[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fz9SJeAL3VsMyVK3ee_01Cj7NM3cyswc0uudBRSgBkKU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":74,"crawl_stats":38,"alternatives":80,"analysis":174,"fingerprints":220},"hot-random-image","Hot Random Image","1.9.3","Hot Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fhotwptemplates\u002F","\u003Cp>Hot Random Image by \u003Ca href=\"https:\u002F\u002Fwww.hotjoomlatemplates.com\u002F\" title=\"Hot Themes\" rel=\"nofollow ugc\">Hot Themes\u003C\u002Fa> is a basic plugin that shows a randomly picked image from a selected folder where images are stored. You can define a folder and the plugin will show all the images from this folder in a random order. Also, it’s possible to select only certain images from the folder that will be added in rotation. Each image can be linked. Alt text is optional. Image dimensions (width and height) can be defined in any format (pixels, percents, auto-mode…). Therefore, this plugin is appropriate for all responsive websites.\u003C\u002Fp>\n","Hot Random Image is a basic widget that shows a randomly picked image from a selected folder where images are stored.",2000,49989,98,9,"2025-12-03T12:35:00.000Z","6.9.4","3.9","7.0",[20,21,22,23,24],"block","image","images","responsive","widget","https:\u002F\u002Fwww.hotjoomlatemplates.com\u002Fwordpress-plugins\u002Frandom-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhot-random-image.1.9.3.zip",97,3,0,"2025-05-21 20:43:16","2026-03-15T15:16:48.613Z",[33,48,60],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-4405","hot-random-image-authenticated-contributor-stored-cross-site-scripting-via-link-parameter","Hot Random Image \u003C= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter","The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.9.2","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-22 09:21:51",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc5cff14e-e891-4569-afd8-2885ebb26401?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":57,"references":58,"days_to_patch":47},"CVE-2025-4419","hot-random-image-path-traversal-to-authenticated-contributor-limited-arbitrary-image-access-via-path-parameter","Hot Random Image \u003C= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter","The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-05-21 20:42:56","2025-05-22 09:21:52",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd6628232-0bd1-4194-8322-36084b1eb0f7?source=api-prod",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":38,"affected_versions":65,"patched_in_version":66,"severity":40,"cvss_score":67,"cvss_vector":68,"vuln_type":43,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2024-29796","hot-random-image-authenticated-contributor-stored-cross-site-scripting","Hot Random Image \u003C= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.8.1","1.8.2",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-03-25 00:00:00","2024-04-01 14:00:46",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc8a27ec5-019b-4aa5-8317-1c832af3b7ca?source=api-prod",8,{"slug":75,"display_name":7,"profile_url":8,"plugin_count":76,"total_installs":77,"avg_security_score":78,"avg_patch_time_days":28,"trust_score":78,"computed_at":79},"hotwptemplates",5,2700,99,"2026-04-05T02:03:03.447Z",[81,101,119,141,155],{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":29,"num_ratings":29,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"random-image-block","Random Image Block","0.10","Matt Rude","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattrude\u002F","\u003Cp>The Random Image Block is a small plugin that will display a random image from your native WordPress photo galley or in-beaded images.\u003C\u002Fp>\n\u003Cp>This widget will display the thumbnail of the random image, the “caption” and the images parent posts name. You may show all pictures on your site, or limit the selection to a single category if you wish. Once installed on your site, it will fully conform to the current theme. The Widgets title is also fully configurable. Random Image Widget was designed with full internationalization in mind and can be fully translated (Any help on this would be appreciated). As of Version 0.3 this plugin works out of the box without any configuraion (assuming you have pictures on your site).\u003C\u002Fp>\n\u003Cp>The Random Image Block plugin works with WordPress 3.0+ in both single and multi site modes.  As a Site Admin, you may activate this plugin across all the sites on your install.\u003C\u002Fp>\n\u003Cp>This Plugin is fully translated into the following languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Finnish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Danish\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Indonesian\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Portuguese\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you would like to help translating this plugin, or you see a problem with the current translation, please see my \u003Ca href=\"http:\u002F\u002Ftranslate.mattrude.com\u002Fprojects\u002Frandom-image-block\" rel=\"nofollow ugc\">Translation\u003C\u002Fa> page, and\u002For \u003Ca href=\"http:\u002F\u002Fmattrude.com\u002Fcontact-me\u002F\" rel=\"nofollow ugc\">contact me\u003C\u002Fa>.\u003C\u002Fp>\n","A small plugin that will display a random image from your native WordPress photo galley or in-beaded images.",100,16782,"2011-09-19T17:50:00.000Z","3.2.1","2.9","",[96,97,22,24],"gallery","image-block","http:\u002F\u002Fmattrude.com\u002Fprojects\u002Frandom-image-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-image-block.0.10.zip",85,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":29,"num_ratings":29,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":94,"download_link":118,"security_score":89,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"responsive-image-switcher","Responsive Image Switcher","1.0.2","getode","https:\u002F\u002Fprofiles.wordpress.org\u002Fgetode\u002F","\u003Cp>Responsive Image Switcher is a lightweight Gutenberg block that simplifies responsive image management in WordPress. Add the block, upload a desktop image (for screens ≥768px) and a mobile-optimized image (for screens \u003C767px), and the plugin generates clean HTML5 \u003Ccode>\u003Cpicture>\u003C\u002Fcode> markup. The browser automatically loads the appropriate image based on screen width, ensuring fast load times and an optimal user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Device-Specific Images\u003C\u002Fstrong>: Show different images on desktop (≥768px) and mobile (\u003C767px)\u003Cbr \u002F>\n– \u003Cstrong>Lightweight Solution\u003C\u002Fstrong>: Uses standard HTML5 \u003Ccode>\u003Cpicture>\u003C\u002Fcode> tags without extra JavaScript\u003Cbr \u002F>\n– \u003Cstrong>Better Performance\u003C\u002Fstrong>: Optimized for Core Web Vitals by reducing unnecessary image loading\u003Cbr \u002F>\n– \u003Cstrong>SEO Friendly\u003C\u002Fstrong>: Improves mobile user experience and page speed\u003Cbr \u002F>\n– \u003Cstrong>Simple Interface\u003C\u002Fstrong>: Easy-to-use block controls in the Gutenberg editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Choose Responsive Image Switcher?\u003C\u002Fstrong>\u003Cbr \u002F>\nWith over 60% of web traffic coming from mobile devices, delivering the right image for each screen size is critical. This plugin eliminates the need for complex CSS media queries or CDN setups, making responsive images accessible to everyone.\u003C\u002Fp>\n","A lightweight block for responsive image switching between desktop and mobile.",20,431,"2025-06-13T09:13:00.000Z","6.8.5","6.5","8.0",[20,116,22,117,23],"gutenberg","media","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-image-switcher.1.0.2.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":89,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":94,"tags":133,"homepage":139,"download_link":140,"security_score":100,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"news-in-pictures","Go News In Pictures","1.0","goresponsive","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoresponsive\u002F","\u003Cp>This widget shows you latest posts featured images in a tiled fashion. It is responsive. You can select the category name you want to display images from. Try it out, it is cool.\u003C\u002Fp>\n\u003Cp>Demo: http:\u002F\u002Fonion.goresponsive.in\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>documentation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fgoresponsive.in\u002Fnews-in-pictures-widget\u002F\u003C\u002Fp>\n","Plugin for viewing best news photos, news pictures online",10,3696,2,"2014-08-09T07:44:00.000Z","3.9.40","3.0",[134,135,136,137,138],"featured-images","latest-featured-images","new-in-pictures-widget","news-in-images","responsive-featured-images-widget","http:\u002F\u002Fgoresponsive.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnews-in-pictures.zip",{"slug":142,"name":143,"version":144,"author":85,"author_profile":86,"description":145,"short_description":146,"active_installs":127,"downloaded":147,"rating":89,"num_ratings":47,"last_updated":94,"tested_up_to":148,"requires_at_least":149,"requires_php":94,"tags":150,"homepage":152,"download_link":153,"security_score":89,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":154},"wp-gallery2-image-block","Gallery2 Image Block","0.6.4","\u003Cp>This plugin will allow you to put one of the meny \u003Ca href=\"http:\u002F\u002Fgallery.menalto.com\u002F\" rel=\"nofollow ugc\">Gallery2\u003C\u002Fa> Image Blocks on your WordPress site.  You are required to have a running Gallery2 install to use this plugin.\u003C\u002Fp>\n\u003Cp>This is a complete rewrite of \u003Ca href=\"http:\u002F\u002Fwww.theschierers.net\u002Fblog\" rel=\"nofollow ugc\">Chris Schierer (aka Lentil)\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fgallery2-image-block-widget\" rel=\"ugc\">Gallery2 Image Block Plugin\u003C\u002Fa> 0.1.4.  This rewrite uses the new WordPress 2.8 Widget API, so is only compatable with wordpress 2.8+.\u003C\u002Fp>\n\u003Cp>All options described in the \u003Ca href=\"http:\u002F\u002Fcodex.gallery2.org\u002FGallery2:Modules:imageblock\" rel=\"nofollow ugc\">Gallery 2 Image Block\u003C\u002Fa> documentation are included. User configuration of Image Block options are available in the Widget configuration panel.  Blank (empty) options use the Gallery2 defaults.\u003C\u002Fp>\n\u003Cp>As of version 0.5, wp-gallery2-image-block has full localization support, and ships with 5 languages besides English. Please contact me if you would like to translate it into more langages, I would love for as meny peaple as posible to be able to use this plugin.\u003C\u002Fp>\n\u003Ch4>Fully Translated into:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Dutch (0.5.1)\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Italian (0.6.1)\u003C\u002Fli>\n\u003Cli>Polish (0.6.1)\u003C\u002Fli>\n\u003Cli>Portuguese (0.5.1)\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> This widget was written using \u003Ca href=\"http:\u002F\u002Fplanetozh.com\u002Fblog\u002F2009\u002F08\u002Fhow-to-make-http-requests-with-wordpress\u002F\" rel=\"nofollow ugc\">wp_http\u003C\u002Fa> to increase compatibility with more sites (version 0.6).\u003C\u002Fp>\n","Widget to display your Gallery 2 Image Block on your WordPress sidebar",7059,"3.3.2","2.8",[151,97,22,24],"gallery2","http:\u002F\u002Fmattrude.com\u002Fprojects\u002Fwp-gallery2-image-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-gallery2-image-block.0.6.4.zip","2026-03-15T10:48:56.248Z",{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":29,"downloaded":163,"rating":89,"num_ratings":47,"last_updated":164,"tested_up_to":16,"requires_at_least":165,"requires_php":166,"tags":167,"homepage":172,"download_link":173,"security_score":89,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"responsive-picture-block","Responsive Picture Block","1.1.1","Core Essentials","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoreessentials\u002F","\u003Cp>\u003Cstrong>Core Essentials – Responsive Picture Block\u003C\u002Fstrong> turns several standard \u003Cstrong>Image\u003C\u002Fstrong> blocks into one semantic, front-end \u003Ccode>\u003Cpicture>\u003C\u002Fcode> HTML element. It’s built for \u003Cstrong>art direction\u003C\u002Fstrong>: choose \u003Cstrong>different crops, compositions, or formats\u003C\u002Fstrong> for different breakpoints (e.g., a tight mobile crop, a wider desktop crop, or an AVIF\u002FWebP source).\u003C\u002Fp>\n\u003Cp>Why this matters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ccode>\u003Cpicture>\u003C\u002Fcode> vs \u003Ccode>\u003Cimg srcset>\u003C\u002Fcode>\u003C\u002Fstrong>\u003Cbr \u002F>\n  srcset is great for picking the right \u003Cstrong>resolution\u003C\u002Fstrong> of the \u003Cem>same\u003C\u002Fem> image. But when you need different \u003Cstrong>content\u003C\u002Fstrong> (crop\u002Fratio\u002Fcomposition) at different viewport widths, you need \u003Cstrong>art direction\u003C\u002Fstrong> — that’s exactly what \u003Ccode>\u003Cpicture>\u003C\u002Fcode> does by letting you swap \u003Cstrong>entire sources\u003C\u002Fstrong> via \u003Ccode>\u003Csource media=\"…\">\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Editor-first UX\u003C\u002Fstrong>\u003Cbr \u002F>\nAuthors see a single “Responsive Picture (Block)” wrapper, then insert one Image per breakpoint. The plugin mirrors the link \u002Fcaption from the Desktop image. Per-image design controls (aspect ratio, object-fit, width\u002Fheight) are respected. The block’s \u003Cstrong>preview\u003C\u002Fstrong> shows the native \u003Cstrong>Desktop \u002F Tablet \u002F Mobile\u003C\u002Fstrong> toolbar:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Desktop preview ⇒ show \u003Cstrong>all\u003C\u002Fstrong> child images  \u003C\u002Fli>\n\u003Cli>Tablet preview ⇒ show \u003Cstrong>Tablet\u003C\u002Fstrong>, else \u003Cstrong>Desktop\u003C\u002Fstrong>, else \u003Cstrong>Mobile\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Mobile preview ⇒ show \u003Cstrong>Mobile\u003C\u002Fstrong>, else \u003Cstrong>Tablet\u003C\u002Fstrong>, else \u003Cstrong>Desktop\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Perfect source ordering\u003C\u002Fstrong>\u003Cbr \u002F>\nCustom media queries are \u003Cstrong>auto-sorted\u003C\u002Fstrong> so the correct \u003Ccode>\u003Csource>\u003C\u002Fcode> wins (most specific first). Works with \u003Ccode>max-width\u003C\u002Fcode>, \u003Ccode>min-width\u003C\u002Fcode>, and range queries.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Wraps multiple core \u003Cstrong>Image\u003C\u002Fstrong> blocks into a single semantic \u003Ccode>\u003Cpicture>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Pick \u003Cstrong>Desktop \u002F Tablet \u002F Mobile \u002F Custom\u003C\u002Fstrong> images (true art direction)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Override \u003Ccode>media\u003C\u002Fcode>\u003C\u002Fstrong> per Tablet\u002FMobile\u002FCustom (e.g., \u003Ccode>(max-width: 1200px)\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Optional \u003Cstrong>\u003Ccode>sizes\u003C\u002Fcode> override\u003C\u002Fstrong> per source (advanced bandwidth tuning)\u003C\u002Fli>\n\u003Cli>Allows \u003Cstrong>width, height, aspect-ratio, object-fit\u003C\u002Fstrong> per breakpoint\u003C\u002Fli>\n\u003Cli>Uses \u003Cstrong>link + caption\u003C\u002Fstrong> from the Desktop (fallback) image\u003C\u002Fli>\n\u003Cli>Editor \u003Cstrong>preview\u003C\u002Fstrong> follows WordPress’ device switcher (Desktop\u002FTablet\u002FMobile)\u003C\u002Fli>\n\u003Cli>Prevents layout overflow; picture wrapper is fully responsive\u003C\u002Fli>\n\u003Cli>Works with standard WP image sizes and responsive \u003Ccode>srcset\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Lightweight, no front-end JS — pure HTML\u002FCSS on the front end\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why \u003Ccode>\u003Cpicture>\u003C\u002Fcode> (Art Direction 101)\u003C\u002Fh3>\n\u003Cp>When your layout needs \u003Cstrong>different imagery\u003C\u002Fstrong> across breakpoints (e.g., a vertical crop on phones and a wide landscape on desktops), you’re doing \u003Cstrong>art direction\u003C\u002Fstrong>. The \u003Ccode>\u003Cpicture>\u003C\u002Fcode> element enables this by letting the browser \u003Cstrong>choose an entire source\u003C\u002Fstrong> based on \u003Ccode>media\u003C\u002Fcode> conditions (and even file \u003Ccode>type\u003C\u002Fcode>, like AVIF\u002FWebP), not just a different width of the same file. The result is \u003Cstrong>better design control\u003C\u002Fstrong> and \u003Cstrong>faster pages\u003C\u002Fstrong> because each device downloads \u003Cstrong>only the most appropriate asset\u003C\u002Fstrong> for its layout saving you bandwidth as well as having compositions control.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Hero banners with \u003Cstrong>different crops\u003C\u002Fstrong> for mobile vs desktop  \u003C\u002Fli>\n\u003Cli>Product images where the \u003Cstrong>subject framing\u003C\u002Fstrong> changes on small screens  \u003C\u002Fli>\n\u003Cli>Editorial layouts that require \u003Cstrong>portrait vs landscape\u003C\u002Fstrong> compositions  \u003C\u002Fli>\n\u003Cli>File \u003Cstrong>format switching\u003C\u002Fstrong> (e.g., AVIF\u002FWebP with PNG\u002FJPEG fallback)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Insert\u003C\u002Fstrong> the \u003Cstrong>Responsive Picture (Block)\u003C\u002Fstrong> block.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add Image blocks\u003C\u002Fstrong> inside it for: Desktop (fallback), Tablet, Mobile, and\u002For Custom.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select each Image\u003C\u002Fstrong> and open the \u003Cstrong>Responsive: Breakpoint\u003C\u002Fstrong> panel:\n\u003Cul>\n\u003Cli>\u003Cstrong>Viewport\u003C\u002Fstrong>: Desktop \u002F Tablet \u002F Mobile \u002F Custom  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Override media query\u003C\u002Fstrong> (Tablet\u002FMobile): optional (e.g., \u003Ccode>(max-width: 1200px)\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom media query\u003C\u002Fstrong>: required when using the “Custom” viewport  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>(Optional) Open \u003Cstrong>Advanced: Sizes override\u003C\u002Fstrong> to set a custom \u003Ccode>sizes=\"\"\u003C\u002Fcode> for that source.  \u003C\u002Fli>\n\u003Cli>Use the editor’s \u003Cstrong>Desktop \u002F Tablet \u002F Mobile\u003C\u002Fstrong> preview to check the effective image per breakpoint.  \u003C\u002Fli>\n\u003Cli>Publish. The front end renders a single \u003Ccode>\u003Cpicture>\u003C\u002Fcode> with perfectly ordered \u003Ccode>\u003Csource>\u003C\u002Fcode> tags and a fallback \u003Ccode>\u003Cimg>\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Block Details\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block name: \u003Ccode>ce\u002Fresponsive-picture\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>Children: one or more \u003Ccode>core\u002Fimage\u003C\u002Fcode> blocks  \u003C\u002Fli>\n\u003Cli>\n\u003Cp>Front-end HTML output:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cpicture>\n  \u003Csource media=\"(max-width: 767px)\" srcset=\"…\" sizes=\"…\">\n  \u003Csource media=\"(max-width: 1024px)\" srcset=\"…\" sizes=\"…\">\n  \u003C!-- custom sources (auto-sorted) -->\n  \u003Cimg src=\"…\" srcset=\"…\" sizes=\"…\" alt=\"\">\n\u003C\u002Fpicture>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Create truly responsive, art-directed images in the block editor. Wrap multiple Image blocks (Desktop\u002FTablet\u002FMobile\u002FCustom) and render a single HTML e &hellip;",797,"2026-03-12T08:40:00.000Z","6.3","7.4",[168,169,116,170,171],"art-direction","block-editor","picture-element","responsive-images","https:\u002F\u002Fcoreessentials.online\u002Fplugins-for-wordpress\u002Fresponsive-picture-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-picture-block.1.1.1.zip",{"attackSurface":175,"codeSignals":199,"taintFlows":210,"riskAssessment":211,"analyzedAt":219},{"hooks":176,"ajaxHandlers":191,"restRoutes":192,"shortcodes":193,"cronEvents":198,"entryPointCount":47,"unprotectedCount":29},[177,183,187],{"type":178,"name":179,"callback":180,"file":181,"line":182},"action","widgets_init","hot_random_image_load_widgets","hot_random_image.php",23,{"type":178,"name":184,"callback":185,"file":181,"line":186},"admin_init","hot_random_image_textdomain",24,{"type":178,"name":188,"callback":189,"file":181,"line":190},"init","hot_random_image_block_init",348,[],[],[194],{"tag":195,"callback":196,"file":181,"line":197},"randomimage","randomimage_func",55,[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":203,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":209},[],{"prepared":29,"raw":29,"locations":202},[],{"escaped":204,"rawEcho":47,"locations":205},84,[206],{"file":181,"line":207,"context":208},262,"raw output",[],[],{"summary":212,"deductions":213},"The \"hot-random-image\" plugin v1.9.3 presents a mixed security profile. On one hand, the static analysis reveals excellent practices regarding SQL queries and output escaping, with nearly all outputs properly sanitized and all SQL queries utilizing prepared statements. The attack surface is minimal, with no AJAX handlers or REST API routes detected, and the single shortcode appears to have no associated authentication or permission checks, which is a minor concern given the lack of other exposed entry points. Taint analysis shows no critical or high severity flows, indicating that data passed through the plugin is generally handled safely.\n\nHowever, the plugin's vulnerability history is a significant red flag. The presence of three medium-severity CVEs, including Cross-Site Scripting and Path Traversal, despite the absence of currently unpatched vulnerabilities, suggests a recurring pattern of security weaknesses. The fact that the last vulnerability was reported very recently (2025-05-21) is particularly concerning. While the current version might not have exploitable issues found in static analysis, the history indicates a propensity for vulnerabilities that could be re-introduced or might exist in subtle forms not detected by the current static analysis. This history necessitates caution and suggests that thorough testing and patching are crucial for this plugin.\n\nIn conclusion, while the code itself demonstrates good security hygiene in many areas, the historical vulnerability data significantly diminishes its overall security posture. The plugin exhibits strengths in its limited attack surface and data sanitization for the most part. Nevertheless, the recurring nature of medium-severity vulnerabilities, particularly XSS and Path Traversal, indicates a need for vigilance. Users should be aware of this history and ensure they are always on the latest patched version, though the static analysis itself does not reveal any immediate exploitable flaws in this specific version.",[214,216],{"reason":215,"points":76},"Shortcode without auth\u002Fpermission check",{"reason":217,"points":218},"History of 3 medium CVEs",15,"2026-03-16T18:27:55.944Z",{"wat":221,"direct":227},{"assetPaths":222,"generatorPatterns":224,"scriptPaths":225,"versionParams":226},[223],"\u002Fwp-content\u002Fplugins\u002Fhot-random-image\u002Fimages\u002Fhot_random_image.png",[],[],[],{"cssClasses":228,"htmlComments":229,"htmlAttributes":230,"restEndpoints":232,"jsGlobals":233,"shortcodeOutput":234},[4],[],[231],"id=\"random-image-",[],[],[235,236,237,238],"\u003Cfigure class=\"wp-block-image\">","\u003Cimg class=\"hot-random-image\" style=\"width:"," src=\""," alt=\""]