[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fht12kCAQEIFUnfEX5i6Tz0OgO4jtJWlVblfz1L4OT5M":3,"$fvu9GfQt5BIDIk7-4w6YKVlzHeHujSrE8jFuOezlaYzE":285,"$fxTkT4P9hlmECOpkd0NyI5yaK7EFH1VVAJVihx3vEMc4":290},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":141,"fingerprints":266},"jquery-hover-footnotes","jQuery Hover Footnotes","1.4","Lance","https:\u002F\u002Fprofiles.wordpress.org\u002Fweaverlancegmailcom\u002F","\u003Cp>JQuery Hover Footnotes lets you add footnotes with qualifiers of you’re choosing, then dynamically displays them on hover-over. So you can easily add footnotes to a post by wrapping them in qualifiers, then they will dynamically display in a jQuery hover popup when the user mouses-over the footnote link.  There is also a settings page where you can change options like the footnote formatting.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>-Numbers, Words, or ANSI characters can be used as footnote reference marks\u003Cbr \u002F>\n-Footnotes can be superscript, subscript, or normal text\u003Cbr \u002F>\n-Footnotes can be placed in page footer or hidden\u003Cbr \u002F>\n-Popup\u002FHover footnote can be turned on and off.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To anchor the footnote reference mark\u002Fnumber, use {{FOOTNOTE_NUMBER}}. Then just embrace the actual footnote text with double brackets [[FOOTNOTE_NUMBER]] Footnote text [[FOOTNOTE_NUMBER]]. The footnote text can be placed either inline or at the bottom of the post, the plugin will find them and auto place them in the footer area.\u003C\u002Fp>\n\u003Cp>So this is what you would write in the post window…\u003C\u002Fp>\n\u003Cp>This is my post and I want to add a footnote{{1}} in the text. By default it will appear as a superscript.\u003C\u002Fp>\n\u003Cp>[[1]] My Footnote. [[1]]\u003C\u002Fp>\n\u003Cp>see the plugin webpage or the screenshots for examples.\u003C\u002Fp>\n\u003Cp>visit the sites page \u003Ca href='http:\u002F\u002Frestoredisrael.org\u002Fblog\u002F961\u002Ffootnote-plugin-test-page\u002F' rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin is a fork and combination of several other plugins.\u003C\u002Fp>\n\u003Cp>PHP-\u003Cbr \u002F>\nstratos at \u003Ca href='http:\u002F\u002Fwww.stratos.me\u002Fwp-plugins\u002Fyafootnotes\u002F' rel=\"nofollow ugc\">YaFootnotes\u003C\u002Fa> and \u003Ca href='http:\u002F\u002Fanxietypanichealth.com\u002F' rel=\"nofollow ugc\">Mike Nichols\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>Developed by Lance Weaver.\u003Cbr \u002F>\nTo contact, leave a comment on the plugin \u003Ca href='http:\u002F\u002Frestoredisrael.org\u002Fblog\u002F961\u002Ffootnote-plugin-test-page\u002F' rel=\"nofollow ugc\">website\u003C\u002Fa>\u003C\u002Fp>\n","JQuery Hover Footnotes lets you add footnotes with qualifiers of you're choosing, then dynamically displays them on hover-over.",100,9133,86,4,"2011-02-23T17:52:00.000Z","3.0.5","2.8","",[20,21,22,23],"footnotes","hover","jquery","popup","http:\u002F\u002Frestoredisrael.org\u002Fblog\u002F961\u002Ffootnote-plugin-test-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjquery-hover-footnotes.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"weaverlancegmailcom",1,30,84,"2026-05-20T06:02:22.682Z",[39,60,80,101,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":58,"download_link":59,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"easy-footnotes","Easy Footnotes","1.1.13","Jason Yingling","https:\u002F\u002Fprofiles.wordpress.org\u002Fyingling017\u002F","\u003Cp>Easy Footnotes lets you add footnotes throughout your WordPress posts by using the shortcode [efn_note]Footnote content.[\u002Fefn_note]. Easy Footnotes will automatically add the number of the footnote where the shortcode was entered and add the full footnote text to the bottom of your post in an ordered list with a corresponding number.\u003C\u002Fp>\n\u003Cp>Hovering the footnote label will show the user the full text of the footnote using the jQuery Qtip2 plugin. Clicking on the footnote label will take the user down the page to the corresponding footnote at the bottom of the WordPress post. Each footnote at the bottom of the post has a icon that can be clicked to return to that particular footnote within the post copy.\u003C\u002Fp>\n\u003Cp>That’s all it takes to start adding footnotes to your WordPress blog!\u003C\u002Fp>\n","Easy Footnotes lets you quickly and easily add footnotes throughout your WordPress posts using a simple shortcode in the text editor.",8000,150233,96,33,"2025-07-07T17:31:00.000Z","6.8.5","3.0.1",[55,20,21,56,57],"blogging","read","tooltips","https:\u002F\u002Fjasonyingling.me\u002Feasy-footnotes-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-footnotes.1.1.13.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":52,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":78,"download_link":79,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"alligator-popup","Alligator Popup","2.0.0","cubecolour","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumeeja\u002F","\u003Cp>This plugin allows you to enter a shortcode to add links to pages\u002Fposts which will be opened in a popup window. The only options in Alligator popup are entered in the shortcode, so there is no admin page for this plugin.\u003C\u002Fp>\n\u003Ch4>Shortcode:\u003C\u002Fh4>\n\u003Cp>Add a popup shortcode where you would like a link to appear within your post or page text. The shortcode has parameters for url, height and width and should be in the format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[popup url=\"https:\u002F\u002Fcubecolour.co.uk\u002Fwp\" height=\"300\" width=\"300\" scrollbars=\"yes\" alt=\"popup\"]Link Text[\u002Fpopup]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Include your own Link Text and values for the url the width & height of the popup, and the alt text fot the link.\u003C\u002Fp>\n\u003Cp>If no values are entered for the alt text and the height and width, defaults of 400px are used for the width & height of the popup window.\u003C\u002Fp>\n\u003Cp>Scrollbars are enabled by default and will show if the scrollbars parameter is not added to the shortcode. If you do not want scrollbars on your popup window, add the scrollbars parameter with the value “no” to the shortcode: \u003Ccode>scrollbars=\"no\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>If no value is entered for the alt text, an empty alt tag will be used in the link.\u003C\u002Fp>\n\u003Ch4>HTML Link:\u003C\u002Fh4>\n\u003Cp>Instead of using the shortcode you can include your link in the format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"https:\u002F\u002Fcubecolour.co.uk\u002Fwp\" class=\"popup\" data-height=\"300\" data-width=\"300\" data-scrollbars=\"0\" alt=\"my link text\">Link Text\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This might be useful in a text widget, or you can build the link in a template file of your theme.\u003C\u002Fp>\n\u003Ch4>Note:\u003C\u002Fh4>\n\u003Cp>If you are using any other plugin (or a theme) that uses a shortcode with the name ‘popup’, you will not be able to use this plugin. This is not because of any shortcoming in this plugin, but because shortcodes such as those to create popup links should always be implemented in a plugin not a theme.\u003C\u002Fp>\n\u003Cp>On mobile devices such as iPads which don’t use browser windows, the link will open in a new tab.\u003C\u002Fp>\n\u003Cp>This plugin was written in response to a post by a WordPress.org forum user who promised to wrestle an alligator if his problem with creating popups was solved.\u003C\u002Fp>\n","Add popups to your site. Add links to pages\u002Fposts via a shortcode which will be opened in a popup browser window.",2000,72027,98,45,"2025-06-23T09:51:00.000Z","4.9",[22,23,75,76,77],"popup-window","popups","shortcode","http:\u002F\u002Fcubecolour.co.uk\u002Falligator-popup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falligator-popup.2.0.0.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":52,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":99,"download_link":100,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"easy-lightbox-wp","Easy Lightbox – Image, Gallery and Video Lightbox for WordPress","1.1.3","ShapedPlugin LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fshapedplugin\u002F","\u003Cp>Easy Lightbox is an Image, Gallery and Video Lightbox plugin for WordPress. This plugin will enable a smooth Lightbox in your WordPress website.\u003C\u002Fp>\n\u003Cp>You can add Lightbox functionality in images, gallery, and videos very easily.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% Responsive.\u003C\u002Fli>\n\u003Cli>Image, Gallery, and Video Lightbox.\u003C\u002Fli>\n\u003Cli>Auto Lightbox for Gallery.\u003C\u002Fli>\n\u003Cli>Touch-swipe Supported.\u003C\u002Fli>\n\u003Cli>Minimalist & Lightweight.\u003C\u002Fli>\n\u003Cli>All Major Browsers Supported.\u003C\u002Fli>\n\u003Cli>Easy to Configure and Use.\u003C\u002Fli>\n\u003Cli>Friendly Support.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy Lightbox is an Image, Gallery and Video Lightbox plugin for WordPress. This plugin will enable a smooth Lightbox in your WordPress website.",1000,30291,76,10,"2025-09-28T13:22:00.000Z","4.0",[95,96,23,97,98],"jquery-lightbox","lightbox","popup-video","video-lightbox","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-lightbox-wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-lightbox-wp.1.1.3.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":11,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":18,"tags":115,"homepage":117,"download_link":118,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"mini-popup","Mini PopUp","1.2.3","IagoMelanias","https:\u002F\u002Fprofiles.wordpress.org\u002Fiagomelanias\u002F","\u003Cp>[ENGLISH ~ INGLÊS]\u003C\u002Fp>\n\u003Cp>This plugin has the functionality to show a popup where the readers will see a fan box of the Facebook. This will encourage your readers to like your fan page and will generate more fans to your blog.\u003C\u002Fp>\n\u003Cp>Some features of the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Completely free.\u003C\u002Fli>\n\u003Cli>Very installation simple.\u003C\u002Fli>\n\u003Cli>Smart display mode, which increases the conversion and the satisfaction of the visitors.\u003C\u002Fli>\n\u003Cli>Simple, clean and light code.\u003C\u002Fli>\n\u003Cli>Cookies to improve the user experience.\u003C\u002Fli>\n\u003Cli>Translated to portuguese and english.\u003C\u002Fli>\n\u003Cli>Customizable close button.\u003C\u002Fli>\n\u003Cli>Compatible with older browsers too.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[PORTUGUESE ~ PORTUGUÊS]\u003C\u002Fp>\n\u003Cp>Esse plugin tem a funcionalidade de mostrar uma popup onde os leitores verão a caixa de fans do Facebook. Isso incentivará os seus leitores a curtir a página do Facebook e gerar mais fans para seu blog.\u003C\u002Fp>\n\u003Cp>Algumas características do plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Completamente gratuito.\u003C\u002Fli>\n\u003Cli>Instalação muito simples.\u003C\u002Fli>\n\u003Cli>Modo de exibição inteligente, que aumenta a conversão e satisfação dos visitantes.\u003C\u002Fli>\n\u003Cli>Código simples, limpo e leve.\u003C\u002Fli>\n\u003Cli>Uso de Cookies para melhorar a experiência do leitor.\u003C\u002Fli>\n\u003Cli>Traduzido para português e inglês.\u003C\u002Fli>\n\u003Cli>Botão fechar personalizável.\u003C\u002Fli>\n\u003Cli>Compatível com navegadores mais antigos também.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>[ENGLISH ~ INGLÊS]\u003C\u002Fp>\n\u003Cp>This plugin was developed by Iago Melanias and Claudio Sanches.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin is licensed using GPL 2.0, you can read about the GLP 2.0 documentation \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\"\" rel=\"nofollow ugc\">clicking here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[PORTUGUESE ~ PORTUGUÊS]\u003C\u002Fp>\n\u003Cp>Esse plugin foi desenvolvido por Iago Melanias e Claudio Sanches.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>O plugin está licenciado em GPL 2.0, você pode ler a documentação GPL 2.0 \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\"\" rel=\"nofollow ugc\">clicando aqui\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Shows a popup to share your fanpage in your blog easily.",25792,90,6,"2020-08-10T23:05:00.000Z","5.5.18","3.0",[116,22,23],"facebook","http:\u002F\u002Frangecode.com\u002Fplugins\u002Fmini-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmini-popup.1.2.3.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":139,"download_link":140,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gravity-forms-popup-widget","Gravity Forms Popup Widget","0.8","Alex (Shurf) Frenkel","https:\u002F\u002Fprofiles.wordpress.org\u002Fsirshurf\u002F","\u003Cp>A widget to add Gravity Form in dialog popup, has an option to add a delay, a position, and an introduction page.\u003C\u002Fp>\n\u003Cp>From version 0.3 can be opted in\u002Fout to work ont he homepage.\u003Cbr \u002F>\nFrom version 0.5 you can use a button to open the popup.\u003Cbr \u002F>\nFrom version 0.6, added an option to show the popup only ones in X views (random generated) – Requested by .\u003C\u002Fp>\n\u003Ch4>Under the hood:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Built on Gravity Form 1.5.2, and uses it for working.\u003C\u002Fli>\n\u003Cli>jQuery UI added from WordPress itself\u003C\u002Fli>\n\u003Cli>Uses jQueryUI CSS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Enjoy using Gravity Form Popup Widget? Please consider \u003Ca href=\"http:\u002F\u002Falex.frenkel-online.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">making a small donation\u003C\u002Fa> to support the software’s continued development.\u003C\u002Fem>\u003C\u002Fp>\n","A widget to add Gravity Form in dialog popup, has an option to add a delay, a position, and an introduction page.",50,12921,20,2,"2014-01-31T22:16:00.000Z","3.7.41","3.2",[135,136,137,138,23],"dialog","gravity-forms","gravityforms","jqueryui","http:\u002F\u002Falex.frenkel-online.com\u002Fcategory\u002Fwordpress\u002Fplugin\u002Fgravity-forms-popup-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-forms-popup-widget.0.8.zip",{"attackSurface":142,"codeSignals":159,"taintFlows":175,"riskAssessment":252,"analyzedAt":265},{"hooks":143,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":27,"unprotectedCount":27},[144,150],{"type":145,"name":146,"callback":147,"priority":34,"file":148,"line":149},"filter","the_content","jqFootnotes","jqFootnotes.php",264,{"type":151,"name":152,"callback":153,"file":148,"line":154},"action","admin_menu","jqFootnotes_add_options",270,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":174},[],{"prepared":27,"raw":27,"locations":162},[],{"escaped":27,"rawEcho":14,"locations":164},[165,168,170,172],{"file":148,"line":166,"context":167},105,"raw output",{"file":148,"line":169,"context":167},106,{"file":148,"line":171,"context":167},118,{"file":148,"line":173,"context":167},128,[],[176,229],{"entryPoint":177,"graph":178,"unsanitizedCount":111,"severity":228},"jqFootnotes_options_subpanel (jqFootnotes.php:55)",{"nodes":179,"edges":220},[180,185,190,194,196,200,202,206,208,212,214,218],{"id":181,"type":182,"label":183,"file":148,"line":184},"n0","source","$_POST['jqfootnotes_anchor_open']",57,{"id":186,"type":187,"label":188,"file":148,"line":184,"wp_function":189},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":191,"type":182,"label":192,"file":148,"line":193},"n2","$_POST['jqfootnotes_anchor_close']",58,{"id":195,"type":187,"label":188,"file":148,"line":193,"wp_function":189},"n3",{"id":197,"type":182,"label":198,"file":148,"line":199},"n4","$_POST['jqfootnotes_title']",59,{"id":201,"type":187,"label":188,"file":148,"line":199,"wp_function":189},"n5",{"id":203,"type":182,"label":204,"file":148,"line":205},"n6","$_POST['jqfootnotes_backimg']",60,{"id":207,"type":187,"label":188,"file":148,"line":205,"wp_function":189},"n7",{"id":209,"type":182,"label":210,"file":148,"line":211},"n8","$_POST['jqfootnotes_hidefnlist']",61,{"id":213,"type":187,"label":188,"file":148,"line":211,"wp_function":189},"n9",{"id":215,"type":182,"label":216,"file":148,"line":217},"n10","$_POST['jqfootnotes_nohover']",62,{"id":219,"type":187,"label":188,"file":148,"line":217,"wp_function":189},"n11",[221,223,224,225,226,227],{"from":181,"to":186,"sanitized":222},false,{"from":191,"to":195,"sanitized":222},{"from":197,"to":201,"sanitized":222},{"from":203,"to":207,"sanitized":222},{"from":209,"to":213,"sanitized":222},{"from":215,"to":219,"sanitized":222},"low",{"entryPoint":230,"graph":231,"unsanitizedCount":111,"severity":228},"\u003CjqFootnotes> (jqFootnotes.php:0)",{"nodes":232,"edges":245},[233,234,235,236,237,238,239,240,241,242,243,244],{"id":181,"type":182,"label":183,"file":148,"line":184},{"id":186,"type":187,"label":188,"file":148,"line":184,"wp_function":189},{"id":191,"type":182,"label":192,"file":148,"line":193},{"id":195,"type":187,"label":188,"file":148,"line":193,"wp_function":189},{"id":197,"type":182,"label":198,"file":148,"line":199},{"id":201,"type":187,"label":188,"file":148,"line":199,"wp_function":189},{"id":203,"type":182,"label":204,"file":148,"line":205},{"id":207,"type":187,"label":188,"file":148,"line":205,"wp_function":189},{"id":209,"type":182,"label":210,"file":148,"line":211},{"id":213,"type":187,"label":188,"file":148,"line":211,"wp_function":189},{"id":215,"type":182,"label":216,"file":148,"line":217},{"id":219,"type":187,"label":188,"file":148,"line":217,"wp_function":189},[246,247,248,249,250,251],{"from":181,"to":186,"sanitized":222},{"from":191,"to":195,"sanitized":222},{"from":197,"to":201,"sanitized":222},{"from":203,"to":207,"sanitized":222},{"from":209,"to":213,"sanitized":222},{"from":215,"to":219,"sanitized":222},{"summary":253,"deductions":254},"The \"jquery-hover-footnotes\" v1.4 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no direct attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks.  Furthermore, all SQL queries are properly prepared, and there are no observed file operations or external HTTP requests, which are common vectors for vulnerabilities. The plugin also has no recorded vulnerability history (CVEs), suggesting a history of relatively secure development or minimal public scrutiny.\n\nHowever, significant concerns arise from the code analysis regarding output escaping.  100% of the identified output points are not properly escaped. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as malicious scripts could be injected into content displayed by the plugin.  While the taint analysis did not reveal critical or high severity issues, the presence of unsanitized paths in the taint flows, albeit without immediate exploitable consequences in this snapshot, coupled with the complete lack of output escaping, indicates a potential for developing exploitable conditions if user-supplied data is not handled with extreme care. The absence of nonce and capability checks, while not directly exploitable due to the lack of exposed entry points, points to a lack of robust security implementation practices.\n\nIn conclusion, while the plugin is strong in preventing direct entry point attacks and has a clean vulnerability history, the severe lack of output escaping is a critical weakness that exposes users to XSS attacks. The taint analysis also hints at potential underlying issues with data handling. This plugin requires immediate attention to address the output escaping vulnerabilities to mitigate the significant XSS risk.",[255,258,261,263],{"reason":256,"points":257},"All output points are not properly escaped",15,{"reason":259,"points":260},"Taint flows with unsanitized paths present",5,{"reason":262,"points":260},"No nonce checks implemented",{"reason":264,"points":260},"No capability checks implemented","2026-03-16T20:49:20.382Z",{"wat":267,"direct":276},{"assetPaths":268,"generatorPatterns":271,"scriptPaths":272,"versionParams":273},[269,270],"\u002Fwp-content\u002Fplugins\u002Fjquery-hover-footnotes\u002Fjqfoot.css","\u002Fwp-content\u002Fplugins\u002Fjquery-hover-footnotes\u002Fjqfoot.js",[],[270],[274,275],"jquery-hover-footnotes\u002Fjqfoot.css?ver=","jquery-hover-footnotes\u002Fjqfoot.js?ver=",{"cssClasses":277,"htmlComments":279,"htmlAttributes":280,"restEndpoints":282,"jsGlobals":283,"shortcodeOutput":284},[278],"jqFootnote",[],[281],"data-jqFootnote-content",[],[278],[],{"error":286,"url":287,"statusCode":288,"statusMessage":289,"message":289},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fjquery-hover-footnotes\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":34,"versions":291},[292],{"version":293,"download_url":294,"svn_tag_url":295,"released_at":28,"has_diff":222,"diff_files_changed":296,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":297,"is_current":222},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjquery-hover-footnotes.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fjquery-hover-footnotes\u002Ftags\u002F1.3\u002F",[],[]]