"type":38,"name":124,"callback":125,"priority":52,"file":126,"line":106},"focuswp_widget__before_tab","before_tabs","core\\functions.widget.php",{"type":38,"name":128,"callback":129,"priority":52,"file":126,"line":60},"focuswp_widget__tab","navtabs",{"type":38,"name":128,"callback":131,"priority":73,"file":126,"line":132},"moretabs",28,{"type":38,"name":134,"callback":135,"priority":52,"file":126,"line":110},"focuswp_widget__tabcontent","tab_display",{"type":38,"name":134,"callback":137,"priority":52,"file":126,"line":11},"tab_slide_atts",{"type":38,"name":134,"callback":139,"priority":73,"file":126,"line":140},"tab_more",31,{"type":38,"name":142,"callback":143,"priority":52,"file":126,"line":144},"focuswp_tab__options_content","tab_slide_featured",32,{"type":38,"name":146,"callback":147,"priority":52,"file":126,"line":148},"create_term","remove_transient",34,{"type":38,"name":150,"callback":151,"file":126,"line":152},"widgets_init","register_focuswp_widget",289,{"type":54,"name":154,"callback":155,"file":156,"line":102},"widget_text","do_shortcode","plugin.php",[158,163,164,166],{"action":159,"nopriv":160,"callback":161,"hasNonce":162,"hasCapCheck":160,"file":51,"line":110},"focuswp_media_upload",false,"frame_to_shortcode",true,{"action":159,"nopriv":162,"callback":161,"hasNonce":162,"hasCapCheck":160,"file":51,"line":11},{"action":165,"nopriv":160,"callback":165,"hasNonce":160,"hasCapCheck":160,"file":51,"line":144},"focuswp_extract_shortcodes",{"action":167,"nopriv":160,"callback":168,"hasNonce":160,"hasCapCheck":160,"file":64,"line":77},"focuswp_hideRating","hide_rating",[],[171],{"tag":172,"callback":173,"file":85,"line":174},"focus-slides","display_shortcode",33,[],5,2,{"dangerousFunctions":179,"sqlUsage":187,"outputEscaping":189,"fileOperations":22,"externalRequests":22,"nonceChecks":81,"capabilityChecks":321,"bundledLibraries":322},[180,184],{"fn":181,"file":85,"line":182,"context":183},"unserialize",226,"$categories = unserialize( $value );",{"fn":181,"file":126,"line":185,"context":186},126,"$cat_values = ( isset( $instance['categories'] ) ) ? unserialize( $instance['categories'] ) : array(",{"prepared":22,"raw":22,"locations":188},[],{"escaped":47,"rawEcho":190,"locations":191},80,[192,195,196,198,199,201,203,205,206,207,208,210,212,214,215,217,218,219,221,223,225,227,229,230,232,234,236,238,239,240,242,243,245,247,248,250,252,254,256,258,260,261,263,265,266,267,268,269,270,272,273,274,276,278,279,281,282,283,285,287,288,289,291,292,294,296,297,299,301,302,304,306,308,309,311,313,314,316,318,319],{"file":51,"line":193,"context":194},50,"raw output",{"file":51,"line":30,"context":194},{"file":51,"line":197,"context":194},102,{"file":64,"line":56,"context":194},{"file":64,"line":200,"context":194},44,{"file":85,"line":202,"context":194},105,{"file":85,"line":204,"context":194},107,{"file":85,"line":204,"context":194},{"file":85,"line":204,"context":194},{"file":85,"line":204,"context":194},{"file":85,"line":209,"context":194},112,{"file":85,"line":211,"context":194},153,{"file":85,"line":213,"context":194},160,{"file":85,"line":213,"context":194},{"file":85,"line":216,"context":194},170,{"file":85,"line":216,"context":194},{"file":85,"line":216,"context":194},{"file":85,"line":220,"context":194},178,{"file":85,"line":222,"context":194},179,{"file":85,"line":224,"context":194},260,{"file":85,"line":226,"context":194},264,{"file":114,"line":228,"context":194},36,{"file":114,"line":228,"context":194},{"file":126,"line":231,"context":194},57,{"file":126,"line":233,"context":194},60,{"file":126,"line":235,"context":194},65,{"file":126,"line":237,"context":194},84,{"file":126,"line":31,"context":194},{"file":126,"line":31,"context":194},{"file":126,"line":241,"context":194},89,{"file":126,"line":241,"context":194},{"file":126,"line":244,"context":194},109,{"file":126,"line":246,"context":194},110,{"file":126,"line":246,"context":194},{"file":126,"line":249,"context":194},115,{"file":126,"line":251,"context":194},116,{"file":126,"line":253,"context":194},117,{"file":126,"line":255,"context":194},121,{"file":126,"line":257,"context":194},145,{"file":126,"line":259,"context":194},150,{"file":126,"line":259,"context":194},{"file":126,"line":262,"context":194},151,{"file":126,"line":264,"context":194},161,{"file":126,"line":264,"context":194},{"file":126,"line":264,"context":194},{"file":126,"line":264,"context":194},{"file":126,"line":264,"context":194},{"file":126,"line":264,"context":194},{"file":126,"line":271,"context":194},162,{"file":126,"line":271,"context":194},{"file":126,"line":271,"context":194},{"file":126,"line":275,"context":194},166,{"file":126,"line":277,"context":194},167,{"file":126,"line":277,"context":194},{"file":126,"line":280,"context":194},169,{"file":126,"line":216,"context":194},{"file":126,"line":216,"context":194},{"file":126,"line":284,"context":194},172,{"file":126,"line":286,"context":194},173,{"file":126,"line":286,"context":194},{"file":126,"line":222,"context":194},{"file":126,"line":290,"context":194},180,{"file":126,"line":290,"context":194},{"file":126,"line":293,"context":194},191,{"file":126,"line":295,"context":194},193,{"file":126,"line":295,"context":194},{"file":126,"line":298,"context":194},194,{"file":126,"line":300,"context":194},197,{"file":126,"line":300,"context":194},{"file":126,"line":303,"context":194},198,{"file":126,"line":305,"context":194},200,{"file":126,"line":307,"context":194},201,{"file":126,"line":307,"context":194},{"file":126,"line":310,"context":194},203,{"file":126,"line":312,"context":194},204,{"file":126,"line":312,"context":194},{"file":126,"line":315,"context":194},211,{"file":126,"line":317,"context":194},243,{"file":126,"line":317,"context":194},{"file":126,"line":320,"context":194},244,3,[323],{"name":324,"version":23,"knownCves":325},"TinyMCE",[],[327,344],{"entryPoint":328,"graph":329,"unsanitizedCount":81,"severity":343},"focuswp_extract_shortcodes (core\\functions.media-frame.php:94)",{"nodes":330,"edges":341},[331,336],{"id":332,"type":333,"label":334,"file":51,"line":335},"n0","source","$_POST",95,{"id":337,"type":338,"label":339,"file":51,"line":197,"wp_function":340},"n1","sink","echo() [XSS]","echo",[342],{"from":332,"to":337,"sanitized":160},"medium",{"entryPoint":345,"graph":346,"unsanitizedCount":22,"severity":352},"\u003Cfunctions.media-frame> (core\\functions.media-frame.php:0)",{"nodes":347,"edges":350},[348,349],{"id":332,"type":333,"label":334,"file":51,"line":335},{"id":337,"type":338,"label":339,"file":51,"line":197,"wp_function":340},[351],{"from":332,"to":337,"sanitized":162},"low",{"summary":354,"deductions":355},"The focus-slider v1.0 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and a lack of known historical vulnerabilities, several concerning elements are present in its static analysis. The presence of two dangerous `unserialize` functions without clear sanitization or authentication checks is a significant risk, potentially leading to remote code execution if exploited via unsanitized input. The taint analysis reveals one flow with an unsanitized path, reinforcing concerns about potential injection vulnerabilities.  Furthermore, the plugin has a notable attack surface with two out of four AJAX handlers lacking authentication checks.  The low percentage of properly escaped output is another red flag, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities.  The plugin's history of zero CVEs is positive, suggesting it has either not been a target or has historically been well-maintained, but this does not negate the immediate risks identified in the current codebase.",[356,358,360,362,364],{"reason":357,"points":73},"Unsanitized unserialize function",{"reason":359,"points":52},"AJAX handlers without auth checks",{"reason":361,"points":94},"Low output escaping percentage",{"reason":363,"points":52},"Taint flow with unsanitized path",{"reason":365,"points":73},"Unsanitized unserialize function (second instance)","2026-03-16T22:21:55.975Z",{"wat":368,"direct":379},{"assetPaths":369,"generatorPatterns":376,"scriptPaths":377,"versionParams":378},[370,371,372,373,374,375],"\u002Fwp-content\u002Fplugins\u002Ffocus-slider\u002Fassets\u002Fcss\u002Ffocuswp.css","\u002Fwp-content\u002Fplugins\u002Ffocus-slider\u002Fassets\u002Fcss\u002Ffocus-admin.css","\u002Fwp-content\u002Fplugins\u002Ffocus-slider\u002Fassets\u002Fjs\u002Fjquery.focus.min.js","\u002Fwp-content\u002Fplugins\u002Ffocus-slider\u002Fassets\u002Fjs\u002Fjquery.focus.admin.min.js","\u002Fwp-content\u002Fplugins\u002Ffocus-slider\u002Fassets\u002Fjs\u002Fjquery.media-frame.js","\u002Fwp-content\u002Fplugins\u002Ffocus-slider\u002Fassets\u002Fcss\u002Fwelcome.css",[],[372,373,374],[],{"cssClasses":380,"htmlComments":393,"htmlAttributes":405,"restEndpoints":412,"jsGlobals":415,"shortcodeOutput":419},[381,382,383,384,385,386,387,388,389,390,391,392],"focuswp-media-frame-wrapper","focuswp-media-frame","focuswp-media-frame-inner","focuswp-widget--tabs","focuswp-widget--tabs ul","focuswp-widget--tabcontent","focuswp-media-frame-submit","focuswp-query-submit","focuswp-slider","focuswp-widget__before_tab","focuswp-widget__tab","focuswp-widget__tabcontent",[394,395,396,397,398,399,400,401,402,403,404],"\u003C!-- avoid direct calls to this file -->","\u003C!-- Install -->","\u003C!-- Runs on plugin install to populates the settings fields for those plugin -->","\u003C!-- pages. -->","\u003C!-- Create Custom Media Frame Tab -->","\u003C!-- For easier overriding we declared the keys -->","\u003C!-- here as well as our tabs array which is populated -->","\u003C!-- when registering settings -->","\u003C!-- html content for custom tab frame -->","\u003C!-- html content for custom tab frame contents -->","\u003C!-- Create Welcome Screen -->",[406,407,408,409,410,411],"data-wp-focuswpselect","id=\"focuswp-media-frame\"","name=\"widget-focuswp_widget\"","nonce_field","action=\"\u002Fwp-admin\u002Fadmin-ajax.php\"","value=\"focuswp_media_upload\"",[413,414],"\u002Fwp-json\u002Ffocuswp-media-upload","\u002Fwp-json\u002Ffocuswp-extract-shortcodes",[416,417,418],"FOCUSWP_SLIDER_SCRIPTS","FOCUSWP_SLIDER_MEDIA_FRAME","FOCUSWP_SLIDER_SCREEN",[420],"\u003Cspan class=\"focuswp\">"]