[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fu4wnmuhCOW2wQ_4DJsNEmAZOFCcznoZt18ivoE0MNW8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":64,"crawl_stats":38,"alternatives":69,"analysis":179,"fingerprints":297},"mark-posts","Mark Posts","2.2.6","flymke","https:\u002F\u002Fprofiles.wordpress.org\u002Fflymke\u002F","\u003Cp>Mark Posts plugin provides an easy way to mark and highlight posts, pages and posts of custom post types within the WordPress admin posts overview.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set custom marker categories and colors\u003C\u002Fli>\n\u003Cli>Assign marker categories to posts\u002Fpages or any other post type\u003C\u002Fli>\n\u003Cli>View the highlighted posts within the posts overview\u003C\u002Fli>\n\u003Cli>Quick edit, bulk edit and\u002For edit all markers at once\u003C\u002Fli>\n\u003Cli>Dashboard widget with marker status count\u003C\u002Fli>\n\u003Cli>Optional custom setup via filters (check our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhofmannsven\u002Fmark-posts\u002Fwiki\" rel=\"nofollow ugc\">wiki\u003C\u002Fa> for instructions)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Live Demo\u003C\u002Fh4>\n\u003Cp>Try out the features of Mark Posts on the \u003Ca href=\"https:\u002F\u002Fplayground.wordpress.net\u002F?blueprint-url=https:\u002F\u002Fraw.githubusercontent.com\u002Fhofmannsven\u002Fmark-posts\u002Fmaster\u002F.wordpress-org\u002Fblueprint.json\" rel=\"nofollow ugc\">WordPress playground\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Active development of this plugin is handled on GitHub. Always feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhofmannsven\u002Fmark-posts\u002Fissues\" rel=\"nofollow ugc\">raise an issue\u003C\u002Fa>.\u003C\u002Fp>\n","Mark and highlight posts, pages and posts of custom post types within the posts overview.",1000,16951,96,10,"2025-02-12T21:45:00.000Z","6.7.5","4.1","7.0",[20,21,22,23,24],"color","featured","highlight","status","tag","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmark-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmark-posts.2.2.6.zip",91,2,0,"2025-01-16 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-23963","mark-posts-missing-authorization","Mark Posts \u003C= 2.2.4 - Missing Authorization","The Mark Posts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=2.2.4","2.2.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-01-30 14:33:14",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2008df3e-29d2-4d64-b850-c83c2a6a9996?source=api-prod",15,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2022-0958","mark-posts-admin-stored-cross-site-scripting","Mark Posts \u003C= 2.0.0 - Admin+ Stored Cross-Site Scripting","The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed","\u003C2.0.1","2.0.1",4.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-03-14 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F33df558a-da81-46e0-bef9-ddb2bb90a5c5?source=api-prod",680,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},1,348,73,"2026-04-04T06:56:53.444Z",[70,90,114,140,161],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":28,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":88,"download_link":89,"security_score":80,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"colored-admin-post-list","Colored Admin Post List","3.1.4","rockschtar","https:\u002F\u002Fprofiles.wordpress.org\u002Frockschtar\u002F","\u003Cp>Highlights the background of draft, pending, future, private, published and custom post status posts in the wordpress admin.\u003C\u002Fp>\n","Highlights the background of draft, pending, future, private, published and custom post status posts in the wordpress admin.",500,10516,100,"2025-12-03T14:09:00.000Z","6.9.4","6.2","8.3",[20,22,86,87,23],"posts","poststatus","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcolored-admin-post-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcolored-admin-post-list.3.1.4.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":105,"download_link":112,"security_score":113,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"html-editor-syntax-highlighter","HTML Editor Syntax Highlighter","2.4.4","Peter Mukhortov","https:\u002F\u002Fprofiles.wordpress.org\u002Fnixdns\u002F","\u003Cp>Add syntax highlighting in the Classic Post & Page HTML text editor, Gutenberg Code Editor, and Theme & Plugin editors using CodeMirror.js\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Syntax highlighting in the Post\u002FPage HTML editor\u003C\u002Fli>\n\u003Cli>\u003Cem>NEW:\u003C\u002Fem> Syntax highlighting in the Gutenberg \u003Cem>Code Editor\u003C\u002Fem> (not \u003Cem>Visual Editor\u003C\u002Fem>)\u003C\u002Fli>\n\u003Cli>Syntax highlighting in the Theme & Plugin editors\u003C\u002Fli>\n\u003Cli>Syntax highlighting for WordPress \u003Ccode>[shortcodes\u002F]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Save your posts and pages pressing \u003Ccode>Ctrl+S\u003C\u002Fcode> (\u003Ccode>Cmd+S\u003C\u002Fcode> on Mac)\u003C\u002Fli>\n\u003Cli>Restore cursor position after page is reloaded\u003C\u002Fli>\n\u003Cli>Huge selection of themes and other customization options\u003C\u002Fli>\n\u003Cli>Fullscreen mode: toggle with \u003Ccode>F11\u003C\u002Fcode>\u002F\u003Ccode>Esc\u003C\u002Fcode> hotkeys\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you would like to contribute to this plugin, view the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmukhortov\u002FHESH-WordPress-Plugin\" rel=\"nofollow ugc\">github repo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you’re a regular user of this plugin, please consider taking a short \u003Ca href=\"https:\u002F\u002Fgoo.gl\u002Fforms\u002FxvaHgd7sZEbBbFAL2\" rel=\"nofollow ugc\">User Experience Survey\u003C\u002Fa> to provide feedback that will help shape the new version 3.0.\u003C\u002Fp>\n","Add syntax highlighting to WordPress code editors using CodeMirror.js",50000,590163,88,110,"2024-03-16T23:35:00.000Z","6.5.0","4.0","",[107,108,109,110,111],"code-coloring","code-highlighter","codemirror","syntax-highlighter","text-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-editor-syntax-highlighter.2.4.4.zip",85,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":105,"tags":129,"homepage":135,"download_link":136,"security_score":137,"vuln_count":138,"unpatched_count":29,"last_vuln_date":139,"fetched_at":31},"search-everything","Search Everything","8.1.9","Sovrn","https:\u002F\u002Fprofiles.wordpress.org\u002Fsovrn\u002F","\u003Cp>Search Everything improves WordPress default search functionality without modifying any of the template pages. You can configure it to search pages, excerpts, attachments, drafts, comments, tags and custom fields (metadata) and you can specify your own search highlight style. It also offers the ability to exclude specific pages and posts. It does not search password-protected content. Simply install, configure… and search.\u003C\u002Fp>\n\u003Cp>Search Everything plugin now includes a writing helper called Research Everything that lets you search for your posts and link to them while writing. You can also enable Power Search to research posts from the wider web (for WP3.7 and above).\u003C\u002Fp>\n\u003Ch4>Better WordPress search in three steps\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Activate\u003C\u002Fli>\n\u003Cli>Configure options\u003C\u002Fli>\n\u003Cli>Search!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What it does\u003C\u002Fh4>\n\u003Cp>Search Everything increases the ability of the default WordPress Search, options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search Highlighting\u003C\u002Fli>\n\u003Cli>Search Every Page\u003C\u002Fli>\n\u003Cli>Search Every Tag\u003C\u002Fli>\n\u003Cli>Search Custom Taxonomies ( new )\u003C\u002Fli>\n\u003Cli>Search Every Category\u003C\u002Fli>\n\u003Cli>Search non-password protected pages only\u003C\u002Fli>\n\u003Cli>Search Every Comment\u003C\u002Fli>\n\u003Cli>Search only approved comments\u003C\u002Fli>\n\u003Cli>Search Every Draft\u003C\u002Fli>\n\u003Cli>Search Every Excerpt\u003C\u002Fli>\n\u003Cli>Search Every Attachment (post type, not the content itself – check FAQ)\u003C\u002Fli>\n\u003Cli>Search Every Custom Field (metadata)\u003C\u002Fli>\n\u003Cli>Exclude Posts from search\u003C\u002Fli>\n\u003Cli>Exclude Categories from search\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Update\u003C\u002Fh3>\n\u003Cp>From Jan 24, 2014 Search Everything originaly developed by dancameron, sproutventure will be maintained and developed further by Zemanta.\u003C\u002Fp>\n\u003Ch3>Terms of Service\u003C\u002Fh3>\n\u003Cp>The plugin source code is released under GPLv2. Usage of our service is governed by \u003Ca href=\"http:\u002F\u002Fwww.zemanta.com\u002Flegal\u002Fterms-of-service\u002F\" rel=\"nofollow ugc\">Zemanta Terms of Service\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.zemanta.com\u002Flegal\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Zemanta Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","Search Everything increases WordPress' default search functionality in three easy steps.",10000,1288257,82,86,"2017-11-28T04:49:00.000Z","4.7.32","3.6",[130,131,132,133,134],"category-exclusion","category-search","search","search-highlight","tag-search","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch-everything\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsearch-everything.8.1.9.zip",81,4,"2017-03-20 00:00:00",{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":80,"num_ratings":150,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":105,"tags":154,"homepage":159,"download_link":160,"security_score":113,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"color-mobile-browser-address-bar","Color Mobile Browser Address Bar","1.0.10","David Webb Espiritu","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebbteche\u002F","\u003Cp>A simple plugin that generates a meta tag; specifically, adding “theme-color” meta data to the head section of your page. Which enable mobile browsers to get that data and apply it to the address bar.\u003C\u002Fp>\n\u003Cp>No more unsafe editing of your theme’s header.php file. You simply follow the instructions provided and you are good to go.\u003C\u002Fp>\n","A WordPress plugin that lets you add a custom color to the address bar of mobile browsers.",2000,16936,5,"2021-04-07T03:06:00.000Z","5.7.15","3.8",[155,156,157,158],"meta-tag-for-theme-color","mobile-address-bar-color","theme-color","theme-color-on-address-bar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcolor-mobile-browser-address-bar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcolor-mobile-browser-address-bar.1.0.10.zip",{"slug":162,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":11,"downloaded":169,"rating":80,"num_ratings":150,"last_updated":170,"tested_up_to":171,"requires_at_least":172,"requires_php":105,"tags":173,"homepage":176,"download_link":177,"security_score":178,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"custom-highlight-color","Custom Highlight Color","1.1","Nick Halsey","https:\u002F\u002Fprofiles.wordpress.org\u002Fcelloexpressions\u002F","\u003Cp>Many devices and browsers provide less-than-ideal colors when selecting text on sites. Users may select text for a variety of reasons, including as a habit when reading or to share a quote. This plugin lets you customize this highlight color with live preview in the customizer.\u003C\u002Fp>\n\u003Cp>Note that themes can also customize this color, and in cases where the theme sets the color, this plugin would allow it to be changed to a different color.\u003C\u002Fp>\n","Many devices and browsers provide less-than-ideal colors when selecting text on sites. Users may select text for a variety of reasons, including as a  &hellip;",10474,"2024-07-12T23:14:00.000Z","6.6.5","4.5",[20,174,22,175],"custom-color","selection","http:\u002F\u002Fcelloexpressions.com\u002Fplugins\u002Fcustom-highlight-color","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-highlight-color.zip",92,{"attackSurface":180,"codeSignals":260,"taintFlows":285,"riskAssessment":286,"analyzedAt":296},{"hooks":181,"ajaxHandlers":256,"restRoutes":257,"shortcodes":258,"cronEvents":259,"entryPointCount":29,"unprotectedCount":29},[182,188,191,195,199,202,205,209,213,216,219,221,225,229,232,236,241,244,245,249,252],{"type":183,"name":184,"callback":185,"file":186,"line":187},"action","admin_enqueue_scripts","mark_posts_enqueue_admin_styles","admin\\class-mark-posts-admin.php",51,{"type":183,"name":184,"callback":189,"file":186,"line":190},"mark_posts_enqueue_admin_scripts",52,{"type":183,"name":192,"callback":193,"file":186,"line":194},"admin_menu","mark_posts_add_plugin_admin_menu",55,{"type":183,"name":196,"callback":197,"file":186,"line":198},"wp_dashboard_setup","mark_posts_dashboard_widget",65,{"type":183,"name":200,"callback":201,"file":186,"line":67},"bulk_edit_custom_box","mark_posts_display_quickedit_box",{"type":183,"name":203,"callback":201,"file":186,"line":204},"quick_edit_custom_box",74,{"type":183,"name":206,"callback":207,"priority":14,"file":186,"line":208},"admin_print_scripts-edit.php","mark_posts_edit_scripts",76,{"type":183,"name":210,"callback":211,"file":186,"line":212},"add_meta_boxes","mark_posts_add_meta_box",79,{"type":183,"name":214,"callback":215,"file":186,"line":137},"save_post","mark_posts_save",{"type":183,"name":214,"callback":217,"priority":14,"file":186,"line":218},"mark_posts_save_quick_edit",83,{"type":183,"name":214,"callback":220,"priority":14,"file":186,"line":113},"mark_posts_save_bulk_edit",{"type":183,"name":222,"callback":223,"priority":65,"file":186,"line":224},"trash_post","mark_posts_trash",87,{"type":183,"name":226,"callback":227,"priority":14,"file":186,"line":228},"delete_post","mark_posts_delete",89,{"type":183,"name":184,"callback":230,"file":186,"line":231},"mark_posts_enqueue_dashboard_styles",195,{"type":183,"name":233,"callback":234,"file":186,"line":235},"admin_head","mark_posts_custom_dashboard_styles",196,{"type":183,"name":237,"callback":238,"file":239,"line":240},"plugins_loaded","mark_posts_load_textdomain","mark-posts.php",64,{"type":183,"name":237,"callback":242,"file":239,"line":243},"get_instance",70,{"type":183,"name":237,"callback":242,"file":239,"line":212},{"type":183,"name":246,"callback":247,"file":248,"line":190},"init","mark_posts_create_taxonomies","public\\class-mark-posts.php",{"type":183,"name":250,"callback":251,"file":248,"line":194},"wpmu_new_blog","mark_posts_activate_new_site",{"type":183,"name":253,"callback":254,"file":248,"line":255},"admin_init","mark_posts_register_settings",58,[],[],[],[],{"dangerousFunctions":261,"sqlUsage":262,"outputEscaping":265,"fileOperations":29,"externalRequests":29,"nonceChecks":150,"capabilityChecks":138,"bundledLibraries":284},[],{"prepared":263,"raw":29,"locations":264},3,[],{"escaped":266,"rawEcho":267,"locations":268},12,7,[269,272,274,276,278,280,282],{"file":186,"line":270,"context":271},294,"raw output",{"file":186,"line":273,"context":271},409,{"file":275,"line":113,"context":271},"admin\\views\\admin.php",{"file":275,"line":277,"context":271},148,{"file":275,"line":279,"context":271},258,{"file":275,"line":281,"context":271},375,{"file":283,"line":212,"context":271},"admin\\views\\dashboard.php",[],[],{"summary":287,"deductions":288},"The \"mark-posts\" plugin version 2.2.6 exhibits a generally good security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the code shows strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and implementing a healthy number of nonce and capability checks, indicating a conscious effort to prevent common web vulnerabilities. The lack of dangerous function usage, file operations, and external HTTP requests further bolsters its security profile.\n\nHowever, a notable concern arises from the vulnerability history. The plugin has a past of two known medium severity vulnerabilities, specifically \"Missing Authorization\" and \"Cross-site Scripting\" (Improper Neutralization of Input During Web Page Generation). Although currently unpatched CVEs are zero, this history suggests that the plugin may have previously been susceptible to attacks that could lead to unauthorized actions or data leakage. The fact that the last vulnerability was recorded very recently (January 2025) is a point of attention. While the current code analysis does not reveal immediate critical threats, the historical pattern warrants careful consideration and ongoing monitoring.\n\nIn conclusion, \"mark-posts\" v2.2.6 demonstrates a strong technical foundation with secure coding practices for its current codebase. The primary weakness lies in its vulnerability history, which highlights past security oversights. While the current static analysis is clean, the historical pattern suggests that users should remain vigilant and ensure they are always using the latest versions of the plugin, as past issues may indicate potential recurring security challenges or undiscovered vulnerabilities that could be introduced in future updates.",[289,292,294],{"reason":290,"points":291},"Past medium severity XSS vulnerability",8,{"reason":293,"points":291},"Past medium severity Missing Authorization vulnerability",{"reason":295,"points":263},"63% of output properly escaped","2026-03-16T18:51:33.001Z",{"wat":298,"direct":307},{"assetPaths":299,"generatorPatterns":301,"scriptPaths":302,"versionParams":304},[300],"\u002Fwp-content\u002Fplugins\u002Fmark-posts\u002Fassets\u002Fcss\u002Fadmin.css",[],[303],"\u002Fwp-content\u002Fplugins\u002Fmark-posts\u002Fassets\u002Fjs\u002Fmarkposts.js",[305,306],"mark-posts\u002Fassets\u002Fcss\u002Fadmin.css?ver=","mark-posts\u002Fassets\u002Fjs\u002Fmarkposts.js?ver=",{"cssClasses":308,"htmlComments":309,"htmlAttributes":310,"restEndpoints":311,"jsGlobals":312,"shortcodeOutput":314},[],[],[],[],[313],"mark_posts",[]]