[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQYbkwkQoqOL7FfiJoidEAvSnqGl1GyUudvTOL0BGLXE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":142,"fingerprints":353},"jet-quickpress","Jet QuickPress","2.2.5","milordk","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilordk\u002F","\u003Cp>EN: This plugin allows the users to write simple posts outside the dashboard (just like QuickPress from the Dashboard). With Tiny MCE Editor.\u003C\u002Fp>\n\u003Cp>It adds a “Quickpress” submenu under \u002Fblog from which you can easily add a post to any of your blogs.\u003C\u002Fp>\n\u003Cp>RU: Плагин дает возможность пользователям блогов размещать записи без использования адинистративной панели WordPress. Создание записей с использованием редактора Tiny MCE.\u003C\u002Fp>\n\u003Cp>(Based on BuddyPress Quick Press 0.1.6)\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>http:\u002F\u002Fmilordk.ru\u002Fr-lichnoe\u002Fopyt\u002Fcms\u002Fpublikaciya-v-wordpress-minuyu-administrativnuyu-panel-jet-quickpress.html\u003C\u002Fp>\n","This plugin allows the users to write simple posts outside the dashboard (just like QuickPress from the Dashboard). With Tiny MCE!",10,5283,0,"2010-06-30T17:10:00.000Z","",[17,18,19,20],"buddypress","post","quick-post","quickpress","http:\u002F\u002Fmilordk.ru\u002Fr-lichnoe\u002Fopyt\u002Fcms\u002Fpublikaciya-v-wordpress-minuyu-administrativnuyu-panel-jet-quickpress.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjet-quickpress.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},4,40,89,30,86,"2026-04-04T21:09:45.939Z",[35,59,79,99,119],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":58},"press-this","Press This","2.0.1","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>Press This is a little tool that lets you grab bits of the web and create new posts with ease.\u003Cbr \u002F>\nIt will even allow you to choose from images or videos included on the page and use them in your post.\u003Cbr \u002F>\nUse Press This as a quick and lightweight way to highlight another page on the web.\u003C\u002Fp>\n\u003Ch4>Version 2.0 – Gutenberg Block Editor\u003C\u002Fh4>\n\u003Cp>Press This 2.0 brings the modern WordPress block editor experience to the bookmarklet popup. You can now compose posts using familiar blocks like Paragraph, Heading, Image, Quote, List, and Embed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Gutenberg Block Editor\u003C\u002Fstrong> – Full block editor integration for a consistent WordPress editing experience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Post Format Suggestions\u003C\u002Fstrong> – Automatically suggests Video, Quote, or Link formats based on content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Content Extraction\u003C\u002Fstrong> – Improved scraping with JSON-LD structured data support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client-Side Only Scraping\u003C\u002Fstrong> – All content extraction happens in your browser for better privacy and security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Featured Image Support\u003C\u002Fstrong> – Set any scraped image as your post’s featured image\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Improved Media Grid\u003C\u002Fstrong> – Better thumbnail display with support for video and audio embeds\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filters for Developers\u003C\u002Fh4>\n\u003Cp>Press This 2.0 includes new filters for customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>press_this_allowed_blocks\u003C\u002Fcode> – Customize which blocks are available in the editor\u003C\u002Fli>\n\u003Cli>\u003Ccode>press_this_post_format_suggestion\u003C\u002Fcode> – Modify the auto-suggested post format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the \u003Ca href=\"#developer-documentation\" rel=\"nofollow ugc\">Developer Documentation\u003C\u002Fa> section below for details.\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Bugs and PRs can be submitted via https:\u002F\u002Fgithub.com\u002FWordPress\u002Fpress-this .\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Ch4>New Hooks and Filters in 2.0\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>press_this_allowed_blocks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize which blocks are available in the Press This editor.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'press_this_allowed_blocks', function( $blocks ) {\n    \u002F\u002F Add the gallery block\n    $blocks[] = 'core\u002Fgallery';\n\n    \u002F\u002F Remove the embed block\n    $blocks = array_filter( $blocks, function( $block ) {\n        return $block !== 'core\u002Fembed';\n    } );\n\n    return $blocks;\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Default blocks: \u003Ccode>core\u002Fparagraph\u003C\u002Fcode>, \u003Ccode>core\u002Fheading\u003C\u002Fcode>, \u003Ccode>core\u002Fimage\u003C\u002Fcode>, \u003Ccode>core\u002Fquote\u003C\u002Fcode>, \u003Ccode>core\u002Flist\u003C\u002Fcode>, \u003Ccode>core\u002Flist-item\u003C\u002Fcode>, \u003Ccode>core\u002Fembed\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>press_this_post_format_suggestion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Modify or override the auto-suggested post format based on content.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'press_this_post_format_suggestion', function( $suggested_format, $data ) {\n    \u002F\u002F If the URL contains 'podcast', suggest audio format\n    if ( ! empty( $data['u'] ) && strpos( $data['u'], 'podcast' ) !== false ) {\n        return 'audio';\n    }\n\n    return $suggested_format;\n}, 10, 2 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Ccode>$data\u003C\u002Fcode> array contains scraped content including:\u003Cbr \u002F>\n– \u003Ccode>u\u003C\u002Fcode> – Source URL\u003Cbr \u002F>\n– \u003Ccode>s\u003C\u002Fcode> – Selected text\u003Cbr \u002F>\n– \u003Ccode>t\u003C\u002Fcode> – Page title\u003Cbr \u002F>\n– \u003Ccode>_images\u003C\u002Fcode> – Array of image URLs\u003Cbr \u002F>\n– \u003Ccode>_embeds\u003C\u002Fcode> – Array of embed URLs\u003Cbr \u002F>\n– \u003Ccode>_meta\u003C\u002Fcode> – Meta tag data\u003Cbr \u002F>\n– \u003Ccode>_jsonld\u003C\u002Fcode> – JSON-LD structured data\u003C\u002Fp>\n\u003Ch4>Preserved Hooks from 1.x\u003C\u002Fh4>\n\u003Cp>All existing hooks continue to work:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>press_this_redirect_in_parent\u003C\u002Fcode> – Control post-save redirect behavior\u003C\u002Fli>\n\u003Cli>\u003Ccode>press_this_save_post\u003C\u002Fcode> – Filter post data before saving\u003C\u002Fli>\n\u003Cli>\u003Ccode>press_this_save_redirect\u003C\u002Fcode> – Filter redirect URL after save\u003C\u002Fli>\n\u003Cli>\u003Ccode>enable_press_this_media_discovery\u003C\u002Fcode> – Toggle media scraping\u003C\u002Fli>\n\u003Cli>\u003Ccode>press_this_data\u003C\u002Fcode> – Filter the complete scraped data array\u003C\u002Fli>\n\u003Cli>\u003Ccode>press_this_suggested_html\u003C\u002Fcode> – Filter default content templates\u003C\u002Fli>\n\u003Cli>\u003Ccode>shortcut_link\u003C\u002Fcode> – Customize the bookmarklet URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>History\u003C\u002Fh3>\n\u003Cp>WordPress, from the earliest days, included some way to bring in snippets from other websites for you to post on your own.\u003C\u002Fp>\n\u003Cp>The original “Press It” was removed from WordPress 2.5 and a new “Press This” added in 2.6. It existed pretty much unchanged until WordPress 4.2, which completely refreshed Press This.\u003C\u002Fp>\n\u003Cp>In WordPress 4.9, Press This was spun out to a “canonical plugin” — an official plugin from WordPress.org so sites who wanted to use it could, but streamline more niche functionality out of Core. This was previously done with the Importers.\u003C\u002Fp>\n\u003Cp>In version 2.0, Press This was modernized to use the Gutenberg block editor, bringing it in line with the modern WordPress editing experience while maintaining backward compatibility with existing installations.\u003C\u002Fp>\n","Posting images, links, and cat gifs will never be the same.",6000,99041,74,25,"2026-02-23T19:02:00.000Z","6.7.5","6.9","7.4",[52,53,54,18,19],"bookmarklet","gutenberg","photo-post","https:\u002F\u002Fwordpress.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-this.2.0.1.zip",100,"2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":57,"downloaded":67,"rating":68,"num_ratings":28,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":15,"download_link":78,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":58},"bp-repost-activity","Re-post Activity for BuddyPress","1.4.1","Bunty","https:\u002F\u002Fprofiles.wordpress.org\u002Fbhargavbhandari90\u002F","\u003Cp>Sometimes people like an activity and they would like to post the same activity to their profile or group.\u003C\u002Fp>\n\u003Cp>This plugin will fulfill the requirement of re-posting any activity.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F-rstsmCYfxk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Compatible with\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>BuddyBoss\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to use?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Click on “Re-Post” button on any activity.\u003C\u002Fli>\n\u003Cli>Select where to post that activity and post it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>GitHub Repo\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FBhargavBhandari90\u002Fbp-repost-activity\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FBhargavBhandari90\u002Fbp-repost-activity\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Buy Me Coffee\u002FBeer\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbuymeacoffee.com\u002Fwpbunty\" rel=\"nofollow ugc\">https:\u002F\u002Fbuymeacoffee.com\u002Fwpbunty\u003C\u002Fa>\u003C\u002Fp>\n","Re-Post an Activity from activity stream. Re-post an activity to your group and personal activity.",6954,80,"2025-06-15T09:23:00.000Z","6.8.5","4.0","5.6",[74,75,17,76,77],"activity","buddyboss","re-post","share","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-repost-activity.1.4.1.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":57,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":15,"tags":93,"homepage":97,"download_link":98,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":58},"buddypress-like","BuddyPress Like","0.3.0","darrenmeehan","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarrenmeehan\u002F","\u003Cp>Gives users the ability to ‘like’ content across your BuddyPress enabled site.\u003C\u002Fp>\n","Gives users the ability to 'like' content across your BuddyPress enabled site.",76443,70,26,"2015-12-06T20:41:00.000Z","4.4.34","3.8",[17,94,18,95,96],"like","rate","thumbs","http:\u002F\u002Fdarrenmeehan.me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-like.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":57,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":15,"tags":113,"homepage":117,"download_link":118,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":58},"djd-site-post","DJD Site Post","0.9.3","djarzyna","https:\u002F\u002Fprofiles.wordpress.org\u002Fdjarzyna\u002F","\u003Cp>Add a (responsive) form to your site to write a post without having to go into the admin section. It allows for ‘anonymous’ or ‘guest’ posting (not logged in users). This makes DJD Site Post a perfect plugin for user generated content.\u003C\u002Fp>\n\u003Cp>After installation and activation you can display a form on your site via shortcode.\u003C\u002Fp>\n\u003Cp>DJD Site Post is translation ready. Languages already included: English and German.\u003C\u002Fp>\n\u003Cp>Now the plugin has a widget to include the form in a sidebar.\u003C\u002Fp>\n\u003Cp>Upcoming Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Edit or delete existing posts from front end.\u003C\u002Fli>\n\u003Cli>Some “skins” (css)\u003C\u002Fli>\n\u003Cli>Captcha for guest posts\u003C\u002Fli>\n\u003C\u002Ful>\n","Write and edit a post at the front end without leaving your site. Supports guest posts.",26659,98,20,"2014-02-24T10:21:00.000Z","3.6.1","3.3.1",[114,115,116,18,19],"front-end","frontend","insert-post","http:\u002F\u002Fwww.djdesign.de\u002Fdjd-site-post\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdjd-site-post.0.9.3.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":31,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":15,"tags":133,"homepage":137,"download_link":138,"security_score":139,"vuln_count":140,"unpatched_count":140,"last_vuln_date":141,"fetched_at":58},"woo-tumblog","WooTumblog","2.1.4","jeffikus","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeffikus\u002F","\u003Cp>Create a tumblr style blog using this plugin. Simply install the plugin, add the easy to use tags to your theme, and your blog will be transformed into a Tumblr-style blog.  Create posts direct from the WordPress dashboard, your iPhone, or the familiar WordPress interface.\u003C\u002Fp>\n","Create a tumblr style blog using this plugin.",90,65344,2,"2014-02-07T10:28:00.000Z","3.7.41","3.2.1",[134,18,20,135,136],"custom-taxonomy","tumblog","tumblr","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwoo-tumblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-tumblog.2.1.4.zip",64,1,"2025-04-02 00:00:00",{"attackSurface":143,"codeSignals":212,"taintFlows":264,"riskAssessment":340,"analyzedAt":352},{"hooks":144,"ajaxHandlers":208,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":13,"unprotectedCount":13},[145,151,156,160,164,168,170,174,178,182,186,190,194,197,201,205],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_print_styles-buddypress_page_bp-quiockpress","bpqp_admin_add_css_js","jet-quickpress-cssjs.php",9,{"type":152,"name":153,"callback":153,"file":154,"line":155},"filter","bp_quickpress_enqueue_url","jet-quickpress-templatetags.php",274,{"type":152,"name":157,"callback":158,"priority":11,"file":154,"line":159},"bp_located_template","bp_quickpress_filter_template",338,{"type":152,"name":157,"callback":161,"priority":11,"file":162,"line":163},"bp_quickpress_located_template","jet-quickpress.php",58,{"type":152,"name":165,"callback":166,"file":162,"line":167},"bp_quickpress_locate_js","bp_quickpress_load_template_files",73,{"type":152,"name":169,"callback":166,"file":162,"line":45},"bp_quickpress_locate_css",{"type":146,"name":171,"callback":172,"file":162,"line":173},"wp_head","bp_quickpress_head",104,{"type":146,"name":175,"callback":176,"file":162,"line":177},"wp_print_styles","bp_quickpress_css",105,{"type":146,"name":179,"callback":180,"file":162,"line":181},"wp_print_scripts","bp_quickpress_scripts",106,{"type":146,"name":183,"callback":184,"file":162,"line":185},"bp_quickpress_after_creation_form","bp_quickpress_capability",128,{"type":146,"name":187,"callback":188,"file":162,"line":189},"plugins_loaded","bp_quickpress_screen_save",358,{"type":146,"name":191,"callback":192,"file":162,"line":193},"bp_setup_nav","bp_quickpress_setup_nav",359,{"type":146,"name":187,"callback":195,"file":162,"line":196},"bp_quickpress_start",360,{"type":146,"name":198,"callback":199,"file":162,"line":200},"bp_init","bp_quickpress_screen_edit_a_post",361,{"type":146,"name":187,"callback":202,"priority":150,"file":203,"line":204},"quickpress_load_textdomain","jet-wp-quickpress.php",34,{"type":146,"name":198,"callback":206,"file":203,"line":207},"bp_quickpress_init",50,[],[],[],[],{"dangerousFunctions":213,"sqlUsage":219,"outputEscaping":221,"fileOperations":13,"externalRequests":13,"nonceChecks":140,"capabilityChecks":140,"bundledLibraries":263},[214],{"fn":215,"file":216,"line":217,"context":218},"create_function","jet-quickpress-classes.php",13,"array_walk_recursive($ordered_tree, create_function('&$v, $k, &$t', '$t->aFlat[] = $v;'), $objTmp);",{"prepared":129,"raw":13,"locations":220},[],{"escaped":129,"rawEcho":109,"locations":222},[223,226,228,230,232,233,235,237,239,241,243,245,247,250,252,253,255,258,260,261],{"file":154,"line":224,"context":225},12,"raw output",{"file":154,"line":227,"context":225},28,{"file":154,"line":229,"context":225},49,{"file":154,"line":231,"context":225},59,{"file":154,"line":177,"context":225},{"file":154,"line":234,"context":225},116,{"file":154,"line":236,"context":225},129,{"file":154,"line":238,"context":225},138,{"file":154,"line":240,"context":225},195,{"file":154,"line":242,"context":225},230,{"file":162,"line":244,"context":225},87,{"file":162,"line":246,"context":225},113,{"file":248,"line":249,"context":225},"theme\\quickpress\\create.php",53,{"file":248,"line":251,"context":225},55,{"file":248,"line":163,"context":225},{"file":248,"line":254,"context":225},60,{"file":256,"line":257,"context":225},"theme\\quickpress\\edit.php",54,{"file":256,"line":259,"context":225},56,{"file":256,"line":231,"context":225},{"file":256,"line":262,"context":225},61,[],[265,282,297,322,330],{"entryPoint":266,"graph":267,"unsanitizedCount":140,"severity":281},"bp_quickpress_creation_form (jet-quickpress-templatetags.php:40)",{"nodes":268,"edges":278},[269,273],{"id":270,"type":271,"label":272,"file":154,"line":231},"n0","source","$_REQUEST['blog_id']",{"id":274,"type":275,"label":276,"file":154,"line":231,"wp_function":277},"n1","sink","echo() [XSS]","echo",[279],{"from":270,"to":274,"sanitized":280},false,"medium",{"entryPoint":283,"graph":284,"unsanitizedCount":129,"severity":281},"bp_quickpress_edition_form (jet-quickpress-templatetags.php:96)",{"nodes":285,"edges":294},[286,289,290,292],{"id":270,"type":271,"label":287,"file":154,"line":288},"$_REQUEST",112,{"id":274,"type":275,"label":276,"file":154,"line":234,"wp_function":277},{"id":291,"type":271,"label":272,"file":154,"line":236},"n2",{"id":293,"type":275,"label":276,"file":154,"line":236,"wp_function":277},"n3",[295,296],{"from":270,"to":274,"sanitized":280},{"from":291,"to":293,"sanitized":280},{"entryPoint":298,"graph":299,"unsanitizedCount":321,"severity":281},"\u003Cjet-quickpress-templatetags> (jet-quickpress-templatetags.php:0)",{"nodes":300,"edges":316},[301,303,304,307,308,310,314],{"id":270,"type":271,"label":302,"file":154,"line":231},"$_REQUEST['blog_id'] (x2)",{"id":274,"type":275,"label":276,"file":154,"line":231,"wp_function":277},{"id":291,"type":271,"label":305,"file":154,"line":306},"$_GET (x2)",17,{"id":293,"type":275,"label":276,"file":154,"line":234,"wp_function":277},{"id":309,"type":271,"label":305,"file":154,"line":244},"n4",{"id":311,"type":312,"label":313,"file":154,"line":244},"n5","transform","→ bp_quickpress_categories()",{"id":315,"type":275,"label":276,"file":154,"line":242,"wp_function":277},"n6",[317,318,319,320],{"from":270,"to":274,"sanitized":280},{"from":291,"to":293,"sanitized":280},{"from":309,"to":311,"sanitized":280},{"from":311,"to":315,"sanitized":280},6,{"entryPoint":323,"graph":324,"unsanitizedCount":140,"severity":281},"bp_quickpress_head (jet-quickpress.php:79)",{"nodes":325,"edges":328},[326,327],{"id":270,"type":271,"label":272,"file":162,"line":244},{"id":274,"type":275,"label":276,"file":162,"line":244,"wp_function":277},[329],{"from":270,"to":274,"sanitized":280},{"entryPoint":331,"graph":332,"unsanitizedCount":13,"severity":339},"\u003Cjet-quickpress> (jet-quickpress.php:0)",{"nodes":333,"edges":336},[334,335],{"id":270,"type":271,"label":272,"file":162,"line":244},{"id":274,"type":275,"label":276,"file":162,"line":244,"wp_function":277},[337],{"from":270,"to":274,"sanitized":338},true,"low",{"summary":341,"deductions":342},"The \"jet-quickpress\" v2.2.5 plugin exhibits a generally good security posture with a zero-recorded CVE history and no known unpatched vulnerabilities. The static analysis reveals a minimal attack surface, with no unprotected AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests. The presence of a nonce check and a capability check also indicates an attempt to secure potential entry points, however limited they may be.\n\nDespite these strengths, several concerns warrant attention. The plugin utilizes the `create_function` which is deprecated and can be a source of security vulnerabilities if not handled with extreme care, particularly if user input is involved in its construction. Taint analysis reveals a significant number of flows with unsanitized paths, indicating a risk of input being processed without proper validation, which could lead to unexpected behavior or potential exploits if these paths are ever exposed. The low percentage of properly escaped output (9%) is a notable weakness, suggesting a high probability of cross-site scripting (XSS) vulnerabilities when user-supplied data is displayed.\n\nIn conclusion, while \"jet-quickpress\" v2.2.5 has a clean vulnerability history and a small attack surface, the internal code quality raises concerns. The heavy reliance on unsanitized paths in taint analysis and the poor output escaping practices present a tangible risk of XSS and other injection-like vulnerabilities, even if no direct exploits have been identified yet. Developers should prioritize sanitizing all input and properly escaping all output to mitigate these risks.",[343,346,349],{"reason":344,"points":345},"Unsanitized paths found in taint analysis",8,{"reason":347,"points":348},"Low percentage of properly escaped output",7,{"reason":350,"points":351},"Use of deprecated and potentially dangerous function",5,"2026-03-16T23:37:10.570Z",{"wat":354,"direct":363},{"assetPaths":355,"generatorPatterns":360,"scriptPaths":361,"versionParams":362},[356,357,358,359],"\u002Fwp-content\u002Fplugins\u002Fjet-quickpress\u002Fquickpress\u002F_inc\u002Fjs\u002FexpandableTree.js","\u002Fwp-content\u002Fplugins\u002Fjet-quickpress\u002Fquickpress\u002F_inc\u002Fjs\u002Fjquery-autocomplete\u002Fjquery.autocomplete.pack.js","\u002Fwp-content\u002Fplugins\u002Fjet-quickpress\u002Fquickpress\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fjet-quickpress\u002Fquickpress\u002F_inc\u002Fjs\u002Fjquery-autocomplete\u002Fjquery.autocomplete.css",[],[356,357],[],{"cssClasses":364,"htmlComments":365,"htmlAttributes":366,"restEndpoints":368,"jsGlobals":370,"shortcodeOutput":372},[20],[],[367],"data-tax",[369],"\u002Fwp-json\u002Fquickpress\u002Fv1\u002Fposts",[371],"quickpress_post",[]]