[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXIkRFsqJSQ89ex-mgko9ot_J0UHRviegt8cDZiFwSEM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":54,"analysis":155,"fingerprints":255},"list-custom-taxonomy-widget","List Custom Taxonomy Widget","4.2","Nick Halsey","https:\u002F\u002Fprofiles.wordpress.org\u002Fcelloexpressions\u002F","\u003Cp>The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto-populated list. You can also set a title to display for the widget. Multiple list custom taxonomy widgets can be added to the same and other sidebars as well. There are several display options (including as a dropdown), and it generally behaves similarly to the built-in categories widget but with the addition of custom taxonomies.\u003C\u002Fp>\n","The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto …",9000,118876,94,21,"2024-07-13T01:39:00.000Z","6.6.5","3.3","",[20,21,22,23,24],"category","custom-tax","custom-taxonomy","sidebar","widget","http:\u002F\u002Fcelloexpressions.com\u002Fplugins\u002Flist-custom-taxonomy-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-custom-taxonomy-widget.4.2.zip",91,1,0,"2024-04-22 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-32833","list-custom-taxonomy-widget-authenticated-admin-stored-cross-site-scripting","List Custom Taxonomy Widget \u003C= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting","The List Custom Taxonomy Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=4.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-04-29 15:49:39",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F35c5b1cd-053c-4e1d-994f-003b89d5ff62?source=api-prod",8,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":27,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},"celloexpressions",27,24000,88,"2026-04-04T03:52:53.365Z",[55,74,95,115,136],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":18,"download_link":72,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"recent-posts-by-category-widget","Recent Posts by Category Widget","1.3","Ross Cornell","https:\u002F\u002Fprofiles.wordpress.org\u002Frossc\u002F","\u003Cp>This plugin adds a simple widget that allows you to display a number of recent blog posts from a specific category. You have the options to choose a title, category, number of posts and whether or not to show the post date. The posts will be ordered by date just like the default Recent Posts widget included with WordPress.\u003C\u002Fp>\n","Just like the default Recent Posts widget except you can choose a category to pull posts from.",4000,33251,12,"2017-11-28T16:45:00.000Z","4.2.39","3.0.1",[70,20,71,23,24],"categories","recent-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-by-category-widget.zip",85,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":93,"download_link":94,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"categories-in-hierarchical-order","Categories in Hierarchical Order","1.3.1","Amit Sonkhiya","https:\u002F\u002Fprofiles.wordpress.org\u002Famitaits\u002F","\u003Cp>Gutenberg Editor already maintains the parent-child relationship when you select a category. So the child doesn’t move at the top in the category meta box. So this plugin isn’t required if you’re using the Gutenberg Editor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Categories in Hierarchical Order plugin applies to WordPress Classic Post Editor only.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin contains functionality to let you maintain default hierarchical order of categories when you select and save them for a post in your WordPress Admin Classic Post Editor.\u003C\u002Fp>\n\u003Cp>The selected category\u002Fcategories, to which a post belongs, are by default pushed at the top in the Category tab while saving the post. Whereas activating Categories in Hierarchical Order plugin will keep the position of selected category\u002Fcategories unchanged as per their parent\u002Fchild relationship.\u003C\u002Fp>\n\u003Cp>For support, use support page available here or visit \u003Ca href=\"https:\u002F\u002Fwww.astech.solutions\u002Fwordpress-javascript-jquery-plugins\u002Fcategories-hierarchical-order\u002F\" rel=\"nofollow ugc\">the page\u003C\u002Fa> at our official website. A \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fas-tx\u002Fcategories-hierarchical-order\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa> is also there to post issues, contribution and feature requests.\u003C\u002Fp>\n","Categories in Hierarchical Order plugin maintains the hierarchical order of categories list in the Category tab under your WordPress Admin Post Editor …",2000,30422,100,14,"2020-12-10T15:00:00.000Z","5.6.17","3.0",[20,22,90,91,92],"hierarchy","order","taxonomy","https:\u002F\u002Fwww.astech.solutions\u002Fwordpress-javascript-jquery-plugins\u002Fcategories-hierarchical-order\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategories-in-hierarchical-order.1.3.1.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":113,"download_link":114,"security_score":84,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ns-category-widget","NS Category Widget","4.1.6","Nilambar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fnilambar\u002F","\u003Cp>Are you frustrated by the lack of customization options in default Category widget in WordPress? Then this plugin is for you. Works in similar fashion but with several customization options. Cheers !\u003C\u002Fp>\n","A plugin to add widget for listing Categories and Taxonomies. Extending Default WordPress Category Widget.",1000,42075,96,34,"2025-09-12T01:32:00.000Z","6.8.5","6.0","7.2.24",[20,112,23,92,24],"listing","https:\u002F\u002Fwww.nilambar.net\u002F2013\u002F12\u002Fns-category-widget-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fns-category-widget.4.1.6.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":84,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":88,"requires_php":18,"tags":128,"homepage":133,"download_link":134,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"taxonomy-term-widget","Taxonomy Term Widget","2.3.5","AddonsPress","https:\u002F\u002Fprofiles.wordpress.org\u002Faddonspress\u002F","\u003Cp>If you have already familiar with the Categories widget, then You are already familiar with it too.\u003Cbr \u002F>\nIt just lets you choose any taxonomy you have in your blog, for example, Tags, custom taxonomy ( Eg: Location, Product Categories, Product Tags etc… ).\u003C\u002Fp>\n","Add an advanced widget to your WordPress blog, like an extension of the Categories widget.",300,9253,4,"2024-11-12T14:34:00.000Z","6.7.5",[129,130,92,131,132],"categories-widget","custom-taxonomy-widget","terms-widget","wordpress-taxonomy-term-widget","https:\u002F\u002Fwww.addonspress.com\u002Fwordpress-plugins\u002Ftaxonomy-term-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaxonomy-term-widget.2.3.5.zip",92,{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":84,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":18,"tags":150,"homepage":153,"download_link":154,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"category-feature","Featured Category Widget","2.5","tepelstreel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftepelstreel\u002F","\u003Cp>The Featured Category Widget is mainly designed because there were people for whom the Featured Post Widget was not enough. They wanted to put a category of their blog in the highlight.\u003Cbr \u002F>\nIf there is a post thumbnail, it will be displayed above the headline of the post. If there is no thumbnail, the first picture of the post is taken. You can set the size for the thumbnail or just take the standard from your options. Decide yourself, whether you want to show the excerpt, saved with your post or just the first three sentences or the first twenty words of the post. Style the widget individually, ready.\u003C\u002Fp>\n\u003Cp>The Featured Category was tested up to WP 4.5. It should work with versions down to 2.9 but was never tested on those.\u003C\u002Fp>\n","The Featured Category Widget is basically a Featured Post Widget for a category.",29613,84,5,"2016-02-26T10:18:00.000Z","4.5.33","2.9",[20,151,152,23,24],"column","newspaper","http:\u002F\u002Fwasistlos.waldemarstoffel.com\u002Fplugins-fur-wordpress\u002Ffeatured-category-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-feature.2.5.zip",{"attackSurface":156,"codeSignals":168,"taintFlows":245,"riskAssessment":246,"analyzedAt":254},{"hooks":157,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":29,"unprotectedCount":29},[158],{"type":159,"name":160,"callback":161,"file":162,"line":163},"action","widgets_init","init_lc_taxonomy","list-custom-taxonomy-widget.php",33,[],[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":244},[],{"prepared":29,"raw":29,"locations":171},[],{"escaped":173,"rawEcho":174,"locations":175},22,39,[176,179,181,183,185,187,189,191,192,194,196,197,199,200,202,204,206,207,208,210,211,213,215,216,218,220,221,223,225,227,228,230,232,234,236,237,239,241,242],{"file":162,"line":177,"context":178},102,"raw output",{"file":162,"line":180,"context":178},103,{"file":162,"line":182,"context":178},104,{"file":162,"line":184,"context":178},164,{"file":162,"line":186,"context":178},169,{"file":162,"line":188,"context":178},247,{"file":162,"line":190,"context":178},248,{"file":162,"line":190,"context":178},{"file":162,"line":193,"context":178},251,{"file":162,"line":195,"context":178},252,{"file":162,"line":195,"context":178},{"file":162,"line":198,"context":178},265,{"file":162,"line":198,"context":178},{"file":162,"line":201,"context":178},269,{"file":162,"line":203,"context":178},271,{"file":162,"line":205,"context":178},272,{"file":162,"line":205,"context":178},{"file":162,"line":205,"context":178},{"file":162,"line":209,"context":178},274,{"file":162,"line":209,"context":178},{"file":162,"line":212,"context":178},275,{"file":162,"line":214,"context":178},276,{"file":162,"line":214,"context":178},{"file":162,"line":217,"context":178},277,{"file":162,"line":219,"context":178},278,{"file":162,"line":219,"context":178},{"file":162,"line":222,"context":178},279,{"file":162,"line":224,"context":178},282,{"file":162,"line":226,"context":178},283,{"file":162,"line":226,"context":178},{"file":162,"line":229,"context":178},292,{"file":162,"line":231,"context":178},293,{"file":162,"line":233,"context":178},296,{"file":162,"line":235,"context":178},297,{"file":162,"line":123,"context":178},{"file":162,"line":238,"context":178},301,{"file":162,"line":240,"context":178},303,{"file":162,"line":240,"context":178},{"file":162,"line":243,"context":178},304,[],[],{"summary":247,"deductions":248},"The \"list-custom-taxonomy-widget\" plugin, version 4.2, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by avoiding SQL injection vulnerabilities through the exclusive use of prepared statements and has no file operations or external HTTP requests, which limits its attack surface. The static analysis reports zero AJAX handlers, REST API routes, shortcodes, or cron events without proper authentication or permission checks, indicating a generally secure entry point strategy.\n\nHowever, the plugin's output escaping is a significant concern, with only 36% of outputs being properly escaped. This leaves a substantial portion of user-generated or dynamically generated content vulnerable to Cross-Site Scripting (XSS) attacks. The historical vulnerability data, including one past CVE related to XSS, reinforces this concern, suggesting a recurring weakness in input sanitization and output encoding. While there are no currently unpatched vulnerabilities, the pattern of past XSS issues coupled with insufficient output escaping in the current version presents a notable risk.\n\nIn conclusion, the plugin has strengths in its limited attack surface and secure database interactions. Nevertheless, the widespread lack of proper output escaping is a critical weakness that significantly elevates the risk of XSS vulnerabilities, making it a substantial concern for users.",[249,252],{"reason":250,"points":251},"Insufficient output escaping (36% proper)",7,{"reason":253,"points":146},"Past CVEs indicate recurring XSS issues","2026-03-16T17:52:10.966Z",{"wat":256,"direct":263},{"assetPaths":257,"generatorPatterns":258,"scriptPaths":259,"versionParams":260},[],[],[],[261,262],"list-custom-taxonomy-widget\u002Fstyle.css?ver=","list-custom-taxonomy-widget\u002Flc_taxonomy_widget.js?ver=",{"cssClasses":264,"htmlComments":265,"htmlAttributes":266,"restEndpoints":269,"jsGlobals":270,"shortcodeOutput":272},[4],[],[267,268],"id=\"lct-widget-","name=\"lct-widget-",[],[271],"var lc_taxonomy_widget_options = ",[]]