[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB0kTAN19uoIoiA9BZz7oFKOsFnNsj893q1ps3LqejKw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":46,"crawl_stats":35,"alternatives":52,"analysis":160,"fingerprints":352},"inazo-advanced-ads-management","Advanced ads Management by Inazo","1.5","inazo","https:\u002F\u002Fprofiles.wordpress.org\u002Finazo\u002F","\u003Cp>Advanced ads manager\u003C\u002Fp>\n\u003Cp>This plugin is an ads manager, that allow you to add ads with widget on your website.\u003C\u002Fp>\n\u003Cp>Functionnality :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widget for included in website\u003C\u002Fli>\n\u003Cli>Ads from HTML code or Media library from WordPress\u003C\u002Fli>\n\u003Cli>Defined start date and end date for publication\u003C\u002Fli>\n\u003Cli>Can add href link the ads\u003C\u002Fli>\n\u003Cli>multi ads by fading with jQuery\u003C\u002Fli>\n\u003Cli>No limit ads show by widget\u003C\u002Fli>\n\u003Cli>Can change order to show multiple ads (by start date, end date, random)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>—– Francais ——\u003C\u002Fp>\n\u003Cp>Fonctionnalités :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Un widget pour afficher une ou plusieurs publicités à plusieurs endroit de votre site\u003C\u002Fli>\n\u003Cli>Création des publicités soit avec un code HTML (provenant d’un partenaire ou d’une régie) ou des images présentent dans la bibliothèque wordpress.\u003C\u002Fli>\n\u003Cli>De définir une date de début et une date de fin\u003C\u002Fli>\n\u003Cli>D’ajouter un lien sur la publicité avec possibilité de l’ouvrir dans un nouvel onglet\u003C\u002Fli>\n\u003Cli>Effet de fading pour afficher une rotation de publicité sur un seul emplacement (pas de limite du nombre de publicité)\u003C\u002Fli>\n\u003Cli>Possibilité d’ordonner les publicités suivant : la date de début, la date de fin ou en aléatoire\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Credits picture : http:\u002F\u002Ffr.freepik.com\u002Fvecteurs-libre\u002Fbannieres-d-39-affaires-en-ligne_791781.htm\u003C\u002Fp>\n","This plugin is an ads manager, that allow you to add ads with widget on your website.",10,2110,0,"2017-12-15T09:07:00.000Z","4.9.29","4.5.1","",[19,20,21,22,23],"ads","pub","publicite","publicity","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finazo-advanced-ads-management.1.5.zip",85,1,"2016-09-06 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"WF-7bccc409-e16f-4c32-ad3b-743defd7200f-inazo-advanced-ads-management","inazo-advanced-ads-management-authenticated-stored-cross-site-scripting","Inazo Advanced Ads Management \u003C 1.4 - Authenticated Stored Cross-Site Scripting","The Inazo Advanced Ads Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘adds’ parameter in versions before 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with low-level privileges or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C1.4","1.4","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7bccc409-e16f-4c32-ad3b-743defd7200f?source=api-prod",2695,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":45,"trust_score":50,"computed_at":51},3,4030,92,73,"2026-04-04T05:40:42.863Z",[53,75,98,119,139],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"q2w3-fixed-widget","Fixed Widget and Sticky Elements for WordPress","6.2.3","monetizemore","https:\u002F\u002Fprofiles.wordpress.org\u002Fmonetizemore\u002F","\u003Cp>Use Fixed Widget to create sticky widgets, sticky blocks, and other elements that stay in the visible screen area when a user scrolls the page up or down.\u003C\u002Fp>\n\u003Cp>Sticky widgets are more visible than unfixed widgets and therefore have a significantly higher click-through rate.\u003C\u002Fp>\n\u003Cp>That’s why this option is worthwhile for ads or other elements that visitors should interact with. Meanwhile, Google also allows the integration of \u003Ca href=\"https:\u002F\u002Fwpadvancedads.com\u002Fgoogle-adsense-sticky-ads\u002F\" rel=\"nofollow ugc\">sticky AdSense ads\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpadvancedads.com\u002Ffixed-widget-wordpress\u002F\" rel=\"nofollow ugc\">Manual and demo\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Fixed Widget is completely free of charge.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sticky Widgets\u003C\u002Fstrong> Use the Fixed Widget option on any widget and blocks in the sidebar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sticky Elements\u003C\u002Fstrong> Choose any element on your site and make it sticky\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Margin Top\u003C\u002Fstrong> allows you to stop sticky elements to cover floating menu bars\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Margin Bottom\u003C\u002Fstrong> pushes sticky elements up before they reach a certain distance towards the bottom window\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop Elements\u003C\u002Fstrong> push sticky elements up when they are scrolling into view\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop Blocks\u003C\u002Fstrong> defines blocks in your sidebar that push fixed blocks out of the page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Screen Width\u003C\u002Fstrong> and \u003Cstrong>Minimum Screen Height\u003C\u002Fstrong> allow you to disable sticky behavior on small screens\u003C\u002Fli>\n\u003Cli>Written in plain JavaScript for better performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>Theme requirements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_head()\u003C\u002Fcode> and \u003Ccode>wp_footer()\u003C\u002Fcode> functions in \u003Ccode>header.php\u003C\u002Fcode> and \u003Ccode>footer.php\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>JavaScript errors could break sticky widgets\u003C\u002Fli>\n\u003C\u002Ful>\n","More attention and a higher ad performance with fixed sticky widgets.",90000,2292321,94,261,"2023-03-30T07:15:00.000Z","6.2.9","5.0","7.2",[19,70,71,72,23],"fixed-widget","sidebar","sticky-widget","https:\u002F\u002Fwpadvancedads.com\u002Ffixed-widget-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fq2w3-fixed-widget.6.2.3.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":17,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":26,"unpatched_count":13,"last_vuln_date":97,"fetched_at":28},"meks-easy-ads-widget","Meks Easy Ads Widget","2.0.9","Meks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmekshq\u002F","\u003Cp>With this plugin you can create unlimited number of ads inside your WordPress widget. There are several smart options provided to customize ads for your needs.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create unlimited number of ads inside one widget\u003C\u002Fli>\n\u003Cli>Choose from predefined sizes or define your custom size\u003C\u002Fli>\n\u003Cli>Support for both image ads and script based ads\u003C\u002Fli>\n\u003Cli>Randomize ads ordering\u003C\u002Fli>\n\u003Cli>Limit number of ads per view (page load)\u003C\u002Fli>\n\u003Cli>Autoplay rotate ads\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Meks Easy Ads Widget plugin is created by \u003Ca href=\"https:\u002F\u002Fmekshq.com\" rel=\"nofollow ugc\">Meks\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Live example?\u003C\u002Fh3>\n\u003Cp>You can see Meks Easy Ads Widget live example on our \u003Ca href=\"https:\u002F\u002Fmekshq.com\u002Fdemo\u002Fherald\" rel=\"nofollow ugc\">Herald theme demo website\u003C\u002Fa>\u003C\u002Fp>\n","Display unlimited number of ads inside your WordPress widget.",10000,467911,82,14,"2024-07-25T13:08:00.000Z","6.6.5","3.0",[91,19,92,93,23],"ad","advertising","affiliate","http:\u002F\u002Fmekshq.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeks-easy-ads-widget.zip",91,"2024-07-06 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":26,"last_updated":109,"tested_up_to":110,"requires_at_least":67,"requires_php":68,"tags":111,"homepage":117,"download_link":118,"security_score":108,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"ads-txt-by-magicbid","Ads.txt File Manager By Magicbid","2.2.0","Magicbid.ai","https:\u002F\u002Fprofiles.wordpress.org\u002Fratneshmagicbid\u002F","\u003Cp>\u003Cstrong>Ads.txt File Manager By Magicbid\u003C\u002Fstrong> allows publishers to manage both \u003Ccode>ads.txt\u003C\u002Fcode> and \u003Ccode>app-ads.txt\u003C\u002Fcode> file directly from the WordPress admin panel, without using FTP or file managers. It offers a safe and intuitive UI to help users edit, save, and back up their ads.txt file to comply with programmatic advertising requirements.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Live ads.txt editor\u003C\u002Fstrong> with line numbering and syntax highlighting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic versioned backups\u003C\u002Fstrong> every time you save changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restore previous versions\u003C\u002Fstrong> anytime from the backup list\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create ads.txt file\u003C\u002Fstrong> instantly if it doesn’t exist\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track changes by user\u003C\u002Fstrong>, showing which admin updated what and when\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure editing\u003C\u002Fstrong> – only admins can access and modify the file\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and fast\u003C\u002Fstrong>, no bloated dependencies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why use this plugin?\u003C\u002Fh3>\n\u003Cp>If you’re monetizing your site with platforms like Google AdSense, OpenX, or other SSPs\u002FDSPs, you need to serve a valid \u003Ccode>ads.txt\u003C\u002Fcode> file at the root of your domain. This plugin simplifies that process by letting you manage the file without technical knowledge.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Ccode>Ads.txt\u003C\u002Fcode> from the left admin menu.\u003C\u002Fli>\n\u003Cli>If the file doesn’t exist, click \u003Cstrong>Create ads.txt\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Edit the file in the editor and click \u003Cstrong>Save\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Every save creates a backup with timestamp and user info.\u003C\u002Fli>\n\u003Cli>You can restore any previous version from the \u003Cstrong>Backups\u003C\u002Fstrong> tab.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Plugin developed by \u003Ca href=\"https:\u002F\u002Fmagicbid.ai\u002F?utm_source=wordpressplugin%09&utm_medium=wordpressplugin%09&utm_campaign=wordpressplugin%09traffic&utm_id=wordpressplugin%09\" rel=\"nofollow ugc\">Magicbid.ai\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help or want to monetize your site?\u003Cbr \u002F>\nEmail us at: \u003Ccode>support@magicbid.ai\u003C\u002Fcode>\u003Cbr \u002F>\nOr visit: \u003Ca href=\"https:\u002F\u002Fmagicbid.ai\u002Fcontact-us\u002F?utm_source=wordpress-plugin%09&utm_medium=wordpress-plugin%09&utm_campaign=wordpress-plugin-traffic&utm_id=wordpress-plugin%09\" rel=\"nofollow ugc\">https:\u002F\u002Fmagicbid.ai\u002Fcontact-us\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Easily manage ads.txt and app-ads.txt files from your WordPress dashboard with editing, backup, and restore options.",3000,13177,100,"2026-02-10T07:46:00.000Z","6.9.4",[112,113,114,115,116],"ads-txt","app-ads-txt","google-ads","monetization","publisher","https:\u002F\u002Fmagicbid.ai\u002Fcontact-us\u002F?utm_source=wordpress-plugin&utm_medium=wordpress-plugin&utm_campaign=wordpress-plugin-traffic&utm_id=wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fads-txt-by-magicbid.2.2.0.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":106,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":17,"tags":133,"homepage":17,"download_link":137,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":138,"fetched_at":28},"wp-calameo","WP Calameo","2.1.8","calameo","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalameo\u002F","\u003Cp>This plugin allows to embed Calaméo publications in blog posts. Simply copy the WordPress embed code provided by Calaméo and paste it into your post.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.calameo.com\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.calameo.com\u003C\u002Fa>\u003C\u002Fp>\n","This plugin allows to embed Calaméo publications in blog posts. Copy the WordPress embed code and paste it into your post.",76021,40,4,"2024-03-07T11:05:00.000Z","6.4.8","2.1",[123,134,135,136,23],"document","embed","publication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-calameo.2.1.8.zip","2024-03-15 00:00:00",{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":147,"downloaded":148,"rating":108,"num_ratings":26,"last_updated":149,"tested_up_to":150,"requires_at_least":151,"requires_php":17,"tags":152,"homepage":156,"download_link":157,"security_score":158,"vuln_count":26,"unpatched_count":26,"last_vuln_date":159,"fetched_at":28},"adwords-conversion-tracking-code","AdWords Conversion Tracking Code","1.0","kcseopro","https:\u002F\u002Fprofiles.wordpress.org\u002Fkcseopro\u002F","\u003Cp>Adding Google AdWords Remarketing code to your website has never been easier. Simply copy and paste your AdWords Remarketing code and that’s it. Add your AdWords code to display the ads on your site.\u003C\u002Fp>\n\u003Ch4>Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It has global settings and page setting for adding the tracking code.\u003C\u002Fli>\n\u003Cli>If page or post have tracking code then it replaced the global tracking code\u003C\u002Fli>\n\u003C\u002Ful>\n","Easiest way to add AdWords Conversion Tracking Code to your site.",1000,26590,"2017-11-28T18:49:00.000Z","4.3.34","3.0.1",[19,153,154,23,155],"adsense","custom-ad","widgets","http:\u002F\u002Fkcseopro.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadwords-conversion-tracking-code.1.0.zip",63,"2025-12-31 00:00:00",{"attackSurface":161,"codeSignals":198,"taintFlows":309,"riskAssessment":336,"analyzedAt":351},{"hooks":162,"ajaxHandlers":189,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":26,"unprotectedCount":26},[163,169,173,177,181,185],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","admin_menu","createAdminMenu","inazo.wp.adv.ads.management.php",41,{"type":164,"name":170,"callback":171,"file":167,"line":172},"admin_enqueue_scripts","loadAdminScripts",42,{"type":164,"name":174,"callback":175,"file":167,"line":176},"wp_enqueue_scripts","frontEndScript",44,{"type":164,"name":178,"callback":179,"file":167,"line":180},"plugins_loaded","inazo_adv_ads_management_translation_files",48,{"type":164,"name":182,"callback":183,"file":167,"line":184},"widgets_init","anonymous",53,{"type":164,"name":186,"callback":187,"file":167,"line":188},"admin_print_styles","loadAdminStyle",270,[190],{"action":191,"nopriv":192,"callback":193,"hasNonce":192,"hasCapCheck":192,"file":167,"line":194},"inazo_wp_adds_manager_ajax_add_callback",false,"ajaxAddCallback",43,[],[],[],{"dangerousFunctions":199,"sqlUsage":203,"outputEscaping":215,"fileOperations":13,"externalRequests":13,"nonceChecks":47,"capabilityChecks":205,"bundledLibraries":308},[200],{"fn":201,"file":167,"line":184,"context":202},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"inazo_widget_adds_manager\");",{"prepared":204,"raw":205,"locations":206},6,2,[207,211],{"file":208,"line":209,"context":210},"class\\inazo_list_table_adv_ads_manager.php",102,"$wpdb->get_results() with variable interpolation",{"file":212,"line":213,"context":214},"uninstall.php",15,"$wpdb->query() with variable interpolation",{"escaped":216,"rawEcho":217,"locations":218},13,55,[219,222,224,226,229,230,232,234,236,238,240,242,244,246,248,250,251,253,255,257,259,260,262,265,266,267,268,269,270,272,273,274,275,277,279,281,283,284,285,286,288,289,290,291,292,293,295,297,298,299,300,302,303,304,306],{"file":167,"line":220,"context":221},162,"raw output",{"file":167,"line":223,"context":221},276,{"file":167,"line":225,"context":221},331,{"file":227,"line":228,"context":221},"view\\add.php",7,{"file":227,"line":213,"context":221},{"file":227,"line":231,"context":221},16,{"file":227,"line":233,"context":221},20,{"file":227,"line":235,"context":221},21,{"file":227,"line":237,"context":221},25,{"file":227,"line":239,"context":221},26,{"file":227,"line":241,"context":221},30,{"file":227,"line":243,"context":221},31,{"file":227,"line":245,"context":221},35,{"file":227,"line":247,"context":221},37,{"file":227,"line":249,"context":221},38,{"file":227,"line":194,"context":221},{"file":227,"line":252,"context":221},45,{"file":227,"line":254,"context":221},46,{"file":227,"line":256,"context":221},54,{"file":227,"line":258,"context":221},93,{"file":227,"line":63,"context":221},{"file":227,"line":261,"context":221},107,{"file":263,"line":264,"context":221},"view\\widget\\back.php",9,{"file":263,"line":11,"context":221},{"file":263,"line":11,"context":221},{"file":263,"line":86,"context":221},{"file":263,"line":213,"context":221},{"file":263,"line":213,"context":221},{"file":263,"line":271,"context":221},19,{"file":263,"line":233,"context":221},{"file":263,"line":233,"context":221},{"file":263,"line":235,"context":221},{"file":263,"line":276,"context":221},22,{"file":263,"line":278,"context":221},23,{"file":263,"line":280,"context":221},28,{"file":263,"line":282,"context":221},29,{"file":263,"line":282,"context":221},{"file":263,"line":241,"context":221},{"file":263,"line":243,"context":221},{"file":263,"line":287,"context":221},36,{"file":263,"line":247,"context":221},{"file":263,"line":247,"context":221},{"file":263,"line":168,"context":221},{"file":263,"line":172,"context":221},{"file":263,"line":172,"context":221},{"file":294,"line":228,"context":221},"view\\widget\\front.php",{"file":294,"line":296,"context":221},11,{"file":294,"line":216,"context":221},{"file":294,"line":271,"context":221},{"file":294,"line":241,"context":221},{"file":294,"line":301,"context":221},39,{"file":294,"line":172,"context":221},{"file":294,"line":217,"context":221},{"file":294,"line":305,"context":221},62,{"file":294,"line":307,"context":221},72,[],[310,326],{"entryPoint":311,"graph":312,"unsanitizedCount":26,"severity":38},"ajaxAddCallback (inazo.wp.adv.ads.management.php:158)",{"nodes":313,"edges":324},[314,319],{"id":315,"type":316,"label":317,"file":167,"line":318},"n0","source","$_POST",160,{"id":320,"type":321,"label":322,"file":167,"line":220,"wp_function":323},"n1","sink","echo() [XSS]","echo",[325],{"from":315,"to":320,"sanitized":192},{"entryPoint":327,"graph":328,"unsanitizedCount":13,"severity":335},"\u003Cinazo.wp.adv.ads.management> (inazo.wp.adv.ads.management.php:0)",{"nodes":329,"edges":332},[330,331],{"id":315,"type":316,"label":317,"file":167,"line":318},{"id":320,"type":321,"label":322,"file":167,"line":220,"wp_function":323},[333],{"from":315,"to":320,"sanitized":334},true,"low",{"summary":337,"deductions":338},"The \"inazo-advanced-ads-management\" plugin v1.5 presents a mixed security posture. While it has a low total attack surface and no recorded unpatched vulnerabilities, several concerning patterns emerge from the static analysis. A significant risk lies with its single unprotected AJAX handler, which is a direct entry point for attackers.  The presence of the `create_function` dangerous function is another red flag, as it can be exploited for code execution if not handled with extreme care, although no critical taint flows were found.\n\nThe plugin's output escaping is a notable weakness, with only 19% of outputs being properly escaped. This significantly increases the risk of Cross-Site Scripting (XSS) vulnerabilities. While the vulnerability history shows only a medium severity CVE from 2016, the lack of proper output escaping and the unprotected AJAX handler create a fertile ground for potential new XSS attacks, even if existing vulnerabilities are patched. The limited number of capability checks also raises concerns about potential privilege escalation if an attacker can bypass authorization.\n\nIn conclusion, the plugin has a small attack surface and no currently unpatched CVEs, which are positive aspects. However, the unprotected AJAX handler, poor output escaping practices, and the use of a dangerous function (`create_function`) introduce significant security risks that warrant immediate attention. The historical XSS vulnerability further underscores the importance of addressing the output escaping issues.",[339,342,344,347,349],{"reason":340,"points":341},"Unprotected AJAX handler",8,{"reason":343,"points":228},"Low percentage of properly escaped outputs",{"reason":345,"points":346},"Use of dangerous function 'create_function'",5,{"reason":348,"points":129},"Low number of capability checks",{"reason":350,"points":47},"Known medium severity vulnerability (historical)","2026-03-17T01:27:29.623Z",{"wat":353,"direct":362},{"assetPaths":354,"generatorPatterns":357,"scriptPaths":358,"versionParams":359},[355,356],"\u002Fwp-content\u002Fplugins\u002Finazo-advanced-ads-management\u002Fcss\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Finazo-advanced-ads-management\u002Fjs\u002Fadmin_add.js",[],[356],[360,361],"inazo-adds-manager-script","inazo-adv-ads-manager",{"cssClasses":363,"htmlComments":364,"htmlAttributes":379,"restEndpoints":382,"jsGlobals":383,"shortcodeOutput":385},[],[365,366,367,368,369,370,371,372,373,374,375,376,377,378],"\u003C!-- @todo : faire une configuration CSS ? -->","\u003C!-- \n * \n * Pour des raisons de sécurité aucun code ne doit être placé au dessus de cette ligne\n -->","\u003C!--\n * \n * Create the install of the plugin\n -->","\u003C!--\n * @todo to develop when i'll create an update\n -->","\u003C!--\n * Création du menu dans le back office de Wordpress\n -->","\u003C!--\n * Fonction de retouche de la date\n -->","\u003C!--\n * Fonction de reload de la date dans le formulaire de saisie\n -->","\u003C!--\n * Chargement des scripts nécessaire pour le BO\n -->","\u003C!-- in JavaScript, object properties are accessed as ajax_object.ajax_url, ajax_object.we_value -->","\u003C!--\n * Chargement des styles nécessaire pour le BO\n -->","\u003C!--\n * Controller pour ajouter un ads\n -->","\u003C!--\n * Initialisation des variables\n -->","\u003C!-- on est sur la sauvegarde de la publicité -->","\u003C!--\n * On va appeler l'ajout de la médiathèque dans la page d'ajout\n -->",[380,381],"token_csrf_action_edit","token_csrf_action_add",[],[384],"ajax_object",[]]