[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGWvcFi4V89ouuOZNGR1rN5svf_MtXv-ZvW4hCreeicA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":63,"crawl_stats":37,"alternatives":71,"analysis":164,"fingerprints":611},"indieblocks","IndieBlocks","0.13.3","Jan Boddez","https:\u002F\u002Fprofiles.wordpress.org\u002Fjanboddez\u002F","\u003Cp>Use blocks, and, optionally, “short-form” post types to easily “IndieWebify” your WordPress site.\u003C\u002Fp>\n\u003Cp>IndieBlocks registers several blocks (Bookmark, Like, Reply, and Repost, as well as the older Context block) that take a URL and output corresponding \u003Cem>microformatted\u003C\u002Fem> HTML.\u003C\u002Fp>\n\u003Cp>In combination with a microformats-compatible theme, these help ensure microformats clients are able to determine a post’s type.\u003C\u002Fp>\n\u003Cp>It also comes with “short-form” (Note and Like) custom post types, and a (somewhat experimental) option to add microformats to (all!) \u003Cem>block-based\u003C\u002Fem> themes.\u003C\u002Fp>\n\u003Cp>These microformats, in combination with the Webmention protocol, allow for rich \u003Cem>cross-site\u003C\u002Fem> conversations. IndieBlocks comes with its own Webmention implementation, but a separate plugin can be used, too.\u003C\u002Fp>\n\u003Cp>IndieBlocks also registers several “theme” blocks (Facepile, Location, Syndication, and Link Preview), to be used in “block theme” templates.\u003C\u002Fp>\n","Use blocks, and, optionally, \"short-form\" post types to easily \"IndieWebify\" your WordPress site.",100,6440,3,"2025-06-14T07:34:00.000Z","6.8.5","6.2","",[19,20,21,22,23],"blocks","indieweb","microblog","notes","webmention","https:\u002F\u002Findieblocks.xyz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findieblocks.0.13.3.zip",97,2,0,"2025-06-12 13:09:56","2026-03-15T15:16:48.613Z",[32,47],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-5950","indieblocks-authenticated-contributor-stored-cross-site-scripting-via-kind-parameter","IndieBlocks \u003C= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter","The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.13.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-18 16:26:13",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F41fdb3ea-1de4-4b90-a387-5932de7a5e7c?source=api-prod",6,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2025-31009","indieblocks-unauthenticated-server-side-request-forgery","IndieBlocks \u003C= 0.13.1 - Unauthenticated Server-Side Request Forgery","The IndieBlocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.13.1. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","\u003C=0.13.1","0.13.2","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-04-09 00:00:00","2025-04-17 12:48:16",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F730d0ff6-9881-4d69-bdaf-924d3d9f522c?source=api-prod",9,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":67,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"janboddez",4,1270,96,8,91,"2026-04-04T04:19:15.334Z",[72,92,110,129,150],{"slug":23,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":11,"num_ratings":68,"last_updated":81,"tested_up_to":82,"requires_at_least":16,"requires_php":83,"tags":84,"homepage":88,"download_link":89,"security_score":11,"vuln_count":90,"unpatched_count":28,"last_vuln_date":91,"fetched_at":30},"Webmention","5.6.2","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>When you link to a website you can send it a Webmention to notify it and then that website may display your post as a comment, like, or other response, and presto, you’re having a conversation from one site to another!\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebmention\u002F\" rel=\"nofollow ugc\">Webmention\u003C\u002Fa> is a notification that one URL links to another. Sending a Webmention is not limited to blog posts, and can be used for additional kinds of content and responses as well.\u003C\u002Fp>\n\u003Cp>For example, a response can be an RSVP to an event, an indication that someone “likes” another post, a “bookmark” of another post, and many others. Webmention enables these interactions to happen across different websites, enabling a distributed social web.\u003C\u002Fp>\n\u003Cp>The Webmention plugin supports the Webmention protocol, giving you support for sending and receiving Webmentions. It offers a simple built in presentation.\u003C\u002Fp>\n","Enable conversation across the web.",900,59493,"2026-01-01T12:43:00.000Z","6.9.4","7.2",[20,85,86,87,23],"linkback","pingback","trackback","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webmention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebmention.5.6.2.zip",1,"2023-03-08 00:00:00",{"slug":20,"name":93,"version":94,"author":93,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":11,"num_ratings":46,"last_updated":100,"tested_up_to":82,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":106,"download_link":107,"security_score":108,"vuln_count":90,"unpatched_count":28,"last_vuln_date":109,"fetched_at":30},"IndieWeb","5.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Findieweb\u002F","\u003Cp>The IndieWeb Plugin for WordPress helps you establish your IndieWeb identity by extending the user profile to provide \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Frel-me\" rel=\"nofollow ugc\">rel-me\u003C\u002Fa> and\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Findieweb.org\u002Fh-card\" rel=\"nofollow ugc\">h-card\u003C\u002Fa> fields and optionally adding widgets to display this. It also includes a bundled installer for a core set of IndieWeb-related plugins. It’s\u003Cbr \u002F>\nmeant to be a one-stop shop to help WordPress users quickly and easily join the growing \u003Ca href=\"https:\u002F\u002Findieweb.org\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa> movement (see below).\u003C\u002Fp>\n\u003Cp>Some of these plugins allow you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>send and receive comments, likes, reposts, and other kinds of post responses using your own site\u003C\u002Fli>\n\u003Cli>allow comments on others’ sites to show up as comments on your posts\u003C\u002Fli>\n\u003Cli>help make IndieWeb comments and mentions look better on your site\u003C\u002Fli>\n\u003Cli>allow support for webmentions\u003C\u002Fli>\n\u003Cli>add location support to your posts\u003C\u002Fli>\n\u003Cli>more easily syndicate your content to other sites to take advantage of network effects and other communities while still owning all of your original content\u003C\u002Fli>\n\u003Cli>link to syndicated versions of a post so that comments on your content in silos like Facebook, Twitter, Instagram can come back to your original post as comments there\u003C\u002Fli>\n\u003Cli>set up a MicroPub Server to use other posting interfaces. (You could potentially use services like Instagram, Foursquare, and others to post to your WordPress site.)\u003C\u002Fli>\n\u003Cli>Use your site to log into other services with \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Findieauth\" rel=\"nofollow ugc\">IndieAuth\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The IndieWeb\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>The \u003Ca href=\"https:\u002F\u002Findieweb.org\u002F\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa> is a people-focused alternative to the ‘corporate web’ that allows you to be the hub of your own web presence.\u003C\u002Fstrong> It’s been written about in \u003Ca href=\"http:\u002F\u002Fwww.wired.com\u002F2013\u002F08\u002Findie-web\u002F\" rel=\"nofollow ugc\">Wired\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.theatlantic.com\u002Ftechnology\u002Farchive\u002F2014\u002F08\u002Fthe-new-editors-of-the-internet\u002F378983\u002F\" rel=\"nofollow ugc\">The Atlantic\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.slate.com\u002Fblogs\u002Ffuture_tense\u002F2014\u002F04\u002F25\u002Findiewebcamps_create_tools_for_a_new_internet.html\" rel=\"nofollow ugc\">Slate\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fgigaom.com\u002F2014\u002F09\u002F03\u002Fdont-like-facebook-owning-and-controlling-your-content-use-tools-that-support-the-open-web\u002F\" rel=\"nofollow ugc\">Gigaom\u003C\u002Fa> amongst others.\u003C\u002Fp>\n\u003Ch3>The IndieWeb, like WordPress, feels that your content is yours\u003C\u002Fh3>\n\u003Cp>When you post something on the web, it should belong to you, not a corporation. Too many companies have gone out of business and lost all of their users’ data. By joining the IndieWeb, your content stays yours and in your control.\u003C\u002Fp>\n\u003Ch3>The IndieWeb is here to help you be better connected\u003C\u002Fh3>\n\u003Cp>Your articles and status messages can be syndicated to all services, not just one, allowing you to engage with everyone in your social network\u002Fsocial graph. Even replies and likes on other services can come back to your site so they’re all in one place.\u003C\u002Fp>\n\u003Cp>Interested in connecting your WordPress site to the \u003Ca href=\"https:\u002F\u002Findieweb.org\u002F\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa>? Let us help you get started.\u003C\u002Fp>\n","IndieWeb for WordPress!",600,30949,"2025-12-19T21:31:00.000Z","4.7","7.4",[104,20,105,23],"indieauth","posse","https:\u002F\u002Fgithub.com\u002Findieweb\u002Fwordpress-indieweb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findieweb.5.0.0.zip",99,"2026-01-08 17:50:29",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":11,"num_ratings":90,"last_updated":120,"tested_up_to":15,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"simple-note","Simple Note","1.8","Webliberty","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebliberty\u002F","\u003Cp>Use the Simple Note plugin to write informative and warning notes, notes about errors or success, as well as quotes in colored blocks.\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Cp>Search beautiful colored blocks in Common blocks category and insert into the content.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>You can translate Simple Note on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsimple-note\" rel=\"nofollow ugc\">\u003Cstrong>translate.wordpress.org\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n","The plugin allows you to create colored text notes in the new block editor.",500,6062,"2025-06-18T10:36:00.000Z","5.3","7.0",[19,124,22,125,126],"note","quote","text","https:\u002F\u002Fwebliberty.ru\u002Fblockquote\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-note.1.8.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":11,"downloaded":137,"rating":138,"num_ratings":46,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":122,"tags":142,"homepage":146,"download_link":147,"security_score":148,"vuln_count":90,"unpatched_count":28,"last_vuln_date":149,"fetched_at":30},"indieweb-post-kinds","Post Kinds","3.7.3","David Shanske","https:\u002F\u002Fprofiles.wordpress.org\u002Fdshanske\u002F","\u003Cp>Post Kinds adds support to the Classic Editor for responding to and interacting with other sites using the standards\u003Cbr \u002F>\ndeveloped by the IndieWeb by implementing \u003Ca href=\"http:\u002F\u002Findieweb.org\u002Fpost_kinds\" rel=\"nofollow ugc\">kinds of posts\u003C\u002Fa>. It is not compatible with Gutenberg.\u003C\u002Fp>\n\u003Cp>It can also distinguish certain types of passive posts in a manner similar to \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPost_Formats\" rel=\"nofollow ugc\">post formats\u003C\u002Fa>. While it can work alongside\u003Cbr \u002F>\npost formats, it is recommended as a replacement as it is designed as a replacement using IndieWeb Post Types.\u003C\u002Fp>\n\u003Cp>Many sites will not need all of the kinds set up. What kinds of posts you wish to publish are specific to your needs.\u003C\u002Fp>\n\u003Ch3>Privacy and Data Storage Notice\u003C\u002Fh3>\n\u003Cp>Post Kinds stores extra data in a post indicating what you are responding to. This data is either hand-added or can be parsed from the source URL if provided. This means you have additional\u003Cbr \u002F>\nresponsibilities to responsibly use this data, and to remove information on request.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Kind Icons are currently provided by \u003Ca href=\"http:\u002F\u002Ffontawesome.io\" rel=\"nofollow ugc\">Font Awesome\u003C\u002Fa> and are licensed as \u003Ca href=\"https:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby\u002F4.0\u002F\" rel=\"nofollow ugc\">CC BY 4.0\u003C\u002Fa>. A copy of the license notice is bundled.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fboffosocko.com\" rel=\"nofollow ugc\">Chris Aldrich\u003C\u002Fa> always receives a credit on my plugins due his regular feedback, input, and usage.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Theme Support\u003C\u002Fh3>\n\u003Cp>Post Kinds automatically adds information to \u003Ccode>the_content\u003C\u002Fcode> and \u003Ccode>the_excerpt\u003C\u002Fcode> filter. Being as this is inside the content block, which may or may not be desirable, you may remove these filters as noted\u003Cbr \u002F>\nbelow and call \u003Ccode>kind_display\u003C\u002Fcode> directly. This will allow it to appear outside the content block. To remove the automatic display, add the following to your theme.\u003Cbr \u002F>\n    * \u003Ccode>add_filter( 'kind_content_display', '__return_false' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>The functions \u003Ccode>has_post_kind\u003C\u002Fcode>, \u003Ccode>set_post_kind\u003C\u002Fcode>, and \u003Ccode>set_post_kind\u003C\u002Fcode> will allow you to manipulate the kind settings in a post. \u003Ccode>get_post_kind_string\u003C\u002Fcode> will return the display name of a kind.\u003C\u002Fp>\n\u003Cp>If you want to customize the look of the display, you can create a directory in your theme called \u003Ccode>kind_views\u003C\u002Fcode>, copy the file from the views directory of the plugin, and modify it. This will persist\u003Cbr \u002F>\nthrough future plugin updates.\u003C\u002Fp>\n","Ever want to reply to someone else's post with a post on your own site? Or to \"like\" someone else's post, but with your own site?",31852,86,"2024-04-09T03:12:00.000Z","6.5.8","4.9.9",[20,143,144,145,23],"interaction","posts","share","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Findieweb-post-kinds\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findieweb-post-kinds.3.7.3.zip",92,"2015-05-13 00:00:00",{"slug":151,"name":152,"version":153,"author":93,"author_profile":95,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":28,"num_ratings":28,"last_updated":158,"tested_up_to":159,"requires_at_least":101,"requires_php":17,"tags":160,"homepage":161,"download_link":162,"security_score":163,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"indieweb-press-this","IndieWeb Press This","1.3","\u003Cp>This plugin is based on the idea and code of \u003Ca href=\"https:\u002F\u002Fsnarfed.org\u002Findieweb-press-this-bookmarklets-for-wordpress\" rel=\"nofollow ugc\">@snarfed\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cp>It requires the Press This plugin for WordPress with Bookmarklet support as of WordPress 4.9, when Press This was removed from WordPress.\u003C\u002Fp>\n\u003Cp>One big \u003Ca href=\"https:\u002F\u002Findieweb.org\u002F\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa> \u003Cem>raison d’être\u003C\u002Fem> is using your own web site to \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Freply\" rel=\"nofollow ugc\">reply\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Findieweb.org\u002Flike\" rel=\"nofollow ugc\">like\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Frepost\" rel=\"nofollow ugc\">repost\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Ffollow\" rel=\"nofollow ugc\">follow\u003C\u002Fa>,\u003Cbr \u002F>\nand \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Frsvp\" rel=\"nofollow ugc\">RSVP\u003C\u002Fa> to posts and events. You do this by annotating links on your site with simple \u003Ca href=\"http:\u002F\u002Fmicroformats.org\u002Fwiki\u002Fmicroformats2\" rel=\"nofollow ugc\">microformats2\u003C\u002Fa> HTML.\u003C\u002Fp>\n\u003Cp>Having said that, most people don’t want to write HTML to like or reply to something. WordPress’s \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPress_This\" rel=\"nofollow ugc\">Press This bookmarklets\u003C\u002Fa> can already start a new post with a link to the page you’re currently viewing. This code adds IndieWeb microformats2 markup to that link. Combined the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webmention\" rel=\"nofollow ugc\">wordpress-webmention\u003C\u002Fa> plugin, you can use this to respond to the current page with just two clicks.\u003C\u002Fp>\n\u003Cp>What’s more, if you’re currently on a Facebook post or Twitter tweet, this adds the \u003Ca href=\"https:\u002F\u002Fwww.brid.gy\u002Fabout#publish\" rel=\"nofollow ugc\">Bridgy Publish\u003C\u002Fa> link that will reply, like, favorite, retweet, or even RSVP \u003Cem>inside\u003C\u002Fem> those social networks.\u003C\u002Fp>\n","IndieWebified Press This bookmarklets.",20,2747,"2023-01-04T21:40:00.000Z","6.1.10",[20,105,23],"http:\u002F\u002Fgithub.com\u002Findieweb\u002Fwordpress-indieweb-press-this","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findieweb-press-this.1.3.zip",85,{"attackSurface":165,"codeSignals":519,"taintFlows":574,"riskAssessment":601,"analyzedAt":610},{"hooks":166,"ajaxHandlers":486,"restRoutes":496,"shortcodes":511,"cronEvents":512,"entryPointCount":65,"unprotectedCount":90},[167,174,179,183,186,189,193,198,202,206,210,213,218,222,227,229,233,237,240,243,247,251,255,257,259,263,266,270,274,277,279,283,287,292,295,298,301,306,310,313,315,317,319,320,323,325,326,327,329,332,335,337,340,342,346,350,353,357,361,364,367,370,375,377,380,381,384,387,389,392,395,398,401,403,407,411,415,419,423,427,431,435,439,442,444,446,449,451,453,456,459,462,467,469,471,475,476,478,480,482,484],{"type":168,"name":169,"callback":170,"priority":171,"file":172,"line":173},"action","wp_footer","\\IndieBlocks\\print_facepile_icons",999,"blocks\\facepile-content\\render.php",32,{"type":168,"name":175,"callback":176,"file":177,"line":178},"admin_enqueue_scripts","register_scripts","includes\\class-blocks.php",17,{"type":168,"name":180,"callback":181,"file":177,"line":182},"init","register_blocks",19,{"type":168,"name":180,"callback":184,"priority":185,"file":177,"line":156},"register_block_patterns",15,{"type":168,"name":180,"callback":187,"priority":156,"file":177,"line":188},"register_block_templates",21,{"type":168,"name":190,"callback":191,"file":177,"line":192},"rest_api_init","register_api_endpoints",23,{"type":194,"name":195,"callback":196,"file":177,"line":197},"filter","excerpt_allowed_wrapper_blocks","excerpt_allow_wrapper_blocks",25,{"type":194,"name":199,"callback":200,"file":177,"line":201},"excerpt_allowed_blocks","excerpt_allow_blocks",26,{"type":194,"name":203,"callback":204,"file":177,"line":205},"the_excerpt_rss","excerpt_feed",27,{"type":168,"name":207,"callback":208,"file":177,"line":209},"pre_get_comments","comment_query",31,{"type":194,"name":211,"callback":212,"priority":171,"file":177,"line":173},"get_comments_number","comment_count",{"type":194,"name":214,"callback":215,"priority":216,"file":177,"line":217},"hooked_block_types","hook_facepile_block",10,36,{"type":194,"name":219,"callback":220,"priority":216,"file":177,"line":221},"hooked_block_indieblocks\u002Ffacepile","modify_hooked_facepile_block",37,{"type":194,"name":223,"callback":224,"priority":62,"file":225,"line":226},"request","include_in_main_feed","includes\\class-feeds.php",22,{"type":194,"name":180,"callback":228,"file":225,"line":201},"create_post_feed",{"type":168,"name":230,"callback":231,"priority":156,"file":225,"line":232},"do_feed_rss2","load_custom_rss2_template",34,{"type":168,"name":234,"callback":235,"priority":156,"file":225,"line":236},"do_feed_atom","load_custom_atom_template",35,{"type":194,"name":203,"callback":238,"file":225,"line":239},"feed_thumbnails",40,{"type":194,"name":241,"callback":238,"file":225,"line":242},"the_content_feed",41,{"type":194,"name":244,"callback":245,"file":225,"line":246},"wp_title_rss","set_post_feed_title",105,{"type":168,"name":248,"callback":249,"priority":62,"file":225,"line":250},"wp_head","add_post_feed_link",108,{"type":168,"name":252,"callback":253,"file":254,"line":182},"enqueue_block_editor_assets","enqueue_scripts","includes\\class-location.php",{"type":168,"name":190,"callback":256,"file":254,"line":226},"register_meta",{"type":168,"name":190,"callback":258,"file":254,"line":197},"register_rest_field",{"type":168,"name":260,"callback":261,"file":254,"line":262},"add_meta_boxes","add_meta_box",28,{"type":168,"name":264,"callback":265,"file":254,"line":221},"admin_footer","add_script",{"type":194,"name":267,"callback":268,"priority":216,"file":254,"line":269},"is_protected_meta","hide_meta",112,{"type":194,"name":271,"callback":272,"priority":216,"file":273,"line":192},"micropub_post_type","set_post_type","includes\\class-micropub-compat.php",{"type":194,"name":275,"callback":276,"priority":156,"file":273,"line":209},"micropub_query","query_post_types",{"type":194,"name":275,"callback":278,"priority":156,"file":273,"line":217},"query_categories",{"type":194,"name":280,"callback":281,"priority":216,"file":273,"line":282},"micropub_post_content","set_post_content",42,{"type":194,"name":284,"callback":285,"priority":108,"file":273,"line":286},"micropub_dynamic_render","__return_false",45,{"type":168,"name":288,"callback":289,"file":290,"line":291},"admin_menu","create_menu","includes\\class-options-handler.php",196,{"type":168,"name":180,"callback":293,"priority":62,"file":290,"line":294},"flush_permalinks",197,{"type":168,"name":190,"callback":296,"file":290,"line":297},"add_settings",198,{"type":168,"name":299,"callback":296,"file":290,"line":300},"admin_init",222,{"type":168,"name":302,"callback":303,"file":304,"line":305},"plugins_loaded","load_textdomain","includes\\class-plugin.php",55,{"type":194,"name":307,"callback":308,"file":304,"line":309},"option_indieblocks_settings","prep_options",63,{"type":168,"name":302,"callback":311,"file":304,"line":312},"register",75,{"type":168,"name":302,"callback":311,"file":304,"line":314},80,{"type":168,"name":302,"callback":311,"file":304,"line":316},84,{"type":168,"name":302,"callback":311,"file":304,"line":318},88,{"type":168,"name":302,"callback":311,"file":304,"line":148},{"type":194,"name":321,"callback":322,"priority":216,"file":304,"line":67},"pre_get_avatar","get_avatar_html",{"type":168,"name":175,"callback":324,"priority":216,"file":304,"line":26},"enqueue_styles",{"type":168,"name":302,"callback":311,"file":304,"line":11},{"type":168,"name":302,"callback":311,"file":304,"line":246},{"type":168,"name":302,"callback":311,"file":304,"line":328},109,{"type":168,"name":180,"callback":330,"priority":62,"file":331,"line":188},"register_post_types","includes\\class-post-types.php",{"type":168,"name":180,"callback":333,"file":331,"line":334},"custom_permalinks",24,{"type":168,"name":180,"callback":336,"file":331,"line":197},"create_date_archives",{"type":168,"name":338,"callback":339,"file":331,"line":262},"wp","set_404_if_empty",{"type":194,"name":341,"callback":341,"priority":216,"file":331,"line":173},"post_type_link",{"type":194,"name":343,"callback":344,"priority":216,"file":331,"line":345},"wp_unique_post_slug","prevent_slug_clashes",33,{"type":168,"name":347,"callback":348,"priority":108,"file":331,"line":349},"pre_get_posts","include_in_archives",38,{"type":194,"name":351,"callback":352,"priority":216,"file":331,"line":282},"wp_insert_post_data","set_title",{"type":194,"name":351,"callback":354,"priority":355,"file":331,"line":356},"set_slug",11,47,{"type":194,"name":358,"callback":359,"file":331,"line":360},"save_post_indieblocks_note","set_post_meta",51,{"type":194,"name":362,"callback":359,"file":331,"line":363},"rest_after_insert_indieblocks_note",52,{"type":194,"name":365,"callback":359,"file":331,"line":366},"save_post_indieblocks_like",56,{"type":194,"name":368,"callback":359,"file":331,"line":369},"rest_after_insert_indieblocks_like",57,{"type":194,"name":371,"callback":372,"priority":156,"file":373,"line":374},"publish_indieblocks_note","schedule","includes\\class-preview-cards.php",18,{"type":194,"name":376,"callback":372,"priority":156,"file":373,"line":182},"publish_indieblocks_like",{"type":168,"name":378,"callback":379,"file":373,"line":188},"indieblocks_preview_card","add_meta",{"type":168,"name":190,"callback":258,"file":373,"line":192},{"type":168,"name":180,"callback":382,"file":383,"line":374},"filter_core_blocks","includes\\class-theme-mf2.php",{"type":194,"name":385,"callback":386,"file":383,"line":182},"term_links-category","add_term_link_class",{"type":194,"name":388,"callback":386,"file":383,"line":156},"term_links-post_tag",{"type":194,"name":390,"callback":391,"priority":108,"file":383,"line":188},"body_class","add_body_class",{"type":194,"name":393,"callback":394,"priority":108,"file":383,"line":226},"post_class","add_post_class",{"type":194,"name":396,"callback":397,"priority":108,"file":383,"line":192},"comment_class","add_comment_class",{"type":194,"name":399,"callback":400,"file":383,"line":334},"post_thumbnail_html","add_thumbnail_class",{"type":194,"name":402,"callback":402,"priority":216,"file":383,"line":197},"get_comment_link",{"type":194,"name":404,"callback":405,"priority":355,"file":383,"line":406},"render_block_core\u002Fpost-author-name","render_block_core_post_author_name",156,{"type":194,"name":408,"callback":409,"priority":355,"file":383,"line":410},"render_block_core\u002Fpost-author","render_block_core_post_author",157,{"type":194,"name":412,"callback":413,"priority":355,"file":383,"line":414},"render_block_core\u002Fpost-content","render_block_core_post_content",158,{"type":194,"name":416,"callback":417,"priority":355,"file":383,"line":418},"render_block_core\u002Fpost-date","render_block_core_post_date",159,{"type":194,"name":420,"callback":421,"priority":355,"file":383,"line":422},"render_block_core\u002Fpost-excerpt","render_block_core_post_excerpt",160,{"type":194,"name":424,"callback":425,"priority":355,"file":383,"line":426},"render_block_core\u002Fpost-title","render_block_core_post_title",161,{"type":194,"name":428,"callback":429,"priority":355,"file":383,"line":430},"render_block_core\u002Fcomment-author-name","render_block_core_comment_author_name",162,{"type":194,"name":432,"callback":433,"priority":355,"file":383,"line":434},"render_block_core\u002Fcomment-content","render_block_core_comment_content",163,{"type":194,"name":436,"callback":437,"priority":355,"file":383,"line":438},"render_block_core\u002Fcomment-date","render_block_core_comment_date",164,{"type":168,"name":207,"callback":208,"file":440,"line":441},"includes\\functions.php",462,{"type":168,"name":207,"callback":208,"file":440,"line":443},467,{"type":168,"name":207,"callback":208,"file":440,"line":445},472,{"type":168,"name":190,"callback":447,"file":448,"line":374},"register_api_endpoint","includes\\webmention\\class-webmention-receiver.php",{"type":168,"name":248,"callback":450,"file":448,"line":188},"webmention_link",{"type":168,"name":452,"callback":450,"file":448,"line":226},"template_redirect",{"type":168,"name":454,"callback":455,"file":448,"line":197},"indieblocks_process_webmentions","process_webmentions",{"type":194,"name":457,"callback":458,"priority":216,"file":448,"line":201},"wp_kses_allowed_html","allowed_html",{"type":168,"name":460,"callback":261,"file":448,"line":461},"add_meta_boxes_comment",29,{"type":168,"name":463,"callback":464,"file":465,"line":466},"trashed_post","schedule_webmention","includes\\webmention\\class-webmention-sender.php",30,{"type":168,"name":468,"callback":464,"file":465,"line":345},"comment_post",{"type":168,"name":470,"callback":464,"priority":216,"file":465,"line":217},"comment_approved_comment",{"type":168,"name":472,"callback":473,"file":465,"line":474},"indieblocks_webmention_send","send_webmention",39,{"type":168,"name":260,"callback":261,"file":465,"line":282},{"type":168,"name":460,"callback":261,"file":465,"line":477},43,{"type":168,"name":175,"callback":253,"file":465,"line":479},46,{"type":168,"name":252,"callback":253,"file":465,"line":481},49,{"type":168,"name":190,"callback":258,"file":465,"line":483},50,{"type":168,"name":180,"callback":180,"file":485,"line":374},"includes\\webmention\\class-webmention.php",[487,492],{"action":488,"nopriv":489,"callback":490,"hasNonce":491,"hasCapCheck":491,"file":448,"line":173},"indieblocks_delete_avatar",false,"delete_avatar",true,{"action":493,"nopriv":489,"callback":494,"hasNonce":491,"hasCapCheck":491,"file":465,"line":495},"indieblocks_resend_webmention","reschedule_webmention",53,[497,505],{"namespace":498,"route":499,"methods":500,"callback":502,"permissionCallback":503,"file":177,"line":504},"indieblocks\u002Fv1","\u002Fmeta",[501],"GET","get_url_meta","closure",176,{"namespace":498,"route":506,"methods":507,"callback":509,"permissionCallback":510,"file":448,"line":474},"\u002Fwebmention",[508],"POST","store_webmention","__return_true",[],[513,514,516,518],{"hook":378,"callback":378,"file":373,"line":239},{"hook":472,"callback":472,"file":465,"line":515},192,{"hook":472,"callback":472,"file":465,"line":517},341,{"hook":454,"callback":454,"file":485,"line":466},{"dangerousFunctions":520,"sqlUsage":521,"outputEscaping":530,"fileOperations":28,"externalRequests":27,"nonceChecks":13,"capabilityChecks":68,"bundledLibraries":573},[],{"prepared":62,"raw":13,"locations":522},[523,526,529],{"file":524,"line":250,"context":525},"includes\\class-parser.php","$wpdb->query() with variable interpolation",{"file":448,"line":527,"context":528},121,"$wpdb->get_results() with variable interpolation",{"file":485,"line":363,"context":525},{"escaped":430,"rawEcho":334,"locations":531},[532,535,536,537,539,540,542,544,546,548,549,551,552,554,556,558,560,562,564,565,567,568,569,571],{"file":533,"line":474,"context":534},"blocks\\facepile\\render.php","raw output",{"file":172,"line":418,"context":534},{"file":172,"line":422,"context":534},{"file":538,"line":349,"context":534},"blocks\\link-preview\\render.php",{"file":538,"line":286,"context":534},{"file":538,"line":541,"context":534},71,{"file":543,"line":356,"context":534},"blocks\\location\\render.php",{"file":543,"line":545,"context":534},48,{"file":547,"line":221,"context":534},"blocks\\syndication\\render.php",{"file":547,"line":349,"context":534},{"file":550,"line":178,"context":534},"templates\\feed-atom.php",{"file":550,"line":349,"context":534},{"file":550,"line":553,"context":534},101,{"file":550,"line":555,"context":534},102,{"file":550,"line":557,"context":534},123,{"file":550,"line":559,"context":534},124,{"file":550,"line":561,"context":534},125,{"file":563,"line":178,"context":534},"templates\\feed-rss2.php",{"file":563,"line":360,"context":534},{"file":563,"line":566,"context":534},65,{"file":563,"line":314,"context":534},{"file":563,"line":559,"context":534},{"file":563,"line":570,"context":534},134,{"file":563,"line":572,"context":534},142,[],[575,593],{"entryPoint":576,"graph":577,"unsanitizedCount":28,"severity":592},"reschedule_webmention (includes\\webmention\\class-webmention-sender.php:750)",{"nodes":578,"edges":590},[579,584],{"id":580,"type":581,"label":582,"file":465,"line":583},"n0","source","$_POST (x2)",775,{"id":585,"type":586,"label":587,"file":465,"line":588,"wp_function":589},"n1","sink","echo() [XSS]",792,"echo",[591],{"from":580,"to":585,"sanitized":491},"low",{"entryPoint":594,"graph":595,"unsanitizedCount":28,"severity":592},"\u003Cclass-webmention-sender> (includes\\webmention\\class-webmention-sender.php:0)",{"nodes":596,"edges":599},[597,598],{"id":580,"type":581,"label":582,"file":465,"line":583},{"id":585,"type":586,"label":587,"file":465,"line":588,"wp_function":589},[600],{"from":580,"to":585,"sanitized":491},{"summary":602,"deductions":603},"The indieblocks plugin v0.13.3 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by largely utilizing prepared statements for SQL queries and properly escaping a high percentage of its output. The absence of dangerous functions, file operations, and critical taint flows is also encouraging. However, several concerns warrant attention. The presence of an unprotected REST API route represents a significant attack vector. While the total attack surface isn't exceptionally large, the unprotected entry point is a critical flaw that could be exploited. The plugin's history of two CVEs, including a high and a medium severity vulnerability, with one being a Cross-site Scripting (XSS) and the other Server-Side Request Forgery (SSRF), is a red flag. Although there are currently no unpatched vulnerabilities, this history suggests a recurring pattern of security weaknesses that require careful monitoring and prompt patching of future issues. The last vulnerability being in the near future (2025-06-12) may be a data anomaly but doesn't negate the past issues. Overall, while the code quality shows some positive aspects, the unprotected entry point and the past vulnerability history necessitate vigilance.",[604,606,608],{"reason":605,"points":216},"REST API route without permission callbacks",{"reason":607,"points":185},"History of High severity vulnerability",{"reason":609,"points":216},"History of Medium severity vulnerability","2026-03-16T20:58:25.134Z",{"wat":612,"direct":620},{"assetPaths":613,"generatorPatterns":616,"scriptPaths":617,"versionParams":618},[614,615],"\u002Fwp-content\u002Fplugins\u002Findieblocks\u002Fassets\u002Flocation.css","\u002Fwp-content\u002Fplugins\u002Findieblocks\u002Fassets\u002Flocation.js",[],[615],[619,4],"indieblocks-location",{"cssClasses":621,"htmlComments":622,"htmlAttributes":624,"restEndpoints":628,"jsGlobals":630,"shortcodeOutput":632},[],[623],"\u003C!-- IndieBlocks Location Meta Box -->",[625,626,627],"data-geo_address","data-geo_latitude","data-geo_longitude",[629],"\u002Fwp-json\u002Findieblocks\u002Fv1\u002Flocation",[631],"indieblocks_location_obj",[]]