[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQLR3gDq6GCBsmUTTqpWjyUY0eQaKTuCv9pb0vwjeVI4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":52,"crawl_stats":33,"alternatives":60,"analysis":161,"fingerprints":211},"ketchup-shortcodes-pack","Ketchup Shortcodes","0.2.1","AyeCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fayecode\u002F","\u003Cp>A very simple plugin that creates five highly customisable shortcodes that can be used with any theme.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Available Shortcodes\u003C\u002Fp>\n\u003Cp>[spacer margin_top=”10px” margin_bottom=”10px”]\u003Cbr \u002F>\n— margin_top,margin_bottom are not required\u003C\u002Fp>\n\u003Cp>[fullwidth_background background_color=”#efefef” or background_url=”{image_url}”]…[\u002Ffullwidth_background]\u003Cbr \u002F>\n— Only for use with frontpage – full width\u003C\u002Fp>\n\u003Cp>[title_and_subtitle title=”title goes here” subtitle=”subtitle goes here”]\u003C\u002Fp>\n\u003Cp>[content_block block_title=”” block_css_class=”” block_text=”” block_text_color = “#000000″ block_button_css=”” block_button_text=”” block_button_link=”” block_image=”” block_button_color=””]\u003Cbr \u002F>\n— For general content blocks\u003C\u002Fp>\n\u003Cp>[blog_post post_id=”id” post_css_class=”” post_font_color=”#000000″ post_read_more=”read more text”]\u003Cbr \u002F>\n— You can get the id of a post from dashboard\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple plugin that creates a pack of shortcodes available for use with a theme.",400,36180,0,"2025-01-14T11:12:00.000Z","6.7.5","3.5.1","5.6",[19,20],"custom-shortcodes","shortcodes","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fketchup-shortcodes-pack.0.2.1.zip",91,2,"2025-01-24 00:00:00","2026-03-15T15:16:48.613Z",[28,43],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":6,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":42},"CVE-2025-24673","ketchup-shortcodes-authenticated-contributor-stored-cross-site-scripting","Ketchup Shortcodes \u003C= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.1.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-28 18:41:17",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F063345b7-040b-4576-8634-663eda9135fa?source=api-prod",5,{"id":44,"url_slug":45,"title":31,"description":46,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":6,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":47,"updated_date":48,"references":49,"days_to_patch":51},"CVE-2024-13590","ketchup-shortcodes-authenticated-contributor-stored-cross-site-scripting-2","The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","2025-01-21 14:55:31","2025-01-22 03:21:33",[50],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4d25e292-b62b-493e-976c-a5eb95505065?source=api-prod",1,{"slug":53,"display_name":7,"profile_url":8,"plugin_count":54,"total_installs":55,"avg_security_score":56,"avg_patch_time_days":57,"trust_score":58,"computed_at":59},"ayecode",13,2720,94,124,75,"2026-04-04T05:30:01.862Z",[61,83,100,117,138],{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":51,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":21,"tags":75,"homepage":80,"download_link":81,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":33,"fetched_at":26},"custom-shortcode-creator","Custom ShortCode Creator","2.0","swadeshswain","https:\u002F\u002Fprofiles.wordpress.org\u002Fswadeshswain\u002F","\u003Cp>1 .This plugin allows you to easily replicate redudant information\u002Fdata on different pages by defining them as shortcodes.\u003Cbr \u002F>\nRequiring no access for core php files, the plugin is secured and easy to use.\u003C\u002Fp>\n\u003Cp>2 . You can write php code inside the editor and generate shortcodes\u003C\u002Fp>\n","This Custom Shotcode Creator plugin allows you to quickly define custom shortcodes via admin dashboard without any hassle.",200,5412,100,"2015-12-12T04:36:00.000Z","4.4.34","4.0",[76,62,77,78,79],"create-custom-shortcodes","custome-post","post-content","shortcode","http:\u002F\u002Fwww.odrasoft.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-shortcode-creator.2.0.zip",85,{"slug":84,"name":85,"version":6,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":21,"download_link":99,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":33,"fetched_at":26},"custom-html-js-shortcodes-by-anwppro","Custom HTML & JS Shortcodes by AnWP.pro","anwppro","https:\u002F\u002Fprofiles.wordpress.org\u002Fanwppro\u002F","\u003Cp>Easily create custom HTML and Javascript shortcodes. Syntax highlighting and revisions support.\u003C\u002Fp>\n\u003Ch4>How to Use\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the \u003Cstrong>HTML Shortcodes\u003C\u002Fstrong> and click \u003Cstrong>Add new shortcode\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Add your HTML or JS code to the editor field. Publish shortcode.\u003C\u002Fli>\n\u003Cli>Copy ready-to-use shortcode (from \u003Cstrong>Shortcode\u003C\u002Fstrong> sidebar metabox or from \u003Cstrong>Shortcode\u003C\u002Fstrong> column in the admin list ) and paste it to your post or page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The plugin requires PHP version 5.4 or greater and WordPress 4.9 or greater.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creating custom html or js shortcodes as custom post types\u003C\u002Fli>\n\u003Cli>Inserting shortcode by id or title\u003C\u002Fli>\n\u003Cli>Syntax highlighting ( embed CodeMirror editor )\u003C\u002Fli>\n\u003Cli>Revisions support ( history of your shortcode )\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily create custom HTML and Javascript shortcodes. Syntax highlighting and revisions support.",10,1496,"2018-02-25T12:48:00.000Z","4.9.29","4.9","5.4",[19,97,98,20],"raw-html","short-code","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-html-js-shortcodes-by-anwppro.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":13,"downloaded":108,"rating":13,"num_ratings":13,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":21,"download_link":116,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":33,"fetched_at":26},"effortless-shortcode-insertion","Effortless Shortcode Insertion","1.0.20","domclic","https:\u002F\u002Fprofiles.wordpress.org\u002Fdomclic\u002F","\u003Cp>Effortless Shortcode Insertion is a lightweight WordPress plugin that allows you to create, manage, and insert custom shortcodes with ease. It includes a set of built-in shortcodes for common dynamic content and provides an intuitive interface to add your own.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Built-in shortcodes for current URL, page title, site info, user data, and more.\nAdd custom shortcodes via an admin interface.\nImport\u002Fexport shortcodes for easy migration.\nSecure and sanitized inputs to ensure safety.\nTranslation-ready with support for multiple languages.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>For support, please visit domclic.com or contact the author at daviddeflache@domclic.com.\u003C\u002Fp>\n","Easily manage and insert custom shortcodes in WordPress to display dynamic content.",471,"2025-11-07T01:28:00.000Z","6.8.5","5.0","7.0",[114,19,20,115],"content-management","wordpress-shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feffortless-shortcode-insertion.1.0.20.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":21,"tags":132,"homepage":136,"download_link":137,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":33,"fetched_at":26},"column-shortcodes","Column Shortcodes","1.0.1","Tobias Schutter","https:\u002F\u002Fprofiles.wordpress.org\u002Ftschutter\u002F","\u003Cp>Adds shortcodes to easily create columns in your posts or pages.\u003C\u002Fp>\n\u003Cp>Sometimes you just need to divide your page into different columns. With this plugin you just select a column shortcode and it will add the column to the page. You can also change the padding of each individual column from the UI.\u003C\u002Fp>\n\u003Cp>There are 10 different column widths available from which you can make all combinations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>full width (1\u002F1)\u003C\u002Fli>\n\u003Cli>half (1\u002F2)\u003C\u002Fli>\n\u003Cli>one third (1\u002F3)\u003C\u002Fli>\n\u003Cli>two third (2\u002F3)\u003C\u002Fli>\n\u003Cli>one fourth (1\u002F4)\u003C\u002Fli>\n\u003Cli>three fourth (3\u002F4)\u003C\u002Fli>\n\u003Cli>one fifth (1\u002F5)\u003C\u002Fli>\n\u003Cli>two fifth (2\u002F5)\u003C\u002Fli>\n\u003Cli>three fifth (3\u002F5)\u003C\u002Fli>\n\u003Cli>four fifth (4\u002F5)\u003C\u002Fli>\n\u003Cli>one sixth (1\u002F6)\u003C\u002Fli>\n\u003Cli>five sixth (5\u002F6)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A preset stylesheet is included, which you can also overwrite to you liking in your theme’s stylesheet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Links:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>http:\u002F\u002Fwww.codepresshq.com\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds shortcodes to easily create columns in your posts or pages.",60000,893481,96,134,"2022-10-11T12:57:00.000Z","6.0.11","4.8",[133,134,135,79,20],"column","columns","divider","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcolumn-shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcolumn-shortcodes.1.0.1.zip",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":146,"downloaded":147,"rating":71,"num_ratings":51,"last_updated":148,"tested_up_to":149,"requires_at_least":150,"requires_php":151,"tags":152,"homepage":156,"download_link":157,"security_score":158,"vuln_count":159,"unpatched_count":13,"last_vuln_date":160,"fetched_at":26},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,"2025-12-04T08:12:00.000Z","6.5.8","4.7","5.4.0",[153,154,20,155],"custom-post-types","elementor-widgets","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,"2026-02-18 15:32:44",{"attackSurface":162,"codeSignals":194,"taintFlows":201,"riskAssessment":202,"analyzedAt":210},{"hooks":163,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":193,"entryPointCount":42,"unprotectedCount":13},[164],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","init","ketchup_shortcodes_register","ketchup-shortcodes.php",25,[],[],[173,177,181,185,189],{"tag":174,"callback":175,"file":168,"line":176},"spacer","ketchup_spacer_shortcode",19,{"tag":178,"callback":179,"file":168,"line":180},"fullwidth_background","ketchup_fullwidth_background_shortcode",20,{"tag":182,"callback":183,"file":168,"line":184},"title_and_subtitle","ketchup_titles_shortcode",21,{"tag":186,"callback":187,"file":168,"line":188},"content_block","ketchup_content_block_shortcode",22,{"tag":190,"callback":191,"file":168,"line":192},"blog_post","ketchup_blog_post_shortcode",23,[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[],{"prepared":13,"raw":13,"locations":197},[],{"escaped":188,"rawEcho":13,"locations":199},[],[],[],{"summary":203,"deductions":204},"The static analysis of 'ketchup-shortcodes-pack' v0.2.1 indicates a generally good security posture regarding code implementation. There are no identified dangerous functions, all SQL queries use prepared statements, and all output is properly escaped. The absence of file operations and external HTTP requests also contributes positively to its security. However, the lack of nonce checks and capability checks on the five identified shortcodes presents a significant concern, as these are common entry points for attacks. While the total number of entry points is low, their unprotected nature is a weakness.\n\nThe vulnerability history reveals two past medium-severity vulnerabilities, both related to Cross-site Scripting (XSS). Although there are currently no unpatched vulnerabilities, the historical pattern of XSS issues suggests that user-supplied input within shortcodes may not always be handled with sufficient sanitization, even though the static analysis reported no taint flows. The last recorded vulnerability was very recent (2025-01-24), highlighting the ongoing need for vigilance.\n\nIn conclusion, while the plugin demonstrates good coding practices in areas like SQL and output escaping, the lack of robust access control on its shortcodes is a notable weakness. The history of XSS vulnerabilities further reinforces the potential risk associated with these entry points, suggesting that despite the static analysis reporting no taint flows, careful review of how shortcodes process and display user-provided data is crucial.",[205,208],{"reason":206,"points":207},"Shortcodes lack nonce and capability checks",15,{"reason":209,"points":90},"History of XSS vulnerabilities (medium severity)","2026-03-16T19:44:41.981Z",{"wat":212,"direct":221},{"assetPaths":213,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[214,215],"\u002Fwp-content\u002Fplugins\u002Fketchup-shortcodes-pack\u002Fcss\u002Fketchup-shortcodes.css","\u002Fwp-content\u002Fplugins\u002Fketchup-shortcodes-pack\u002Fjs\u002Fketchup-shortcodes.js",[],[215],[219,220],"ketchup-shortcodes-pack\u002Fcss\u002Fketchup-shortcodes.css?ver=","ketchup-shortcodes-pack\u002Fjs\u002Fketchup-shortcodes.js?ver=",{"cssClasses":222,"htmlComments":229,"htmlAttributes":230,"restEndpoints":231,"jsGlobals":232,"shortcodeOutput":233},[223,224,225,226,227,228],"ketchup_spacer","ketchup_fullwidth_bg","ketchup_section_title","ketchup_section_subtitle","ketchup_block_content","ketchup_blog_post",[],[223,224,225,226,227,228],[],[],[234,235,236,237,238,239,240,241,242],"\u003Cdiv class=\"ketchup_spacer\"","\u003Cdiv class=\"ketchup_fullwidth_bg\"","\u003Cdiv class=\"container\">","\u003Ch1 class=\"ketchup_section_title\">","\u003Ch4 class=\"ketchup_section_subtitle\">","\u003Cdiv class=\"ketchup_block_content","\u003Cimg class=\"img-responsive\"","\u003Cdiv class=\"ketchup_blog_post","\u003Cdiv class=\"no-posts\">No posts with this ID found\u003C\u002Fdiv>"]