[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6Rf_YQarJMjmOzfMIbfxolSQI_WRb3i6bsd3DfEyox0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":151,"fingerprints":361},"lists-shortcode-and-widget","Lists Shortcode and Widget","1.8","OTWthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fotwthemes\u002F","\u003Cp>Easily create all different kinds of Ordered and Unordered Lists for your WordPress site. Insert Lists anywhere in your site – page\u002Fpost editor, sidebars, template files. No coding is required. It is all done in a nice and easy interface.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Upgrade to the \u003Cstrong>Pro version\u003C\u002Fstrong> of this plugin – the fastes way to build your WordPress based site including regular updates and premium support:\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002F1.envato.market\u002Fc\u002F1246358\u002F275988\u002F4415?subId1=cm&subId2=2020&subId3=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829&u=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829\" rel=\"nofollow ugc\">Content Manager\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fotwthemes.com\u002Fdemos\u002F1ts\u002F?item=Content%20Manager&utm_source=wp.org&utm_medium=page&utm_content=upgrade&utm_campaign=cml\" rel=\"nofollow ugc\">Demo site\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Lists Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Number of Items \u003C\u002Fli>\n\u003Cli>List Style\u003C\u002Fli>\n\u003Cli>Item 1,2,…10 title \u003C\u002Fli>\n\u003Cli>Custom CSS Class\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Insert Lists Anywhere in your site\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Basically Lists can be inserted anywhere in your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page\u002Fpost WYSIWYG editor by using the buttion in the editor\u003C\u002Fli>\n\u003Cli>In sidebars by using the OTW Shortcode Widget\u003C\u002Fli>\n\u003Cli>In template files by using the List’s shortcode and WordPress do_shortcode function\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom styling\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you need to further style a List here are your options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Each List shortcode has it’s unique CSS class that can be used to style all Lists.\u003C\u002Fli>\n\u003Cli>Create a new class for each instance of a List shortcode in its interface so you can style it individually.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Localization\u002FInternationalization\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin comes Localization\u002FInternationalization ready. It is following WordPress I18n standards.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full version of the plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upgrade to the full version of \u003Ca href=\"https:\u002F\u002F1.envato.market\u002Fc\u002F1246358\u002F275988\u002F4415?subId1=cm&subId2=2020&subId3=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829&u=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829\" rel=\"nofollow ugc\">Content Manager\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fotwthemes.com\u002Fdemos\u002F1ts\u002F?item=Content%20Manager&utm_source=wp.org&utm_medium=page&utm_content=upgrade&utm_campaign=cml\" rel=\"nofollow ugc\">Demo site\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom Responsive Layouts – Build in Seconds\u003C\u002Fli>\n\u003Cli>Front-end Editor – Edit your layouts and content in the front-end of your site\u003C\u002Fli>\n\u003Cli>40+ Shortcodes with add\u002Fedit Interface, Custom and Imported Shortcodes\u003C\u002Fli>\n\u003Cli>Insert Shortcodes Anywhere – Layouts, Page Editor, Sidebars, Template files\u003C\u002Fli>\n\u003Cli>Insert Sidebars Anywhere – Layouts, Page Editor, Template files\u003C\u002Fli>\n\u003Cli>WordPress Widgets Anywhere – Layouts, Page Editor, Template files\u003C\u002Fli>\n\u003Cli>Content Sidebars\u003C\u002Fli>\n\u003Cli>Support and Updates\u003C\u002Fli>\n\u003Cli>Zero Coding Required\u003C\u002Fli>\n\u003C\u002Ful>\n","Create Lists. Nice and easy interface. Insert anywhere in your site - page\u002Fpost editor, sidebars, template files.",100,7045,60,2,"2022-03-04T04:22:00.000Z","5.9.13","3.6","",[20,21,22,23,24],"lists","ordered-list","shortcode","unordered-list","widgets","http:\u002F\u002FOTWthemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flists-shortcode-and-widget.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"otwthemes",12,5860,66,30,70,"2026-04-04T05:34:58.111Z",[41,66,87,109,130],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":11,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":61,"download_link":62,"security_score":63,"vuln_count":64,"unpatched_count":28,"last_vuln_date":65,"fetched_at":30},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,1,"2025-12-04T08:12:00.000Z","6.5.8","4.7","5.4.0",[57,58,59,60],"custom-post-types","elementor-widgets","shortcodes","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,"2026-02-18 15:32:44",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":11,"num_ratings":76,"last_updated":77,"tested_up_to":53,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":82,"download_link":83,"security_score":84,"vuln_count":85,"unpatched_count":28,"last_vuln_date":86,"fetched_at":30},"weaverx-theme-support","Weaver Xtreme Theme Support","6.5.1","wpweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpweaver\u002F","\u003Cp>This is the theme support for the Weaver Xtreme Theme. This plugin provides a collection of useful shortcodes and widgets designed to complement the Weaver Xtreme theme. These shortcodes have been selected and developed based on requests and feedback from thousands of users of the Weaver Xtreme and previous versions of Weaver.\u003C\u002Fp>\n\u003Cp>This plugin also provides the Legacy Weaver Xtreme Admin Dashboard interface. The Legacy Admin is an old style interface alternative to the Customizer interface. The Legacy Interface has been updated for compatibility with Weaver Xtreme Version 5, and will automatically update and convert .wxt settings files from Weaver Xtreme 4.\u003C\u002Fp>\n\u003Cp>Includes complete documentation help file. Instructions for using the shortcodes and widgets are in the help file.\u003C\u002Fp>\n\u003Ch4>Shortcodes included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>[tab_group]\u003C\u002Fstrong> – Display content in a tabbed box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!--YouTube Error: bad URL entered-->\u003C\u002Fstrong> – Show your YouTube videos responsively, and with the capability to use any of the YouTube custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!-- vimeo error: not a vimeo video -->\u003C\u002Fstrong> –  Show your Vimeo videos responsively, and with the capability to use any of the Vimeo custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[iframe]\u003C\u002Fstrong> – Quick and easy display of content in an iframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[div]\u003C\u002Fstrong>, \u003Cstrong>[span]\u003C\u002Fstrong>, \u003Cstrong>[html]\u003C\u002Fstrong> – Add div, span, and other html to pages\u002Fposts without the need to switch to Text view.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[hide\u002Fshow_if]\u003C\u002Fstrong> – Show or hide content depending upon options: device, page ID, user capability, logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[bloginfo]\u003C\u002Fstrong> – Display any information available from WordPress bloginfo function.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[user_can]\u003C\u002Fstrong> – Display content base on logged-in user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_title]\u003C\u002Fstrong> – Display Site title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_tagline]\u003C\u002Fstrong> – Display Site tag line.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Weaver 2 Column Text Widget\u003C\u002Fstrong> – Add text into two columns in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Per Page Text Widget\u003C\u002Fstrong> – Add a text widget on a per-page basis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Login\u003C\u002Fstrong> – Simplified login widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Licenses\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Weaver Xtreme Theme Support plugin is licensed under the terms of the GNU GENERAL PUBLIC LICENSE, Version 2,\u003Cbr \u002F>\nJune 1991. (GPL) The full text of the license is in the license.txt file.\u003C\u002Fli>\n\u003Cli>All images included with this plugin are either original works of the author which\u003Cbr \u002F>\nhave been placed into the public domain, or have been derived from other public domain sources,\u003Cbr \u002F>\nand thus need no license. (This does not include the images provided with any of the\u003Cbr \u002F>\nbelow listed scripts and libraries. Those images are covered by their respective licenses.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin also includes several scripts and libraries that are covered under the terms\u003Cbr \u002F>\nof their own licenses in the listed files in the plugin distribution:\u003C\u002Fp>\n","A useful shortcode and widget collection for Weaver Xtreme",9000,382934,4,"2024-05-31T18:31:00.000Z","6.0","7.2",[59,81,24],"weaver-xtreme-theme","http:\u002F\u002Fweavertheme.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweaverx-theme-support.6.5.1.zip",89,3,"2024-06-04 19:18:53",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":11,"num_ratings":51,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":105,"download_link":106,"security_score":107,"vuln_count":85,"unpatched_count":51,"last_vuln_date":108,"fetched_at":30},"popularis-extra","Popularis Extra","1.2.10","Themes4WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemes4wp\u002F","\u003Cp>Popularis Extra gives you access to demo import for free PopularisWP themes, extra features like widgets, shortcodes or additional Elementor widgets.\u003C\u002Fp>\n\u003Cp>This plugin requires PopularisWP theme to be installed.\u003C\u002Fp>\n\u003Ch3>Supported Themes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis\u002F\" rel=\"ugc\">Popularis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-ecommerce\u002F\" rel=\"nofollow ugc\">Popularis eCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-verse\u002F\" rel=\"ugc\">Popularis Verse\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-hub\u002F\" rel=\"ugc\">Popularis Hub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-star\u002F\" rel=\"ugc\">Popularis Star\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-writer\u002F\" rel=\"ugc\">Popularis Writer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-press\u002F\" rel=\"ugc\">Popularis Press\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-fashion\u002F\" rel=\"nofollow ugc\">Popularis Fashion\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-business\u002F\" rel=\"nofollow ugc\">Popularis Business\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Popularis Extra add extra features to Popularis theme like demo import, widgets, shortcodes or Elementor widgets.",8000,225336,"2025-12-03T07:12:00.000Z","6.9.4","4.4","5.6",[102,103,104,59,24],"demo","elementor","import","https:\u002F\u002Fpopulariswp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpopularis-extra.1.2.10.zip",74,"2026-01-28 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":128,"download_link":129,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-author-pages","Disable Author Pages","0.11","Frank Neumann-Staude","https:\u002F\u002Fprofiles.wordpress.org\u002Ffstaude\u002F","\u003Cp>Disable the author pages ( \u002Fauthor=? ) in wordpress and redirect the user to another page.\u003C\u002Fp>\n","Disable the author pages",6000,50618,98,17,"2017-11-28T17:13:00.000Z","4.7.32","3.0",[125,126,22,127,24],"page","post","sidebar","https:\u002F\u002Fstaude.net\u002Fwordpress\u002Fplugins\u002Fdisable-author-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-author-pages.0.11.zip",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":140,"num_ratings":141,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":147,"download_link":148,"security_score":149,"vuln_count":51,"unpatched_count":51,"last_vuln_date":150,"fetched_at":30},"series","Series","2.0.1","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>Series is a plugin created to allow users to easily link posts together by using a WordPress taxonomy (like tags or categories) called “series”.  It can be particularly useful if you write several posts spanning the same topic and want them tied together in some way that tags or categories doesn’t cover.\u003C\u002Fp>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cp>If you need professional plugin support from me, the plugin author, you can access the support forums at \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fsupport\" rel=\"nofollow ugc\">Theme Hybrid\u003C\u002Fa>, which is a professional WordPress help\u002Fsupport site where I handle support for all my plugins and themes for a community of 75,000+ users (and growing).\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustintadlock\u002Fseries\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Yes, I do accept donations.  If you want to donate, you can do so from my \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fdonate\" rel=\"nofollow ugc\">donations page\u003C\u002Fa> or grab me something from my \u003Ca href=\"http:\u002F\u002Fa.co\u002FflUb0ns\" rel=\"nofollow ugc\">Amazon Wish List\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>I appreciate all donations, no matter the size.  Further development of this plugin is not contingent on donations, but they are always a nice incentive.\u003C\u002Fp>\n","Plugin that allows you to collect posts in a series.",2000,46271,84,5,"2018-12-17T20:52:00.000Z","5.0.25","4.8","5.3",[131,59,24],"https:\u002F\u002Fthemehybrid.com\u002Fplugins\u002Fseries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseries.2.0.1.zip",63,"2025-12-31 00:00:00",{"attackSurface":152,"codeSignals":232,"taintFlows":293,"riskAssessment":345,"analyzedAt":360},{"hooks":153,"ajaxHandlers":203,"restRoutes":229,"shortcodes":230,"cronEvents":231,"entryPointCount":64,"unprotectedCount":64},[154,161,164,169,174,178,182,187,191,194,199],{"type":155,"name":156,"callback":157,"priority":158,"file":159,"line":160},"action","wp_enqueue_scripts","enqueue_scripts",1000,"include\\otw_components\\otw_functions\\otw_component.class.php",90,{"type":155,"name":162,"callback":157,"priority":158,"file":159,"line":163},"admin_enqueue_scripts",94,{"type":155,"name":165,"callback":166,"file":167,"line":168},"admin_footer","load_admin_js","include\\otw_components\\otw_shortcode\\otw_shortcode.class.php",164,{"type":170,"name":171,"callback":172,"file":167,"line":173},"filter","mce_external_plugins","add_tinymce_plugin",175,{"type":170,"name":175,"callback":176,"file":167,"line":177},"mce_buttons","register_tinymce_button",176,{"type":155,"name":179,"callback":180,"file":167,"line":181},"wp_footer","load_front_js",185,{"type":155,"name":183,"callback":184,"file":185,"line":186},"admin_menu","otw_lssw_init_admin_menu","include\\otw_lssw_functions.php",41,{"type":155,"name":188,"callback":189,"file":185,"line":190},"admin_print_styles","otw_lssw_enqueue_admin_styles",43,{"type":155,"name":162,"callback":192,"file":185,"line":193},"otw_lssw_enqueue_admin_scripts",45,{"type":155,"name":195,"callback":196,"file":197,"line":198},"init","otw_lssw_init","otw_content_manager.php",64,{"type":155,"name":200,"callback":201,"file":197,"line":202},"widgets_init","otw_lssw_widgets_init",65,[204,209,213,217,221,225],{"action":205,"nopriv":206,"callback":207,"hasNonce":206,"hasCapCheck":206,"file":167,"line":208},"otw_shortcode_editor_dialog",false,"build_shortcode_editor_dialog",166,{"action":210,"nopriv":206,"callback":211,"hasNonce":206,"hasCapCheck":206,"file":167,"line":212},"otw_shortcode_get_code","get_code",167,{"action":214,"nopriv":206,"callback":215,"hasNonce":206,"hasCapCheck":206,"file":167,"line":216},"otw_shortcode_live_preview","live_preview",168,{"action":218,"nopriv":206,"callback":219,"hasNonce":206,"hasCapCheck":206,"file":167,"line":220},"otw_shortcode_live_reload","live_reload",169,{"action":222,"nopriv":206,"callback":223,"hasNonce":206,"hasCapCheck":206,"file":167,"line":224},"otw_shortcode_preview_shortcodes","preview_shortcodes",170,{"action":226,"nopriv":206,"callback":227,"hasNonce":206,"hasCapCheck":206,"file":167,"line":228},"otw_shortcode_preview_front_shortcodes","preview_front_shortcodes",171,[],[],[],{"dangerousFunctions":233,"sqlUsage":239,"outputEscaping":241,"fileOperations":85,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":286},[234],{"fn":235,"file":236,"line":237,"context":238},"unserialize","include\\otw_components\\otw_functions\\otw_functions.php",596,"$value = unserialize( urldecode( $value ) );",{"prepared":28,"raw":28,"locations":240},[],{"escaped":242,"rawEcho":243,"locations":244},27,19,[245,248,250,252,254,256,258,260,262,264,266,268,271,273,275,277,279,282,284],{"file":167,"line":246,"context":247},281,"raw output",{"file":167,"line":249,"context":247},297,{"file":167,"line":251,"context":247},383,{"file":167,"line":253,"context":247},447,{"file":167,"line":255,"context":247},477,{"file":167,"line":257,"context":247},540,{"file":167,"line":259,"context":247},543,{"file":167,"line":261,"context":247},551,{"file":167,"line":263,"context":247},555,{"file":167,"line":265,"context":247},594,{"file":167,"line":267,"context":247},704,{"file":269,"line":270,"context":247},"include\\otw_components\\otw_shortcode\\shortcodes\\otw_shortcodes.class.php",453,{"file":269,"line":272,"context":247},1242,{"file":269,"line":274,"context":247},1276,{"file":269,"line":276,"context":247},1310,{"file":269,"line":278,"context":247},1345,{"file":280,"line":281,"context":247},"include\\otw_components\\otw_shortcode\\widgets\\otw_shortcode_widget.class.php",111,{"file":280,"line":283,"context":247},142,{"file":285,"line":14,"context":247},"include\\otw_lssw_help.php",[287,290],{"name":288,"version":29,"knownCves":289},"Select2",[],{"name":291,"version":29,"knownCves":292},"TinyMCE",[],[294,315,327],{"entryPoint":295,"graph":296,"unsanitizedCount":51,"severity":314},"otw_get (include\\otw_components\\otw_functions\\otw_functions.php:558)",{"nodes":297,"edges":311},[298,303,307],{"id":299,"type":300,"label":301,"file":236,"line":302},"n0","source","$_GET",560,{"id":304,"type":305,"label":306,"file":236,"line":302},"n1","transform","→ otw_req()",{"id":308,"type":309,"label":310,"file":236,"line":237,"wp_function":235},"n2","sink","unserialize() [Object Injection]",[312,313],{"from":299,"to":304,"sanitized":206},{"from":304,"to":308,"sanitized":206},"high",{"entryPoint":316,"graph":317,"unsanitizedCount":51,"severity":314},"otw_post (include\\otw_components\\otw_functions\\otw_functions.php:566)",{"nodes":318,"edges":324},[319,322,323],{"id":299,"type":300,"label":320,"file":236,"line":321},"$_POST",568,{"id":304,"type":305,"label":306,"file":236,"line":321},{"id":308,"type":309,"label":310,"file":236,"line":237,"wp_function":235},[325,326],{"from":299,"to":304,"sanitized":206},{"from":304,"to":308,"sanitized":206},{"entryPoint":328,"graph":329,"unsanitizedCount":14,"severity":314},"\u003Cotw_functions> (include\\otw_components\\otw_functions\\otw_functions.php:0)",{"nodes":330,"edges":340},[331,332,333,334,336,338],{"id":299,"type":300,"label":301,"file":236,"line":302},{"id":304,"type":305,"label":306,"file":236,"line":302},{"id":308,"type":309,"label":310,"file":236,"line":237,"wp_function":235},{"id":335,"type":300,"label":320,"file":236,"line":321},"n3",{"id":337,"type":305,"label":306,"file":236,"line":321},"n4",{"id":339,"type":309,"label":310,"file":236,"line":237,"wp_function":235},"n5",[341,342,343,344],{"from":299,"to":304,"sanitized":206},{"from":304,"to":308,"sanitized":206},{"from":335,"to":337,"sanitized":206},{"from":337,"to":339,"sanitized":206},{"summary":346,"deductions":347},"The \"lists-shortcode-and-widget\" plugin v1.8 exhibits a concerning security posture primarily due to its unprotected AJAX handlers. With 6 AJAX handlers identified and none of them featuring authentication checks, there's a significant risk of unauthorized actions being performed.  The taint analysis further reinforces these concerns, revealing 3 high-severity flows with unsanitized paths, suggesting potential vulnerabilities where user-supplied data could be misused without proper validation.  While the plugin utilizes prepared statements for SQL queries and has no recorded CVEs, these strengths are overshadowed by the numerous unprotected entry points and the identified taint issues.\n\nThe static analysis highlights a considerable attack surface without adequate authorization. The presence of the `unserialize` function, while not directly implicated in the taint flows, is a known risk factor that should be handled with extreme caution and proper validation of serialized data.  The plugin's lack of recorded vulnerabilities historically is a positive sign, potentially indicating good development practices in the past or that previous versions may have been more thoroughly tested. However, the current analysis reveals new areas of concern that require immediate attention.\n\nIn conclusion, while the plugin has some good practices like using prepared statements for SQL, the critical weaknesses lie in its unprotected AJAX endpoints and high-severity taint flows. These factors present a clear and present danger to any WordPress site using this plugin, and the absence of historical vulnerabilities should not breed complacency given the current static analysis findings.  Prioritizing the securing of AJAX handlers and sanitizing the identified taint flows is paramount.",[348,351,354,356,358],{"reason":349,"points":350},"Unprotected AJAX handlers",10,{"reason":352,"points":353},"High severity taint flows (unsanitized paths)",15,{"reason":355,"points":141},"Unprotected AJAX handlers (significant attack surface)",{"reason":357,"points":141},"Use of unserialize function",{"reason":359,"points":85},"Incomplete output escaping (59% proper)","2026-03-16T20:59:18.987Z",{"wat":362,"direct":383},{"assetPaths":363,"generatorPatterns":372,"scriptPaths":373,"versionParams":374},[364,365,366,367,368,369,370,371],"\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Fcss\u002Fcolorpicker.css","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Fcss\u002Fdatetimepicker.css","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Fcss\u002Fotw_form_admin.css","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fcolorpicker.js","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fdatetimepicker.js","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fotw_form_admin.js","\u002Fwp-content\u002Fplugins\u002Flists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fselect2.full.min.js",[],[368,369,370,371],[375,376,377,378,379,380,381,382],"lists-shortcode-and-widget\u002Fcss\u002Fcolorpicker.css?ver=","lists-shortcode-and-widget\u002Fcss\u002Fdatetimepicker.css?ver=","lists-shortcode-and-widget\u002Fcss\u002Fotw_form_admin.css?ver=","lists-shortcode-and-widget\u002Fcss\u002Fselect2.min.css?ver=","lists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fcolorpicker.js?ver=","lists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fdatetimepicker.js?ver=","lists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fotw_form_admin.js?ver=","lists-shortcode-and-widget\u002Finclude\u002Fotw_components\u002Fotw_form\u002Fjs\u002Fselect2.full.min.js?ver=",{"cssClasses":384,"htmlComments":390,"htmlAttributes":391,"restEndpoints":393,"jsGlobals":394,"shortcodeOutput":396},[385,386,387,388,389],"otw-form-control","otw-dynamic-select-wrapper","otw-clear","otw-form-text-input","otw-form-hint",[],[392],"data-value",[],[395],"OTW_Form",[]]