[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fv7tX1dPCJLAxvqnULtatLcwgtRSgpnt_s6KI8RJx0II":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":90,"crawl_stats":38,"alternatives":95,"analysis":196,"fingerprints":640},"makestories-helper","MakeStories (for Google Web Stories)","3.0.4","Pratik Ghela","https:\u002F\u002Fprofiles.wordpress.org\u002Fpressmate\u002F","\u003Cp>MakeStories is a visual drag-drop based editor to create AMP-Stories. This plugin helps you publish your Google Web Stories directly to your WordPress site with one click from your dashboard.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.notion.so\u002Fmakestories\u002FMakeStories-WordPress-Plugin-Set-Up-Guide-d903e700c9204ef08f9751bb4a101068\" rel=\"nofollow ugc\">For detailed instructions on \u003Cstrong>Installation and Setup\u003C\u002Fstrong> read this article\u003C\u002Fa>\u003C\u002Fp>\n","MakeStories helper plugin to publish stories for your WordPress site",700,98027,86,28,"2024-07-11T11:00:00.000Z","6.4.8","4.0","5.6",[20,21,22,23,24],"amp","amp-story","makestories","stories","web-stories","https:\u002F\u002Fmakestories.io\u002Fofficial-wordpress-webstories-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmakestories-helper.zip",66,4,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[33,47,61,75],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-57984","makestories-for-google-web-stories-authenticated-author-server-side-request-forgery","MakeStories (for Google Web Stories) \u003C= 3.0.4 - Authenticated (Author+) Server-Side Request Forgery","The MakeStories (for Google Web Stories) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",null,"\u003C=3.0.4","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-09-26 18:25:42",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fed686f11-e696-415c-92cf-55fb789191a1?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":6,"severity":40,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":57,"references":58,"days_to_patch":60},"CVE-2024-38746","makestories-for-google-web-stories-authenticated-subscriber-arbitrary-file-download-and-server-side-request-forgery","MakeStories (for Google Web Stories) \u003C= 3.0.3 - Authenticated (Subscriber+) Arbitrary File Download and Server-Side Request Forgery","The MakeStories (for Google Web Stories) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ms_image_proxy() function in all versions up to, and including, 3.0.3. This makes it possible for unauthenticated attackers to download arbitrary files and perform server-side request forgeries.","\u003C=3.0.3",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2024-07-11 00:00:00","2024-07-16 18:45:19",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F547d30cd-3b30-44ce-93b5-07ce7a56d0ab?source=api-prod",6,{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":38,"affected_versions":66,"patched_in_version":67,"severity":40,"cvss_score":53,"cvss_vector":68,"vuln_type":69,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2023-27448","makestories-for-google-web-stories-cross-site-request-forgery-via-mssetoptions","MakeStories (for Google Web Stories) \u003C= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options'","The MakeStories (for Google Web Stories) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on the 'ms_set_options' function.  This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=3.0.2","3.0.3","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-08-28 00:00:00","2024-03-11 08:47:47",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd9f7130d-883a-4db4-9edf-f5526724de11?source=api-prod",196,{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":38,"affected_versions":80,"patched_in_version":81,"severity":40,"cvss_score":82,"cvss_vector":83,"vuln_type":84,"published_date":85,"updated_date":86,"references":87,"days_to_patch":89},"WF-98c9c9cb-ca35-461e-9ca6-733012332fd6-makestories-helper","makestories-for-web-stories-cross-ste-scripting","MakeStories (for Web Stories) \u003C= 2.6.4 - Cross-Ste Scripting","The MakeStories (for Web Stories) plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C=2.6.4","2.6.5",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-07-06 00:00:00","2024-01-22 19:56:02",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F98c9c9cb-ca35-461e-9ca6-733012332fd6?source=api-prod",566,{"slug":91,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":92,"trust_score":93,"computed_at":94},"pressmate",256,55,"2026-04-04T04:25:48.359Z",[96,120,142,159,177],{"slug":24,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":117,"unpatched_count":118,"last_vuln_date":119,"fetched_at":31},"Web Stories","1.42.0","Google","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoogle\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Famp.dev\u002Fabout\u002Fstories\u002F\" rel=\"nofollow ugc\">Web Stories\u003C\u002Fa> are a free, open-web, visual storytelling format for the web, enabling you to easily create visual narratives with engaging animations and tappable interactions, and  immerse your readers in great and fast-loading full-screen experiences.\u003C\u002Fp>\n\u003Ch3>Benefits of Web Stories\u003C\u002Fh3>\n\u003Cp>The Web Stories format puts features and capabilities at your fingertips to engage with your audience via the power of storytelling on the open web. Specifically, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Create beautiful and engaging content easily:\u003C\u002Fstrong> Web Stories make the production of stories as easy as possible from a technical perspective.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enjoy creative flexibility for editorial freedom and branding:\u003C\u002Fstrong> The Web Stories format comes with preset but flexible layout templates, standardized UI controls, and components for sharing and adding follow-on content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share and link your stories on the open web:\u003C\u002Fstrong> Web Stories are part of the open web and can be shared and embedded across sites and apps without being confined to a single ecosystem.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and measure your stories:\u003C\u002Fstrong> Supports analytics and bookend capabilities for viral sharing and monetization.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Capture the attention of your readers by offering fast loading times to your stories:\u003C\u002Fstrong> Web Stories are lightning fast so that your audience stays engaged and entertained.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Engage with your readers via immersive storytelling:\u003C\u002Fstrong> Web Stories are a new and modern way to reach existing readers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monetize effectively the beautiful and engaging stories you create:\u003C\u002Fstrong> Web Stories enable monetization capability for publishers using affiliate links. For advertisers, Stories is a way to reach a unique audience within a new storytelling experience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Web Stories Editor\u003C\u002Fh3>\n\u003Cp>The Web Stories editor for WordPress brings together a robust set of story creation capabilities in a user-friendly, WYSIWYG creation tool. Some of the key features you can leverage out of the box are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>A visually rich and intuitive dashboard\u003C\u002Fstrong>, allowing you to easily navigate the story creation process\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beautiful and expressive page templates\u003C\u002Fstrong> to you get your story creation process started quickly and smoothly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy drag-and-drop capabilities\u003C\u002Fstrong>, making it easy to compose beautiful stories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Convenient access to WordPress’ media library\u003C\u002Fstrong>, enabling you to grab your media assets right from the plugin dashboard as you create your stories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable color and text style presets\u003C\u002Fstrong>, making it easy to tailor the style of your stories to the needs of your content strategy\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Using the Web Stories editor for WordPress, you can easily create visual narratives with tappable interactions, and share freely across the web, or embed them on your existing content strategies. The Stories you create are yours in every way, as Web Stories belong to the open web, instead of being confined to any specific closed ecosystem or platform.\u003C\u002Fp>\n\u003Ch3>Audience: Everyone\u003C\u002Fh3>\n\u003Cp>Web Stories are for everyone! If you are a site owner, content creator, or publisher on the web, embracing the Web Stories format would be great as a way to enhance the quality of your content strategy, the value you bring to your readers, and consequently your chances of achieving sustainable success.\u003C\u002Fp>\n\u003Ch3>Terms of Service\u003C\u002Fh3>\n\u003Cp>By using this plugin, you agree to \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Google’s Terms of Service\u003C\u002Fa>. By using third-party imagery and video provided by \u003Ca href=\"https:\u002F\u002Funsplash.com\u002Fterms\" rel=\"nofollow ugc\">Unsplash\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fcoverr.co\u002Flicense\" rel=\"nofollow ugc\">Coverr\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftenor.com\u002Flegal-terms\" rel=\"nofollow ugc\">Tenor\u003C\u002Fa>, you agree to adhere to the respective Terms of Service.\u003C\u002Fp>\n","Web Stories are a visual storytelling format for the open web which immerses your readers in fast-loading, full-screen, and visually rich experiences.",70000,2848703,84,85,"2025-05-15T13:13:00.000Z","6.8.5","6.6","7.4",[20,112,23,113,24],"google","storytelling","https:\u002F\u002Fwp.stories.google\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-stories.1.42.0.zip",95,3,0,"2024-12-11 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":60,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":138,"download_link":139,"security_score":140,"vuln_count":29,"unpatched_count":118,"last_vuln_date":141,"fetched_at":31},"shortcodes-for-amp-web-stories-and-elementor-widget","Web Stories Widgets For Elementor","1.2.6","Cool Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoolplugins\u002F","\u003Ch3>Web Stories Widgets for Elementor\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Web Stories Widgets for Elementor\u003C\u002Fstrong> is a simple and powerful addon that extends the official Web Stories plugin and adds a Web Stories widget inside Elementor.\u003Cbr \u002F>\nWith this plugin, you can easily display your Web Stories anywhere on your website using Elementor or shortcodes.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Elementor Widget :\u003C\u002Fstrong> Adds a dedicated Elementor widget so you can easily display Web Stories inside any Elementor. Just drag and drop the widget and choose your preferred story layout and options.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Shortcode Friendly:\u003C\u002Fstrong> Whether you are working with Elementor, Gutenberg, or Classic Editor, simply paste the shortcode and display your web stories.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Recent Stories Display:\u003C\u002Fstrong> Show your most recently created Web Stories anywhere on your website using a shortcode or the Elementor widget.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the shortcode below and replace the ID with your story’s ID:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Read Full Documentation:-\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fdocs.coolplugins.net\u002Fdocs\u002Fshortcodes-for-amp-web-stories-and-elementor-widget\u002Fusing-individual-shortcode\u002F\" rel=\"nofollow ugc\">Shortcodes & Docs\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[webstory id=”{ add here story id}” button-text=”Default view” show-button=”yes”]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multiple Stories:\u003C\u002Fstrong> You can display all stories or limit the number of stories to any value you prefer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFGNh_hkRvZI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>[Recent-stories column=”3″ show-button=”yes” show-no-of-story=”all” button-text=”Default view” order=”DESC” btn-color=”#8BCDA0″ btn-text-color=”#000″]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Choose Story Order:\u003C\u002Fstrong> Sort your Web Stories in ascending (ASC) or descending (DESC) order.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Typography and Style Settings:\u003C\u002Fstrong> Customize button fonts, size, spacing, and color directly from Elementor. This makes it easy to match your theme’s style.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beginner-Friendly Setup.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fully Responsive.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Use of 3rd Party Services:\u003C\u002Fstrong> This plugin connects to the Cool Plugins feedback server only for optional usage data sharing and voluntary feedback submission (for example, during plugin deactivation). Data is transmitted solely after explicit user consent. No hidden tracking is performed, and no frontend visitor or site user data is collected.  For more details, please review our \u003Ca href=\"https:\u002F\u002Fmy.coolplugins.net\u002Fterms\u002Fusage-tracking\u002F\" rel=\"nofollow ugc\">Data Usage Policy\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fmy.coolplugins.net\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fmy.coolplugins.net\u002Fterms\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","This addon will helps you to easily represent Google Web stories in the Page\u002FPost using Elementor Widget and shortcodes.",1000,18058,100,"2026-02-23T05:48:00.000Z","6.9.4","5.0",[135,136,112,137,24],"amp-stories","elementor-widgets","shortcode","https:\u002F\u002Fcoolplugins.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-for-amp-web-stories-and-elementor-widget.1.2.6.zip",99,"2024-11-08 00:00:00",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":130,"num_ratings":29,"last_updated":152,"tested_up_to":153,"requires_at_least":17,"requires_php":18,"tags":154,"homepage":155,"download_link":156,"security_score":157,"vuln_count":29,"unpatched_count":118,"last_vuln_date":158,"fetched_at":31},"web-stories-enhancer","Web Stories Enhancer – Level Up Your Web Stories","1.4","Magazine3","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagazine3\u002F","\u003Cp>This is the Web Stories Enhancer Plugin for showing the web stories to the website with the help of shortcode [web_stories_enhancer].\u003Cbr \u002F>\nIt shows Instagram-style latest stories in the round circle format which outputs with the help of Shortcode. It can be literally everywhere.\u003C\u002Fp>\n\u003Cp>\u003Cstrong> Compatible Plugins  \u003C\u002Fstrong> \u003Cbr \u002F>\n* Web Stories by Google (\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fweb-stories\u002F\" rel=\"ugc\">view\u003C\u002Fa>\u003C\u002Fstrong> )\u003Cbr \u002F>\n* MakeStories (for Web Stories) by MakeStories (\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmakestories-helper\u002F\" rel=\"ugc\">view\u003C\u002Fa>\u003C\u002Fstrong> )\u003Cbr \u002F>\n* We plan to add many other plugin compatibilities in the future.\u003C\u002Fp>\n\u003Cp>If you have any feature requests, please add them to the forums section and we will add them immediately.\u003C\u002Fp>\n\u003Cp>We are actively developing this plugin and also providing technical support as well.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>New – Advertisment Inserter for Webstories\u003C\u002Fli>\n\u003Cli>New – Dark mode compatible\u003C\u002Fli>\n\u003Cli>Web Stories will be displayed in Instagram style\u003C\u002Fli>\n\u003Cli>Display Web Stories anywhere using just a shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n","This is the Web Stories Enhancer Plugin for showing the web stories to the website with the help of a shortcode [web_stories_enhancer].",200,6781,"2025-02-11T06:16:00.000Z","6.7.5",[20,112,23,113,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fweb-stories-enhancer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-stories-enhancer.1.4.zip",91,"2025-02-17 00:00:00",{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":167,"downloaded":168,"rating":118,"num_ratings":118,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":172,"tags":173,"homepage":175,"download_link":176,"security_score":106,"vuln_count":118,"unpatched_count":118,"last_vuln_date":38,"fetched_at":31},"zmooz-stories","ZMOOZ Web Stories","0.9.8.7","Prince Nick BALLO","https:\u002F\u002Fprofiles.wordpress.org\u002Fzwstories1\u002F","\u003Cp>ZMOOZ Stories is a solution that allows publishers and bloggers to automatically transform their articles into Web Story format. By using the content of their website, publishers save a lot of time in the process of creating their web stories as well as in filling in the SEO metadata necessary for the good referencing of your web stories.\u003Cbr \u002F>\nWith the Zmooz Stories WordPress plugin, just click on the “Download” button from WordPress and see all the WEB STORIES automatically published on your site.\u003Cbr \u002F>\nAll WEB STORIES created on Zmooz manually or automatically will be published and available on your WordPress site and nowhere else!\u003C\u002Fp>\n","ZMOOZ Stories is a solution that allows publishers and bloggers to automatically transform their articles into Web Story format.",10,2612,"2023-05-23T15:44:00.000Z","6.0.11","","7.2",[20,23,113,24,174],"web-story","https:\u002F\u002Fzmooz.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzmooz-stories.0.9.8.7.zip",{"slug":178,"name":179,"version":180,"author":181,"author_profile":182,"description":183,"short_description":184,"active_installs":185,"downloaded":186,"rating":130,"num_ratings":117,"last_updated":187,"tested_up_to":170,"requires_at_least":17,"requires_php":171,"tags":188,"homepage":193,"download_link":194,"security_score":106,"vuln_count":29,"unpatched_count":118,"last_vuln_date":195,"fetched_at":31},"embedstories","EmbedStories – Display social media stories","0.7.5","embedsocial","https:\u002F\u002Fprofiles.wordpress.org\u002Fembedsocial\u002F","\u003Cp>EmbedStories allows you to easily embed Instagram Stories on your website\u003C\u002Fp>\n\u003Ch3>EmbedStories\u003C\u002Fh3>\n\u003Cp>Save and Embed Instagram Stories on Any Website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fembedsocial.com\u002Fproducts\u002Fembedstories\u002F\" rel=\"nofollow ugc\">LEARN MORE\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fembedsocial.com\u002Fadmin\u002Fcontinue_plugin_purchase\u002Fstories\u002Ftriallist\" rel=\"nofollow ugc\">FREE TRIAL\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is a unique tool that can fetch and embed your Instagram stories on your WordPress website with a simple shortcode.\u003C\u002Fp>\n\u003Cp>Once you embed the code it will automatically update every time you post a new story on your Instagram account.\u003C\u002Fp>\n\u003Cp>To start using EmbedStories, \u003Ca href=\"https:\u002F\u002Fembedsocial.com\u002Fadmin\u002Fcontinue_plugin_purchase\u002Fstories\u002Ftriallist\" rel=\"nofollow ugc\">click here to create an account\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fetch the latest story published on your instagram account\u003C\u002Fli>\n\u003Cli>Every-time you add a photo or video to the story, the web widget will reflect the changes, in just a few minutes.\u003C\u002Fli>\n\u003Cli>Automatically archive all stories\u003C\u002Fli>\n\u003Cli>Embed entire story on any website with a simple embeddable code\u003C\u002Fli>\n\u003Cli>Customize the look of the story slider\u003C\u002Fli>\n\u003Cli>Create story gallery from multiple Instagram stories\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>show the latest Instagram story\u003C\u002Fli>\n\u003Cli>show story from a specific date\u003C\u002Fli>\n\u003Cli>order by date\u003C\u002Fli>\n\u003Cli>autoplay Interval\u003C\u002Fli>\n\u003Cli>Customize title\u003C\u002Fli>\n\u003Cli>Customize navigation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out the Live \u003Ca href=\"https:\u002F\u002Fembedsocial.com\u002Fproducts\u002Fembedstories\u002F#stories-demo\" rel=\"nofollow ugc\">DEMO\u003C\u002Fa> and see how an Instagram story displays on a website.\u003C\u002Fp>\n","EmbedStories allows you to easily embed Instagram Stories on your website",300,9889,"2023-01-24T12:25:00.000Z",[135,189,190,191,192],"instagram-stories","instagram-widget","social-media-feed","social-media-tools","http:\u002F\u002Fwww.embedsocial.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembedstories.zip","2023-01-30 00:00:00",{"attackSurface":197,"codeSignals":417,"taintFlows":497,"riskAssessment":622,"analyzedAt":639},{"hooks":198,"ajaxHandlers":316,"restRoutes":388,"shortcodes":396,"cronEvents":416,"entryPointCount":218,"unprotectedCount":216},[199,205,211,217,219,223,228,232,236,239,243,247,251,255,258,262,266,270,274,278,281,285,289,292,295,299,302,305,309,312],{"type":200,"name":201,"callback":202,"file":203,"line":204},"filter","posts_clauses","_filter_query_attachment_filenames","api\\media.php",19,{"type":206,"name":207,"callback":208,"file":209,"line":210},"action","rest_api_init","closure","api\\publish.php",665,{"type":200,"name":212,"callback":213,"priority":214,"file":215,"line":216},"determine_current_user","mscpt_json_basic_auth_handler",20,"basic-auth.php",23,{"type":200,"name":212,"callback":213,"priority":130,"file":215,"line":218},31,{"type":200,"name":220,"callback":221,"file":215,"line":222},"rest_authentication_errors","mscpt_json_basic_auth_error",40,{"type":206,"name":224,"callback":225,"file":226,"line":227},"init","makestories_gutenberg_blocks","gutenberg-block.php",37,{"type":206,"name":224,"callback":229,"file":230,"line":231},"mscpt_register_amp_stories_post_type","hooks.php",5,{"type":206,"name":233,"callback":234,"file":230,"line":235},"admin_head","mscpt_makeStoriesHeaderScript",98,{"type":206,"name":237,"callback":238,"file":230,"line":140},"admin_footer","mscpt_makeStoriesSlugModal",{"type":206,"name":240,"callback":241,"file":230,"line":242},"wp","mscpt_amp_story_load_frontend",117,{"type":206,"name":244,"callback":245,"file":230,"line":246},"wp_enqueue_scripts","mscpt_makeStoriesHeaderStyle",166,{"type":206,"name":248,"callback":249,"file":230,"line":250},"admin_enqueue_scripts","mscpt_makeStoriesHeaderStyle_toAdmin",184,{"type":200,"name":252,"callback":253,"priority":167,"file":230,"line":254},"post_type_link","mswp_permalink_structure",187,{"type":206,"name":224,"callback":256,"file":230,"line":257},"mscpt_tiny_mce_new_buttons",227,{"type":200,"name":259,"callback":260,"file":230,"line":261},"mce_external_plugins","mscpt_tiny_mce_add_buttons",230,{"type":200,"name":263,"callback":264,"file":230,"line":265},"mce_buttons","mscpt_tiny_mce_register_buttons",231,{"type":200,"name":267,"callback":268,"file":230,"line":269},"template_include","mscpt_template",243,{"type":200,"name":271,"callback":272,"priority":167,"file":230,"line":273},"admin_url","mswp_add_new_story_link",359,{"type":206,"name":275,"callback":276,"file":277,"line":14},"admin_menu","mscpt_admin_menu","pages\\index.php",{"type":206,"name":275,"callback":279,"file":277,"line":280},"mscpt_sub_menu",61,{"type":206,"name":282,"callback":283,"file":277,"line":284},"admin_init","mscpt_amp_story_load_editor",64,{"type":200,"name":286,"callback":287,"priority":167,"file":277,"line":288},"admin_body_class","ms_folded_menu",90,{"type":206,"name":233,"callback":290,"file":277,"line":291},"ms_editor_head",101,{"type":206,"name":237,"callback":293,"file":277,"line":294},"ms_editor_footer",124,{"type":206,"name":296,"callback":297,"priority":29,"file":277,"line":298},"admin_notices","ms_hide_admin_notices_for_editor",146,{"type":206,"name":300,"callback":297,"priority":29,"file":277,"line":301},"user_admin_notices",147,{"type":206,"name":303,"callback":297,"priority":29,"file":277,"line":304},"network_admin_notices",148,{"type":206,"name":306,"callback":307,"priority":128,"file":277,"line":308},"all_admin_notices","ms_hide_admin_notices_for_editor_end",149,{"type":206,"name":248,"callback":310,"file":277,"line":311},"ms_enqueue_media",163,{"type":200,"name":313,"callback":314,"priority":167,"file":277,"line":315},"get_edit_post_link","mscpt_wordpress_post_edit_link",171,[317,321,324,327,330,334,337,340,342,345,348,351,354,357,360,363,366,368,371,375,377,380,382,386],{"action":318,"nopriv":319,"callback":318,"hasNonce":319,"hasCapCheck":319,"file":320,"line":60},"ms_get_categories",false,"api\\category.php",{"action":322,"nopriv":319,"callback":322,"hasNonce":319,"hasCapCheck":319,"file":320,"line":323},"ms_get_stories",43,{"action":325,"nopriv":319,"callback":325,"hasNonce":319,"hasCapCheck":319,"file":320,"line":326},"ms_get_widget",82,{"action":328,"nopriv":319,"callback":328,"hasNonce":319,"hasCapCheck":319,"file":203,"line":329},"ms_get_media",2,{"action":331,"nopriv":319,"callback":331,"hasNonce":319,"hasCapCheck":332,"file":203,"line":333},"ms_image_proxy",true,52,{"action":335,"nopriv":319,"callback":336,"hasNonce":319,"hasCapCheck":319,"file":209,"line":329},"ms_publish_post","ms_publish_post_v2",{"action":338,"nopriv":319,"callback":338,"hasNonce":319,"hasCapCheck":319,"file":209,"line":339},"ms_upload_image_to_media_library",286,{"action":338,"nopriv":332,"callback":338,"hasNonce":319,"hasCapCheck":319,"file":209,"line":341},287,{"action":343,"nopriv":319,"callback":343,"hasNonce":319,"hasCapCheck":332,"file":209,"line":344},"ms_get_published_posts",298,{"action":346,"nopriv":319,"callback":346,"hasNonce":319,"hasCapCheck":319,"file":209,"line":347},"ms_get_published_posts_all",354,{"action":349,"nopriv":319,"callback":349,"hasNonce":319,"hasCapCheck":319,"file":209,"line":350},"ms_get_published_post",406,{"action":352,"nopriv":319,"callback":352,"hasNonce":319,"hasCapCheck":319,"file":209,"line":353},"ms_delete_post",441,{"action":355,"nopriv":319,"callback":355,"hasNonce":319,"hasCapCheck":319,"file":209,"line":356},"ms_change_story_slug",474,{"action":358,"nopriv":319,"callback":358,"hasNonce":319,"hasCapCheck":319,"file":209,"line":359},"ms_verify_media_in_story",614,{"action":361,"nopriv":319,"callback":361,"hasNonce":319,"hasCapCheck":319,"file":209,"line":362},"ms_schedule_publish_post",790,{"action":364,"nopriv":319,"callback":364,"hasNonce":319,"hasCapCheck":319,"file":365,"line":231},"ms_wp_save_design_settings","api\\story-page.php",{"action":367,"nopriv":319,"callback":367,"hasNonce":319,"hasCapCheck":319,"file":365,"line":204},"ms_wp_get_design_settings",{"action":369,"nopriv":319,"callback":369,"hasNonce":319,"hasCapCheck":319,"file":370,"line":117},"ms_publish_widget","api\\widget.php",{"action":372,"nopriv":332,"callback":373,"hasNonce":319,"hasCapCheck":319,"file":230,"line":374},"more_post_ajax","mscpt_more_post_ajax",315,{"action":372,"nopriv":319,"callback":373,"hasNonce":319,"hasCapCheck":319,"file":230,"line":376},316,{"action":378,"nopriv":332,"callback":378,"hasNonce":319,"hasCapCheck":319,"file":230,"line":379},"ms_get_site_id",341,{"action":378,"nopriv":319,"callback":378,"hasNonce":319,"hasCapCheck":319,"file":230,"line":381},342,{"action":383,"nopriv":332,"callback":384,"hasNonce":319,"hasCapCheck":319,"file":230,"line":385},"load_post_data_ajax","mscpt_load_post_data_ajax",356,{"action":383,"nopriv":319,"callback":384,"hasNonce":319,"hasCapCheck":319,"file":230,"line":387},357,[389],{"namespace":390,"route":391,"methods":392,"callback":394,"permissionCallback":38,"file":209,"line":395},"widget","\u002Fstories\u002F(?P\u003Cid>\\d+)",[393],"GET","storyPlayer",666,[397,400,403,407,410,412],{"tag":349,"callback":398,"file":399,"line":231},"ms_get_published_post_via_shortcode","shortcode.php",{"tag":401,"callback":401,"file":399,"line":402},"ms_get_post_by_category",71,{"tag":404,"callback":405,"file":399,"line":406},"ms_get_single_post","ms_get_single_post_via_shortcode",104,{"tag":408,"callback":405,"file":399,"line":409},"ms_get_single_post_shortcode",105,{"tag":405,"callback":405,"file":399,"line":411},106,{"tag":413,"callback":414,"file":399,"line":415},"ms_get_single_widget","ms_get_single_widget_via_shortcode",136,[],{"dangerousFunctions":418,"sqlUsage":419,"outputEscaping":421,"fileOperations":29,"externalRequests":28,"nonceChecks":117,"capabilityChecks":231,"bundledLibraries":496},[],{"prepared":118,"raw":118,"locations":420},[],{"escaped":422,"rawEcho":423,"locations":424},112,42,[425,427,429,431,433,435,436,439,441,442,443,445,448,450,452,454,455,457,459,461,462,463,465,466,467,469,470,472,473,475,477,479,480,482,484,486,487,489,490,491,493,494],{"file":320,"line":218,"context":426},"raw output",{"file":320,"line":428,"context":426},70,{"file":320,"line":430,"context":426},109,{"file":203,"line":432,"context":426},48,{"file":209,"line":434,"context":426},292,{"file":230,"line":341,"context":426},{"file":437,"line":438,"context":426},"pages\\category-structure.php",35,{"file":437,"line":440,"context":426},51,{"file":437,"line":301,"context":426},{"file":437,"line":304,"context":426},{"file":399,"line":444,"context":426},32,{"file":446,"line":447,"context":426},"templates\\archive-stories.php",16,{"file":446,"line":449,"context":426},17,{"file":446,"line":451,"context":426},34,{"file":453,"line":447,"context":426},"templates\\editor.php",{"file":453,"line":204,"context":426},{"file":453,"line":456,"context":426},24,{"file":453,"line":458,"context":426},25,{"file":460,"line":449,"context":426},"templates\\listing-story-grid.php",{"file":460,"line":449,"context":426},{"file":460,"line":444,"context":426},{"file":464,"line":449,"context":426},"templates\\listing-story-masonry.php",{"file":464,"line":449,"context":426},{"file":464,"line":449,"context":426},{"file":464,"line":468,"context":426},22,{"file":464,"line":444,"context":426},{"file":464,"line":471,"context":426},41,{"file":464,"line":423,"context":426},{"file":474,"line":329,"context":426},"templates\\ms-post-by-category.php",{"file":474,"line":476,"context":426},7,{"file":478,"line":117,"context":426},"templates\\ms-single-masonry-post.php",{"file":478,"line":117,"context":426},{"file":478,"line":481,"context":426},8,{"file":478,"line":483,"context":426},18,{"file":478,"line":485,"context":426},27,{"file":478,"line":14,"context":426},{"file":488,"line":329,"context":426},"templates\\ms-single-post.php",{"file":488,"line":329,"context":426},{"file":488,"line":449,"context":426},{"file":492,"line":485,"context":426},"templates\\ms-single-widget.php",{"file":492,"line":14,"context":426},{"file":495,"line":440,"context":426},"templates\\story-player-model.php",[],[498,520,530,551,564,576,584,596,604,614],{"entryPoint":499,"graph":500,"unsanitizedCount":29,"severity":40},"ms_publish_post (api\\publish.php:8)",{"nodes":501,"edges":517},[502,507,511],{"id":503,"type":504,"label":505,"file":209,"line":506},"n0","source","$_REQUEST",13,{"id":508,"type":509,"label":510,"file":209,"line":506},"n1","transform","→ ms_get_story_HTML()",{"id":512,"type":513,"label":514,"file":515,"line":456,"wp_function":516},"n2","sink","wp_remote_get() [SSRF]","helpers.php","wp_remote_get",[518,519],{"from":503,"to":508,"sanitized":319},{"from":508,"to":512,"sanitized":319},{"entryPoint":521,"graph":522,"unsanitizedCount":29,"severity":40},"\u003Cpublish> (api\\publish.php:0)",{"nodes":523,"edges":527},[524,525,526],{"id":503,"type":504,"label":505,"file":209,"line":506},{"id":508,"type":509,"label":510,"file":209,"line":506},{"id":512,"type":513,"label":514,"file":515,"line":456,"wp_function":516},[528,529],{"from":503,"to":508,"sanitized":319},{"from":508,"to":512,"sanitized":319},{"entryPoint":531,"graph":532,"unsanitizedCount":29,"severity":40},"mscpt_amp_story_load_editor (pages\\index.php:66)",{"nodes":533,"edges":547},[534,537,541,543,545],{"id":503,"type":504,"label":535,"file":277,"line":536},"$_GET",72,{"id":508,"type":513,"label":538,"file":277,"line":539,"wp_function":540},"echo() [XSS]",75,"echo",{"id":512,"type":504,"label":542,"file":277,"line":536},"$_GET['story']",{"id":544,"type":509,"label":510,"file":277,"line":536},"n3",{"id":546,"type":513,"label":514,"file":515,"line":456,"wp_function":516},"n4",[548,549,550],{"from":503,"to":508,"sanitized":332},{"from":512,"to":544,"sanitized":319},{"from":544,"to":546,"sanitized":319},{"entryPoint":552,"graph":553,"unsanitizedCount":29,"severity":40},"\u003Cindex> (pages\\index.php:0)",{"nodes":554,"edges":560},[555,556,557,558,559],{"id":503,"type":504,"label":535,"file":277,"line":536},{"id":508,"type":513,"label":538,"file":277,"line":539,"wp_function":540},{"id":512,"type":504,"label":542,"file":277,"line":536},{"id":544,"type":509,"label":510,"file":277,"line":536},{"id":546,"type":513,"label":514,"file":515,"line":456,"wp_function":516},[561,562,563],{"from":503,"to":508,"sanitized":332},{"from":512,"to":544,"sanitized":319},{"from":544,"to":546,"sanitized":319},{"entryPoint":565,"graph":566,"unsanitizedCount":118,"severity":575},"ms_image_proxy (api\\media.php:53)",{"nodes":567,"edges":573},[568,570],{"id":503,"type":504,"label":505,"file":203,"line":569},63,{"id":508,"type":513,"label":571,"file":203,"line":536,"wp_function":572},"header() [Header Injection]","header",[574],{"from":503,"to":508,"sanitized":332},"low",{"entryPoint":577,"graph":578,"unsanitizedCount":118,"severity":575},"\u003Cmedia> (api\\media.php:0)",{"nodes":579,"edges":582},[580,581],{"id":503,"type":504,"label":505,"file":203,"line":569},{"id":508,"type":513,"label":571,"file":203,"line":536,"wp_function":572},[583],{"from":503,"to":508,"sanitized":332},{"entryPoint":585,"graph":586,"unsanitizedCount":118,"severity":575},"mscpt_register_amp_stories_post_type (hooks.php:10)",{"nodes":587,"edges":594},[588,591],{"id":503,"type":504,"label":589,"file":230,"line":590},"$_POST",14,{"id":508,"type":513,"label":592,"file":230,"line":216,"wp_function":593},"update_option() [Settings Manipulation]","update_option",[595],{"from":503,"to":508,"sanitized":332},{"entryPoint":597,"graph":598,"unsanitizedCount":118,"severity":575},"\u003Chooks> (hooks.php:0)",{"nodes":599,"edges":602},[600,601],{"id":503,"type":504,"label":589,"file":230,"line":590},{"id":508,"type":513,"label":592,"file":230,"line":216,"wp_function":593},[603],{"from":503,"to":508,"sanitized":332},{"entryPoint":605,"graph":606,"unsanitizedCount":118,"severity":575},"ms_option_page (pages\\category-structure.php:2)",{"nodes":607,"edges":612},[608,610],{"id":503,"type":504,"label":609,"file":437,"line":447},"$_POST (x2)",{"id":508,"type":513,"label":538,"file":437,"line":611,"wp_function":540},67,[613],{"from":503,"to":508,"sanitized":332},{"entryPoint":615,"graph":616,"unsanitizedCount":118,"severity":575},"\u003Ccategory-structure> (pages\\category-structure.php:0)",{"nodes":617,"edges":620},[618,619],{"id":503,"type":504,"label":609,"file":437,"line":447},{"id":508,"type":513,"label":538,"file":437,"line":611,"wp_function":540},[621],{"from":503,"to":508,"sanitized":332},{"summary":623,"deductions":624},"The \"makestories-helper\" v3.0.4 plugin presents a concerning security posture, despite some positive indicators. While it does not utilize dangerous functions and all SQL queries are properly prepared, the plugin exhibits a significant attack surface with 23 unprotected entry points, including 22 AJAX handlers and 1 REST API route without permission callbacks. This lack of authorization checks on a majority of its entry points is a critical weakness, making it highly susceptible to unauthorized actions and privilege escalation.\n\nThe static analysis also revealed 4 flows with unsanitized paths, though thankfully none reached critical or high severity in the taint analysis. However, the fact that some unsanitized paths exist, coupled with the large number of unprotected entry points, suggests a real risk of vulnerabilities like Cross-Site Scripting (XSS) or Server-Side Request Forgery (SSRF) if user-supplied data is not handled rigorously. The output escaping, at 73%, is also an area of concern, implying a portion of user-facing output may not be properly sanitized.\n\nThe plugin's vulnerability history is particularly troubling, with 4 known CVEs, one of which remains unpatched. The types of past vulnerabilities, including SSRF, Missing Authorization, CSRF, and XSS, directly correlate with the weaknesses identified in the code analysis. The consistent pattern of these vulnerability types indicates recurring security flaws. While the plugin demonstrates good practices in SQL preparation, the pervasive lack of authorization and potential for unescaped output, combined with a history of severe vulnerabilities and an unpatched CVE, necessitates immediate attention to mitigate significant risks to WordPress installations.",[625,627,629,631,633,635,637],{"reason":626,"points":214},"Unpatched CVEs",{"reason":628,"points":167},"Large attack surface without auth",{"reason":630,"points":481},"Unprotected REST API routes",{"reason":632,"points":476},"Flows with unsanitized paths",{"reason":634,"points":60},"Output escaping not properly implemented (27%)",{"reason":636,"points":167},"Missing nonce checks on AJAX handlers",{"reason":638,"points":167},"Missing capability checks on AJAX handlers","2026-03-16T19:22:44.390Z",{"wat":641,"direct":656},{"assetPaths":642,"generatorPatterns":648,"scriptPaths":649,"versionParams":650},[643,644,645,646,647],"\u002Fwp-content\u002Fplugins\u002Fmakestories-helper\u002Fassets\u002Fcss\u002Fms-style.css","\u002Fwp-content\u002Fplugins\u002Fmakestories-helper\u002Fassets\u002Fjs\u002Fms-script.js","\u002Fwp-content\u002Fplugins\u002Fmakestories-helper\u002Fvendor\u002Fslick\u002Fslick-theme.css","\u002Fwp-content\u002Fplugins\u002Fmakestories-helper\u002Fvendor\u002Fslick\u002Fslick.css","\u002Fwp-content\u002Fplugins\u002Fmakestories-helper\u002Fvendor\u002Fslick\u002Fslick.min.js",[],[644,647],[651,652,653,654,655],"makestories-helper\u002Fassets\u002Fcss\u002Fms-style.css?ver=","makestories-helper\u002Fassets\u002Fjs\u002Fms-script.js?ver=","makestories-helper\u002Fvendor\u002Fslick\u002Fslick-theme.css?ver=","makestories-helper\u002Fvendor\u002Fslick\u002Fslick.css?ver=","makestories-helper\u002Fvendor\u002Fslick\u002Fslick.min.js?ver=",{"cssClasses":657,"htmlComments":658,"htmlAttributes":659,"restEndpoints":660,"jsGlobals":663,"shortcodeOutput":665},[],[],[],[661,662],"\u002Fwp-json\u002Fmakestories_widgets","\u002Fwp-json\u002Fmakestories",[664],"ajaxurl",[]]