[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGE6Gy-c3GCtLLXZ3ag2AEwxa0Vp_6ABTBf1SL2nrsZU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":61,"crawl_stats":36,"alternatives":68,"analysis":160,"fingerprints":328},"jquery-news-ticker","Jquery news ticker","3.2","gopiplus@hotmail.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fgopiplushotmailcom\u002F","\u003Cp>Jquery news ticker plugin brings a lightweight, flexible and easy to configure news ticker plugin to wordpress website.\u003C\u002Fp>\n\u003Cp>Check official website for live demo \u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2013\u002F10\u002F03\u002Fjquery-news-ticker-wordpress-plugin\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2013\u002F10\u002F03\u002Fjquery-news-ticker-wordpress-plugin\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2013\u002F10\u002F03\u002Fjquery-news-ticker-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>   \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2013\u002F10\u002F03\u002Fjquery-news-ticker-wordpress-plugin\u002F\" rel=\"nofollow ugc\">More info\u003C\u002Fa>               \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2013\u002F10\u002F03\u002Fjquery-news-ticker-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Comments\u002FSuggestion\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Jquery news ticker plugin brings a lightweight, flexible and easy to configure news ticker plugin to wordpress website. This plugin adds scrolling horizontal tickers to your site. It can be use as a fade in fade out ticker too. You can enter your news via HTML mark-ups manually in the admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advantage of this plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lightweight JQuery\u003C\u002Fli>\n\u003Cli>Easy to configuration\u003C\u002Fli>\n\u003Cli>Multi-widget option\u003C\u002Fli>\n\u003Cli>Expiration date for the messages\u003C\u002Fli>\n\u003Cli>Plugin tested with IE6+, FF 20+, Chrome, Safari.\u003C\u002Fli>\n\u003Cli>Supports localization.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>French (fr_FR) – \u003Ca href=\"http:\u002F\u002Fpurehcgdietdrops.com\u002F\" rel=\"nofollow ugc\">Shannon Martin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Tamil (ta) – \u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002F\" rel=\"nofollow ugc\">Gopi Ramasamy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Polish (pl_PL) – \u003Ca href=\"https:\u002F\u002Fwww.couponmachine.in\u002F\" rel=\"nofollow ugc\">Abdul Sattar\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Jquery news ticker plugin brings a lightweight, flexible and easy to configure ticker plugin to site. This plugin adds scrolling horizontal tickers.",300,46518,90,8,"2023-12-16T15:15:00.000Z","6.4.8","3.6","",[20,21,22],"jquery","news","ticker","http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2013\u002F10\u002F03\u002Fjquery-news-ticker-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjquery-news-ticker.zip",84,2,0,"2023-12-16 00:00:00","2026-03-15T15:16:48.613Z",[31,46],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2023-5432","jquery-news-ticker-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Jquery news ticker \u003C= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=3.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd22d9414-2df9-4528-a426-dce6e83f8d44?source=api-prod",38,{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":36,"affected_versions":51,"patched_in_version":52,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":42,"references":58,"days_to_patch":60},"CVE-2023-5430","jquery-news-ticker-authenticated-subscriber-sql-injection-via-shortcode","Jquery news ticker \u003C= 3.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode","The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=3.0","3.1","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2023-10-30 00:00:00",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=api-prod",85,{"slug":62,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":63,"avg_security_score":64,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},"gopiplushotmailcom",3980,79,69,73,"2026-04-05T09:49:20.468Z",[69,92,112,128,145],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":13,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":18,"tags":83,"homepage":87,"download_link":88,"security_score":89,"vuln_count":90,"unpatched_count":27,"last_vuln_date":91,"fetched_at":29},"pj-news-ticker","PJ News Ticker","1.9.8","Primitiv Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolasmontigny\u002F","\u003Cp>\u003Cstrong>This plugin is now maintained by the developers at Primitiv Media\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PJ News Ticker is a small plugin that shows your most recent posts in a marquee style.\u003C\u002Fp>\n\u003Cp>You can embed the news ticker anywhere you like using shortcodes.\u003C\u002Fp>\n","PJ News Ticker is a small plugin that shows your most recent posts in a marquee style.",3000,77789,6,"2025-04-30T02:35:00.000Z","6.8.0","4.6",[4,84,85,86],"marquee","news-headlines","news-ticker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpj-news-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpj-news-ticker.zip",100,1,"2024-02-12 00:00:00",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":13,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":82,"requires_php":105,"tags":106,"homepage":109,"download_link":110,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":111,"fetched_at":29},"simple-posts-ticker","Simple Posts Ticker – Easy, Lightweight & Flexible","1.1.6","Sayan Datta","https:\u002F\u002Fprofiles.wordpress.org\u002Finfosatech\u002F","\u003Cp>The Simple Posts Ticker plugin brings a lightweight, flexible and easy way to configure news ticker plugin to WordPress website. This plugin adds scrolling horizontal posts tickers to your site. It can be use as shortcode or PHP codes. You can customize every setting of this plugin in the admin dashboard.\u003C\u002Fp>\n\u003Ch3>Advantages of this plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight jQuery.\u003C\u002Fli>\n\u003Cli>CSS Ticker Animation.\u003C\u002Fli>\n\u003Cli>Easy to configuration.\u003C\u002Fli>\n\u003Cli>Multi Post Support.\u003C\u002Fli>\n\u003Cli>Full RTL Support.\u003C\u002Fli>\n\u003Cli>Custom Post Types support.\u003C\u002Fli>\n\u003Cli>Select post by date\u002Fmodified date or randomly.\u003C\u002Fli>\n\u003Cli>Select posts by their category.\u003C\u002Fli>\n\u003Cli>Option to show a label before ticker.\u003C\u002Fli>\n\u003Cli>Option to customize all and everything.\u003C\u002Fli>\n\u003Cli>Supports localization.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Like Simple Posts Ticker plugin? Consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-posts-ticker\u002Freviews\u002F?rate=5#new-post\" rel=\"ugc\">5 star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Shortcode instructions\u003C\u002Fh3>\n\u003Cp>Using default settings: \u003Cstrong>[spt-posts-ticker]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can use some attributes to override the original settings. Please see plugin settings for detailed shortcode attributes.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with WordPress Version 4.6 and beyond and also compatible with any WordPress theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-posts-ticker\" rel=\"ugc\">support forums\u003C\u002Fa> at WordPress.org.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiamsayan\u002Fsimple-posts-ticker\u002F\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiamsayan\u002Fsimple-posts-ticker\u002F\" rel=\"nofollow ugc\">fork the project on GitHub\u003C\u002Fa> and submit your contributions via pull request.\u003C\u002Fli>\n\u003C\u002Ful>\n","The Simple Posts Ticker plugin is a small tool that shows your most recent posts in a marquee style.",2000,23059,22,"2023-09-02T06:45:00.000Z","6.3.8","5.6",[107,84,85,86,108],"jquery-posts-ticker","posts-ticker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-posts-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-posts-ticker.1.1.6.zip","2023-09-25 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":27,"num_ratings":27,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":126,"download_link":127,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"advance-news-ticker","Advance News Ticker","1.0","Md Abunaser Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoyelkhan\u002F","\u003Cp>This plugin help you to view the latest posts or page on your website.This plugin also have three type of animation such as Fade Effects, Slide Effects. You can also control and adjust color and animation \u003Cstrong>Admin Panel\u003C\u002Fstrong>. You can display it from all Post or specific Page and much more!\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Three type of animation.\u003C\u002Fli>\n\u003Cli>Display multi-functional data.\u003C\u002Fli>\n\u003Cli>Display from all, specific Post and Page.\u003C\u002Fli>\n\u003Cli>Exclude current News\u003C\u002Fli>\n\u003Cli>Control and adjust multi-color and animation Admin panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Viw by Shortcode\u003C\u002Fh3>\n\u003Col>\n\u003Cli>General Options\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cpre>[advance_newsticker_shortcode]\u003C\u002Fpre>\n\u003Col>\n\u003Cli>Ticker Form Page, Post and Title\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cpre>[advance_newsticker_shortcode title=\"News\" per_page_item=\"3\" post_type=\"post\"]\u003C\u002Fpre>\n\u003Col>\n\u003Cli>Ticker Effects Options\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Available Ticker Effects Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre> {Fade, Slide Left, Slide Right, Slide Down, Slide Up }\u003C\u002Fpre>\n\u003Cpre>[advance_newsticker_shortcode effect_type=\"fade\"]\u003C\u002Fpre>\n","Provides flexible and advance news ticker. Display it via shortcode and more.",10,1619,"2018-07-09T05:22:00.000Z","4.9.29","4.0",[113,4,84,86,22],"http:\u002F\u002Fplugins.dhakaambulance.com\u002Fadvance-news-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvance-news-ticker.zip",{"slug":129,"name":130,"version":115,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":120,"downloaded":135,"rating":27,"num_ratings":27,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":18,"tags":139,"homepage":143,"download_link":144,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"bytecoder-news-ticker","Bytecoder News Ticker","Sayfur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsayfur-rahman\u002F","\u003Cp>This plugin will enable your post as news ticker in your wordpress theme. You can embed news ticker via shortcode in everywhere you want, even in theme files.\u003C\u002Fp>\n\u003Cp>Wanna see how it works? Click here: http:\u002F\u002Fbytecoder.info\u002Fplugin\u002F?page_id=1715\u003C\u002Fp>\n","Bytecoder News Ticker is an awesome, super lightweight plugin for your wordpress website.",1652,"2014-10-04T04:58:00.000Z","4.0.38","3.0.1",[140,141,85,86,142],"headlines","jquery-effect","type-effect-jquery-news-ticker","http:\u002F\u002Fbytecoder.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbytecoder-news-ticker.zip",{"slug":146,"name":147,"version":115,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":120,"downloaded":152,"rating":153,"num_ratings":26,"last_updated":154,"tested_up_to":155,"requires_at_least":138,"requires_php":18,"tags":156,"homepage":158,"download_link":159,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"lazy-news-ticker","Lazy News Ticker","raselahmed7","https:\u002F\u002Fprofiles.wordpress.org\u002Fraselahmed7\u002F","\u003Cp>This plugin will enable news ticker in your wordpress theme. You can embed news ticker via shortcode in everywhere you want, even in theme files.\u003C\u002Fp>\n\u003Cp>Wanna see how it works? Click here: http:\u002F\u002Flazypersons.com\u002Fplugins\u002Flazy-news-ticker\u002F\u003C\u002Fp>\n","Lazy News Ticker is an awesome, super lightweight plugin for your wordpress website.",2431,60,"2014-05-07T13:59:00.000Z","3.9.40",[140,157,85,86,142],"jquery-type-effect","http:\u002F\u002Flazypersons.com\u002Fplugins\u002Flazy-news-ticker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-news-ticker.zip",{"attackSurface":161,"codeSignals":192,"taintFlows":289,"riskAssessment":316,"analyzedAt":327},{"hooks":162,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":191,"entryPointCount":90,"unprotectedCount":27},[163,169,173,177,181],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","admin_menu","Jntp_add_to_menu","jquery-news-ticker.php",220,{"type":164,"name":170,"callback":171,"file":167,"line":172},"plugins_loaded","Jntp_textdomain",396,{"type":164,"name":174,"callback":175,"file":167,"line":176},"wp_enqueue_scripts","Jntp_add_javascript_files",398,{"type":164,"name":178,"callback":179,"file":167,"line":180},"widgets_init","Jntp_widget_loading",401,{"type":164,"name":182,"callback":183,"file":167,"line":184},"admin_enqueue_scripts","Jntp_adminscripts",402,[],[],[188],{"tag":4,"callback":189,"file":167,"line":190},"Jntp_shortcode",397,[],{"dangerousFunctions":193,"sqlUsage":194,"outputEscaping":201,"fileOperations":27,"externalRequests":27,"nonceChecks":79,"capabilityChecks":27,"bundledLibraries":288},[],{"prepared":195,"raw":90,"locations":196},16,[197],{"file":198,"line":199,"context":200},"uninstall.php",13,"$wpdb->query() with variable interpolation",{"escaped":102,"rawEcho":202,"locations":203},45,[204,207,209,211,213,215,217,219,220,221,223,225,226,227,229,231,232,234,236,237,239,241,242,243,245,247,248,251,253,255,258,260,262,264,266,268,270,273,274,276,278,280,282,284,286],{"file":167,"line":205,"context":206},43,"raw output",{"file":167,"line":208,"context":206},253,{"file":167,"line":210,"context":206},256,{"file":167,"line":212,"context":206},265,{"file":167,"line":214,"context":206},268,{"file":167,"line":216,"context":206},304,{"file":167,"line":218,"context":206},305,{"file":167,"line":218,"context":206},{"file":167,"line":218,"context":206},{"file":167,"line":222,"context":206},308,{"file":167,"line":224,"context":206},309,{"file":167,"line":224,"context":206},{"file":167,"line":224,"context":206},{"file":167,"line":228,"context":206},312,{"file":167,"line":230,"context":206},313,{"file":167,"line":230,"context":206},{"file":167,"line":233,"context":206},319,{"file":167,"line":235,"context":206},320,{"file":167,"line":235,"context":206},{"file":167,"line":238,"context":206},326,{"file":167,"line":240,"context":206},327,{"file":167,"line":240,"context":206},{"file":167,"line":240,"context":206},{"file":167,"line":244,"context":206},330,{"file":167,"line":246,"context":206},331,{"file":167,"line":246,"context":206},{"file":249,"line":250,"context":206},"pages\\content-management-add.php",112,{"file":249,"line":252,"context":206},120,{"file":249,"line":254,"context":206},178,{"file":256,"line":257,"context":206},"pages\\content-management-edit.php",135,{"file":256,"line":259,"context":206},143,{"file":256,"line":261,"context":206},159,{"file":256,"line":263,"context":206},163,{"file":256,"line":265,"context":206},190,{"file":256,"line":267,"context":206},193,{"file":256,"line":269,"context":206},201,{"file":271,"line":272,"context":206},"pages\\content-management-show.php",42,{"file":271,"line":60,"context":206},{"file":271,"line":275,"context":206},87,{"file":271,"line":277,"context":206},88,{"file":271,"line":279,"context":206},91,{"file":271,"line":281,"context":206},92,{"file":271,"line":283,"context":206},93,{"file":271,"line":285,"context":206},94,{"file":271,"line":287,"context":206},109,[],[290],{"entryPoint":291,"graph":292,"unsanitizedCount":27,"severity":315},"\u003Ccontent-management-show> (pages\\content-management-show.php:0)",{"nodes":293,"edges":311},[294,298,304,306],{"id":295,"type":296,"label":297,"file":271,"line":79},"n0","source","$_GET",{"id":299,"type":300,"label":301,"file":271,"line":302,"wp_function":303},"n1","sink","query() [SQLi]",33,"query",{"id":305,"type":296,"label":297,"file":271,"line":79},"n2",{"id":307,"type":300,"label":308,"file":271,"line":309,"wp_function":310},"n3","get_results() [SQLi]",54,"get_results",[312,314],{"from":295,"to":299,"sanitized":313},true,{"from":305,"to":307,"sanitized":313},"low",{"summary":317,"deductions":318},"The jquery-news-ticker plugin version 3.2 presents a mixed security posture. On the positive side, the static analysis reveals a small attack surface with only one shortcode as an entry point, and importantly, no unprotected entry points were identified. The plugin also demonstrates good practices by utilizing prepared statements for the vast majority of its SQL queries and employing nonce checks for its functions. There are no file operations or external HTTP requests, which are also positive security indicators.\n\nHowever, significant concerns arise from the output escaping. With only 33% of outputs properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This aligns with the plugin's vulnerability history, which shows a past CVE related to XSS. The presence of past SQL injection vulnerabilities, although currently patched according to the history, also warrants caution, especially given the numerous SQL queries present. The historical pattern of these common vulnerability types suggests potential for insecure handling of user-supplied data.\n\nIn conclusion, while the plugin has improved in some areas like SQL query sanitization and attack surface management, the low rate of output escaping is a critical weakness. This, combined with its history of XSS and SQL injection vulnerabilities, indicates a potential for exploitation if not diligently maintained and updated. Users should be particularly wary of this aspect of the plugin's security.",[319,322,324],{"reason":320,"points":321},"Low rate of output escaping (33%)",15,{"reason":323,"points":120},"History of High severity CVEs (XSS, SQLi)",{"reason":325,"points":326},"Past vulnerability (2023-12-16)",5,"2026-03-16T19:57:33.234Z",{"wat":329,"direct":336},{"assetPaths":330,"generatorPatterns":333,"scriptPaths":334,"versionParams":335},[331,332],"\u002Fwp-content\u002Fplugins\u002Fjquery-news-ticker\u002Finc\u002Fjquery-news-ticker.css","\u002Fwp-content\u002Fplugins\u002Fjquery-news-ticker\u002Finc\u002Fjquery-news-ticker.js",[],[332],[],{"cssClasses":337,"htmlComments":342,"htmlAttributes":343,"restEndpoints":351,"jsGlobals":352,"shortcodeOutput":354},[338,339,340,341],"gticker-news1","gticker-news2","gticker-hidden","gticker-item",[],[344,345,346,347,348,349,350],"data-direction","data-type","data-pause","data-speed","data-group","data-titletext","data-title",[],[353],"jQuery",[355,356],"\u003Cul id=\"gticker-news","class=\"gticker-item\">\u003Ca href=\""]