[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNiO1kr_21V6tojDwMSjDfVLC2_-7C5nFE5Ns02aCo1w":3,"$ff441nhvyp8JSLXWWVMiPVkVCvU6m27cbwaAvFqcPHek":313,"$fii0eZh32kLcf4ij6b7o5DZXiQERlBORkjAhOHkY87RY":318},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":56,"analysis":164,"fingerprints":261},"instant-locations","Instant Locations","1.0","Tan Nguyen","https:\u002F\u002Fprofiles.wordpress.org\u002Ftanng\u002F","\u003Cp>Imagine you have to enter information for shops, hotels, or companies… you’d probably need various fields: address, state, suburb, post code, latitude, longitude… Each time you add or edit them, you must enter and check all these fields manually. It’s such a nightmare if you have hundreds or thoudsands posts because it’s slow, time-consuming and sometimes, inaccurate. You’ll need a better way to work with it. All data should auto populate immediately without setup location database.\u003C\u002Fp>\n\u003Cp>Instant Locations interacts with Google Maps API and automatically populates location data into your fields. Now you only have to type the desired address, verify it by the auto-suggested addresses from Google Maps API and then select the correct one from dropdown. All other fields’ values (post code, street, state, country, …) will be automatically filled in instantly.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fbinaty.org\u002Fimages\u002Finstant-locations.gif\" rel=\"nofollow ugc\">See how it works\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Who need to use it?\u003C\u002Fh3>\n\u003Cp>As we mentioned above, all website which need to enter locations data. For exaple: real estate, dating, car parking, restaurant, hotel, tour, coffee shop, local…\u003C\u002Fp>\n\u003Ch3>Is this fast?\u003C\u002Fh3>\n\u003Cp>It’s not fast, it’s instant.\u003C\u002Fp>\n\u003Ch3>Plugin Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftanng\u002Finstant-locations\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Instant & Auto populate location data with the power of Google Maps API.",10,2320,0,"2016-04-21T03:02:00.000Z","4.5.33","3.9","",[19,20,21,22,23],"advanced-search","geo","google","post","posts","http:\u002F\u002Finstantlocations.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-locations.zip",63,1,"2025-09-05 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-58886","instant-locations-authenticated-administrator-stored-cross-site-scripting","Instant Locations \u003C= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Instant Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-10 19:17:41",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffcc218bf-2845-4d7f-8b93-e0fe9bc4bf79?source=api-prod",[],false,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"tanng",2,20,74,30,76,"2026-05-19T23:10:12.742Z",[57,78,96,123,146],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":11,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":17,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":77},"geolocate-my-posts","Geolocate My Posts","0.2","Aneesh Dogra","https:\u002F\u002Fprofiles.wordpress.org\u002Flionaneesh\u002F","\u003Cp>“Geolocate My Posts” adds location to your posts, including a nice map, using geolocation and the Google Maps API.\u003C\u002Fp>\n","A Wordpress plugin that tags the location of your posts using the Google Maps API.",3041,"2012-08-19T13:15:00.000Z","3.4.2","2.6",[70,71,72,73,74],"add-location-to-posts","geo-locate","gmaps","google-maps","location","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeolocate-my-posts.0.2.zip",85,"2026-04-06T09:54:40.288Z",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":13,"downloaded":86,"rating":13,"num_ratings":13,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":17,"tags":90,"homepage":17,"download_link":95,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"wp-post-store-locator","Store Locator for WordPress Posts","1.1","Alok Shrestha","https:\u002F\u002Fprofiles.wordpress.org\u002Falokstha1\u002F","\u003Cp>If you are looking to setup a store locator for your individual products, posts or any other posts this is it. \u003Cstrong>Store Locator for WordPress Posts\u003C\u002Fstrong> is easy to use plugin and  allows you to create stores and search store within users’s radius and lists the number of stores around users. Users can also get the driving directions to the stores shown in the front.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Manage multiple stores in a single post.\u003C\u002Fli>\n\u003Cli>Show the driving distances in either km or miles.\u003C\u002Fli>\n\u003Cli>Can handle multiple stores in each individual posts.\u003C\u002Fli>\n\u003Cli>Select language suitable for users that appears in map and driving directions.\u003C\u002Fli>\n\u003Cli>Set map regions so that the map appears around you area.\u003C\u002Fli>\n\u003Cli>Shortcode to show the stores and search form [aka-stores].\u003C\u002Fli>\n\u003Cli>Get directional view control.\u003C\u002Fli>\n\u003Cli>Show map type and control it on your desire.\u003C\u002Fli>\n\u003Cli>Autocomplete on location search.\u003C\u002Fli>\n\u003Cli>Can be added to any post types.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Plugin Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[aka-stores] \u002F\u002Fcopy-paste the shortcode to the text-editor\n[aka-stores id=post-id] \u002F\u002Fpass post id if you want to display shortcode in other places\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Feel free to leave comments,ask question,suggest new feature or directly mail at alokstha1@gmail.com\u003C\u002Fli>\n\u003C\u002Ful>\n","This is a wordpress store locator plugin for posts. We can setup stores for individual posts\u002Fproducts.",1221,"2020-03-05T04:09:00.000Z","5.3.21","3.7",[91,73,92,93,94],"business-locations","individual-posts-geocode","responsive-stores-listing","store-locator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-store-locator.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":118,"download_link":119,"security_score":120,"vuln_count":121,"unpatched_count":13,"last_vuln_date":122,"fetched_at":29},"vk-all-in-one-expansion-unit","VK All in One Expansion Unit","9.113.6","Hidekazu Ishikawa","https:\u002F\u002Fprofiles.wordpress.org\u002Fkurudrive\u002F","\u003Cp>This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.\u003C\u002Fp>\n\u003Cp>Many features can be stopped individually.\u003C\u002Fp>\n\u003Cp>[ Powerful　Widgets ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recent Posts – display the link text and the date of the latest article title.\u003C\u002Fli>\n\u003Cli>Page content to widget – display the contents of the page to the widgets.\u003C\u002Fli>\n\u003Cli>Profile – display the profile entered in the widget.\u003C\u002Fli>\n\u003Cli>FB Page Plugin – display the Facebook Page Plugin.\u003C\u002Fli>\n\u003Cli>3PR area – display the 3PR area.\u003C\u002Fli>\n\u003Cli>PR Blocks – display the PR Blocks.\u003C\u002Fli>\n\u003Cli>Categories\u002Ftags list – Displays a categories, tags or format list.\u003C\u002Fli>\n\u003Cli>Archive list – Displays a list of archives. You can choose the post type and also to display archives by month or by year.\u003C\u002Fli>\n\u003Cli>Facebook Page Plugin widget\u003C\u002Fli>\n\u003Cli>Image Banner widget\u003C\u002Fli>\n\u003Cli>Text Button widget\u003C\u002Fli>\n\u003Cli>Contact Button widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Gutenberg Blocks ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>HTML SiteMap\u003C\u002Fli>\n\u003Cli>Child Page List\u003C\u002Fli>\n\u003Cli>Page list from ancestor\u003C\u002Fli>\n\u003Cli>Share Button\u003C\u002Fli>\n\u003Cli>Contact Section\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Social media ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Print Social Bookmarks\u003C\u002Fli>\n\u003Cli>Print OG Tags\u003C\u002Fli>\n\u003Cli>Print X Card Tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Others ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Print Google Analytics tag\u003C\u002Fli>\n\u003Cli>Print meta description tag\u003C\u002Fli>\n\u003Cli>Rewrite the title tag\u003C\u002Fli>\n\u003Cli>Insert Related Posts\u003C\u002Fli>\n\u003Cli>Insert Call to action\u003C\u002Fli>\n\u003Cli>Insert Child page List to page\u003C\u002Fli>\n\u003Cli>Insert Page list from ancestor\u003C\u002Fli>\n\u003Cli>Insert Auto HTML Site Map\u003C\u002Fli>\n\u003Cli>Automatic Eye Catch insert\u003C\u002Fli>\n\u003Cli>Custom post type and custom taxonomy manager\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and more.\u003C\u002Fp>\n","This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.",100000,8128999,80,7,"2026-03-19T13:11:00.000Z","6.9.4","6.5","7.4",[113,114,115,116,117],"facebook-page-plugin","google-analytics","og-tags","related-posts","sitemap","https:\u002F\u002Fex-unit.nagoya","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvk-all-in-one-expansion-unit.zip",95,11,"2026-03-23 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":109,"requires_at_least":136,"requires_php":17,"tags":137,"homepage":142,"download_link":143,"security_score":144,"vuln_count":27,"unpatched_count":13,"last_vuln_date":145,"fetched_at":29},"google-sitemap-plugin","Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin","3.3.5","bestwebsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestwebsoft\u002F","\u003Cp>Sitemap plugin automatically generates XML sitemap for your WordPress website and helps search engines index your blog. Such sitemap file helps web crawlers to extract the structure of your website more effectively.\u003C\u002Fp>\n\u003Cp>The plugin supports default WordPress pages as well as custom URLs. It can be also added to your Google Webmaster Tools account.\u003C\u002Fp>\n\u003Cp>Improve your website SEO today!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-for-google-sitemap\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FCgYXKRXpj_0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add the following URLs to the sitemap:\n\u003Cul>\n\u003Cli>Page\u003C\u002Fli>\n\u003Cli>Post\u003C\u002Fli>\n\u003Cli>Post category\u003C\u002Fli>\n\u003Cli>Post tag\u003C\u002Fli>\n\u003Cli>Custom post types\u003C\u002Fli>\n\u003Cli>Custom taxonomies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add a path to your sitemap file in robots.txt automatically\u003C\u002Fli>\n\u003Cli>Add media sitemap\u003C\u002Fli>\n\u003Cli>Add canonical URLs to pages and posts\u003C\u002Fli>\n\u003Cli>Set the maximum number of URLs in one sitemap file\u003C\u002Fli>\n\u003Cli>Connect your Google Webmaster Tools account to:\n\u003Cul>\n\u003Cli>Add website\u003C\u002Fli>\n\u003Cli>Add sitemap\u003C\u002Fli>\n\u003Cli>Delete website\u003C\u002Fli>\n\u003Cli>Get website info\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add Sitemap to Google News Sitemap\u003C\u002Fli>\n\u003Cli>Split Sitemap Items\u003C\u002Fli>\n\u003Cli>Disable automatic canonical tag\u003C\u002Fli>\n\u003Cli>Include\u002Fexclude noindex pages in sitemap (for main site)\u003C\u002Fli>\n\u003Cli>Add alternate language pages using \u003Ca href=\"http:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fmultilanguage\u002F?k=9f9a6f0b1b0b0a093b99ad9ddb4d8759\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Incredibly simple settings for fast setup without modifying code\u003C\u002Fli>\n\u003Cli>Detailed step-by-step documentation and videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All features from Free version included plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add external sitemap files\u003C\u002Fli>\n\u003Cli>Exclude certain pages or post types from your sitemap file\u003C\u002Fli>\n\u003Cli>Set the frequency of\n\u003Cul>\n\u003Cli>Your website content changes for all pages\u003C\u002Fli>\n\u003Cli>External sitemap file update\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Configure all subsites on the network\u003C\u002Fli>\n\u003Cli>Add custom URLs to the sitemap file\u003C\u002Fli>\n\u003Cli>Change Sitemap File name\u003C\u002Fli>\n\u003Cli>Exclude taxonomies from the sitemap by word.\u003C\u002Fli>\n\u003Cli>Get answer to your support question within one business day (\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fsupport-policy\u002F\" rel=\"nofollow ugc\">Support Policy\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Edit title and meta description [NEW]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-sitemap\u002F?k=8b735c0f7ca51187b5062d5e4f40058b\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fsitemap\u002Fsitemap-user-guide\u002F\" rel=\"nofollow ugc\">[Doc] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-install-a-wordpress-product\u002Fhow-to-install-a-wordpress-plugin\u002F\" rel=\"nofollow ugc\">[Doc] Installation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-purchase-a-wordpress-plugin\u002Fhow-to-purchase-wordpress-plugin-from-bestwebsoft\u002F\" rel=\"nofollow ugc\">[Doc] Purchase\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=NKlAnFTzNrQ\" rel=\"nofollow ugc\">[Video] Installation Instruction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hzz0_Yj4gaQ\" rel=\"nofollow ugc\">[Video] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Visit our Help Center if you have any questions, our friendly Support Team is happy to help — \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.bestwebsoft.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Affiliate Program\u003C\u002Fh4>\n\u003Cp>Earn 20% commission by selling the premium WordPress plugins and themes by BestWebSoft — https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>German (de_DE)\u003C\u002Fli>\n\u003Cli>French (fr_FR)\u003C\u002Fli>\n\u003Cli>Japan (ja)\u003C\u002Fli>\n\u003Cli>Portugese (pt_BR)\u003C\u002Fli>\n\u003Cli>Spanish (es_ES)\u003C\u002Fli>\n\u003Cli>Italian (it_IT)\u003C\u002Fli>\n\u003Cli>Swedish (sv_SE)\u003C\u002Fli>\n\u003Cli>Norwegian (no)\u003C\u002Fli>\n\u003Cli>Danish (da)\u003C\u002Fli>\n\u003Cli>Czech (cs_CZ) (thanks to \u003Ca href=\"mailto:kucerami@gmail.com\" rel=\"nofollow ugc\">Michal Kučera\u003C\u002Fa>, www.n0lim.it)\u003C\u002Fli>\n\u003Cli>Russian (ru_RU)\u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">the text of PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">BestWebSoft\u003C\u002Fa> and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">files Poedit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=4b7b8eac2b35e12eaa2d51359f49cfb2\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fhtaccess\u002F?k=6f8794059b2a6618808fa7ac6401ba6e\" rel=\"nofollow ugc\">Htaccess\u003C\u002Fa> – Protect WordPress website – allow and deny access for certain IP addresses, hostnames, etc.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fmultilanguage\u002F?k=9f9a6f0b1b0b0a093b99ad9ddb4d8759\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa> – Translate WordPress website content to other languages manually. Create multilingual pages, posts, widgets, menus, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The plugin uses Google Search Console (Google LLC) services submit your website sitemap file to search console for it to be visible for search engines. \u003Ca href=\"https:\u002F\u002Fsearch.google.com\u002Fsearch-console\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsearch.google.com\u002Fsearch-console\u002F\u003C\u002Fa> Terms of service \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>This plugin incorporates a license verification mechanism to ensure the authenticity of your license key and provide access to premium features and updates. The verification process involves connecting securely to our external service hosted at BestWebSoft website \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\u003C\u002Fa>. End user license agreement \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate and add XML sitemap to WordPress website. Help search engines index your blog.",20000,2159997,86,114,"2025-12-03T11:04:00.000Z","6.2",[138,139,140,21,141],"add-pages-to-sitemap","add-posts-to-sitemap","add-sitemap","google-sitemap","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-sitemap\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-sitemap-plugin.3.3.5.zip",100,"2017-04-12 00:00:00",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":103,"active_installs":153,"downloaded":154,"rating":13,"num_ratings":13,"last_updated":155,"tested_up_to":156,"requires_at_least":157,"requires_php":111,"tags":158,"homepage":17,"download_link":163,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"cc-addon-pack","Saitama Addon Pack","1.0.8","communitycom","https:\u002F\u002Fprofiles.wordpress.org\u002Fcommunitycom\u002F","\u003Cp>This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.\u003C\u002Fp>\n\u003Cp>[ Powerful　Widgets ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recent Posts – display the link text and the date of the latest article title.\u003C\u002Fli>\n\u003Cli>FB Page Plugin – display the Facebook Page Plugin.\u003C\u002Fli>\n\u003Cli>topic area – display the topic area.\u003C\u002Fli>\n\u003Cli>Contact widget – display contact area.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Social media ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Print OG Tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Others ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Print Google Analytics tag\u003C\u002Fli>\n\u003Cli>Print meta keyword tag\u003C\u002Fli>\n\u003Cli>Print meta description tag\u003C\u002Fli>\n\u003Cli>Set Default Thumbnail\u003C\u002Fli>\n\u003Cli>Set Favicon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and more.\u003C\u002Fp>\n",1000,18086,"2023-11-30T23:49:00.000Z","6.3.8","4.4",[159,160,114,161,162],"default-thumbnail","disable-emoji","new-posts","sns","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-addon-pack.1.0.8.zip",{"attackSurface":165,"codeSignals":205,"taintFlows":224,"riskAssessment":249,"analyzedAt":260},{"hooks":166,"ajaxHandlers":201,"restRoutes":202,"shortcodes":203,"cronEvents":204,"entryPointCount":13,"unprotectedCount":13},[167,173,176,179,184,187,190,194,198],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","admin_enqueue_scripts","admin_enqueue","inc\\class-il-main.php",17,{"type":168,"name":174,"callback":175,"file":171,"line":51},"plugins_loaded","i18n",{"type":168,"name":174,"callback":177,"file":171,"line":178},"check",23,{"type":168,"name":180,"callback":181,"file":182,"line":183},"load-post.php","init_metabox","inc\\class-il-meta-box.php",13,{"type":168,"name":185,"callback":181,"file":182,"line":186},"load-post-new.php",14,{"type":168,"name":188,"callback":189,"file":182,"line":178},"add_meta_boxes","add_metabox",{"type":168,"name":191,"callback":192,"priority":11,"file":182,"line":193},"save_post","save_metabox",25,{"type":168,"name":195,"callback":195,"file":196,"line":197},"admin_menu","inc\\class-il-settings.php",16,{"type":168,"name":199,"callback":199,"file":196,"line":200},"admin_init",18,[],[],[],[],{"dangerousFunctions":206,"sqlUsage":207,"outputEscaping":210,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":223},[],{"prepared":208,"raw":13,"locations":209},4,[],{"escaped":27,"rawEcho":211,"locations":212},5,[213,216,217,219,220],{"file":182,"line":214,"context":215},134,"raw output",{"file":182,"line":214,"context":215},{"file":196,"line":218,"context":215},133,{"file":196,"line":218,"context":215},{"file":221,"line":222,"context":215},"inc\\helpers.php",135,[],[225,241],{"entryPoint":226,"graph":227,"unsanitizedCount":27,"severity":39},"admin_init (inc\\class-il-settings.php:42)",{"nodes":228,"edges":239},[229,234],{"id":230,"type":231,"label":232,"file":196,"line":233},"n0","source","$_POST['_wp_http_referer']",66,{"id":235,"type":236,"label":237,"file":196,"line":233,"wp_function":238},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[240],{"from":230,"to":235,"sanitized":47},{"entryPoint":242,"graph":243,"unsanitizedCount":27,"severity":39},"\u003Cclass-il-settings> (inc\\class-il-settings.php:0)",{"nodes":244,"edges":247},[245,246],{"id":230,"type":231,"label":232,"file":196,"line":233},{"id":235,"type":236,"label":237,"file":196,"line":233,"wp_function":238},[248],{"from":230,"to":235,"sanitized":47},{"summary":250,"deductions":251},"The 'instant-locations' plugin v1.0 exhibits a mixed security posture.  While it demonstrates good practices such as using prepared statements for all SQL queries and implementing at least one nonce and capability check, several concerning signals are present. The static analysis reveals that a significant portion of output (83%) is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. This is further supported by the taint analysis, which identified two flows with unsanitized paths, although they were not classified as critical or high severity.  The vulnerability history is a significant concern, with one unpatched medium severity CVE related to XSS. The recent nature of this vulnerability (2025-09-05) suggests a recurring pattern of input sanitization issues.  In conclusion, while the plugin has some positive security attributes, the high rate of unescaped output and the presence of an unpatched XSS vulnerability necessitate careful consideration and remediation.",[252,255,258],{"reason":253,"points":254},"Unpatched Medium Severity CVE (XSS)",15,{"reason":256,"points":257},"High percentage of unescaped output (83%)",6,{"reason":259,"points":211},"Taint analysis found unsanitized paths (2)","2026-03-17T00:24:07.913Z",{"wat":262,"direct":273},{"assetPaths":263,"generatorPatterns":266,"scriptPaths":267,"versionParams":269},[264,265],"\u002Fwp-content\u002Fplugins\u002Finstant-locations\u002Fassets\u002Fcss\u002Finstant-locations.css","\u002Fwp-content\u002Fplugins\u002Finstant-locations\u002Fassets\u002Fjs\u002Finstant-locations.js",[],[268],"https:\u002F\u002Fmaps.googleapis.com\u002Fmaps\u002Fapi\u002Fjs?libraries=places",[270,271,272,268],"instant-locations\u002Fassets\u002Fcss\u002Finstant-locations.css?ver=","instant-locations\u002Fassets\u002Fjs\u002Finstant-locations.js?ver=","https:\u002F\u002Fmaps.googleapis.com\u002Fmaps\u002Fapi\u002Fjs?libraries=places&key=",{"cssClasses":274,"htmlComments":280,"htmlAttributes":281,"restEndpoints":309,"jsGlobals":310,"shortcodeOutput":312},[275,276,277,278,279],"form-group","row","form-label","column","dashicons-location-alt",[],[282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308],"id=\"form-group-address\"","id=\"address\"","name=\"location[address]\"","id=\"country\"","name=\"location[country]\"","id=\"administrative_area_level_1\"","name=\"location[administrative_area_level_1]\"","id=\"administrative_area_level_2\"","name=\"location[administrative_area_level_2]\"","id=\"administrative_area_level_3\"","name=\"location[administrative_area_level_3]\"","id=\"administrative_area_level_4\"","name=\"location[administrative_area_level_4]\"","id=\"administrative_area_level_5\"","name=\"location[administrative_area_level_5]\"","id=\"postal_code\"","name=\"location[postal_code]\"","id=\"lat\"","name=\"location[lat]\"","id=\"lng\"","name=\"location[lng]\"","id=\"street_number\"","name=\"location[street_number]\"","id=\"route\"","name=\"location[route]\"","id=\"political\"","name=\"location[political]\"",[],[311],"geo_config",[],{"error":314,"url":315,"statusCode":316,"statusMessage":317,"message":317},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Finstant-locations\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":319},[320],{"version":6,"download_url":321,"svn_tag_url":322,"released_at":37,"has_diff":47,"diff_files_changed":323,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":324,"is_current":314},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-locations.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Finstant-locations\u002Ftags\u002F1.0\u002F",[],[325],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37}]