[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDqUU_5TjolzWsZg6glGO6-0bbAFbJ72vIal27Rkgm7I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":64,"crawl_stats":38,"alternatives":69,"analysis":153,"fingerprints":228},"magic-the-gathering-card-tooltips","Magic the Gathering Card Tooltips","3.8.0","grimdonkey","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrimdonkey\u002F","\u003Cp>The plugin adds shortcodes that transform mtg card names and decks to provide a mouseover image. For cards use the [mtg_card][\u002Fmtg_card] shortcode (or the shortened version [c][\u002Fc]). When viewing the post, the card name will show up as a link to the card’s page on https:\u002F\u002Fdeckbox.org . Hovering over the link will show the card’s image in a tooltip.\u003C\u002Fp>\n\u003Cp>A similar tag can be used to quickly create deck listings: [mtg_deck][\u002Fmtg_deck] (or the shortened version [d][\u002Fd]). A deck listing should contain a list of cards and categories. All cards have a number before their name. All other lines are interpreted as category names. Do \u003Cem>not\u003C\u002Fem> include card numbers on the category name lines, they will automatically be computed and displayed by the plugin. A short example follows.\u003C\u002Fp>\n\u003Cp>The default style for displaying decks is a card listing with each card having a mouseover tooltip. This style can be changed to an embedded view, where the listing has a card image to the right of the deck. This can be toggled in the plugin settings for all decks, or specifically for a deck by setting the style attribute to the tag, as can be seen below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[d title=\"Really Small Deck\" style=\"embedded\"]\n    Creatures\n    2 Bloodbraid Elf\n    4 Grizzly Bears\n\n    Spells\n    4 Lightning Bolt\n\n    Sideboard\n    4 Cultivate\n[\u002Fd]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The screenshot section includes an image of the above deck listing.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Embedded Card Display\u003C\u002Fstrong>: Individual card shortcodes also support the embedded style, displaying the card image inline instead of as a tooltip:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[card style=\"embedded\"]Lightning Bolt[\u002Fcard]\n[c style=\"embedded\"]Tarmogoyf (FUT) 153[\u002Fc]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Arena Format Support\u003C\u002Fstrong>: You can now paste deck lists directly from MTG Arena (or other compatible exports – like Moxfield) with set codes and collector numbers:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[deck]\n4 Lightning Bolt (M10) 146\n4 Mountain (FIN)\n2 Snapcaster Mage\n[\u002Fdeck]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will display only the card name and link to the specific printing when set code and number are provided. Set codes are case-insensitive. This format also works with the [card] shortcode: [card]Lightning Bolt (M10) 146[\u002Fcard]\u003C\u002Fp>\n","Easily transform Magic the Gathering card names into links that show the card image in a tooltip when hovering over them. You can also quickly create  …",100,11682,84,6,"2025-12-24T14:10:00.000Z","6.9.4","2.8.6","",[20,21,22,23,24],"ccg","deckbox","magic-the-gathering","mtg","tcg","https:\u002F\u002Fgithub.com\u002FSebastianZaha\u002Fwordpress_mtg_tooltips","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagic-the-gathering-card-tooltips.3.8.0.zip",98,2,0,"2025-02-14 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-26756","magic-the-gathering-card-tooltips-unauthenticated-stored-cross-site-scripting","Magic the Gathering Card Tooltips \u003C= 3.5.0 - Unauthenticated Stored Cross-Site Scripting","The Magic the Gathering Card Tooltips plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=3.5.0","3.6.0","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-02-26 22:38:11",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fea0ea17f-fe22-4749-851b-f13fc79de7d9?source=api-prod",13,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":44,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2025-24704","magic-the-gathering-card-tooltips-authenticated-contributor-stored-cross-site-scripting","Magic the Gathering Card Tooltips \u003C= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Magic the Gathering Card Tooltips plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.4.0","3.5.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-01-24 00:00:00","2025-01-28 18:43:04",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8099c650-96d7-47b6-a81b-83ff663edb6b?source=api-prod",5,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},1,9,93,"2026-04-04T16:51:05.810Z",[70,86,102,119,137],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":11,"num_ratings":65,"last_updated":80,"tested_up_to":81,"requires_at_least":17,"requires_php":18,"tags":82,"homepage":83,"download_link":84,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"mtgpulse-magic-the-gathering-deckbox-plugin","MTGPulse deckbox embedding tool","1.0.3","perstilling","https:\u002F\u002Fprofiles.wordpress.org\u002Fperstilling\u002F","\u003Cp>The plugin adds any number of Magic: The Gathering deckboxes from mtgpulse.com to your wordpress site. The syntax for adding a deckbox is as follows:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[deckbox did=\"number\" size=\"small|normal\" width=\"number\" bgcolor=\"hexcolor\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>did: Deck id from mtgpulse.com\u003C\u002Fli>\n\u003Cli>width: Width of the deckbox in pixels.\u003C\u002Fli>\n\u003Cli>size: small or normal (use small if width \u003C 800, normal if above). Difference is whether two or columns are used.\u003C\u002Fli>\n\u003Cli>bgcolor: the desired hex background color. For example FFFFFF for white.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a custom decklist use the following syntax:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[deckboxcustom name=\"test deck\" size=\"small|normal\" width=\"number\" bgcolor=\"hexcolor\"]\n4 Glint Hawk Idol\n4 Origin Spellbomb\n4 Etched Champion\n4 Memnite\n4 Signal Pest\n4 Vault Skirge\n4 Glint Hawk\n1 Oblivion Ring\n4 Tempered Steel\n3 Dispatch\n4 Mox Opal\n9 Plains\n3 Gavony Township\n4 Inkmoth Nexus\n4 Razorverge Thicket\nSB:\n4 Shrine of Loyal Legions\n2 Spellskite\n4 Hero of Bladehold\n1 Oblivion Ring\n1 Celestial Purge\n1 Dispatch\n2 Mental Misstep\n[\u002Fdeckboxcustom]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Same meaning as above, but name is the deck name that will be displayed.\u003C\u002Fp>\n\u003Cp>For the three settings: size, width and color there is a settings page where you can apply the default value for these. This way you don’t have to specify these every time you use the deckbox.\u003C\u002Fp>\n","Facilitates embedding of MTGPulse.com deckboxes on your word press site",10,1844,"2012-02-07T17:29:00.000Z","3.3.2",[20,21,22,23,24],"http:\u002F\u002Fmtgpulse.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmtgpulse-magic-the-gathering-deckbox-plugin.zip",85,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":78,"downloaded":94,"rating":29,"num_ratings":29,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":100,"download_link":101,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"mtg-tutorde-cardlinker","MtG-Tutor.de CardLinker","0.1","pascalkleindienst","https:\u002F\u002Fprofiles.wordpress.org\u002Fpascalkleindienst\u002F","\u003Cp>(English description below German version!)\u003C\u002Fp>\n\u003Ch4>DE\u003C\u002Fh4>\n\u003Cp>Dieses Plugin enthät zwei Shortcodes mit denen man ganz einfach Magic the Gathering Karten oder komplette Magic Decks oder Listen verlinken kann.\u003Cbr \u002F>\nDie Karten werden mithilfe von \u003Ca href=\"http:\u002F\u002Fwww.mtg-tutor.de\" title=\"Deine Magic Kartendatenbank mit Kombos und mehr\" rel=\"nofollow ugc\">MtG-Tutor\u003C\u002Fa> verlinkt.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enthält Buttons für den Editor, um die Handhabung mit den Shortcodes zu vereinfachen\u003C\u002Fli>\n\u003Cli>Optional können Kartenbilder bei Karten oder Decks angezeigt werden, wenn man mit der Maus über die Kartennamen fährt\u003C\u002Fli>\n\u003Cli>Optional kann die Starthand-Wahrscheinlichkeit bei Karten in einem Deck angezeigt werden\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Feedback\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ich bin jederzeit offen für Vorschläge und Korrekturen\u003C\u002Fli>\n\u003Cli>Kontakt via Website \u003Ca href=\"http:\u002F\u002Fwww.mtg-tutor.de\" title=\"Deine Magic Kartendatenbank mit Kombos und mehr\" rel=\"nofollow ugc\">MtG-Tutor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Kontakt via Twitter \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmtg_tutor\" rel=\"nofollow ugc\">@mtg_tutor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Folge mir auf meiner \u003Ca href=\"http:\u002F\u002Fde-de.facebook.com\u002Fmtg_tutor\" rel=\"nofollow ugc\">Facebook-Seite\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Oder folge mir \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002Fu\u002F0\u002F114000458757848852888\u002Fposts\" rel=\"nofollow ugc\">+MtG-Tutor\u003C\u002Fa> bei Google Plus\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>EN\u003C\u002Fh4>\n\u003Cp>This plugin contains two shortcodes, which can be used to link Magic the Gathering cards or complete Magic Decks.\u003Cbr \u002F>\nThe cards will be linked to \u003Ca href=\"http:\u002F\u002Fwww.mtg-tutor.de\" rel=\"nofollow ugc\">MtG-Tutor\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contains buttons for the WordPress Editor\u003C\u002Fli>\n\u003Cli>Optional mouseover card images\u003C\u002Fli>\n\u003Cli>Optional starting-hand probabillity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Feedback\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>I am open for your suggestions and feedback \u003C\u002Fli>\n\u003Cli>Tweet me \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmtg_tutor\" rel=\"nofollow ugc\">@mtg_tutor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Follow me on \u003Ca href=\"http:\u002F\u002Fde-de.facebook.com\u002Fmtg_tutor\" rel=\"nofollow ugc\">my Facebook page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Or follow me on \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002Fu\u002F0\u002F114000458757848852888\u002Fposts\" rel=\"nofollow ugc\">+MtG-Tutor\u003C\u002Fa> on Google Plus\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin provides some shortcode to easily link MtG Cards and Decks! - Ein Plugin mit dem man ganz leicht MtG Karten und Decks verlinken kann!",1587,"2012-10-07T17:23:00.000Z","3.4.2","3.0.1",[22,23,24,99],"trading-cards","http:\u002F\u002Fwww.mtg-tutor.de\u002Fgadgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmtg-tutorde-cardlinker.0.1.zip",{"slug":103,"name":104,"version":89,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":78,"downloaded":109,"rating":29,"num_ratings":29,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":117,"download_link":118,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ccg-manager","CCG Manager","Chris Reynolds","https:\u002F\u002Fprofiles.wordpress.org\u002Fjazzs3quence\u002F","\u003Cp>CCG Manager is a way to store your collectable card game trading cards in WordPress. It’s based off of desktop apps like Magic Suitcase which store your card collections and allow you to search through your inventory. \u003C\u002Fp>\n\u003Cp>Using custom post types and taxonomies, you can store information about your cards, sort them by series, and split them into collections. Collections could be based on whatever criteria you like — some examples could be to split them by game, decks, etc.\u003C\u002Fp>\n\u003Ch3>Future development\u003C\u002Fh3>\n\u003Cp>This was mostly just a sideproject of mine, but it’s based off of real software I used when I was collecting \u003Cem>Magic: the Gathering\u003C\u002Fem> cards actively. This plugin will always be free, which means I’m not making any money off of it, and therefore may or may not be inclined to add new features to it. However, given enough interest, there are a few directions this plugin could go like…\u003C\u002Fp>\n\u003Ch4>Premium Extensions\u003C\u002Fh4>\n\u003Cp>Game-based extensions that add new features (like additional meta-fields for game-specific information not included in the basic plugin) and game-centric icons that replace the generic text that displays for casting\u002Fsummoning cost or series.\u003C\u002Fp>\n\u003Cp>I’m open to other suggestions for extensions as well from anyone who wants to use this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>So how will these extensions get made?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Each add-on extension will likely have some kind of bounty based on how long it would take to develop it. I’ll try to throw together some kind of Kickstarter-like donation system, so people can donate toward a particular goal and if enough people donate (or pledge to donate), the add-on gets made.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How do I request an extension?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For now you can either open a ticket in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjazzsequence\u002FCCG-Manager\u002Fissues\" rel=\"nofollow ugc\">GitHub issue tracker\u003C\u002Fa> or ping me \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fjazzs3quence\" rel=\"nofollow ugc\">on Twitter\u003C\u002Fa>.\u003C\u002Fp>\n","A WordPress plugin to manage your CCG collection",2253,"2013-06-07T19:20:00.000Z","3.6.1","2.9",[20,114,22,115,116],"collectable-card-game","pokemon","trading-card","http:\u002F\u002Fmuseumthemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fccg-manager.0.1.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":78,"downloaded":127,"rating":29,"num_ratings":29,"last_updated":128,"tested_up_to":111,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":135,"download_link":136,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"tcg-card-links","TCG Card Links","1.0","Indrajeetpal","https:\u002F\u002Fprofiles.wordpress.org\u002Findrajeetpal\u002F","\u003Cp>The goal of this Plug-in is to provide an instantaneous way for you to turn all Magic: the Gathering card names within your blog posts into card information links with Low-Mid-Hi pricing! from over 30 of the internets cheapest vendors! click the “MTG Card Shortcode” button to genrate shortcode for links.\u003C\u002Fp>\n\u003Cp>WordPress plugin developed by Indrajeet Pal\u003C\u002Fp>\n\u003Cp>USE\u003C\u002Fp>\n\u003Cp>To use the TCG Card Links, you must first enter the settings Plug-in Option -> TCG Card Links and Enter a partner key for your Blog other than “WORDPRESS”. The name must contain between 6 and 10 capital letters.\u003C\u002Fp>\n\u003Ch3>CREDIT\u003C\u002Fh3>\n\u003Cp>This plugin was developed by Indrajeet Pal – http:\u002F\u002Fwww.indrajeet.pixub.com\u002F\u003C\u002Fp>\n\u003Ch3>CONTACT\u003C\u002Fh3>\n\u003Cp>Indrajeet Pal\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.indrajeet.pixub.com\u002Fcontact-me\u002F\u003C\u002Fp>\n","The goal of this Plug-in is to provide an instantaneous way for you to turn all Magic: the Gathering card names within your blog posts into card infor …",1632,"2013-10-25T11:26:00.000Z","2.9.2",[131,132,115,133,134],"magic","mtg-card","tcg-card","wowtcg","http:\u002F\u002Fwww.indrajeet.pixub.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftcg-card-links.zip",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":78,"downloaded":145,"rating":29,"num_ratings":29,"last_updated":146,"tested_up_to":140,"requires_at_least":147,"requires_php":18,"tags":148,"homepage":151,"download_link":152,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-mtg-helper","WP MtG-Helper","1.2.7","distractedBySquirrels","https:\u002F\u002Fprofiles.wordpress.org\u002Fbackseatsurfer\u002F","\u003Cp>The goal of this plugin is to help you writing articels about Magic: the Gathering like tournament reports or draft walkthroughs and reducing the time you need for posting decks and link cards to their picture.\u003Cbr \u002F>\nAll this stuff is taken care of by the plugin and that’s not the enf of it. MtG-Helper does not only link cards for you it also creates good looking deck lists, sealed pools and booster drafts.\u003Cbr \u002F>\nThe only thing you have to do is typ in the cards.\u003Cbr \u002F>\nIf you still not convinced, take a look at the screenshots.\u003C\u002Fp>\n\u003Cp>If your have any questions how to use the plugin take a look into the FAQ (or readme-file). If this doesn’t help, \u003Ca href=\"http:\u002F\u002Fwww.backseatsurfer.de\u002Ffeedback\u002F\" rel=\"nofollow ugc\">contact me\u003C\u002Fa>. Maybe I could help\u003C\u002Fp>\n\u003Ch4>Upgrading from older version to 1.0+\u003C\u002Fh4>\n\u003Cp>\u003Cem>To save yourself trouble deactivate the plugin and remove it from your wordpress instalation before upgrading to a newer version!\u003C\u002Fem>\u003C\u002Fp>\n","The goal of this plugin is to help you writing articels about Magic: the Gathering like tournament reports or draft walkthroughs and reducing the time …",6186,"2013-05-25T08:06:00.000Z","2.5",[149,150,131,22,23],"deck","help","http:\u002F\u002Fwww.distractedbysquirrels.com\u002Fwork\u002F#work1178","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mtg-helper.1.2.7.zip",{"attackSurface":154,"codeSignals":202,"taintFlows":218,"riskAssessment":219,"analyzedAt":227},{"hooks":155,"ajaxHandlers":179,"restRoutes":180,"shortcodes":181,"cronEvents":201,"entryPointCount":14,"unprotectedCount":29},[156,162,166,171,175],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","init","deckbox_launch_tooltip_plugin","wp_deckbox_mtg.php",14,{"type":157,"name":163,"callback":164,"file":160,"line":165},"admin_menu","add_option_menu",52,{"type":167,"name":168,"callback":169,"file":160,"line":170},"filter","mce_external_plugins","add_tinymce_plugin",78,{"type":167,"name":172,"callback":173,"file":160,"line":174},"mce_buttons","register_button",79,{"type":157,"name":176,"callback":177,"file":160,"line":178},"wp_head","init_css",96,[],[],[182,186,189,192,196,198],{"tag":183,"callback":184,"file":160,"line":185},"mtg_card","parse_mtg_card",64,{"tag":187,"callback":184,"file":160,"line":188},"card",65,{"tag":190,"callback":184,"file":160,"line":191},"c",66,{"tag":193,"callback":194,"file":160,"line":195},"mtg_deck","parse_mtg_deck",67,{"tag":149,"callback":194,"file":160,"line":197},68,{"tag":199,"callback":194,"file":160,"line":200},"d",69,[],{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":206,"fileOperations":29,"externalRequests":29,"nonceChecks":65,"capabilityChecks":213,"bundledLibraries":214},[],{"prepared":29,"raw":29,"locations":205},[],{"escaped":78,"rawEcho":28,"locations":207},[208,211],{"file":160,"line":209,"context":210},59,"raw output",{"file":160,"line":212,"context":210},287,3,[215],{"name":216,"version":38,"knownCves":217},"TinyMCE",[],[],{"summary":220,"deductions":221},"The static analysis of \"magic-the-gathering-card-tooltips\" v3.8.0 reveals a generally positive security posture. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries, implementing nonce checks, and performing capability checks on entry points. There are no identified dangerous functions, file operations, or external HTTP requests, and the attack surface, while present through shortcodes, appears to be well-protected from unauthenticated access. The limited number of flows analyzed by the taint analysis and the absence of unsanitized paths are also encouraging signs.\n\nHowever, there are areas for improvement. The 83% rate of output escaping, while good, suggests a potential for cross-site scripting (XSS) vulnerabilities in the remaining 17% of outputs. The plugin's vulnerability history, featuring two known CVEs, one of which was high severity (XSS), indicates a past tendency towards input neutralization issues. Although all previous vulnerabilities are currently patched, this history warrants continued vigilance.\n\nIn conclusion, \"magic-the-gathering-card-tooltips\" v3.8.0 has a decent security foundation with robust data handling and access control. The primary concern lies in the potential for XSS due to incomplete output escaping and the historical precedent for such vulnerabilities. Ongoing monitoring and thorough code reviews, particularly around output handling, are recommended to maintain a strong security posture.",[222,224],{"reason":223,"points":14},"Output escaping is not fully implemented",{"reason":225,"points":226},"Past vulnerabilities including XSS",15,"2026-03-16T20:39:26.476Z",{"wat":229,"direct":237},{"assetPaths":230,"generatorPatterns":233,"scriptPaths":234,"versionParams":236},[231,232],"\u002Fwp-content\u002Fplugins\u002Fmagic-the-gathering-card-tooltips\u002Fresources\u002Fcss\u002Fwp_deckbox_mtg.css","\u002Fwp-content\u002Fplugins\u002Fmagic-the-gathering-card-tooltips\u002Fresources\u002Ftooltip_extension.js",[],[235],"https:\u002F\u002Fdeckbox.org\u002Fjavascripts\u002Ftooltip.js",[],{"cssClasses":238,"htmlComments":241,"htmlAttributes":242,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":246},[239,193,240],"deckbox_link","mtg_deck_title",[],[21],[],[245],"deckbox_extensions",[247,248,249,250,251,252],"[mtg_card]","[card]","[c]","[mtg_deck]","[deck]","[d]"]