[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiLxFA-UoWMSC6alrs2st01iFb7NCj9bkuIrIWXf9Y7k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":56,"analysis":157,"fingerprints":344},"image-widget","Image Widget","4.4.11","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Cp>Image Widget is a simple plugin that uses the native WordPress media manager to add image widgets to your site.\u003C\u002Fp>\n\u003Ch4>Image Widget Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Handles image resizing and alignment\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Add title and description\u003C\u002Fli>\n\u003Cli>Versatile – all fields are optional\u003C\u002Fli>\n\u003Cli>Upload, link to external image, or select an image from your media collection\u003C\u002Fli>\n\u003Cli>Customize the look & feel with filter hooks or theme overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quality You Can Trust\u003C\u002Fh4>\n\u003Cp>Image Widget is developed and maintained by \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F1aor\" rel=\"nofollow ugc\">The Events Calendar\u003C\u002Fa>, the same folks behind \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F19me\" rel=\"nofollow ugc\">The Events Calendar, Event Tickets, and a full suite of premium plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported by our team and contributions from community members. If you see a question in the forum you can help with or have a great idea and want to code it up or submit a patch, that would be awesome! Not only will we shower you with praise and thanks, it’s also a good way to get to know us and lead into options for paid work if you freelance.\u003C\u002Fp>\n\u003Ch4>Pull Requests & Translations\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthe-events-calendar\u002Fimage-widget\" rel=\"nofollow ugc\">Check us out on GitHub\u003C\u002Fa> to pull request changes.\u003C\u002Fp>\n\u003Cp>Translations can be submitted \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fimage-widget\" rel=\"nofollow ugc\">here on WordPress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The Image Widget comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “image-widget” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>New in 3.2: You may now also use the “sp_template_image-widget_widget.php” filter to override the default template behavior for .php template files. Eg: if you wanted widget.php to reside in a folder called my-custom-templates\u002F and wanted it to be called my-custom-name.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('sp_template_image-widget_widget.php', 'my_template_filter');\nfunction my_template_filter($template) {\n    return get_template_directory() . '\u002Fmy-custom-templates\u002Fmy-custom-name.php';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>There are a number of filters in the code that will allow you to override data as you see fit. The best way to learn what filters are available is always by simply searching the code for ‘apply_filters’. But all the same, here are a few of the more essential filters:\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_title\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This is actually a pretty typical filter in widgets and is applied to the widget title.\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_text\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Another very typical widget filter that is applied to the description body text. This filter also takes 2 additional arguments for $args and $instance so that you can learn more about the specific widget instance in the process of filtering the content.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attachment_id\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the attachment id of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_url\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url of the image displayed in the widget.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nTHIS IS DEPRECATED AND WILL EVENTUALLY BE DELETED\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_width\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display width of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_height\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display height of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxwidth\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-width style of the image. Hint: override this to use this in responsive designs 🙂\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to ‘100%’).\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxheight\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-height style of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to null)\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_size\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the selected image ‘size’ corresponding to WordPress registered sizes.\u003Cbr \u002F>\nIf this is set to ‘tribe_image_widget_custom’ then the width and height are used instead.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_align\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display alignment of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_alt\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the alt text of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url that the image links to.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link_target\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the link target of the image link.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of image attributes used in the image output. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_link_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of attributes used in the image link. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Ch4>Have You Supported the Image Widget?\u003C\u002Fh4>\n\u003Cp>If so, then THANK YOU! Also, feel free to add this line to your wp-config.php file to prevent the image widget from displaying a message after upgrades.\u003C\u002Fp>\n\u003Cp>define( ‘I_HAVE_SUPPORTED_THE_IMAGE_WIDGET’, true );\u003C\u002Fp>\n\u003Cp>For more info on the philosophy here, check out our \u003Ca href=\"http:\u002F\u002Ftri.be\u002Fdefine-i-have-donated-true\u002F\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>\u003C\u002Fp>\n","A simple image widget that uses the native WordPress media manager to add image widgets to your site.",100000,4620377,98,287,"2024-11-20T20:44:00.000Z","6.7.5","3.5","",[20,21,22,23,24],"ad","banner","image","sidebar","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget.4.4.11.zip",91,1,0,"2024-11-22 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-10939","image-widget-authenticated-admin-stored-cross-site-scripting","Image Widget \u003C= 4.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting","The Image Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=4.4.10","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-23 18:42:13",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F35508e64-33a7-4d70-acaa-e9fae6920d95?source=api-prod",32,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"stellarwp",26,3113110,95,462,76,"2026-04-03T17:56:18.565Z",[57,78,99,116,135],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":18,"download_link":76,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"widget-builder","Widget Builder","1.6.2","Modern Tribe, Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoderntribe\u002F","\u003Cp>Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Create admin dashboard widgets \u003Cstrong>NEW!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Title and Description\u003C\u002Fli>\n\u003Cli>Customize “Read More” link text\u003C\u002Fli>\n\u003Cli>Very versatile. All fields are optional.\u003C\u002Fli>\n\u003Cli>Supports override of template so that you can override the template for your theme!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tested on PHP 5.2.17, 5.3.14 & 5.4.4 and WP 3.3 & 3.4.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported and we will do our best to help you. In return we simply as 3 things:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Help Out. If you see a question on the forum you can help with or have a great idea and want to code it up and submit a patch, that would be just plain awesome and we will shower you with praise. Might even be a good way to get to know us and lead to some paid work if you freelance.  Also, we are happy to post translations if you provide them.\u003C\u002Fli>\n\u003Cli>Donate – if this is generating enough revenue to support our time it makes all the difference in the world\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=R8H3DD84PWAQ2\u003C\u002Fli>\n\u003Cli>Support us by buying our Premium plugins. In particular, check out our Events Calendar Pro http:\u002F\u002Ftri.be\u002Fwordpress-events-calendar-pro\u002F\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Note: gear vector art used in the WordPress.org banner were created by http:\u002F\u002Fwww.opengraphicdesign.com\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Ch4>Dashboard Widgets\u003C\u002Fh4>\n\u003Cp>Select ‘Available As Dashboard Widget’ in the widget editor to enable a widget as a dashboard widget. If you do not want this widget showing in the available widgets list for sidebar placement, select ‘Disable Sidebar Widget’.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Cp>The Widget Builder comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “tribe_widget_builder” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>Alternatively you can point to a path of your choosing using the filter ‘tribe_widget_builder_widget.php’.\u003C\u002Fp>\n\u003Ch4>Filter widget query args\u003C\u002Fh4>\n\u003Cp>Filter your query arguments or get_posts altogether for granular fine tuning your listing of widgets or in the case of MU install restricting the builder to one site.\u003C\u002Fp>\n\u003Cp>The following filters are available for override\u003Cbr \u002F>\n    ‘tribe_widget_builder_get_posts_args’ \u002F\u002F customize the widget query parameters\u003Cbr \u002F>\n    ‘tribe_widget_builder_get_posts’ \u002F\u002F change the get_posts() query\u003C\u002Fp>\n","Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).",600,43832,74,10,"2015-08-21T16:35:00.000Z","4.3.34","3.0",[73,74,23,75,24],"admin","featured-image","simple","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-builder.1.6.2.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":97,"download_link":98,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"sidebar-image-banner-ads-widget","Sidebar Image Banner Ads Widget","1.0.2","Suresh Kumar Mukhiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsureshhardiya\u002F","\u003Cp>This Plugins helps to add image banners on the sidebar. Allows to enter title, description, image on the sidebar and is very easy to use.\u003C\u002Fp>\n\u003Cp>This plugin intended for simplest use of image banners or small ads in the sidebar or any widget area in the WordPress theme. It adds image banners in following steps:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You have to drag and drop the widget to your required widget area.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enter the image url and the link, title, description as per required. Choose your visibility settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Save & Close. It will fit to the container it is located in.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This Plugins helps to add image banners on the sidebar. Allows to enter title, description, image on the sidebar and is very easy to use.",300,19216,86,3,"2017-09-09T11:04:00.000Z","4.8.28","3.1",[94,95,96],"ads-in-sidebar","image-banner-sidebar","sidebar-image","http:\u002F\u002Fskmukhiya.com.np\u002Fads-image-banner-widget-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsidebar-image-banner-ads-widget.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":68,"downloaded":107,"rating":29,"num_ratings":29,"last_updated":108,"tested_up_to":109,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":114,"download_link":115,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"boss-banner-ad","Boss Banner Ad","1.2","kaser","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaser\u002F","\u003Cp>This pluging simply allows you to link an image together with out the knowledge of html and simply be able to put the code where ever you want your image to show up.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>you can use it in a widget area\u003C\u002Fli>\n\u003Cli>you can use it in any area that accepts shortcodes\u003C\u002Fli>\n\u003Cli>you can even put it right into the template file itself!\u003C\u002Fli>\n\u003C\u002Ful>\n","Put A Banner image any where you want with ease!",4203,"2013-07-19T00:30:00.000Z","3.5.2",[111,21,112,113,24],"advertisement","image-link","post","http:\u002F\u002Fwww.CSSBoss.com\u002Fboss_banner_ad","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fboss-banner-ad.1.2.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":68,"downloaded":124,"rating":29,"num_ratings":29,"last_updated":18,"tested_up_to":125,"requires_at_least":71,"requires_php":18,"tags":126,"homepage":131,"download_link":132,"security_score":133,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":134},"go-ads-widget","Go Ads widget","1.0","goresponsive","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoresponsive\u002F","\u003Cp>This widget accommodates different sizes of image ads. It supports nearly 10 sizes of image ads. The sizes it supports are – 125\u003Cem>125, 120\u003C\u002Fem>60, 120\u003Cem>240, 120\u003C\u002Fem>600, 120\u003Cem>90, 300\u003C\u002Fem>100, 160\u003Cem>600, 300\u003C\u002Fem>600, 300\u003Cem>250, 250\u003C\u002Fem>250.\u003C\u002Fp>\n\u003Cp>Demo: http:\u002F\u002Fonion.goresponsive.in\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>documentation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fgoresponsive.in\u002Fads-widget\u002F\u003C\u002Fp>\n","Simple plugin for displaying different sizes of image ads and adsense ads.",2361,"3.9.40",[127,128,129,130],"ad-banner-widget","ads-widget","adsense-ads-display-widget","image-ads","http:\u002F\u002Fgoresponsive.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgo-ads-widget.zip",100,"2026-03-15T10:48:56.248Z",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":150,"tags":151,"homepage":155,"download_link":156,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"q2w3-fixed-widget","Fixed Widget and Sticky Elements for WordPress","6.2.3","monetizemore","https:\u002F\u002Fprofiles.wordpress.org\u002Fmonetizemore\u002F","\u003Cp>Use Fixed Widget to create sticky widgets, sticky blocks, and other elements that stay in the visible screen area when a user scrolls the page up or down.\u003C\u002Fp>\n\u003Cp>Sticky widgets are more visible than unfixed widgets and therefore have a significantly higher click-through rate.\u003C\u002Fp>\n\u003Cp>That’s why this option is worthwhile for ads or other elements that visitors should interact with. Meanwhile, Google also allows the integration of \u003Ca href=\"https:\u002F\u002Fwpadvancedads.com\u002Fgoogle-adsense-sticky-ads\u002F\" rel=\"nofollow ugc\">sticky AdSense ads\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpadvancedads.com\u002Ffixed-widget-wordpress\u002F\" rel=\"nofollow ugc\">Manual and demo\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Fixed Widget is completely free of charge.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sticky Widgets\u003C\u002Fstrong> Use the Fixed Widget option on any widget and blocks in the sidebar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sticky Elements\u003C\u002Fstrong> Choose any element on your site and make it sticky\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Margin Top\u003C\u002Fstrong> allows you to stop sticky elements to cover floating menu bars\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Margin Bottom\u003C\u002Fstrong> pushes sticky elements up before they reach a certain distance towards the bottom window\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop Elements\u003C\u002Fstrong> push sticky elements up when they are scrolling into view\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop Blocks\u003C\u002Fstrong> defines blocks in your sidebar that push fixed blocks out of the page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Screen Width\u003C\u002Fstrong> and \u003Cstrong>Minimum Screen Height\u003C\u002Fstrong> allow you to disable sticky behavior on small screens\u003C\u002Fli>\n\u003Cli>Written in plain JavaScript for better performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>Theme requirements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_head()\u003C\u002Fcode> and \u003Ccode>wp_footer()\u003C\u002Fcode> functions in \u003Ccode>header.php\u003C\u002Fcode> and \u003Ccode>footer.php\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>JavaScript errors could break sticky widgets\u003C\u002Fli>\n\u003C\u002Ful>\n","More attention and a higher ad performance with fixed sticky widgets.",90000,2292321,94,261,"2023-03-30T07:15:00.000Z","6.2.9","5.0","7.2",[152,153,23,154,24],"ads","fixed-widget","sticky-widget","https:\u002F\u002Fwpadvancedads.com\u002Ffixed-widget-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fq2w3-fixed-widget.6.2.3.zip",{"attackSurface":158,"codeSignals":178,"taintFlows":333,"riskAssessment":334,"analyzedAt":343},{"hooks":159,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":29,"unprotectedCount":29},[160,166,170],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","widgets_init","tribe_load_image_widget","image-widget.php",22,{"type":161,"name":167,"callback":168,"file":164,"line":169},"sidebar_admin_setup","admin_setup",47,{"type":161,"name":171,"callback":172,"file":164,"line":173},"admin_enqueue_scripts","maybe_admin_setup",51,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":28,"bundledLibraries":332},[],{"prepared":29,"raw":29,"locations":181},[],{"escaped":183,"rawEcho":184,"locations":185},43,105,[186,189,191,192,194,196,197,198,199,200,201,203,204,205,206,207,209,210,211,212,214,216,217,219,220,222,224,225,226,228,230,231,232,234,236,237,238,240,242,243,245,246,247,248,250,252,254,255,256,258,259,260,262,264,265,266,268,269,270,271,272,274,276,277,278,279,281,282,283,284,285,287,288,289,290,291,292,293,295,296,297,298,300,301,303,305,306,307,309,311,312,313,314,316,318,319,320,321,323,325,326,328,329,330,331],{"file":187,"line":68,"context":188},"views\\widget-admin.deprecated.php","raw output",{"file":187,"line":190,"context":188},11,{"file":187,"line":190,"context":188},{"file":187,"line":193,"context":188},13,{"file":187,"line":195,"context":188},19,{"file":187,"line":195,"context":188},{"file":187,"line":195,"context":188},{"file":187,"line":195,"context":188},{"file":187,"line":195,"context":188},{"file":187,"line":195,"context":188},{"file":187,"line":202,"context":188},20,{"file":187,"line":202,"context":188},{"file":187,"line":165,"context":188},{"file":187,"line":165,"context":188},{"file":187,"line":165,"context":188},{"file":187,"line":208,"context":188},25,{"file":187,"line":50,"context":188},{"file":187,"line":50,"context":188},{"file":187,"line":50,"context":188},{"file":187,"line":213,"context":188},28,{"file":187,"line":215,"context":188},29,{"file":187,"line":215,"context":188},{"file":187,"line":218,"context":188},30,{"file":187,"line":218,"context":188},{"file":187,"line":221,"context":188},35,{"file":187,"line":223,"context":188},36,{"file":187,"line":223,"context":188},{"file":187,"line":223,"context":188},{"file":187,"line":227,"context":188},38,{"file":187,"line":229,"context":188},39,{"file":187,"line":229,"context":188},{"file":187,"line":229,"context":188},{"file":187,"line":233,"context":188},41,{"file":187,"line":235,"context":188},42,{"file":187,"line":235,"context":188},{"file":187,"line":235,"context":188},{"file":187,"line":239,"context":188},49,{"file":187,"line":241,"context":188},50,{"file":187,"line":241,"context":188},{"file":244,"line":193,"context":188},"views\\widget-admin.php",{"file":244,"line":193,"context":188},{"file":244,"line":193,"context":188},{"file":244,"line":193,"context":188},{"file":244,"line":249,"context":188},14,{"file":244,"line":251,"context":188},15,{"file":244,"line":253,"context":188},17,{"file":244,"line":253,"context":188},{"file":244,"line":253,"context":188},{"file":244,"line":257,"context":188},18,{"file":244,"line":257,"context":188},{"file":244,"line":165,"context":188},{"file":244,"line":261,"context":188},23,{"file":244,"line":263,"context":188},24,{"file":244,"line":263,"context":188},{"file":244,"line":50,"context":188},{"file":244,"line":267,"context":188},27,{"file":244,"line":267,"context":188},{"file":244,"line":215,"context":188},{"file":244,"line":218,"context":188},{"file":244,"line":218,"context":188},{"file":244,"line":273,"context":188},33,{"file":244,"line":275,"context":188},34,{"file":244,"line":275,"context":188},{"file":244,"line":275,"context":188},{"file":244,"line":223,"context":188},{"file":244,"line":280,"context":188},37,{"file":244,"line":280,"context":188},{"file":244,"line":227,"context":188},{"file":244,"line":229,"context":188},{"file":244,"line":229,"context":188},{"file":244,"line":286,"context":188},40,{"file":244,"line":233,"context":188},{"file":244,"line":233,"context":188},{"file":244,"line":235,"context":188},{"file":244,"line":235,"context":188},{"file":244,"line":241,"context":188},{"file":244,"line":173,"context":188},{"file":244,"line":294,"context":188},52,{"file":244,"line":294,"context":188},{"file":244,"line":294,"context":188},{"file":244,"line":294,"context":188},{"file":244,"line":299,"context":188},54,{"file":244,"line":299,"context":188},{"file":244,"line":302,"context":188},59,{"file":244,"line":304,"context":188},61,{"file":244,"line":304,"context":188},{"file":244,"line":304,"context":188},{"file":244,"line":308,"context":188},63,{"file":244,"line":310,"context":188},64,{"file":244,"line":310,"context":188},{"file":244,"line":310,"context":188},{"file":244,"line":310,"context":188},{"file":244,"line":315,"context":188},66,{"file":244,"line":317,"context":188},67,{"file":244,"line":317,"context":188},{"file":244,"line":317,"context":188},{"file":244,"line":317,"context":188},{"file":244,"line":322,"context":188},71,{"file":244,"line":324,"context":188},72,{"file":244,"line":324,"context":188},{"file":327,"line":190,"context":188},"views\\widget.php",{"file":327,"line":193,"context":188},{"file":327,"line":251,"context":188},{"file":327,"line":195,"context":188},{"file":327,"line":165,"context":188},[],[],{"summary":335,"deductions":336},"The \"image-widget\" plugin version 4.4.11 demonstrates a generally good security posture with zero known critical or high vulnerabilities currently unpatched and no identified taint flows. The static analysis reveals a small attack surface with no unprotected AJAX handlers, REST API routes, shortcodes, or cron events. The code also shows a commitment to security by using prepared statements for all SQL queries and performing file operations and external HTTP requests zero times. A single capability check indicates some level of access control is in place.\n\nHowever, a significant concern is the low rate of proper output escaping, with only 29% of 148 outputs being properly escaped. This suggests a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially considering that the plugin's most common vulnerability type is XSS. While there are no unpatched CVEs at this moment, the history of a medium severity XSS vulnerability patched on 2024-11-22 indicates a past weakness that could potentially re-emerge if similar coding patterns persist.\n\nIn conclusion, while the plugin excels in areas like SQL sanitization and having a contained attack surface, the widespread lack of output escaping is a critical weakness. The absence of nonce checks on potential entry points, though currently zero, could become an issue if new AJAX or similar handlers are introduced without proper authentication. The plugin's past vulnerability history reinforces the concern around XSS, highlighting the need for developers to prioritize robust output sanitization.",[337,340],{"reason":338,"points":339},"Low percentage of properly escaped output",8,{"reason":341,"points":342},"History of XSS vulnerabilities",5,"2026-03-16T17:07:03.514Z",{"wat":345,"direct":354},{"assetPaths":346,"generatorPatterns":349,"scriptPaths":350,"versionParams":351},[347,348],"\u002Fwp-content\u002Fplugins\u002Fimage-widget\u002Fresources\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fimage-widget\u002Fresources\u002Fjs\u002Fimage-widget.js",[],[348],[352,353],"image-widget\u002Fresources\u002Fcss\u002Fadmin.css?ver=","image-widget\u002Fresources\u002Fjs\u002Fimage-widget.js?ver=",{"cssClasses":355,"htmlComments":357,"htmlAttributes":358,"restEndpoints":369,"jsGlobals":370,"shortcodeOutput":372},[356],"widget_sp_image",[],[359,360,361,362,363,364,365,366,367,368],"data-widget-id","data-attachment-id","data-image-url","data-image-size","data-link-url","data-link-target","data-link-title","data-image-alt","data-widget-title","data-widget-description",[],[371],"TribeImageWidget",[]]