[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feQ0NnL0pPmUtbg1WvPsFGSxKiXdK7iRe6MYI7Tu0A4k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":57,"crawl_stats":37,"alternatives":64,"analysis":164,"fingerprints":279},"lenix-scss-compiler","Lenix scss compiler","1.2","yonifre","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonifre\u002F","\u003Cp>A useful plugin for developers writing SCSS.\u003Cbr \u002F>\nThe plugin allows you to write SCSS directly on the server (via FTP) without the need for a local compiler.\u003C\u002Fp>\n\u003Cp>How It Works?\u003C\u002Fp>\n\u003Cp>Choose a source folder for SCSS and a target folder for CSS.\u003Cbr \u002F>\nWrite the SCSS code in the file on the source folder, and it automatically creates a CSS file in the target folder.\u003C\u002Fp>\n\u003Cp>What’s included?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option for multiple source and destination folders.\u003C\u002Fli>\n\u003Cli>Allows you to set a folder in the entire wp-content space.\u003C\u002Fli>\n\u003Cli>Performance – only when one of the source files change – it re-compiling itself.\u003C\u002Fli>\n\u003Cli>After development  you can turn off \u002F delete the plugin without fear, and all the files are stay where they were.\u003C\u002Fli>\n\u003Cli>Allows you to develop a theme and plugin at the same time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>source: themes\u002Fyour-theme\u002Fassets\u002Fscss\u002Fstyle.scss\u003C\u002Fp>\n\u003Cpre>\nbody {\n    color: black;\n    .main {\n        background: red;\n    }\n}\n\u003C\u002Fpre>\n\u003Cp>target: themes\u002Fyour-theme\u002Fassets\u002Fcss\u002Fstyle.css\u003C\u002Fp>\n\u003Cpre>\nbody {\n    color: black;\n}\n\nbody .main {\n    background: red;\n}\n\u003C\u002Fpre>\n\u003Cp>— pay attention!\u003Cbr \u002F>\nIf the file already exists in the destination folder – it will be overwritten by the SCSS file\u003C\u002Fp>\n","An excellent way to write Scss in wordpress",800,5799,100,3,"2022-05-21T04:48:00.000Z","5.9.13","3.8","",[20,21,22,23,24],"compiler","css","local-compiler","sass","scss","https:\u002F\u002Flenix.co.il\u002Fplugin\u002Flenix-scss-compiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flenix-scss-compiler.zip",42,2,"2025-09-26 00:00:00","2026-03-15T15:16:48.613Z",[32,46],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-60144","lenix-scss-compiler-authenticated-administrator-stored-cross-site-scripting","Lenix scss compiler \u003C= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Lenix scss compiler plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-29 21:14:44",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F01a70f60-9207-48a9-9ba2-7a29813fa934?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":51,"cvss_vector":52,"vuln_type":53,"published_date":29,"updated_date":54,"references":55,"days_to_patch":37},"CVE-2025-60145","lenix-scss-compiler-cross-site-request-forgery","Lenix scss compiler \u003C= 1.2 - Cross-Site Request Forgery","The Lenix scss compiler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-29 21:14:32",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4f36e9b9-ef90-4169-ba71-e3b3b29a6a42?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":58,"total_installs":59,"avg_security_score":60,"avg_patch_time_days":61,"trust_score":62,"computed_at":63},6,41410,83,85,76,"2026-04-04T16:15:59.647Z",[65,87,107,127,149],{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":28,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":84,"download_link":85,"security_score":13,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"sass-to-css-compiler","Sass To CSS Compiler","2.0.6","Sajjad Hossain Sagor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjad67\u002F","\u003Cp>Compile Sass (.scss) files to css files on runtime. No need to compile it on local & upload it online… Now you can compile your direct scss source code into css code easily with a minute…\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Toggle Compilation On or Off Anytime\u003C\u002Fli>\n\u003Cli>Add Sass Stylesheets by Filename\u003C\u002Fli>\n\u003Cli>Choose from 5 Compilation Modes\u003C\u002Fli>\n\u003Cli>Enable Caching for Faster Processing\u003C\u002Fli>\n\u003C\u002Ful>\n","Compile Your Theme-Plugin Sass (.scss) files to .css on the fly.",10,4505,80,"2026-02-24T11:53:00.000Z","6.9.4","5.6","8.2",[20,81,82,83,24],"converter","minify","sass-compiler","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsass-to-css-compiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsass-to-css-compiler.2.0.6.zip",0,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":105,"download_link":106,"security_score":13,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"wp-scss","WP-SCSS","4.0.8","Connect Think","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnectthink\u002F","\u003Cp>Compiles .scss files on your wordpress install using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscssphp\u002Fscssphp\u002F\" rel=\"nofollow ugc\">ScssPhp\u003C\u002Fa>. Includes settings page for configuring directories, error reporting, compiling options, and auto enqueuing.\u003C\u002Fp>\n\u003Cp>The plugin only compiles when changes have been made to the scss files. Compiles are made to the matching css file, so disabling this plugin will not take down your stylesheets. In the instance where a matching css file does not exist yet, the plugin will create the appropriate css file in the css directory.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS\" rel=\"nofollow ugc\">Get detailed instructions on github\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Looking for a new maintainer\u003C\u002Fh3>\n\u003Cp>If you are interested in giving back to the open source plugin respond \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS\u002Fissues\u002F242\" rel=\"nofollow ugc\">here\u003C\u002Fa> with your interest\u003C\u002Fp>\n","Compiles .scss files to .css and enqueues them.",40000,481303,86,61,"2026-03-02T13:29:00.000Z","6.8.5","3.0.1","7.2",[21,23,24,104],"scssphp","https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-scss.4.0.8.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":18,"requires_php":18,"tags":121,"homepage":18,"download_link":124,"security_score":125,"vuln_count":28,"unpatched_count":86,"last_vuln_date":126,"fetched_at":30},"instant-css","Instant CSS","1.2.2","dylanblokhuis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdylanblokhuis\u002F","\u003Cp>Use the power of Visual Studio Code in WordPress to write your CSS or SCSS\u003C\u002Fp>\n\u003Cp>The plugin uses autoprefixer to parse your CSS\u002FSCSS into CSS that will work on older browsers, no need to write -webkit, -moz or -o.\u003C\u002Fp>\n\u003Cp>You can also choose to use SCSS, more info about SCSS here: https:\u002F\u002Fsass-lang.com\u002Fguide\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use all the powerful features from Visual Studio Code\u003C\u002Fli>\n\u003Cli>Your CSS gets compiled with autoprefixer to work on older browsers\u003C\u002Fli>\n\u003Cli>Use SCSS to create efficient stylesheets with variables, mixins, etc.\u003C\u002Fli>\n\u003Cli>Option to minify your CSS to reduce loading times\u003C\u002Fli>\n\u003Cli>No refreshing on saving\u003C\u002Fli>\n\u003Cli>Live editor updating styles on save and have the browser update simultaneously\u003C\u002Fli>\n\u003C\u002Ful>\n","Write your styles beautifully with the power of Visual Studio Code",4000,14854,98,15,"2023-09-21T07:16:00.000Z","6.3.8",[21,122,123,23,24],"custom-css","postcss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-css.zip",84,"2023-09-29 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":13,"num_ratings":58,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":78,"tags":140,"homepage":144,"download_link":145,"security_score":146,"vuln_count":147,"unpatched_count":147,"last_vuln_date":148,"fetched_at":30},"wp-compiler","WP Compiler","1.0.0","Bytes.co","https:\u002F\u002Fprofiles.wordpress.org\u002Fburlingtonbytes\u002F","\u003Cp>Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools. Simply tell WP Compiler where to find your source files and where to put the compiled results, then throw your install into Dev Mode. WP Compiler watches your source folders for you, and recompiles your CSS and JS on any file change. WP Compiler supports both SCSS and LESS precompilers for CSS, to suit anyone’s preference.\u003C\u002Fp>\n\u003Cp>When you’re ready to launch a new site, just turn off Dev Mode, and your styles and javascript will be compiled & minimized and comments & source maps will be removed. With Dev mode disabled, Compiler will stop watching source directories, so there is no effect on site performance, but you can still apply a quick change at any time, by clicking the compile button in the admin toolbar.\u003C\u002Fp>\n\u003Cp>WP Compiler relies on \u003Ca href=\"http:\u002F\u002Fleafo.github.io\u002Fscssphp\u002F\" rel=\"nofollow ugc\">scssphp\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Flessphp.typesettercms.com\u002F\" rel=\"nofollow ugc\">lessphp\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.minifier.org\u002F\" rel=\"nofollow ugc\">minify\u003C\u002Fa>.\u003Cbr \u002F>\nSpecific issues with the underlying compilation libraries should be submitted to their respective developers.\u003C\u002Fp>\n","Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools.",1000,4390,"2018-10-22T15:17:00.000Z","5.0.25","4.8",[141,142,23,24,143],"compiled","less","styles","https:\u002F\u002Fgithub.com\u002Fburlingtonbytes\u002FWP-Compiler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-compiler.zip",63,1,"2025-09-22 00:00:00",{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":157,"downloaded":158,"rating":86,"num_ratings":86,"last_updated":159,"tested_up_to":160,"requires_at_least":101,"requires_php":78,"tags":161,"homepage":162,"download_link":163,"security_score":61,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"scss-4-wp","SCSS-4-WP","1.0.1","fieldofcode","https:\u002F\u002Fprofiles.wordpress.org\u002Ffieldofcode\u002F","\u003Cp>Use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscssphp\u002Fscssphp\u002F\" rel=\"nofollow ugc\">ScssPhp\u003C\u002Fa>. to compile scss files on your wordpress install into a single lightweight CSS file.  There is an included settings page for configuring directories, error reporting, compiling options, and auto enqueuing.\u003C\u002Fp>\n\u003Cp>To keep the page load time to a minimum this plugin only runs the compiler when the scss files have been changed. All compiled files create or alter a matching css file in the chosen directory which remains even if this plugin is disabled so that your site never loses its styles and is always ready for user interaction.\u003C\u002Fp>\n","Use ScssPhp. to compile scss files on your wordpress install into a single lightweight CSS file.  There is an included settings page for configuring d &hellip;",20,820,"2023-01-07T15:54:00.000Z","6.1.10",[21,23,24,104],"https:\u002F\u002Fgithub.com\u002FField-Of-Code\u002Fscss-4-wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscss-4-wp.zip",{"attackSurface":165,"codeSignals":198,"taintFlows":263,"riskAssessment":264,"analyzedAt":278},{"hooks":166,"ajaxHandlers":194,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":86,"unprotectedCount":86},[167,173,178,182,187,190],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","init","lenix_scss_load","lenix-scss-compiler.php",18,{"type":168,"name":174,"callback":175,"file":176,"line":177},"admin_menu","add_plugin_page","options.php",7,{"type":168,"name":179,"callback":180,"file":176,"line":181},"admin_init","page_init",8,{"type":183,"name":184,"callback":185,"file":176,"line":186},"filter","lenix_force_recompile","closure",304,{"type":183,"name":188,"callback":185,"file":176,"line":189},"lenix_disable_recompile",313,{"type":183,"name":191,"callback":192,"priority":73,"file":176,"line":193},"plugin_action_links","create_settings_link_on_plugins_page",323,[],[],[],[],{"dangerousFunctions":199,"sqlUsage":238,"outputEscaping":240,"fileOperations":261,"externalRequests":86,"nonceChecks":86,"capabilityChecks":86,"bundledLibraries":262},[200,205,209,213,216,219,222,225,228,232,235],{"fn":201,"file":202,"line":203,"context":204},"unserialize","scssphp\\src\\Cache.php",136,"$c = unserialize($c);",{"fn":201,"file":206,"line":207,"context":208},"scssphp\\src\\Compiler.php",784,"$value = unserialize($value);",{"fn":210,"file":206,"line":211,"context":212},"assert",1433,"assert($selfParent !== null, 'at-root blocks must have a selfParent set.');",{"fn":210,"file":206,"line":214,"context":215},6275,"assert(!empty($parsedPrototypes));",{"fn":210,"file":206,"line":217,"context":218},6573,"assert(\\is_string($arg[0][1]));",{"fn":210,"file":206,"line":220,"context":221},6598,"assert(\\is_string($name));",{"fn":210,"file":206,"line":223,"context":224},6730,"assert($originalRestArgumentName !== null);",{"fn":210,"file":206,"line":226,"context":227},6751,"assert($default !== null);",{"fn":210,"file":229,"line":230,"context":231},"scssphp\\src\\Formatter\\Compressed.php",72,"assert(! empty($block->selectors));",{"fn":210,"file":233,"line":234,"context":231},"scssphp\\src\\Formatter\\Crunched.php",74,{"fn":210,"file":236,"line":237,"context":231},"scssphp\\src\\Formatter.php",168,{"prepared":86,"raw":86,"locations":239},[],{"escaped":241,"rawEcho":181,"locations":242},16,[243,247,249,251,253,255,257,259],{"file":244,"line":245,"context":246},"class\\lenix-scss-dir-compiler.php",107,"raw output",{"file":176,"line":248,"context":246},131,{"file":176,"line":250,"context":246},148,{"file":176,"line":252,"context":246},151,{"file":176,"line":254,"context":246},283,{"file":176,"line":256,"context":246},295,{"file":236,"line":258,"context":246},306,{"file":236,"line":260,"context":246},362,17,[],[],{"summary":265,"deductions":266},"The \"lenix-scss-compiler\" v1.2 plugin presents a mixed security picture. On the positive side, the static analysis reveals a zero attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events, with no identified unprotected entry points. Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests, suggesting good practices in these areas.\n\nHowever, significant concerns arise from the presence of dangerous functions like \"unserialize\" and \"assert,\" which can be exploited if user-controlled data is passed to them without proper sanitization. While taint analysis found no explicit flows, the \"unserialize\" function itself is a known risk vector. The output escaping is also only at 67%, indicating a potential for stored or reflected cross-site scripting vulnerabilities in the remaining 33% of outputs.\n\nThe plugin's vulnerability history is a major red flag, with two known medium-severity CVEs that remain unpatched. The fact that these vulnerabilities were related to Cross-Site Scripting and Cross-Site Request Forgery suggests a pattern of insecure handling of user input or insufficient protection against malicious actions. The last vulnerability was also very recent, indicating ongoing security issues. While the plugin has a limited attack surface, the unpatched vulnerabilities and the presence of dangerous functions necessitate immediate attention to mitigate risks.",[267,269,271,274,276],{"reason":268,"points":157},"Unpatched CVEs (2)",{"reason":270,"points":118},"Dangerous functions (unserialize, assert)",{"reason":272,"points":273},"Output escaping at 67%",12,{"reason":275,"points":181},"No nonce checks",{"reason":277,"points":181},"No capability checks","2026-03-16T19:17:23.176Z",{"wat":280,"direct":289},{"assetPaths":281,"generatorPatterns":284,"scriptPaths":285,"versionParams":286},[282,283],"\u002Fwp-content\u002Fplugins\u002Flenix-scss-compiler\u002Fcss\u002Flenix-scss-compiler.css","\u002Fwp-content\u002Fplugins\u002Flenix-scss-compiler\u002Fjs\u002Flenix-scss-compiler.js",[],[283],[287,288],"lenix-scss-compiler\u002Fcss\u002Flenix-scss-compiler.css?ver=","lenix-scss-compiler\u002Fjs\u002Flenix-scss-compiler.js?ver=",{"cssClasses":290,"htmlComments":291,"htmlAttributes":292,"restEndpoints":293,"jsGlobals":294,"shortcodeOutput":296},[],[],[],[],[295],"lenix_scss_compiler",[]]