[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0vgKwdnAns76hBiOsq6bZNHG4wMGM-ufMu2AfFcR0-8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":63,"crawl_stats":37,"alternatives":69,"analysis":91,"fingerprints":196},"logo-manager-for-enamad","Logo Manager For Enamad","0.7.4","Omid Shamloo","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoback2\u002F","\u003Cp>just for Iranian sites who uses enamad.ir service\u003C\u002Fp>\n\u003Cp>با این پلاگین به‌صورت خودکار کد نماد الکترونیکی سایت را مدیریت می کنید\u003C\u002Fp>\n\u003Cp>This plugin is licensed under the \u003Ca href=\"http:\u002F\u002Fwww.apache.org\u002Flicenses\u002FLICENSE-2.0\" rel=\"nofollow ugc\">Apache License, Version 2.0\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>0.7.4\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>small fix (نمایش خودکار با اینکه غیرفعال بود اما باز نمایش داده میشد.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.7.3\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>escape $title var in widget output\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.7.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>xss in admin widget area – fixed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.7.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>wp-nonce implemented\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.7\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>امکان لود عکس ثابت به جای اینماد اصلی برا افزایش سرعت سایت\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.6\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>بروزرسانی توابع منقضی\u003C\u002Fli>\n\u003Cli>افزودن امکان نمادهای دیگر در قالب ابزارک و کدکوتاه\u003C\u002Fli>\n\u003Cli>هماهنگی با ویژوآل کامپوزر\u003C\u002Fli>\n\u003Cli>افزدن امکان غیرفعال سازی در حالت موبایل\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.5\u003C\u002Fh3>\n\u003Cp>سازگاری با نسخه های جدید php\u003C\u002Fp>\n\u003Ch3>0.4\u003C\u002Fh3>\n\u003Cp>حل مشکل غیر فعال شدن ابزارک با غیرفعال کردن نمایش خودکار\u003C\u002Fp>\n\u003Ch3>0.3\u003C\u002Fh3>\n\u003Cp>حل مشکل زیر قسمت های سایت مخفی شدن\u003C\u002Fp>\n\u003Ch3>0.2\u003C\u002Fh3>\n\u003Cp>سازگاری با تغییرات جدید سایت نماد الکترونیکی \u002F تنظیمات کد در مدیرت برای نسخه جدید فراموش نشود.\u003C\u002Fp>\n\u003Ch4>0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ver 0.1 released.\u003C\u002Fli>\n\u003C\u002Ful>\n","جهت قراردادن خودکار لوگوی نماد الکترونیکی( اینماد ) در سایت| قابلیت کدکوتاه و ابزارک برای ای نماد | شامد | نماد های دیگر",6000,80291,88,7,"2025-01-29T15:13:00.000Z","6.7.5","3.0","",[20,21,22,23,24],"enamad","enamad-logo","shamed","shamed-logo","wordpress-enamad-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogo-manager-for-enamad.zip",91,2,0,"2024-08-27 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-5170","logo-manager-for-enamad-authenticated-admin-stored-cross-site-scripting","Logo Manager For Enamad \u003C= 0.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting","The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=0.7.2","0.7.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-11-04 21:47:41",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F24184443-9737-4117-89cf-02cf1e2a07f2?source=api-prod",70,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-4757","logo-manager-for-enamad-cross-site-request-forgery-to-stored-cross-site-scripting","Logo Manager For Enamad \u003C= 0.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Logo Manager For Enamad plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.7.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=0.7.0","0.7.1",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-06-04 00:00:00","2024-07-15 16:15:32",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb709f1f5-e89f-4d67-9460-2c65c138dc8f?source=api-prod",42,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":65,"avg_security_score":26,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},"goback2",7850,158,73,"2026-04-04T00:42:50.453Z",[70],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":13,"num_ratings":14,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":86,"download_link":87,"security_score":88,"vuln_count":89,"unpatched_count":89,"last_vuln_date":90,"fetched_at":30},"e-namad-shamed-logo-manager","E-namad & Shamed Logo Manager","2.2","Hamid Reza Yazdani","https:\u002F\u002Fprofiles.wordpress.org\u002Fyazdaniwp\u002F","\u003Cp>This plugin uses shortcodes and widgets to help you put the Enamad, Shamed and Zarrinpal logos in any part of your website that you like.\u003C\u002Fp>\n","This plugin helps you to easily put the logo of E-namad, Shamed and Zarrinpal on your website",3000,26035,"2020-08-20T00:32:00.000Z","5.5.18","4.7","7.0",[20,21,85,23],"resaneh-logo","http:\u002F\u002Fyazdaniwp.com\u002Fplugins\u002Fenamad-shamed-logo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fe-namad-shamed-logo-manager.2.2.zip",63,1,"2025-09-22 00:00:00",{"attackSurface":92,"codeSignals":142,"taintFlows":184,"riskAssessment":185,"analyzedAt":195},{"hooks":93,"ajaxHandlers":129,"restRoutes":130,"shortcodes":131,"cronEvents":140,"entryPointCount":141,"unprotectedCount":28},[94,100,104,108,112,117,121,124,127],{"type":95,"name":96,"callback":97,"priority":98,"file":99,"line":67},"action","wp_footer","enamad_logo_html",10,"fns.php",{"type":95,"name":101,"callback":102,"file":99,"line":103},"admin_init","enamad_after_install_actions",176,{"type":95,"name":105,"callback":106,"file":99,"line":107},"admin_notices","enamad_update_admin_message",180,{"type":95,"name":109,"callback":110,"file":99,"line":111},"init","enamadlogo_action_init",225,{"type":95,"name":113,"callback":114,"file":115,"line":116},"admin_menu","add_pages","simple-class-options.php",27,{"type":95,"name":118,"callback":119,"file":120,"line":88},"widgets_init","enamad_register_widget","widgets.php",{"type":95,"name":118,"callback":122,"file":120,"line":123},"enamad_shamed_register_widget",129,{"type":95,"name":118,"callback":125,"file":120,"line":126},"enamad_custom_register_widget",195,{"type":95,"name":109,"callback":128,"file":120,"line":111},"vc_enamad_mapping",[],[],[132,135,138],{"tag":133,"callback":133,"file":99,"line":134},"enamadlogo_shortcode",25,{"tag":136,"callback":136,"file":99,"line":137},"enamadlogo_shamed_shortcode",44,{"tag":139,"callback":139,"file":99,"line":88},"enamadlogo_custom_shortcode",[],3,{"dangerousFunctions":143,"sqlUsage":144,"outputEscaping":146,"fileOperations":28,"externalRequests":28,"nonceChecks":89,"capabilityChecks":28,"bundledLibraries":183},[],{"prepared":28,"raw":28,"locations":145},[],{"escaped":116,"rawEcho":147,"locations":148},17,[149,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182],{"file":99,"line":150,"context":151},166,"raw output",{"file":99,"line":153,"context":151},197,{"file":115,"line":155,"context":151},61,{"file":115,"line":157,"context":151},74,{"file":115,"line":159,"context":151},130,{"file":115,"line":161,"context":151},175,{"file":115,"line":163,"context":151},190,{"file":115,"line":165,"context":151},201,{"file":120,"line":167,"context":151},49,{"file":120,"line":169,"context":151},50,{"file":120,"line":171,"context":151},58,{"file":120,"line":173,"context":151},115,{"file":120,"line":175,"context":151},116,{"file":120,"line":177,"context":151},124,{"file":120,"line":179,"context":151},181,{"file":120,"line":181,"context":151},182,{"file":120,"line":163,"context":151},[],[],{"summary":186,"deductions":187},"The \"logo-manager-for-enamad\" plugin v0.7.4 exhibits a mixed security posture. On the positive side, the code analysis reveals good practices such as 100% of SQL queries using prepared statements and the absence of file operations or external HTTP requests. Nonce checks are present, which is a positive sign for security. However, a significant concern is the low percentage of properly escaped output (61%), indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's vulnerability history. The lack of capability checks for any entry points, though the static analysis reports 0 unprotected entry points, warrants further investigation as capability checks are crucial for securing administrative functions.\n\nThe vulnerability history is a key area of concern. The plugin has a history of two medium-severity CVEs, specifically related to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The fact that these vulnerabilities, though not currently unpatched, have existed suggests a pattern of past security weaknesses. The most recent vulnerability was on August 27, 2024, which is very recent and highlights an ongoing security challenge.\n\nIn conclusion, while the plugin demonstrates some good coding practices like prepared SQL statements, the high proportion of unescaped output and the history of XSS and CSRF vulnerabilities are significant weaknesses. The lack of explicit capability checks on entry points, even if static analysis shows them as protected, remains a point of caution. Users should be aware of the potential for XSS and CSRF if the unescaped output vulnerabilities are not thoroughly addressed.",[188,190,193],{"reason":189,"points":98},"Medium severity CVEs in vulnerability history",{"reason":191,"points":192},"Significant portion of output not properly escaped",5,{"reason":194,"points":141},"Recent vulnerability reported","2026-03-16T18:02:53.413Z",{"wat":197,"direct":206},{"assetPaths":198,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[199,200],"\u002Fwp-content\u002Fplugins\u002Flogo-manager-for-enamad\u002Fcss\u002Fenamadlogo.css","\u002Fwp-content\u002Fplugins\u002Flogo-manager-for-enamad\u002Fjs\u002Fenamadlogo.js",[],[200],[204,205],"logo-manager-for-enamad\u002Fcss\u002Fenamadlogo.css?ver=","logo-manager-for-enamad\u002Fjs\u002Fenamadlogo.js?ver=",{"cssClasses":207,"htmlComments":209,"htmlAttributes":211,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":226},[208],"enamad-logo-widget",[210],"\u003C!--No script kiddies please!-->",[212,213,214,215,216,217,218,219,220,221,222,223],"name=\"enamad-enable\"","name=\"enamad-disable-mobile\"","name=\"enamad-replace-with-img\"","name=\"enamad-width\"","name=\"enamad-position\"","name=\"enamad-view-method\"","id=\"enamad-enable\"","id=\"enamad-disable-mobile\"","id=\"enamad-replace-with-img\"","id=\"enamad-width\"","id=\"enamad-position\"","id=\"enamad-view-method\"",[],[],[]]