[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTXr-ww3ScBnAaqieDyLSKU3cm9G3-tWdiJ2Q6aBw6MY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":14,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":90,"fingerprints":389},"hmh-footer-builder-for-elementor","HMH Footer Builder For Elementor","1.0","WPelite","https:\u002F\u002Fprofiles.wordpress.org\u002Fhameha\u002F","\u003Cp>HMH Footer Builder For Elementor – Easy way to create any footers you can imagine.\u003C\u002Fp>\n\u003Cp>The demo: \u003Ca href=\"http:\u002F\u002Ffooter-builder-for-elementor.lamblue.com\" rel=\"nofollow ugc\">http:\u002F\u002Ffooter-builder-for-elementor.lamblue.com\u003C\u002Fa>\u003C\u002Fp>\n","HMH Footer Builder For Elementor - Easy way to create any footers you can imagine.",10,1375,100,1,"2019-05-20T05:17:00.000Z","5.2.24","4.0","5.2.4",[20,21,22,23],"build-footer","custom-footer","edit-footer-with-elementor","wordpress-footer","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhmh-footer-builder-for-elementor.zip",64,"2025-04-01 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-31749","hmh-footer-builder-for-elementor-authenticated-contributor-stored-cross-site-scripting","HMH Footer Builder For Elementor \u003C= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The HMH Footer Builder For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-09 13:30:12",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc0c78156-627c-422f-acc4-e5a707ee3946?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":11,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"hameha",2,75,30,77,"2026-04-05T05:11:48.537Z",[52,72],{"slug":53,"name":54,"version":6,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":11,"downloaded":59,"rating":60,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":24,"tags":64,"homepage":69,"download_link":70,"security_score":71,"vuln_count":60,"unpatched_count":60,"last_vuln_date":35,"fetched_at":28},"db-signatures","DB Signatures","David Beja","https:\u002F\u002Fprofiles.wordpress.org\u002Fdbeja\u002F","\u003Cp>This plugin creates a custom post type where you can define multiple HTML signatures that will appear on the bottom of each post\u002Fpage\u002Fcustom post type. Only one of these HTML signatures will show each time you open a post\u002Fpage\u002Fcustom post type.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Random selection of the HTML signature\u003C\u002Fli>\n\u003Cli>Limit some signatures to certain post types\u003C\u002Fli>\n\u003Cli>Limit some signatures to posts that have certain categories and\u002For tags\u003C\u002Fli>\n\u003Cli>Disable the plugin on some posts\u003C\u002Fli>\n\u003Cli>For a certain post select a fixed signature\u003C\u002Fli>\n\u003C\u002Ful>\n","Add some HTML content to the bottom of every posts, pages and custom post types.",1726,0,"2014-02-09T17:27:00.000Z","3.7.41","3.5",[65,66,21,67,68],"ads","banners","footer","signatures","http:\u002F\u002FURI_Of_Page_Describing_Plugin_and_Updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdb-signatures.1.0.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":60,"downloaded":80,"rating":60,"num_ratings":60,"last_updated":81,"tested_up_to":82,"requires_at_least":17,"requires_php":24,"tags":83,"homepage":24,"download_link":89,"security_score":71,"vuln_count":60,"unpatched_count":60,"last_vuln_date":35,"fetched_at":28},"per-page-headers-and-footers-code","Per Page Headers and Footers Code","1.0.0","jabermarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fjabermarketing\u002F","\u003Cp>This plugin allows you to add header and footer code to your wordpress website on a per page basis. You can also add global code which you can then deactivate from specfic pages\u002Fpsots.\u003C\u002Fp>\n","This plugin allows you to add header and footer code to your wordpress website on a per page basis.",977,"2018-04-03T16:57:00.000Z","4.9.29",[84,85,86,87,88],"per-page-code","per-page-footer-code","per-page-header-code","wordpress-footers","wordpress-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-headers-and-footers-code.zip",{"attackSurface":91,"codeSignals":234,"taintFlows":323,"riskAssessment":381,"analyzedAt":388},{"hooks":92,"ajaxHandlers":223,"restRoutes":231,"shortcodes":232,"cronEvents":233,"entryPointCount":46,"unprotectedCount":60},[93,99,102,107,112,115,120,123,127,130,132,134,135,138,141,144,145,147,149,151,152,157,159,164,166,167,170,172,173,174,175,177,180,182,183,185,186,189,190,193,194,195,198,199,200,205,207,208,209,211,212,213,215,216,217,219,221],{"type":94,"name":95,"callback":96,"file":97,"line":98},"action","wp_footer","develop","bestbugcore\\classes\\helper.class.php",27,{"type":94,"name":100,"callback":96,"file":97,"line":101},"admin_footer",28,{"type":94,"name":103,"callback":104,"priority":105,"file":106,"line":98},"admin_menu","options",11,"bestbugcore\\classes\\options.class.php",{"type":94,"name":108,"callback":109,"file":110,"line":111},"init","register_posttypes","bestbugcore\\classes\\posttypes.class.php",24,{"type":94,"name":108,"callback":108,"file":113,"line":114},"bestbugcore\\extend\\index.php",13,{"type":116,"name":117,"callback":118,"priority":11,"file":113,"line":119},"filter","vc_shortcodes_css_class","support_5columns",14,{"type":94,"name":108,"callback":108,"file":121,"line":122},"bestbugcore\\extend\\vc-params\\number.class.php",26,{"type":94,"name":124,"callback":125,"file":121,"line":126},"admin_enqueue_scripts","adminEnqueueScripts",36,{"type":94,"name":108,"callback":108,"file":128,"line":129},"bestbugcore\\extend\\vc-params\\range.class.php",23,{"type":94,"name":124,"callback":125,"file":128,"line":131},33,{"type":94,"name":108,"callback":108,"file":133,"line":129},"bestbugcore\\extend\\vc-params\\responsive.class.php",{"type":94,"name":124,"callback":125,"file":133,"line":131},{"type":94,"name":100,"callback":136,"file":133,"line":137},"template",35,{"type":94,"name":139,"callback":139,"priority":105,"file":133,"line":140},"save_post",38,{"type":94,"name":108,"callback":108,"file":142,"line":143},"bestbugcore\\extend\\vc-params\\tabs.class.php",25,{"type":94,"name":124,"callback":125,"file":142,"line":126},{"type":94,"name":108,"callback":108,"file":146,"line":129},"bestbugcore\\extend\\vc-params\\tags.class.php",{"type":94,"name":124,"callback":125,"file":146,"line":148},32,{"type":94,"name":108,"callback":108,"file":150,"line":129},"bestbugcore\\extend\\vc-params\\toggle.class.php",{"type":94,"name":124,"callback":125,"file":150,"line":131},{"type":94,"name":153,"callback":154,"file":155,"line":156},"plugins_loaded","loadTextDomain","bestbugcore\\index.php",31,{"type":94,"name":100,"callback":158,"file":155,"line":148},"ajax_loading",{"type":94,"name":160,"callback":161,"file":162,"line":163},"add_meta_boxes","bb_footer_builder_content_box","includes\\admin\\metabox-footer.class.php",22,{"type":94,"name":139,"callback":165,"file":162,"line":129},"bb_footer_builder_content_metabox_save",{"type":94,"name":124,"callback":125,"file":162,"line":48},{"type":94,"name":168,"callback":169,"file":162,"line":148},"wp_enqueue_scripts","enqueueScripts",{"type":94,"name":160,"callback":161,"file":171,"line":129},"includes\\admin\\metabox.class.php",{"type":94,"name":139,"callback":165,"file":171,"line":111},{"type":94,"name":124,"callback":125,"file":171,"line":156},{"type":94,"name":168,"callback":169,"file":171,"line":131},{"type":94,"name":108,"callback":108,"file":176,"line":163},"includes\\filter.class.php",{"type":116,"name":178,"callback":179,"file":176,"line":129},"single_template","load_template",{"type":94,"name":181,"callback":181,"file":176,"line":101},"bbfb_footer",{"type":94,"name":95,"callback":181,"file":176,"line":48},{"type":94,"name":124,"callback":125,"file":176,"line":184},34,{"type":94,"name":168,"callback":169,"file":176,"line":126},{"type":94,"name":124,"callback":125,"file":187,"line":188},"includes\\helper.class.php",29,{"type":94,"name":168,"callback":169,"file":187,"line":156},{"type":116,"name":191,"callback":104,"priority":11,"file":192,"line":101},"bb_register_options","includes\\options.class.php",{"type":94,"name":124,"callback":125,"file":192,"line":156},{"type":94,"name":168,"callback":169,"file":192,"line":131},{"type":116,"name":196,"callback":109,"priority":11,"file":197,"line":111},"bb_register_posttypes","includes\\posttypes.class.php",{"type":94,"name":124,"callback":125,"file":197,"line":48},{"type":94,"name":168,"callback":169,"file":197,"line":148},{"type":94,"name":201,"callback":202,"file":203,"line":204},"elementor\u002Fwidgets\u002Fwidgets_registered","closure","includes\\shortcodes\\index.php",6,{"type":94,"name":108,"callback":108,"file":206,"line":163},"includes\\shortcodes\\instagram.class.php",{"type":94,"name":124,"callback":125,"file":206,"line":131},{"type":94,"name":168,"callback":169,"file":206,"line":137},{"type":94,"name":108,"callback":108,"file":210,"line":163},"includes\\shortcodes\\menu.class.php",{"type":94,"name":124,"callback":125,"file":210,"line":131},{"type":94,"name":168,"callback":169,"file":210,"line":137},{"type":94,"name":108,"callback":108,"file":214,"line":163},"includes\\shortcodes\\social.class.php",{"type":94,"name":124,"callback":125,"file":214,"line":131},{"type":94,"name":168,"callback":169,"file":214,"line":137},{"type":94,"name":108,"callback":108,"file":218,"line":47},"index.php",{"type":94,"name":124,"callback":125,"file":218,"line":220},81,{"type":94,"name":168,"callback":169,"file":218,"line":222},83,[224,229],{"action":225,"nopriv":226,"callback":227,"hasNonce":226,"hasCapCheck":228,"file":106,"line":101},"bb_save_options",false,"save_options",true,{"action":230,"nopriv":226,"callback":139,"hasNonce":226,"hasCapCheck":228,"file":106,"line":188},"bb_save_post",[],[],[],{"dangerousFunctions":235,"sqlUsage":243,"outputEscaping":245,"fileOperations":60,"externalRequests":46,"nonceChecks":46,"capabilityChecks":46,"bundledLibraries":313},[236,241],{"fn":237,"file":238,"line":239,"context":240},"unserialize","includes\\shortcodes\\elementor\\custom_instagram.class.php",235,"$instagram = unserialize( base64_decode( $instagram ) );",{"fn":237,"file":206,"line":242,"context":240},280,{"prepared":60,"raw":60,"locations":244},[],{"escaped":246,"rawEcho":101,"locations":247},344,[248,252,254,257,259,262,265,267,269,272,274,276,278,279,281,283,285,287,289,291,293,295,297,299,301,304,307,310],{"file":249,"line":250,"context":251},"bestbugcore\\classes\\fields\\attach.view.php",8,"raw output",{"file":249,"line":253,"context":251},15,{"file":255,"line":256,"context":251},"bestbugcore\\classes\\fields\\checkbox.view.php",16,{"file":258,"line":105,"context":251},"bestbugcore\\classes\\fields\\colorpicker.view.php",{"file":260,"line":261,"context":251},"bestbugcore\\classes\\fields\\couple.view.php",62,{"file":263,"line":264,"context":251},"bestbugcore\\classes\\fields\\couple2.view.php",52,{"file":266,"line":253,"context":251},"bestbugcore\\classes\\fields\\dropdown.view.php",{"file":268,"line":11,"context":251},"bestbugcore\\classes\\fields\\javascript.view.php",{"file":270,"line":271,"context":251},"bestbugcore\\classes\\fields\\multi_select.view.php",19,{"file":273,"line":105,"context":251},"bestbugcore\\classes\\fields\\number.view.php",{"file":275,"line":105,"context":251},"bestbugcore\\classes\\fields\\tags.view.php",{"file":277,"line":114,"context":251},"bestbugcore\\classes\\fields\\text.view.php",{"file":277,"line":271,"context":251},{"file":280,"line":11,"context":251},"bestbugcore\\classes\\fields\\textarea.view.php",{"file":282,"line":105,"context":251},"bestbugcore\\classes\\fields\\textfield.view.php",{"file":284,"line":253,"context":251},"bestbugcore\\classes\\fields\\toggle.view.php",{"file":106,"line":286,"context":251},272,{"file":106,"line":288,"context":251},282,{"file":106,"line":290,"context":251},319,{"file":106,"line":292,"context":251},355,{"file":106,"line":294,"context":251},366,{"file":106,"line":296,"context":251},377,{"file":176,"line":298,"context":251},93,{"file":238,"line":300,"context":251},141,{"file":302,"line":303,"context":251},"includes\\shortcodes\\elementor\\custom_logo.class.php",216,{"file":305,"line":306,"context":251},"includes\\shortcodes\\elementor\\custom_menu.class.php",162,{"file":308,"line":309,"context":251},"includes\\shortcodes\\elementor\\empty_space.class.php",86,{"file":311,"line":312,"context":251},"includes\\shortcodes\\elementor\\kengang.class.php",80,[314,317,320],{"name":315,"version":35,"knownCves":316},"DataTables",[],{"name":318,"version":35,"knownCves":319},"Select2",[],{"name":321,"version":35,"knownCves":322},"jQuery",[],[324,340,351,364,373],{"entryPoint":325,"graph":326,"unsanitizedCount":60,"severity":339},"begin_wrap_html (bestbugcore\\classes\\helper.class.php:83)",{"nodes":327,"edges":337},[328,332],{"id":329,"type":330,"label":331,"file":97,"line":309},"n0","source","$_GET['page']",{"id":333,"type":334,"label":335,"file":97,"line":309,"wp_function":336},"n1","sink","echo() [XSS]","echo",[338],{"from":329,"to":333,"sanitized":228},"low",{"entryPoint":341,"graph":342,"unsanitizedCount":60,"severity":339},"develop (bestbugcore\\classes\\helper.class.php:113)",{"nodes":343,"edges":349},[344,347],{"id":329,"type":330,"label":345,"file":97,"line":346},"$_COOKIE (x3)",117,{"id":333,"type":334,"label":335,"file":97,"line":348,"wp_function":336},119,[350],{"from":329,"to":333,"sanitized":228},{"entryPoint":352,"graph":353,"unsanitizedCount":60,"severity":339},"\u003Chelper.class> (bestbugcore\\classes\\helper.class.php:0)",{"nodes":354,"edges":361},[355,356,357,359],{"id":329,"type":330,"label":331,"file":97,"line":309},{"id":333,"type":334,"label":335,"file":97,"line":309,"wp_function":336},{"id":358,"type":330,"label":345,"file":97,"line":346},"n2",{"id":360,"type":334,"label":335,"file":97,"line":348,"wp_function":336},"n3",[362,363],{"from":329,"to":333,"sanitized":228},{"from":358,"to":360,"sanitized":228},{"entryPoint":365,"graph":366,"unsanitizedCount":60,"severity":339},"begin_form_html (bestbugcore\\classes\\options.class.php:233)",{"nodes":367,"edges":371},[368,370],{"id":329,"type":330,"label":331,"file":106,"line":369},238,{"id":333,"type":334,"label":335,"file":106,"line":369,"wp_function":336},[372],{"from":329,"to":333,"sanitized":228},{"entryPoint":374,"graph":375,"unsanitizedCount":60,"severity":339},"\u003Coptions.class> (bestbugcore\\classes\\options.class.php:0)",{"nodes":376,"edges":379},[377,378],{"id":329,"type":330,"label":331,"file":106,"line":369},{"id":333,"type":334,"label":335,"file":106,"line":369,"wp_function":336},[380],{"from":329,"to":333,"sanitized":228},{"summary":382,"deductions":383},"The \"hmh-footer-builder-for-elementor\" plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce checks and capability checks for its entry points, and all SQL queries utilize prepared statements. The taint analysis shows no critical or high severity unsanitized flows, and a high percentage of output is properly escaped, suggesting an effort to prevent common injection vulnerabilities.\n\nHowever, significant concerns arise from the presence of the `unserialize` function, which is inherently dangerous if not handled with extreme care and input validation. While the static analysis did not reveal specific unsanitized `unserialize` usage, its mere presence introduces a potential risk. Furthermore, the plugin has a history of known vulnerabilities, with one medium severity Cross-Site Scripting (XSS) vulnerability being currently unpatched. This indicates a potential pattern of security weaknesses that require diligent maintenance and prompt patching.\n\nIn conclusion, while the plugin has implemented some robust security measures, the presence of `unserialize` and an unpatched medium-severity vulnerability are notable weaknesses. The plugin's overall security is bolstered by its protected entry points and SQL practices, but these strengths are somewhat undermined by the identified historical and potentially exploitable code constructs. Continuous monitoring and prompt remediation of identified vulnerabilities are crucial for maintaining a secure environment.",[384,386],{"reason":385,"points":253},"Unpatched CVE",{"reason":387,"points":11},"Dangerous function detected (unserialize)","2026-03-17T05:39:51.315Z",{"wat":390,"direct":401},{"assetPaths":391,"generatorPatterns":395,"scriptPaths":396,"versionParams":397},[392,393,394],"\u002Fwp-content\u002Fplugins\u002Fhmh-footer-builder-for-elementor\u002Fassets\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fhmh-footer-builder-for-elementor\u002Fassets\u002Fcss\u002Fbbfb.css","\u002Fwp-content\u002Fplugins\u002Fhmh-footer-builder-for-elementor\u002Fassets\u002Fjs\u002Fscript.js",[],[394],[398,399,400],"hmh-footer-builder-for-elementor\u002Fassets\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","hmh-footer-builder-for-elementor\u002Fassets\u002Fcss\u002Fbbfb.css?ver=","hmh-footer-builder-for-elementor\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":402,"htmlComments":404,"htmlAttributes":405,"restEndpoints":408,"jsGlobals":409,"shortcodeOutput":410},[403],"bb-footer-inside",[],[406,407],"id=\"bb-footer-inside-","class=\"bb-footer-inside\"",[],[],[411,412,413],"[bbfb_menus]","[bbfb_instagram]","[bbfb_social]"]