[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDqD_jzY-9ZP9be3dc2KukA3po0WsqXbFf8csmRqih9g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":60,"crawl_stats":36,"alternatives":65,"analysis":168,"fingerprints":332},"instant-css","Instant CSS","1.2.2","dylanblokhuis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdylanblokhuis\u002F","\u003Cp>Use the power of Visual Studio Code in WordPress to write your CSS or SCSS\u003C\u002Fp>\n\u003Cp>The plugin uses autoprefixer to parse your CSS\u002FSCSS into CSS that will work on older browsers, no need to write -webkit, -moz or -o.\u003C\u002Fp>\n\u003Cp>You can also choose to use SCSS, more info about SCSS here: https:\u002F\u002Fsass-lang.com\u002Fguide\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use all the powerful features from Visual Studio Code\u003C\u002Fli>\n\u003Cli>Your CSS gets compiled with autoprefixer to work on older browsers\u003C\u002Fli>\n\u003Cli>Use SCSS to create efficient stylesheets with variables, mixins, etc.\u003C\u002Fli>\n\u003Cli>Option to minify your CSS to reduce loading times\u003C\u002Fli>\n\u003Cli>No refreshing on saving\u003C\u002Fli>\n\u003Cli>Live editor updating styles on save and have the browser update simultaneously\u003C\u002Fli>\n\u003C\u002Ful>\n","Write your styles beautifully with the power of Visual Studio Code",4000,14854,98,15,"2023-09-21T07:16:00.000Z","6.3.8","",[19,20,21,22,23],"css","custom-css","postcss","sass","scss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-css.zip",84,2,0,"2023-09-29 00:00:00","2026-03-15T15:16:48.613Z",[31,46],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2023-44243","instant-css-cross-site-request-forgery","Instant CSS \u003C= 1.2.1 - Cross-Site Request Forgery","The Instant CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions in the class.instantcss_ajax.php file. This makes it possible for unauthenticated attackers to save and retrieve theme data, css data, minify data, and preprocessor data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F30ce93b4-9e2a-4a8c-8590-ffd61d618d31?source=api-prod",116,{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":36,"affected_versions":51,"patched_in_version":52,"severity":38,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":42,"references":57,"days_to_patch":59},"CVE-2023-38483","instant-css-missing-authorization-via-ajax-actions","Instant CSS \u003C= 1.1.4 - Missing Authorization via AJAX Actions","The Instant CSS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via AJAX actions in the ~\u002Fclasses\u002Fclass.instantcss_ajax.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a wide variety of actions such as retrieving css, theme, and minify data, along with updating the options for those. The unprotected AJAX actions present can be used to exploit a site via Cross-Site Scripting as well.","\u003C=1.1.4","1.1.5",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2023-07-24 00:00:00",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb82a9ae8-ff82-40bf-a5d4-5175daab9146?source=api-prod",183,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":62,"trust_score":63,"computed_at":64},1,150,68,"2026-04-04T06:19:53.701Z",[66,87,108,131,152],{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":76,"num_ratings":77,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":81,"tags":82,"homepage":84,"download_link":85,"security_score":86,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"wp-scss","WP-SCSS","4.0.8","Connect Think","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnectthink\u002F","\u003Cp>Compiles .scss files on your wordpress install using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscssphp\u002Fscssphp\u002F\" rel=\"nofollow ugc\">ScssPhp\u003C\u002Fa>. Includes settings page for configuring directories, error reporting, compiling options, and auto enqueuing.\u003C\u002Fp>\n\u003Cp>The plugin only compiles when changes have been made to the scss files. Compiles are made to the matching css file, so disabling this plugin will not take down your stylesheets. In the instance where a matching css file does not exist yet, the plugin will create the appropriate css file in the css directory.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS\" rel=\"nofollow ugc\">Get detailed instructions on github\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Looking for a new maintainer\u003C\u002Fh3>\n\u003Cp>If you are interested in giving back to the open source plugin respond \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS\u002Fissues\u002F242\" rel=\"nofollow ugc\">here\u003C\u002Fa> with your interest\u003C\u002Fp>\n","Compiles .scss files to .css and enqueues them.",40000,481303,86,61,"2026-03-02T13:29:00.000Z","6.8.5","3.0.1","7.2",[19,22,23,83],"scssphp","https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-scss.4.0.8.zip",100,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":11,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":99,"tags":101,"homepage":106,"download_link":107,"security_score":86,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"custom-codes","CodeKit – Custom Codes Editor","2.5.2","Bilal TAS","https:\u002F\u002Fprofiles.wordpress.org\u002Fbilaltas\u002F","\u003Cp>Add custom \u003Cstrong>SASS, CSS, JS, PHP and HTML\u003C\u002Fstrong> codes to your WordPress websites with the most advanced, yet simple custom code editor ever. \u003Cstrong>Now with AI superpowers!\u003C\u002Fstrong> Generate, fix, and optimize your code with Google Gemini or OpenAI. Changing the look of your website and adding new functions have never been easier.\u003C\u002Fp>\n\u003Cp>By using CodeKit plugin, you can \u003Cstrong>create code blocks for different languages\u003C\u002Fstrong> and maintain them in separate blocks just like you do with your posts. With the power of our integrated IDE, you can add codes with syntax highlighting, emmet feature and autocomplete. The features also provide continuous development and urgent deployment of \u003Cstrong>codes without effort.\u003C\u002Fstrong> It is actually just like your favorite code editor.\u003C\u002Fp>\n\u003Ch3>Endless Possibilities\u003C\u002Fh3>\n\u003Cp>CodeKit is one of the most versatile and functional custom codes plugin in the market. It supports various languages as well as providing options to deploy your code in different WordPress hooks by default. The core IDE functions also provide a smooth transition from your code editor and allow you to create and maintain different codes with ease.\u003C\u002Fp>\n\u003Cp>If you want to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Generate, fix, and optimize\u003C\u002Fstrong> your custom codes with AI\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Google Analytics (GA)\u003C\u002Fstrong> code to your website\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Google Tag Manager (GTM)\u003C\u002Fstrong> code to your website\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>custom JavaScript\u003C\u002Fstrong> codes to your website\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>custom CSS or SCSS codes\u003C\u002Fstrong> to your website\u003C\u002Fli>\n\u003Cli>Change the overall style of your website\u003C\u002Fli>\n\u003Cli>Customize the style of your website for different mobile devices\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>static HTML blocks\u003C\u002Fstrong> on your website\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>new PHP functions\u003C\u002Fstrong> in your functions.php\u003C\u002Fli>\n\u003Cli>Implement instant code changes in case of an urgency\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Then, CodeKit is just what you need. Install in a few minutes, develop and deploy in a few seconds.\u003C\u002Fp>\n\u003Ch3>Robust Code Editor\u003C\u002Fh3>\n\u003Cp>CodeKit is intended for novice as well as professional users, and it allows you to add simple code blocks alongside helping you with development or deployment in case of an urgency.\u003C\u002Fp>\n\u003Ch3>AI Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Code Generation\u003C\u002Fstrong>: Ask AI to write code for you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Fix\u003C\u002Fstrong>: Let AI fix your syntax errors or bugs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Optimization\u003C\u002Fstrong>: Optimize your code for better performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports Google Gemini & OpenAI\u003C\u002Fstrong>: Use your own API keys.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>LANGUAGE BASED FEATURES:\u003C\u002Fh3>\n\u003Ch3>CSS\u002FSCSS\u002FSASS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add custom styles for specific pages and posts\u003C\u002Fli>\n\u003Cli>Add custom styles for specific devices and resolutions\u003C\u002Fli>\n\u003Cli>Styles for Desktop\u003C\u002Fli>\n\u003Cli>Styles for Tablet (Landscape)\u003C\u002Fli>\n\u003Cli>Styles for Tablet (Portrait)\u003C\u002Fli>\n\u003Cli>Styles for Phone (Landscape)\u003C\u002Fli>\n\u003Cli>Styles for Phone (Portrait)\u003C\u002Fli>\n\u003Cli>Styles for Retina Displays\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>JavaScript\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add custom JavaScript for specific pages and posts\u003C\u002Fli>\n\u003Cli>Add custom JavaScript to wp_head\u003C\u002Fli>\n\u003Cli>Add custom JavaScript to after wp_body\u003C\u002Fli>\n\u003Cli>Add custom JavaScript to before wp_body\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>HTML\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add custom HTML to wp_head\u003C\u002Fli>\n\u003Cli>Add custom HTML to after wp_body tag\u003C\u002Fli>\n\u003Cli>Add custom HTML to before wp_body tag\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add custom PHP codes directly to functions.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CORE FEATURES:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Separated tabs to keep everything clean and manageable\u003C\u002Fli>\n\u003Cli>Amazing syntax highlighting\u003C\u002Fli>\n\u003Cli>\u003Ccode>Command + S\u003C\u002Fcode> to save\u003C\u002Fli>\n\u003Cli>Emmet abbreviations autocomplete with \u003Ccode>Tab\u003C\u002Fcode> key\u003C\u002Fli>\n\u003Cli>Supports tabs, spaces and line numbers just like your IDE\u003C\u002Fli>\n\u003Cli>Shows output for you to see the code after the compilation process\u003C\u002Fli>\n\u003Cli>4+ theme options including Dark Theme and Light Theme\u003C\u002Fli>\n\u003Cli>Adjust font size and spaces\u003C\u002Fli>\n\u003Cli>Save your code without refresh (with AJAX)\u003C\u002Fli>\n\u003Cli>Cache-proof code release each time you save\u003C\u002Fli>\n\u003Cli>Play notification sound when saved\u003C\u002Fli>\n\u003Cli>Access all the codes through Toolbar\u003C\u002Fli>\n\u003Cli>Full-Screen Editor mode\u003C\u002Fli>\n\u003Cli>Shortcuts (such as Find Code and Comment Line)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>Do you want to expand your coding capabilities through a plugin on WordPress? Pro version of Custom Code is \u003Cem>now\u003C\u002Fem> available which perfectly satisfies any level of users and developers.\u003C\u002Fp>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AI Code Generation, Fix & Optimization\u003C\u002Fli>\n\u003Cli>Advanced Code Release Locations\u003C\u002Fli>\n\u003Cli>Editor Code Folding\u003C\u002Fli>\n\u003Cli>Custom Code Includes\u003C\u002Fli>\n\u003Cli>Custom Code Groups\u002FCategories\u003C\u002Fli>\n\u003Cli>Editor Code Hints\u003C\u002Fli>\n\u003Cli>More language support (LESS, Stylus, CoffeeScript, PUG, and more)\u003C\u002Fli>\n\u003Cli>Priority Support\u003C\u002Fli>\n\u003Cli>And, much more PRO features coming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simply install CodeKit and click the \u003Cem>Upgrade >\u003C\u002Fem> button where you can learn more about the latest Pro features and grab your license!\u003C\u002Fp>\n","Your custom SASS, CSS, JS, PHP and HTML customizations in same directory.",87815,96,16,"2026-03-05T14:03:00.000Z","7.0","4.9.8",[102,103,20,104,105],"ai","codekit","custom-scss","custom-functions","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-codes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-codes.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":86,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":61,"unpatched_count":61,"last_vuln_date":130,"fetched_at":29},"wp-compiler","WP Compiler","1.0.0","Bytes.co","https:\u002F\u002Fprofiles.wordpress.org\u002Fburlingtonbytes\u002F","\u003Cp>Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools. Simply tell WP Compiler where to find your source files and where to put the compiled results, then throw your install into Dev Mode. WP Compiler watches your source folders for you, and recompiles your CSS and JS on any file change. WP Compiler supports both SCSS and LESS precompilers for CSS, to suit anyone’s preference.\u003C\u002Fp>\n\u003Cp>When you’re ready to launch a new site, just turn off Dev Mode, and your styles and javascript will be compiled & minimized and comments & source maps will be removed. With Dev mode disabled, Compiler will stop watching source directories, so there is no effect on site performance, but you can still apply a quick change at any time, by clicking the compile button in the admin toolbar.\u003C\u002Fp>\n\u003Cp>WP Compiler relies on \u003Ca href=\"http:\u002F\u002Fleafo.github.io\u002Fscssphp\u002F\" rel=\"nofollow ugc\">scssphp\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Flessphp.typesettercms.com\u002F\" rel=\"nofollow ugc\">lessphp\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.minifier.org\u002F\" rel=\"nofollow ugc\">minify\u003C\u002Fa>.\u003Cbr \u002F>\nSpecific issues with the underlying compilation libraries should be submitted to their respective developers.\u003C\u002Fp>\n","Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools.",1000,4390,6,"2018-10-22T15:17:00.000Z","5.0.25","4.8","5.6",[124,125,22,23,126],"compiled","less","styles","https:\u002F\u002Fgithub.com\u002Fburlingtonbytes\u002FWP-Compiler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-compiler.zip",63,"2025-09-22 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":86,"num_ratings":141,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":17,"tags":145,"homepage":148,"download_link":149,"security_score":150,"vuln_count":26,"unpatched_count":26,"last_vuln_date":151,"fetched_at":29},"lenix-scss-compiler","Lenix scss compiler","1.2","yonifre","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonifre\u002F","\u003Cp>A useful plugin for developers writing SCSS.\u003Cbr \u002F>\nThe plugin allows you to write SCSS directly on the server (via FTP) without the need for a local compiler.\u003C\u002Fp>\n\u003Cp>How It Works?\u003C\u002Fp>\n\u003Cp>Choose a source folder for SCSS and a target folder for CSS.\u003Cbr \u002F>\nWrite the SCSS code in the file on the source folder, and it automatically creates a CSS file in the target folder.\u003C\u002Fp>\n\u003Cp>What’s included?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option for multiple source and destination folders.\u003C\u002Fli>\n\u003Cli>Allows you to set a folder in the entire wp-content space.\u003C\u002Fli>\n\u003Cli>Performance – only when one of the source files change – it re-compiling itself.\u003C\u002Fli>\n\u003Cli>After development  you can turn off \u002F delete the plugin without fear, and all the files are stay where they were.\u003C\u002Fli>\n\u003Cli>Allows you to develop a theme and plugin at the same time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>source: themes\u002Fyour-theme\u002Fassets\u002Fscss\u002Fstyle.scss\u003C\u002Fp>\n\u003Cpre>\nbody {\n    color: black;\n    .main {\n        background: red;\n    }\n}\n\u003C\u002Fpre>\n\u003Cp>target: themes\u002Fyour-theme\u002Fassets\u002Fcss\u002Fstyle.css\u003C\u002Fp>\n\u003Cpre>\nbody {\n    color: black;\n}\n\nbody .main {\n    background: red;\n}\n\u003C\u002Fpre>\n\u003Cp>— pay attention!\u003Cbr \u002F>\nIf the file already exists in the destination folder – it will be overwritten by the SCSS file\u003C\u002Fp>\n","An excellent way to write Scss in wordpress",800,5799,3,"2022-05-21T04:48:00.000Z","5.9.13","3.8",[146,19,147,22,23],"compiler","local-compiler","https:\u002F\u002Flenix.co.il\u002Fplugin\u002Flenix-scss-compiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flenix-scss-compiler.zip",42,"2025-09-26 00:00:00",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":160,"downloaded":161,"rating":27,"num_ratings":27,"last_updated":162,"tested_up_to":163,"requires_at_least":80,"requires_php":122,"tags":164,"homepage":165,"download_link":166,"security_score":167,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"scss-4-wp","SCSS-4-WP","1.0.1","fieldofcode","https:\u002F\u002Fprofiles.wordpress.org\u002Ffieldofcode\u002F","\u003Cp>Use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscssphp\u002Fscssphp\u002F\" rel=\"nofollow ugc\">ScssPhp\u003C\u002Fa>. to compile scss files on your wordpress install into a single lightweight CSS file.  There is an included settings page for configuring directories, error reporting, compiling options, and auto enqueuing.\u003C\u002Fp>\n\u003Cp>To keep the page load time to a minimum this plugin only runs the compiler when the scss files have been changed. All compiled files create or alter a matching css file in the chosen directory which remains even if this plugin is disabled so that your site never loses its styles and is always ready for user interaction.\u003C\u002Fp>\n","Use ScssPhp. to compile scss files on your wordpress install into a single lightweight CSS file.  There is an included settings page for configuring d &hellip;",20,820,"2023-01-07T15:54:00.000Z","6.1.10",[19,22,23,83],"https:\u002F\u002Fgithub.com\u002FField-Of-Code\u002Fscss-4-wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscss-4-wp.zip",85,{"attackSurface":169,"codeSignals":231,"taintFlows":255,"riskAssessment":314,"analyzedAt":331},{"hooks":170,"ajaxHandlers":196,"restRoutes":227,"shortcodes":228,"cronEvents":229,"entryPointCount":230,"unprotectedCount":230},[171,177,179,183,187,191,193],{"type":172,"name":173,"callback":174,"file":175,"line":176},"action","admin_menu","icss_create_admin_menu","classes\\class.instantcss.php",14,{"type":172,"name":173,"callback":178,"file":175,"line":14},"icss_create_admin_sub_menu",{"type":172,"name":180,"callback":181,"file":175,"line":182},"init","icss_get_css",28,{"type":172,"name":184,"callback":185,"file":175,"line":186},"wp_enqueue_scripts","icss_enqueue_css",131,{"type":172,"name":188,"callback":189,"file":175,"line":190},"admin_enqueue_scripts","icss_admin_dependencies",162,{"type":172,"name":188,"callback":189,"file":175,"line":192},179,{"type":172,"name":188,"callback":194,"file":175,"line":195},"icss_customizer_dependencies",180,[197,203,206,209,212,216,220,223],{"action":198,"nopriv":199,"callback":200,"hasNonce":199,"hasCapCheck":199,"file":201,"line":202},"icss_save_css",false,"icss_ajax_save_css","classes\\class.instantcss_ajax.php",11,{"action":181,"nopriv":199,"callback":204,"hasNonce":199,"hasCapCheck":199,"file":201,"line":205},"icss_ajax_get_css",12,{"action":207,"nopriv":199,"callback":208,"hasNonce":199,"hasCapCheck":199,"file":201,"line":176},"icss_save_theme","icss_ajax_save_theme",{"action":210,"nopriv":199,"callback":211,"hasNonce":199,"hasCapCheck":199,"file":201,"line":14},"icss_get_theme","icss_ajax_get_theme",{"action":213,"nopriv":199,"callback":214,"hasNonce":199,"hasCapCheck":199,"file":201,"line":215},"icss_save_preprocessor","icss_ajax_save_preprocessor",17,{"action":217,"nopriv":199,"callback":218,"hasNonce":199,"hasCapCheck":199,"file":201,"line":219},"icss_get_preprocessor","icss_ajax_get_preprocessor",18,{"action":221,"nopriv":199,"callback":222,"hasNonce":199,"hasCapCheck":199,"file":201,"line":160},"icss_save_minify","icss_ajax_save_minify",{"action":224,"nopriv":199,"callback":225,"hasNonce":199,"hasCapCheck":199,"file":201,"line":226},"icss_get_minify","icss_ajax_get_minify",21,[],[],[],8,{"dangerousFunctions":232,"sqlUsage":233,"outputEscaping":235,"fileOperations":26,"externalRequests":27,"nonceChecks":61,"capabilityChecks":61,"bundledLibraries":254},[],{"prepared":27,"raw":27,"locations":234},[],{"escaped":27,"rawEcho":236,"locations":237},7,[238,241,243,245,247,249,252],{"file":175,"line":239,"context":240},133,"raw output",{"file":201,"line":242,"context":240},37,{"file":201,"line":244,"context":240},113,{"file":201,"line":246,"context":240},159,{"file":201,"line":248,"context":240},203,{"file":250,"line":251,"context":240},"views\\customizer.php",43,{"file":250,"line":253,"context":240},51,[],[256,274,285,295,304],{"entryPoint":257,"graph":258,"unsanitizedCount":26,"severity":273},"icss_ajax_save_css (classes\\class.instantcss_ajax.php:48)",{"nodes":259,"edges":271},[260,265],{"id":261,"type":262,"label":263,"file":201,"line":264},"n0","source","$_POST (x2)",55,{"id":266,"type":267,"label":268,"file":201,"line":269,"wp_function":270},"n1","sink","update_option() [Settings Manipulation]",59,"update_option",[272],{"from":261,"to":266,"sanitized":199},"low",{"entryPoint":275,"graph":276,"unsanitizedCount":61,"severity":273},"icss_ajax_save_theme (classes\\class.instantcss_ajax.php:82)",{"nodes":277,"edges":283},[278,281],{"id":261,"type":262,"label":279,"file":201,"line":280},"$_POST",89,{"id":266,"type":267,"label":268,"file":201,"line":282,"wp_function":270},92,[284],{"from":261,"to":266,"sanitized":199},{"entryPoint":286,"graph":287,"unsanitizedCount":61,"severity":273},"icss_ajax_save_preprocessor (classes\\class.instantcss_ajax.php:124)",{"nodes":288,"edges":293},[289,291],{"id":261,"type":262,"label":279,"file":201,"line":290},132,{"id":266,"type":267,"label":268,"file":201,"line":292,"wp_function":270},135,[294],{"from":261,"to":266,"sanitized":199},{"entryPoint":296,"graph":297,"unsanitizedCount":61,"severity":273},"icss_ajax_save_minify (classes\\class.instantcss_ajax.php:170)",{"nodes":298,"edges":302},[299,301],{"id":261,"type":262,"label":279,"file":201,"line":300},177,{"id":266,"type":267,"label":268,"file":201,"line":195,"wp_function":270},[303],{"from":261,"to":266,"sanitized":199},{"entryPoint":305,"graph":306,"unsanitizedCount":27,"severity":273},"\u003Cclass.instantcss_ajax> (classes\\class.instantcss_ajax.php:0)",{"nodes":307,"edges":311},[308,310],{"id":261,"type":262,"label":309,"file":201,"line":264},"$_POST (x5)",{"id":266,"type":267,"label":268,"file":201,"line":269,"wp_function":270},[312],{"from":261,"to":266,"sanitized":313},true,{"summary":315,"deductions":316},"The \"instant-css\" plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers, representing a large attack surface. While the plugin demonstrates good practices regarding SQL queries by exclusively using prepared statements and has no unpatched known vulnerabilities, the complete lack of output escaping on all identified outputs is a major weakness. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities being present, allowing attackers to inject malicious scripts into the user's browser.\n\nThe taint analysis shows a concerning number of flows with unsanitized paths, although none reached critical or high severity. This, combined with the vulnerability history showing past medium severity Cross-Site Request Forgery (CSRF) and Missing Authorization vulnerabilities, suggests a recurring pattern of insecure handling of user-supplied data and insufficient access control. The plugin's last known vulnerability was recent, further emphasizing the need for careful review and patching.\n\nIn conclusion, while the plugin has some strengths like secure SQL handling and no currently unpatched vulnerabilities, the prevalent lack of output escaping and a substantial unprotected AJAX attack surface are critical issues that significantly elevate the risk. The history of authorization and CSRF vulnerabilities further points to potential systemic weaknesses that require immediate attention to improve the plugin's overall security.",[317,320,322,325,327,329],{"reason":318,"points":319},"8 unprotected AJAX handlers",10,{"reason":321,"points":230},"0% output escaping",{"reason":323,"points":324},"4 flows with unsanitized paths",5,{"reason":326,"points":319},"2 medium severity CVEs in history",{"reason":328,"points":324},"Missing authorization in vulnerability history",{"reason":330,"points":324},"CSRF in vulnerability history","2026-03-16T18:16:11.026Z",{"wat":333,"direct":344},{"assetPaths":334,"generatorPatterns":337,"scriptPaths":338,"versionParams":340},[335,336],"\u002Fwp-content\u002Fplugins\u002Finstant-css\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Finstant-css\u002Fassets\u002Fcss\u002Fcustomizer.css",[],[339],"\u002Fwp-content\u002Fplugins\u002Finstant-css\u002Fassets\u002Fdist\u002Fmain.bundle.js",[341,342,343],"plugins\u002Finstant-css\u002Fassets\u002Fcss\u002Fstyle.css?ver=","plugins\u002Finstant-css\u002Fassets\u002Fdist\u002Fmain.bundle.js?ver=","plugins\u002Finstant-css\u002Fassets\u002Fcss\u002Fcustomizer.css?ver=",{"cssClasses":345,"htmlComments":346,"htmlAttributes":347,"restEndpoints":350,"jsGlobals":351,"shortcodeOutput":356},[],[],[348,349],"data-prefix=\"fas\"","data-icon=\"code\"",[],[352,353,354,355],"wordpress.plugins_url","wordpress.ajax_url","wordpress.is_customizer","wordpress.nonce",[]]