[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYrtSLTQNCZua3jpE0AG5iVp31nh2FFnTbssB6cjWgx8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":7,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":51,"analysis":148,"fingerprints":257},"irobotstxt-seo","iRobots.txt SEO","1.1.2","","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkbeljaars\u002F","\u003Cp>iRobots.txt SEO (IRSEO) is a fully customizable robots.txt virtual file generator. IRSEO creates a highly optimized and secure robots.txt file straight out of the box. Users may choose to enable or disable specific user agents, directories or files using intuitive options all of which include detailed instructions.\u003C\u002Fp>\n\u003Cp>The robots.txt file is a text file located in the root directory of a website. It’s purpose is to direct user-agents (AKA bots) away from or towards specific files or directories. Inhibiting a bot from indexing specific pages will ensure your website remains keyword optimized and all indexed pages are relevant to your potential customers.\u003C\u002Fp>\n\u003Cp>IRSEO also inhibits several WordPress system directories and files by default. Doing this ensures that the search bots do not include security sensitive pages within search results. For example, searching for “inurl:wp-content name size description” in Google will produce a list of sites with indexed and open content directories.\u003C\u002Fp>\n\u003Cp>Note that IRSEO creates a virtual robots.txt file. This robots.txt file is displayed whenever access to the robots.txt file is requested.\u003C\u002Fp>\n","iRobots.txt SEO is a SEO optimized, secure and customizable robots.txt virtual file creator.",300,33931,100,2,"2010-06-13T01:57:00.000Z","2.9.2","2.7",[19,20,21,22,23],"robot","robots-txt","seo","site-map","sitemap","http:\u002F\u002Fmarkbeljaars.com\u002Fplugins\u002Firobottxt-seo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Firobotstxt-seo.1.1.2.zip",63,1,"2026-01-20 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-68840","irobotstxt-seo-reflected-cross-site-scripting","iRobots.txt SEO \u003C= 1.1.2 - Reflected Cross-Site Scripting","The iRobots.txt SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-27 19:19:07",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1383a701-d2b5-44fb-823f-0640ad4961fb?source=api-prod",{"slug":46,"display_name":46,"profile_url":8,"plugin_count":14,"total_installs":47,"avg_security_score":26,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"markbeljaars",700,30,68,"2026-04-04T07:33:05.957Z",[52,71,88,107,127],{"slug":53,"name":54,"version":6,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":59,"num_ratings":59,"last_updated":7,"tested_up_to":61,"requires_at_least":62,"requires_php":63,"tags":64,"homepage":68,"download_link":69,"security_score":13,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":70},"advanced-seo-toolkit","Advanced SEO Toolkit","Mehdi Rezaei","https:\u002F\u002Fprofiles.wordpress.org\u002Fmehdiraized\u002F","\u003Cp>Advanced SEO Toolkit is a comprehensive WordPress plugin designed to enhance your website’s search engine optimization. It provides a wide range of features to improve your site’s visibility and ranking in search engine results.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom meta tags for posts, pages, and custom post types\u003C\u002Fli>\n\u003Cli>Automatic schema markup generation\u003C\u002Fli>\n\u003Cli>Integration with third-party services like Ahrefs and Google Analytics\u003C\u002Fli>\n\u003Cli>XML sitemap generation\u003C\u002Fli>\n\u003Cli>robots.txt editor\u003C\u002Fli>\n\u003Cli>SEO analysis tool\u003C\u002Fli>\n\u003Cli>Custom language support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>After activation, you’ll find a new “Advanced SEO” menu item in your WordPress admin panel. Here’s a quick overview of the available options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>General Settings\u003C\u002Fstrong>: Configure default meta titles and descriptions, enable\u002Fdisable features.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Meta Tags\u003C\u002Fstrong>: Customize meta tags for individual posts and pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Schema Markup\u003C\u002Fstrong>: Configure automatic schema markup generation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrations\u003C\u002Fstrong>: Set up connections with third-party services.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML Sitemap\u003C\u002Fstrong>: Manage your site’s XML sitemap.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>robots.txt\u003C\u002Fstrong>: Edit your site’s robots.txt file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Analysis\u003C\u002Fstrong>: Run a comprehensive SEO analysis of your site.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For detailed usage instructions, please refer to the \u003Ca href=\"https:\u002F\u002Fexample.com\u002Fadvanced-seo-toolkit-docs\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the following third-party services:\u003C\u002Fp>\n\u003Ch4>Ahrefs\u003C\u002Fh4>\n\u003Cp>Advanced SEO Toolkit uses the Ahrefs API to fetch SEO metrics for your website. When you enable this integration and provide an API key, the plugin will send requests to Ahrefs servers containing the URL you wish to analyze.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service Website: https:\u002F\u002Fahrefs.com\u002F\u003C\u002Fli>\n\u003Cli>API Documentation: https:\u002F\u002Fahrefs.com\u002Fapi\u002Fdocumentation\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fahrefs.com\u002Fterms\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fahrefs.com\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Google Analytics\u003C\u002Fh4>\n\u003Cp>The plugin allows you to integrate your Google Analytics ID for tracking purposes. When enabled, this integration will send data about your website’s visitors to Google Analytics servers.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service Website: https:\u002F\u002Fanalytics.google.com\u002F\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using these integrations, you acknowledge that you have read and agree to the terms of service and privacy policies of these third-party services. It is your responsibility to ensure that your use of these services complies with any applicable laws and regulations.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you need help with the plugin or want to report a bug, please visit our \u003Ca href=\"https:\u002F\u002Fmehd.ir\" rel=\"nofollow ugc\">support url\u003C\u002Fa> or create an issue in the GitHub repository.\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>If you find this plugin useful, please consider supporting its development by \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fmehdiraized\" rel=\"nofollow ugc\">buying me a coffee\u003C\u002Fa>. Your support helps cover the costs of maintaining and improving the plugin, ensuring it remains free and accessible for everyone. Thank you!\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Advanced SEO Toolkit is released under the GPL v2 or later license. See the LICENSE file for details.\u003C\u002Fp>\n","Advanced SEO Toolkit is a comprehensive solution for optimizing your WordPress site for search engines.",0,848,"6.6.5","5.0","7.2",[65,20,66,21,67],"meta-tags","schema-markup","xml-sitemap","https:\u002F\u002Fgithub.com\u002Fmehdiraized\u002Fadvanced-seo-toolkit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-seo-toolkit.1.1.2.zip","2026-03-15T10:48:56.248Z",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":59,"downloaded":79,"rating":59,"num_ratings":59,"last_updated":80,"tested_up_to":81,"requires_at_least":62,"requires_php":82,"tags":83,"homepage":7,"download_link":86,"security_score":13,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":87},"flavio","Flavio","1.0.0","marketgoo","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelmarketgoo\u002F","\u003Cp>Flavio: Effortless SEO for Small Businesses\u003C\u002Fp>\n\u003Cp>Running a small business is demanding enough without adding complex SEO tasks to your plate. Flavio is the SEO plugin (Agent) designed specifically for non-experts, working intelligently behind the scenes to improve your visibility, fix critical technical issues, and help you show up where your customers are searching.\u003C\u002Fp>\n\u003Cp>Key Features and Benefits\u003Cbr \u002F>\n– Simple Onboarding: Get your site optimized quickly with our intuitive Agent. No prior SEO knowledge is required.\u003Cbr \u002F>\n– Automated SEO Planning: Flavio continually monitors your website, identifies areas for improvement, and generates a clear roadmap of recommended SEO adjustments.\u003Cbr \u002F>\n– Visibility Enhancement: By identifying key foundational SEO issues, Flavio helps prepare your site to be easily found by search engines, boosting your potential search ranking.\u003Cbr \u002F>\n– Clear Progress Updates: Understand your SEO health with straightforward, easy-to-read progress reports. Flavio translates complex SEO data into actionable insights, showing you the issues we’ve found and the steps you can take.\u003Cbr \u002F>\n– Focus on Your Business: You concentrate on what you do best—running your business—and let Flavio handle the technical details of improving your online presence.\u003C\u002Fp>\n\u003Cp>Access and Versions\u003C\u002Fp>\n\u003Cp>Flavio is designed to give you immediate value while offering the flexibility to upgrade.\u003C\u002Fp>\n\u003Cp>Limited Version (Free)\u003Cbr \u002F>\n– Automated Technical Fixes – Auditing Only (Identifies issues; fixes are disabled)\u003Cbr \u002F>\n– In-Depth Reporting – Summary Only\u003Cbr \u002F>\n– Priority Support – Not Included\u003C\u002Fp>\n\u003Cp>Full Access (30 Day Trial)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Core SEO Audit & Reporting – Included\u003C\u002Fli>\n\u003Cli>Automated Technical Fixes – Automated Fixes Enabled (Flavio automatically executes improvements)\u003C\u002Fli>\n\u003Cli>In-Depth Reporting – Full Analytics and Insights\u003C\u002Fli>\n\u003Cli>Priority Support – Included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Start with a generous 30-day period of full access to all features—no credit card required—to experience the full power of Flavio, including automated fixing. After the trial, the plugin seamlessly transitions to the Limited Version, which continues to provide essential auditing and planning of your site’s SEO health (showing you what needs to be fixed and what was already done). You may then choose to upgrade at any time to re-enable automated fixes and access premium features.\u003Cbr \u002F>\nFlavio works with the marketgoo platform to analyze and improve your website. You’ll need a free marketgoo account to activate it.\u003C\u002Fp>\n\u003Cp>Flavio handles the SEO. You handle the business.\u003C\u002Fp>\n","Make your life easy and grow with us. AI-powered SEO assistant for WordPress.",121,"2026-01-12T09:28:00.000Z","6.9.4","7.4",[84,85,20,21,23],"broken-links","optimization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflavio.1.0.0.zip","2026-03-15T14:54:45.397Z",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":13,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":105,"download_link":106,"security_score":13,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"wp-robots-txt","WP Robots Txt","1.3.5","George Pattichis","https:\u002F\u002Fprofiles.wordpress.org\u002Fpattihis\u002F","\u003Cp>WordPress, by default, includes a simple robots.txt file that’s dynamically generated from within the WP application. This is great, but how do you easily change the content?\u003C\u002Fp>\n\u003Cp>Enter \u003Cstrong>WP Robots Txt\u003C\u002Fstrong>, a plugin that adds an additional field to the “Reading” admin page where you can do just that. No manual coding or file editing required!\u003C\u002Fp>\n\u003Cp>Simply visit https:\u002F\u002Fyour-site.com\u002Fwp-admin\u002Foptions-reading.php and you can control the contents of your https:\u002F\u002Fyour-site.com\u002Frobots.txt\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-robots-txt\u002F#developers\" rel=\"ugc\">Changelog\u003C\u002Fa>\u003C\u002Fp>\n","WP Robots Txt Allows you to edit the content of your robots.txt file.",50000,545169,21,"2025-06-29T19:37:00.000Z","6.8.5","5.3.0","7.0",[104,20,21],"robots","https:\u002F\u002Fgithub.com\u002Fpattihis\u002Fwp-robots.txt","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-robots-txt.1.3.5.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":7,"download_link":125,"security_score":126,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"robots-txt-editor","Robots.txt Editor","1.1.4","Processby","https:\u002F\u002Fprofiles.wordpress.org\u002Fprocessby\u002F","\u003Cp>The plugin allows you to create and edit the robots.txt file on your site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works with multisite network on Subdomains;\u003C\u002Fli>\n\u003Cli>An example of the correct file for WordPress;\u003C\u002Fli>\n\u003Cli>Works out of the box;\u003C\u002Fli>\n\u003Cli>Totally Free.\u003C\u002Fli>\n\u003C\u002Ful>\n","Robots.txt for WordPress",10000,111434,90,8,"2021-01-16T00:07:00.000Z","5.6.17","4.0","5.6",[124,104,20,21],"crawler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frobots-txt-editor.zip",85,{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":137,"num_ratings":138,"last_updated":139,"tested_up_to":100,"requires_at_least":101,"requires_php":7,"tags":140,"homepage":143,"download_link":144,"security_score":145,"vuln_count":146,"unpatched_count":59,"last_vuln_date":147,"fetched_at":29},"companion-sitemap-generator","Companion Sitemap Generator – HTML & XML","4.5.9.3","Papin Schipper","https:\u002F\u002Fprofiles.wordpress.org\u002Fpapin\u002F","\u003Ch4>What is a sitemap?\u003C\u002Fh4>\n\u003Cp>A sitemap is a file where you provide information about the pages and posts your site, and the relationships between them. Search engines read this file to more intelligently crawl your site. A sitemap tells the search engine which pages you think are important in your site, and also provides valuable information about these pages: for example, when the page was last updated, how often the page is changed, and any alternate language versions of a page.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cp>Easily create a sitemap which is then updated every hour, or can be updated manually at any time via the WordPress dashboard. You can select single pages\u002Fposts or entire posttypes that you want to exclude from the sitemap. It will generate both an XML sitemap and an HTML sitemap that you can display on your site via the shortcode or gutenberg block.\u003C\u002Fp>\n\u003Ch4>We’ll keep search engines up-to-date for you\u003C\u002Fh4>\n\u003Cp>If there are changes being made to your sitemap we’ll notify search engines for you. You don’t have to submit them manual anymore.\u003C\u002Fp>\n\u003Ch4>What do we add to the sitemap?\u003C\u002Fh4>\n\u003Cp>The following URLs are added to the sitemap (with an option to hide them, ofcourse):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Post images\u003C\u002Fli>\n\u003Cli>Post categories\u003C\u002Fli>\n\u003Cli>Post tags\u003C\u002Fli>\n\u003Cli>Custom post types\u003C\u002Fli>\n\u003Cli>Custom taxonomies\u003C\u002Fli>\n\u003Cli>Additional pages: Add URLs yourself\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Robots editor\u003C\u002Fh4>\n\u003Cp>While a sitemap allows search engines to scan pages faster, a robots.txt file disallows search engines from scanning certain pages. This plugin also comes with a handy robots editor to give you full control over your search engine visibility.\u003C\u002Fp>\n\u003Ch4>Multilingual\u003C\u002Fh4>\n\u003Cp>Companion Sitemap Generator also supports \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fwebmasters\u002Fanswer\u002F2620865?hl=en\" rel=\"nofollow ugc\">multilingual sitemaps\u003C\u002Fa>. Right now this is only supported when using the Polylang plugin but more plugins will be added upon request.\u003C\u002Fp>\n\u003Ch4>Multisite\u003C\u002Fh4>\n\u003Cp>This plugin has support for multisite. Each site will get its own sitemap.\u003C\u002Fp>\n","Easy to use XML and HTML sitemap generator + Robots editor",7000,186302,94,55,"2025-10-02T15:16:00.000Z",[141,104,21,23,142],"multilingual","xml","https:\u002F\u002Fplugins.wijzijnqreative.nl\u002Fplugin\u002Fcompanion-sitemap-generator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcompanion-sitemap-generator.4.5.9.3.zip",98,3,"2023-06-19 00:00:00",{"attackSurface":149,"codeSignals":175,"taintFlows":226,"riskAssessment":245,"analyzedAt":256},{"hooks":150,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":59,"unprotectedCount":59},[151,157,161,165],{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","plugins_loaded","irseo_loaded_hook","irobotstxt-seo.php",27,{"type":152,"name":158,"callback":159,"file":155,"line":160},"init","irseo_display_hook",28,{"type":152,"name":162,"callback":163,"file":155,"line":164},"admin_menu","irseo_menu_hook",32,{"type":166,"name":167,"callback":168,"priority":169,"file":155,"line":170},"filter","plugin_action_links","irseo_filter_settings_option",10,33,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":146,"externalRequests":59,"nonceChecks":224,"capabilityChecks":59,"bundledLibraries":225},[],{"prepared":59,"raw":59,"locations":178},[],{"escaped":59,"rawEcho":98,"locations":180},[181,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222],{"file":155,"line":182,"context":183},111,"raw output",{"file":155,"line":185,"context":183},360,{"file":155,"line":187,"context":183},367,{"file":155,"line":189,"context":183},379,{"file":155,"line":191,"context":183},391,{"file":155,"line":193,"context":183},401,{"file":155,"line":195,"context":183},458,{"file":155,"line":197,"context":183},475,{"file":155,"line":199,"context":183},484,{"file":155,"line":201,"context":183},500,{"file":155,"line":203,"context":183},506,{"file":155,"line":205,"context":183},514,{"file":155,"line":207,"context":183},527,{"file":155,"line":209,"context":183},534,{"file":155,"line":211,"context":183},540,{"file":155,"line":213,"context":183},563,{"file":155,"line":215,"context":183},576,{"file":155,"line":217,"context":183},587,{"file":155,"line":219,"context":183},616,{"file":155,"line":221,"context":183},631,{"file":155,"line":223,"context":183},642,5,[],[227],{"entryPoint":228,"graph":229,"unsanitizedCount":59,"severity":244},"\u003Cirobotstxt-seo> (irobotstxt-seo.php:0)",{"nodes":230,"edges":241},[231,236],{"id":232,"type":233,"label":234,"file":155,"line":235},"n0","source","$_POST[?]",361,{"id":237,"type":238,"label":239,"file":155,"line":185,"wp_function":240},"n1","sink","echo() [XSS]","echo",[242],{"from":232,"to":237,"sanitized":243},true,"low",{"summary":246,"deductions":247},"The irobotstxt-seo plugin, version 1.1.2, exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices by not exposing a significant attack surface through AJAX, REST API, shortcodes, or cron events, and all identified SQL queries utilize prepared statements.  Furthermore, the taint analysis indicates no critical or high severity flows with unsanitized paths.  However, a major concern is the complete lack of output escaping for all 21 identified output points. This suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site's output.\n\nThe plugin's vulnerability history reveals a past medium-severity Cross-Site Scripting vulnerability, which aligns with the static analysis findings regarding unescaped output. The fact that this vulnerability is listed as currently unpatched and has a future dated \"last vulnerability\" of 2026-01-20 is highly concerning and likely indicates a data entry error in the provided history. Assuming this points to a real, unpatched vulnerability, it significantly elevates the risk. The absence of capability checks is also a weakness, as it means actions performed by the plugin may not be properly restricted to authorized users.\n\nIn conclusion, while the plugin avoids common entry point vulnerabilities and uses prepared statements for database operations, the pervasive lack of output escaping and the presence of at least one unpatched medium-severity vulnerability represent significant security risks. The future date for the last vulnerability is a red flag that warrants further investigation, but based on the provided data, a user of this plugin should be aware of potential XSS and unauthorized access issues.",[248,251,254],{"reason":249,"points":250},"Unpatched CVE (Medium Severity)",15,{"reason":252,"points":253},"All outputs unescaped",18,{"reason":255,"points":224},"No capability checks","2026-03-16T20:06:55.289Z",{"wat":258,"direct":263},{"assetPaths":259,"generatorPatterns":260,"scriptPaths":261,"versionParams":262},[],[],[],[],{"cssClasses":264,"htmlComments":265,"htmlAttributes":267,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":270},[],[266],"\u003C!-- Generated by iRobots.txt SEO -->",[],[],[],[]]