[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT1mtZ716IdPhvsXR072vALcDbfqGzGvvsNZIJxHH-wM":3,"$fM3gE037BKmc0CT1NFrSIUOzf4LE15eP3ObOCiSy3dMM":235,"$f-KyBYtFj6WG2jIrDDeQQqlY3ZB7G8yFu9bAdLOl3yb8":240},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":57,"crawl_stats":39,"alternatives":62,"analysis":159,"fingerprints":208},"javascript-notifier","JavaScript Notifier","1.2.9","freemp","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreemp\u002F","\u003Cp>A simple, lightweight WordPress plugin for displaying a notification bar at the top of the webpage if 1st-party JavaScript is disabled. If appropriate, the entire website may as well be blocked by a full-page overlay instead of just a small bar.\u003C\u002Fp>\n\u003Cp>The plugin offers configuration of background and foreground color, opacity, notification message text and font size. Individual customization by means of CSS snippets is also supported.\u003C\u002Fp>\n","JavaScript Notifier allows you to inform visitors that your website requires JavaScript.",70,2170,100,2,"2026-01-29T17:22:00.000Z","6.9.4","3.8","",[20,21,22,23,24],"disabled","javascript","notification","test","warning","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjavascript-notifier","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjavascript-notifier.zip",99,1,0,"2026-01-23 20:32:01","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":53,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":54,"research_started_at":55,"research_completed_at":56,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-1191","javascript-notifier-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings","JavaScript Notifier \u003C= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings","The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the `wp_footer` action. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2.8","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-03 19:49:26",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F97696702-4d40-41dd-a25f-f2ee7681a2c9?source=api-prod",11,[],"researched",false,3,"This research plan outlines the steps to exploit a Stored Cross-Site Scripting (XSS) vulnerability in the **JavaScript Notifier** plugin for WordPress (versions \u003C= 1.2.8).\n\n## 1. Vulnerability Summary\nThe **JavaScript Notifier** plugin fails to properly sanitize and escape settings saved by an administrator. These settings are subsequently retrieved and rendered directly into the site's footer via the `wp_footer` action hook. An attacker with administrator-level privileges can inject arbitrary JavaScript, which will execute in the context of any user (including other administrators) who visits the site's frontend.\n\n## 2. Attack Vector Analysis\n*   **Vulnerable Endpoint:** WordPress Admin Settings (`\u002Fwp-admin\u002Foptions.php`).\n*   **Vulnerable Action:** `wp_footer` (frontend rendering).\n*   **Vulnerable Parameters:** The specific setting fields registered by the plugin (likely `js_notifier_text` or similar).\n*   **Preconditions:**\n    *   Authenticated user with `administrator` privileges (required to access the settings page).\n    *   Plugin version \u003C= 1.2.8 installed and active.\n\n## 3. Code Flow (Inferred)\n1.  **Entry Point (Admin):** The administrator navigates to the plugin's settings page, usually registered via `add_options_page()` in a function hooked to `admin_menu`.\n2.  **Storage:** Settings are registered via `register_setting()`. When the form is submitted to `options.php`, WordPress calls `update_option()`. The plugin fails to provide a `sanitize_callback` during registration, or the callback is insufficient.\n3.  **Sink (Frontend):** The plugin registers a function to the `wp_footer` hook:\n    ```php\n    add_action('wp_footer', 'javascript_notifier_display');\n    ```\n4.  **Rendering:** Inside `javascript_notifier_display()`, the plugin retrieves the stored option:\n    ```php\n    $options = get_option('javascript_notifier_settings');\n    echo $options['notifier_text']; \u002F\u002F VULNERABLE: No esc_html() or esc_attr()\n    ```\n\n## 4. Nonce Acquisition Strategy\nTo update the settings via `options.php`, a valid settings nonce and the `option_page` identifier are required.\n\n1.  **Identify the Page:** Navigate to the JavaScript Notifier settings page (likely `wp-admin\u002Foptions-general.php?page=javascript-notifier`).\n2.  **Identify the Option Group:** Look for the hidden input field `option_page`.\n3.  **Extract Nonce:**\n    *   Action: `browser_navigate` to the settings page.\n    *   Action: `browser_eval` to extract the nonce:\n        ```javascript\n        ({\n            nonce: document.querySelector('input[name=\"_wpnonce\"]')?.value,\n            option_page: document.querySelector('input[name=\"option_page\"]')?.value\n        })\n        ```\n\n## 5. Exploitation Strategy\n### Step 1: Discover Setting Parameters\nSince source files are not provided, we first need to identify the exact key used in the `options.php` request.\n1.  Navigate to the settings page.\n2.  Inspect the `name` attributes of the input fields (e.g., `javascript_notifier_options[message]`).\n\n### Step 2: Inject Payload\nSubmit a POST request to `options.php` as an administrator.\n\n*   **URL:** `https:\u002F\u002F\u003Ctarget>\u002Fwp-admin\u002Foptions.php`\n*   **Method:** `POST`\n*   **Headers:** `Content-Type: application\u002Fx-www-form-urlencoded`\n*   **Body (Example):**\n    ```\n    option_page=javascript_notifier_settings&\n    _wpnonce=\u003CEXTRACTED_NONCE>&\n    action=update&\n    javascript_notifier_options[message]=\u003Cscript>alert(document.domain)\u003C\u002Fscript>\n    ```\n\n### Step 3: Trigger Execution\nNavigate to any frontend page of the WordPress site. The `wp_footer` hook executes on every frontend page load.\n\n## 6. Test Data Setup\n1.  **Install Plugin:** Ensure `javascript-notifier` version 1.2.8 is installed.\n2.  **User:** Create an administrator user.\n3.  **Plugin Config:** Navigate to the settings page once to ensure the option is initialized in the database.\n\n## 7. Expected Results\n*   The `options.php` request should return a `302 Redirect` back to the settings page with `settings-updated=true`.\n*   Viewing the frontend source code (near the closing `\u003C\u002Fbody>` tag) should show the raw payload: `\u003Cscript>alert(document.domain)\u003C\u002Fscript>`.\n*   A JavaScript alert box should appear when visiting the site's homepage.\n\n## 8. Verification Steps\nAfter the exploit, use `wp-cli` to verify the state of the database:\n```bash\n# Check the stored option value\nwp option get javascript_notifier_options\n```\nVerify that the `message` (or relevant key) contains the unescaped `\u003Cscript>` tag.\n\n## 9. Alternative Approaches\nIf the plugin uses a custom AJAX handler instead of the Options API:\n1.  Search for `wp_ajax_` hooks in the plugin code: `grep -r \"wp_ajax_\" .`.\n2.  Locate the saving function and check for nonce verification: `check_ajax_referer('...', '...')`.\n3.  Construct an AJAX POST request to `wp-admin\u002Fadmin-ajax.php`.\n\nIf the XSS is rendered inside an existing `\u003Cscript>` block rather than directly in HTML:\n1.  Payload: `\";alert(document.domain);\u002F\u002F`\n2.  Check for `wp_add_inline_script` or `wp_localize_script` calls that might be the sink.","gemini-3-flash-preview","2026-05-05 01:17:35","2026-05-05 01:17:54",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":58,"total_installs":59,"avg_security_score":13,"avg_patch_time_days":48,"trust_score":60,"computed_at":61},4,10140,94,"2026-05-20T08:57:18.432Z",[63,85,98,122,144],{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":13,"num_ratings":28,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":18,"tags":76,"homepage":81,"download_link":82,"security_score":83,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":84},"wp-js-detect","Wp Js Detect","1.0.9","kuflievskiy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkuf\u002F","\u003Cp>This plugin is used to display a notification message if the browser’s Javascript is disabled.\u003C\u002Fp>\n\u003Cp>Travis CI\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Fkuflievskiy\u002Fwp-js-detect\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Description\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>A WordPress plugin that can show simple notifications whenever it detects site visitors that have turned off JavaScript in their browser.\u003Cbr \u002F>\nThis warning is completely customizable from a page in the WordPress backend.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Plugin has an option page in the wordpress admin panel where you can customize the notification message about disabled JS.\u003C\u002Fp>\n\u003Cp>Documentation\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Documentation will be maintained on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\u002Fwiki\" rel=\"nofollow ugc\">GitHub Wiki here\u003C\u002Fa>.\u003Cbr \u002F>\nPlugin Translation https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\u002Fwiki\u002FPlugin-Translation\u003C\u002Fp>\n\u003Cp>Add-ons\u003C\u002Fp>\n\u003Cp>There are no addons fo this simple plugin yet.\u003C\u002Fp>\n\u003Cp>Contributing and reporting bugs\u003C\u002Fp>\n\u003Cp>You can post issues here: https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\u002Fissues\u003Cbr \u002F>\nYou can contact me via email to notify about bug.\u003C\u002Fp>\n\u003Cp>Support\u003C\u002Fp>\n\u003Cp>Use the WordPress.org forums for community support – I cannot offer support directly for free. If you spot a bug, you can of course log it on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\" rel=\"nofollow ugc\">Github\u003C\u002Fa> instead where I can act upon it more efficiently.\u003C\u002Fp>\n\u003Cp>If you want help with a customisation, hire a developer!\u003C\u002Fp>\n\u003Cp>Installation\u003C\u002Fp>\n\u003Col>\n\u003Cli>Unpack and upload it to the \u002Fwp-content\u002Fplugins\u002F directory.\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Edit notification message if needed on the http:\u002F\u002FYOUR_SITE_DOMAIN_NAME\u002Fwp-admin\u002Fadmin.php?page=js-detect-settings page.\u003C\u002Fli>\n\u003Cli>Enjoy!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Automatic installation\u003C\u002Fp>\n\u003Cp>Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t even need to leave your web browser. To do an automatic install, log in to your WordPress admin panel, navigate to the Plugins menu and click Add New.\u003C\u002Fp>\n\u003Cp>In the search field type “Download Monitor” and click Search Plugins. Once you’ve found the plugin you can view details about it such as the the point release, rating and description. Most importantly of course, you can install it by clicking \u003Cem>Install Now\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>Manual installation\u003C\u002Fp>\n\u003Cp>The manual installation method involves downloading the plugin and uploading it to your webserver via your favourite FTP application.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Download the plugin file to your computer and unzip it\u003C\u002Fli>\n\u003Cli>Using an FTP program, or your hosting control panel, upload the unzipped plugin folder to your WordPress installation’s \u003Ccode>wp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the plugin from the Plugins menu within the WordPress admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Frequently Asked Questions\u003C\u002Fp>\n\u003Cp>Screenshots\u003C\u002Fp>\n\u003Col>\n\u003Cli>This is a notification if js is disabled.\u003C\u002Fli>\n\u003Cli>Plugin options page. \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Changelog\u003C\u002Fp>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>First plugin version.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW : Option to store and manage notification text has been added.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW : Plugin security has been improved.\u003C\u002Fli>\n\u003Cli>NEW : The WPML plugin support has been added. You can read more about WPML config here http:\u002F\u002Fwpml.org\u002Fdocumentation\u002Fsupport\u002Flanguage-configuration-files\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.3\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW : Plugin option tabs has been added.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.4\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW : Ability to customize pop-up window from the backend has been added.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.5\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW : Plugins JS and CSS locates in the separate files for now!  .js and .css files are included in the footer section of the site, so it should decrease the time of the site’s loading. And you can pack these (.js+.css)files for now via other plugins!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.6\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>bugfix: plugin url variable has been replaced with plugins_url function https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\u002Fissues\u002F2\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.7\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW : Ability to translate plugin has been added.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.8\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>bugfix: Several minor warnings and notices have been fixed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.9\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>bugfix: https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\u002Fissues\u002F3\u003C\u002Fli>\n\u003Cli>enhancement: https:\u002F\u002Fgithub.com\u002Fkuflievskiy\u002Fwp-js-detect\u002Fissues\u002F4\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin is used to display a notification message if the browser's Javascript is disabled. Travis CI",20,2171,"2014-04-24T11:01:00.000Z","3.9.40","3.5",[77,78,79,21,80],"disabled-javascript","disabled-javascript-notification","disabled-js","js","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-js-detect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-js-detect.zip",85,"2026-04-06T09:54:40.288Z",{"slug":86,"name":87,"version":88,"author":7,"author_profile":8,"description":89,"short_description":90,"active_installs":29,"downloaded":91,"rating":29,"num_ratings":29,"last_updated":92,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":93,"homepage":96,"download_link":97,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"recaptcha-js-alert","ReCaptcha JS Alert","1.0.1","\u003Cp>A lightweight WordPress plugin providing the \u003Ccode>[recaptcha-js-alert]\u003C\u002Fcode> shortcode which may be used to display a notification text box if JavaScript required by \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> is being blocked.\u003C\u002Fp>\n\u003Cp>Next to the notification message text and the delay allowing to load the \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> JavaScript code, the plugin offers configuration of background and foreground color, as well as the font size. Further customization can be achieved by means of custom CSS snippets.\u003C\u002Fp>\n\u003Cp>The shortcode allows its configuration being overridden by the following parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>message\u003C\u002Fcode>: The notification message text\u003C\u002Fli>\n\u003Cli>\u003Ccode>style\u003C\u002Fcode>: Custom CSS for displaying the message text\u003C\u002Fli>\n\u003Cli>\u003Ccode>delay\u003C\u002Fcode>: The delay (in milliseconds) allowing the \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> JavaScript code to load\u003C\u002Fli>\n\u003C\u002Ful>\n","ReCaptcha JS Alert provides the [recaptcha-js-alert] shortcode, which (if necessary) informs visitors of your website that a form requires JavaScript  …",959,"2025-12-03T07:56:00.000Z",[94,20,21,22,95],"blocked","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frecaptcha-js-alert","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecaptcha-js-alert.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":119,"download_link":120,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":121,"fetched_at":31},"disable-update-notifications","Disable WordPress Update Notifications and auto-update Email Notifications","2.4.2","Prem Tiwari","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreewebmentor\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.premtiwari.in\u002F\" rel=\"nofollow ugc\">Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-update-notifications\u002F#installation\" rel=\"ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-update-notifications\u002Freviews\u002F#new-post\" rel=\"ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin will completely disables the Plugins, Themes, and WordPress core update notifications displayed by WordPress based on your plugin settings. Apart from this it will also disable auto-update Email Notifications.\u003C\u002Fp>\n\u003Ch3>🎉 Disable auto-update Email Notifications\u003C\u002Fh3>\n\u003Cp>Since WordPress 5.5 version, if you have enabled plugin and theme auto-update you will receive an automated email notifications when any plugin or theme auto-update is successful or failed.\u003C\u002Fp>\n\u003Cp>If you manage a dozen of websites, then the you will receive the constant stream of auto-update notifications emails and may be it annoying you.\u003C\u002Fp>\n\u003Cp>I have added a new feature to cure the problem by automatically Disable auto-update Email Notifications for plugins and themes auto-update email notifications.\u003C\u002Fp>\n\u003Cp>👉 Most importantly, This plugin is free and always will be free.\u003C\u002Fp>\n","Disables WordPress core update notification and plugins update notification update checks and notifications.",10000,77450,88,18,"2025-06-10T02:21:00.000Z","6.8.5","5.0",[114,115,116,117,118],"core-update","disable","hide-warnings","plugin-update","update-notifications","https:\u002F\u002Fwww.premtiwari.in\u002Fdisable-wordpress-update-notifications\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-update-notifications.2.4.2.zip","2023-05-30 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":13,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":18,"tags":136,"homepage":142,"download_link":143,"security_score":83,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"caspers-leave-notice","Casper’s Leave Notice","1.2.3","XAce90","https:\u002F\u002Fprofiles.wordpress.org\u002Fxace90\u002F","\u003Cp>Casper’s Leave Notice warns your users when they are about to leave your website. All you have to do is install and activate, and the plugin does the rest! You can edit the content that shows up in the pop up window to fine tune the message your users see. You can also add domain names to exclude from the pop up.\u003C\u002Fp>\n\u003Cp>For example, if a link sends your users to a third party tool – like a shopping cart – just add the domain to the exclusion list and your guests will be none the wiser.\u003C\u002Fp>\n","A quick, easy way to notify your users when they are leaving your site. You can edit the content and add domain exclusions.",200,4438,5,"2019-07-18T18:51:00.000Z","5.2.24","4.0",[137,138,139,140,141],"exit-warning","external-links","leaving-notification","pop-up-disclaimer","site-abandonment-notice","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcaspers-leave-notice\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaspers-leave-notice.zip",{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":71,"downloaded":152,"rating":13,"num_ratings":14,"last_updated":153,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":154,"homepage":18,"download_link":158,"security_score":83,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"easy-admin-notification","Easy Admin Notification","1.4","Remi Corson","https:\u002F\u002Fprofiles.wordpress.org\u002Fcorsonr\u002F","\u003Cp>This plugin helps admins to easily create admin notification inside the WordPress administration.\u003C\u002Fp>\n\u003Cp>You can choose many options and decide how and where to display the notifications.\u003C\u002Fp>\n","Tested up to 3.3.1 Stable Tag: 1.4 Adds the ability to create easily notification in the admin panel",5756,"2012-02-12T18:58:00.000Z",[155,156,157,22,24],"error","information","notice","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-admin-notification.zip",{"attackSurface":160,"codeSignals":188,"taintFlows":199,"riskAssessment":200,"analyzedAt":207},{"hooks":161,"ajaxHandlers":184,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":29,"unprotectedCount":29},[162,168,171,174,178,181],{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","admin_enqueue_scripts","closure","admin\u002Fjavascript-notifier-admin.php",10,{"type":163,"name":169,"callback":165,"file":166,"line":170},"admin_init",16,{"type":163,"name":172,"callback":165,"file":166,"line":173},"admin_menu",21,{"type":163,"name":175,"callback":165,"file":176,"line":177},"plugins_loaded","javascript-notifier.php",23,{"type":163,"name":179,"callback":165,"file":176,"line":180},"wp_enqueue_scripts",66,{"type":163,"name":182,"callback":165,"priority":28,"file":176,"line":183},"wp_footer",71,[],[],[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":192,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":198},[],{"prepared":29,"raw":29,"locations":191},[],{"escaped":170,"rawEcho":14,"locations":193},[194,197],{"file":176,"line":195,"context":196},78,"raw output",{"file":176,"line":195,"context":196},[],[],{"summary":201,"deductions":202},"The javascript-notifier plugin version 1.2.9 exhibits a generally good security posture in its static analysis, with no identified dangerous functions, all SQL queries using prepared statements, and no file operations or external HTTP requests. The attack surface is minimal, with zero identified entry points that are unprotected. Taint analysis also shows no critical or high severity flows. However, a significant concern arises from the historical vulnerability data, which shows one known CVE with a medium severity, specifically Cross-site Scripting (XSS). While this vulnerability is currently marked as patched, the existence of a past XSS vulnerability, even if resolved, indicates a potential area of weakness for the plugin. The low percentage of properly escaped outputs (89%) is a minor concern, suggesting a small risk of XSS in the remaining 11% of outputs that were not properly escaped.\n\nDespite the clean static analysis and zero current unpatched vulnerabilities, the history of a medium severity XSS flaw warrants attention. While the plugin has demonstrated the ability to fix such issues, it highlights the need for ongoing vigilance. The low rate of unescaped outputs, while not critical, could be improved to further harden the plugin against potential future XSS attempts. Overall, the plugin appears to be well-developed from a static analysis perspective, but the past vulnerability serves as a reminder that continuous security review and best practices are essential for maintaining a secure plugin.",[203,205],{"reason":204,"points":167},"Past medium severity XSS vulnerability",{"reason":206,"points":52},"11% of outputs not properly escaped","2026-04-16T11:04:29.445Z",{"wat":209,"direct":218},{"assetPaths":210,"generatorPatterns":213,"scriptPaths":214,"versionParams":215},[211,212],"\u002Fwp-content\u002Fplugins\u002Fjavascript-notifier\u002Fcss\u002Fjavascript-notifier.css","\u002Fwp-content\u002Fplugins\u002Fjavascript-notifier\u002Fjs\u002Fjavascript-notifier-admin.js",[],[212],[216,217],"javascript-notifier\u002Fcss\u002Fjavascript-notifier.css?ver=","javascript-notifier\u002Fjs\u002Fjavascript-notifier-admin.js?ver=",{"cssClasses":219,"htmlComments":221,"htmlAttributes":224,"restEndpoints":231,"jsGlobals":232,"shortcodeOutput":234},[220],"javascript_notifier",[222,223],"\u003C!-- JavaScript Notifier -->","\u003C!-- End JavaScript Notifier -->",[225,226,227,228,229,230],"id=\"javascript_notifier_block\"","id=\"javascript_notifier_block_2\"","id=\"javascript_notifier_block_3\"","id=\"javascript_notifier_bar\"","data-default-color","class=\"wp_color_picker\"",[],[233],"JAVASCRIPT_NOTIFIER_VERSION",[],{"error":236,"url":237,"statusCode":238,"statusMessage":239,"message":239},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fjavascript-notifier\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":28,"versions":241},[242],{"version":243,"download_url":244,"svn_tag_url":245,"released_at":39,"has_diff":51,"diff_files_changed":246,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":247,"is_current":51},"rel-1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjavascript-notifier.rel-1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fjavascript-notifier\u002Ftags\u002Frel-1.1\u002F",[],[248],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]