[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2FCTkHrHGV-vCGhuFWJBwMfsD3cCZdaSDOJk34v-NqU":3,"$fAiKaFGTz9H2obuZhn9tUb44LHFGzgUcpV9KyFn1DDzI":213,"$fcaUY85zGR0EES2u2dCVSiIDxFmGsutWF940WmoHye8w":218},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":50,"analysis":143,"fingerprints":192},"markdown-shortcode","Markdown Shortcode","0.2.3","JHoppe","https:\u002F\u002Fprofiles.wordpress.org\u002Fjhoppe\u002F","\u003Cp>Damn simple [markdown]#via shortcode[\u002Fmarkdown] for wordpress.\u003Cbr \u002F>\nThis plugin uses \u003Ca href=\"http:\u002F\u002Fparsedown.org\u002F\" rel=\"nofollow ugc\">parsedown\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fhighlightjs.org\" rel=\"nofollow ugc\">highlight.js\u003C\u002Fa>. Zero configuration.\u003C\u002Fp>\n\u003Cp>Write this into the editor:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[markdown]  \n#h1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>h2\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>text  \n____source code (two ore more underscores will be replaced by empty spaces)  \n____source code (two ore more underscores will be replaced by empty spaces)  \n\n    `javascript\nsource code\n    `\n[\u002Fmarkdown]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>and the shortcode content will be parsed with parsedown. Syntax highlighting will appear for the source codes.\u003C\u002Fp>\n\u003Cp>This plugin is available at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJohannesHoppe\u002Fmarkdown-shortcode\" rel=\"nofollow ugc\">github\u003C\u002Fa>, too.\u003Cbr \u002F>\nPlease \u003Cstrong>report issues at github\u003C\u002Fstrong>, pull requests are welcome, too!\u003C\u002Fp>\n","Damn simple markdown for wordpress via shortcode, uses parsedown (parsedown.org) and highlight.js (highlightjs.org).",70,3161,100,3,"2025-09-21T21:19:00.000Z","6.7.5","",[19,20,21,22],"highlight-js","markdown","parsedown","shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarkdown-shortcode.zip",99,1,0,"2025-09-25 17:54:41","2026-04-16T10:56:18.058Z","no_bundle",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":25,"patch_diff_files":45,"patch_trac_url":36,"research_status":36,"research_verified":46,"research_rounds_completed":26,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":46,"poc_model_used":36,"poc_verification_depth":36},"CVE-2025-10180","markdown-shortcode-authenticated-contributor-stored-cross-site-scripting","Markdown Shortcode \u003C= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.2.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 06:43:29",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4e9563b8-7e1b-4e87-8b56-17b75adb66c3?source=api-prod",[],false,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":25,"trust_score":24,"computed_at":49},"jhoppe","2026-05-20T02:51:19.702Z",[51,72,88,107,125],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":17,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"github-readme","Github README","0.2.0","Jason Stallings","https:\u002F\u002Fprofiles.wordpress.org\u002Foctalmage\u002F","\u003Cp>Github README is a plugin that allows you to embed markdown from GitHub in a page or post using a simple shortcode.\u003C\u002Fp>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>github_readme\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This shortcode embeds the project’s readme.\u003C\u002Fp>\n\u003Cp>[github_readme repo=”octalmage\u002FMarknote”]\u003C\u002Fp>\n\u003Cp>You can also trim lines from the top of the readme using the “trim” option:\u003C\u002Fp>\n\u003Cp>[github_readme repo=”octalmage\u002FMarknote” trim=”3″]\u003C\u002Fp>\n\u003Cp>This is useful for removing titles since your page\u002Fpost will most likely already have one.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>github_markdown\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This shortcode embeds any markdown file found in the repository.\u003C\u002Fp>\n\u003Cp>[github_markdown repo=”octalmage\u002FMarknote” file=”README.md”]\u003C\u002Fp>\n\u003Cp>trim, branch, and cache (seconds to cache) also supported.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>github_wikipage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This shortcode embeds pages from a project’s wiki.\u003C\u002Fp>\n\u003Cp>[github_wikipage repo=”octalmage\u002FMarknote” page=”Syntax”]\u003C\u002Fp>\n\u003Cp>trim and cache also supported.\u003C\u002Fp>\n","Easily embed GitHub READMEs in pages\u002Fposts.",20,3281,4,"2016-06-07T15:07:00.000Z","4.5.33","3.0.1",[66,67,20,68,22],"embed","github","readme","https:\u002F\u002Fgithub.com\u002Foctalmage\u002Fgithub-readme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgithub-readme.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":26,"num_ratings":26,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":17,"tags":85,"homepage":86,"download_link":87,"security_score":71,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"harrix-markdownfile","Harrix MarkdownFile","1.2","Harrix","https:\u002F\u002Fprofiles.wordpress.org\u002Fharrix\u002F","\u003Cp>Harrix MarkdownFile is a plugin to display Markdown files with syntax highlighting in WordPress.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.harrix.org\u002F?p=1336\" rel=\"nofollow ugc\">http:\u002F\u002Fblog.harrix.org\u002F?p=1336\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The plugin uses the libraries:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>parsedown: \u003Ca href=\"http:\u002F\u002Fparsedown.org\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fparsedown.org\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>highlightjs.org: \u003Ca href=\"https:\u002F\u002Fhighlightjs.org\" rel=\"nofollow ugc\">https:\u002F\u002Fhighlightjs.org\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[markdown-file][\u002Fmarkdown-file] \u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This shortcode embeds markdown file by url.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[markdown-file]https:\u002F\u002Fraw.github.com\u002FHarrix\u002FHarrixQtLibrary\u002Fmaster\u002FREADME.md[\u002Fmarkdown-file] \u003C\u002Fcode>\u003C\u002Fpre>\n","Display Markdown files with syntax highlighting in Wordpress.",10,1389,"2015-12-21T15:53:00.000Z","4.4.34","3.0",[66,67,20,22],"https:\u002F\u002Fgithub.com\u002FHarrix\u002FHarrix-MarkdownFile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fharrix-markdownfile.1.2.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":80,"downloaded":96,"rating":26,"num_ratings":26,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":17,"tags":100,"homepage":104,"download_link":105,"security_score":71,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":106},"wp-markdown-syntax-sugar","WP-Markdown-Syntax-Sugar","0.1.1","dwhitevisoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdwhitevisoft\u002F","\u003Cp>WP Markdown Syntax Sugar work in conjunction with plugins such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-markdown\u002F\" rel=\"ugc\">wp-markdown\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-highlightjs\u002F\" rel=\"ugc\">wp-highlight.js\u003C\u002Fa>. Markdown is fantastic markup for easily\u003Cbr \u002F>\nwriting blogs, and \u003Ca href=\"http:\u002F\u002Fsoftwaremaniacs.org\u002Fsoft\u002Fhighlight\u002Fen\u002F\" rel=\"nofollow ugc\">highlight.js\u003C\u002Fa> is an extremely easy way to highlight\u003Cbr \u002F>\ncode examples. In most cases, highlight.js automatically detects the proper language for a block of code. In certain\u003Cbr \u002F>\ncases, primarily if your code example is short, highlight.js could improperly detect the language that you are using;\u003Cbr \u002F>\nthat is where this plugin comes into play. By adding one line to your code blocks, you can explicitly set the language\u003Cbr \u002F>\nthat you are using, allowing highlight.js to properly format your code.\u003C\u002Fp>\n\u003Cp>The concept is inspired by the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fspjwebster\u002Fwp-markdown-syntax-highlight\" rel=\"nofollow ugc\">wp-markdown-syntax-highlight\u003C\u002Fa>\u003Cbr \u002F>\nplugin.\u003C\u002Fp>\n\u003Cp>The usage is extremely simple. Just add a shebang as the first line of your code example with the language you are using.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>#!ruby\nclass Foo \u003C Bar\n  def hello\n    puts \"Hello World!\"\n  end\nend\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The shebang is removed, and the code is outputted as:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cpre>\u003Ccode class=\"language-ruby\">class Foo \u003C Bar\n  def hello\n    puts \"Hello World!\"\n  end\nend\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Now the code block is properly formatted for highlight.js to do its magic, and the code snippet will be properly\u003Cbr \u002F>\nhighlighted.\u003C\u002Fp>\n","WP Markdown Syntax Sugar is a simple plugin that works in conjunction with Markdown code blocks and highlight.js to properly format code.",1933,"2013-01-03T22:06:00.000Z","3.5.2","3.1",[101,19,20,102,103],"code","pre","syntax","https:\u002F\u002Fgithub.com\u002Fvisoft\u002Fwp-markdown-syntax-sugar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-markdown-syntax-sugar.0.1.1.zip","2026-03-15T15:16:48.613Z",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":26,"downloaded":115,"rating":26,"num_ratings":26,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":123,"download_link":124,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"eacreadme","{eac}Doojigger Readme Extension for WordPress","1.5.1","Kevin Burkholder","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinburkholder\u002F","\u003Cp>\u003Cem>{eac}Readme\u003C\u002Fem> is an \u003Ca href=\"https:\u002F\u002FeacDoojigger.earthasylum.com\u002F\" rel=\"nofollow ugc\">{eac}Doojigger\u003C\u002Fa> extension which loads and translates a WordPress markdown ‘readme’ file providing shortcodes and embedding URLs to access header lines and section blocks.\u003C\u002Fp>\n\u003Ch4>Shortcode Usage\u003C\u002Fh4>\n\u003Cp>The first used shortcode must indicate the file to load…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme file='\u002Fdocfolder\u002Freadme.txt']        # file is relative to the WordPress document root folder\n[eacReadme content='\u002Fcontentfolder\u002Freadme.txt'] # content file is relative to the WordPress content folder (wp-content\u002F)\n[eacReadme plugin='\u002Fpluginfolder\u002Freadme.txt']   # plugin file is relative to the WordPress plugins folder (wp-content\u002Fplugins\u002F)\n[eacReadme theme='\u002Fthemefolder\u002Freadme.txt']     # theme file is relative to the WordPress themes folder (wp-content\u002Fthemes\u002F)\n[eacReadme wpsvn='\u002Fslugname\u002Ftrunk\u002Freadme.txt']  # load file from WordPress SVN repository\n[eacReadme github='\u002Fowner\u002Frepository\u002Fmain\u002Freadme.txt']      # load file from a github repository\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>After which, headers and sections may be pulled from that file…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]All Headers[\u002FeacReadme]              # parses all header lines\n[eacReadme]headerName[\u002FeacReadme]               # gets the value of the named header line\n\n[eacReadme]All Sections[\u002FeacReadme]             # parses all section blocks\n[eacReadme]sectionName[\u002FeacReadme]              # parses the content of the named section block\n[eacReadme]sectionName\u002Fsub-section[\u002FeacReadme]  # parses the content of the named sub-section within section block\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>One shortcode can do it all…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme plugin='\u002Fpluginfolder\u002Freadme.txt']Document[\u002FeacReadme]    # loads the file and parses the entire document\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Or load the entire file as a single code block…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme theme='\u002Fthemefolder\u002Ffunctions.php']Code File[\u002FeacReadme]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode Examples\u003C\u002Fh4>\n\u003Cp>Get header values…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]Contributors[\u002FeacReadme]\n[eacReadme]Donate link[\u002FeacReadme]\n[eacReadme]Requires at least[\u002FeacReadme]\n[eacReadme]Stable tag[\u002FeacReadme]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Get unnamed segments…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]Title[\u002FeacReadme]                    # gets the '=== plugin name ===' line (before headers)\n[eacReadme]Short Description[\u002FeacReadme]        # gets the short description (between headers and first section block)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Get section blocks…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]Description[\u002FeacReadme]\n[eacReadme]Installation[\u002FeacReadme]\n[eacReadme]Screenshots[\u002FeacReadme]\n[eacReadme]Changelog[\u002FeacReadme]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Get multiple blocks and\u002For sub-sections…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme plugin='\u002FeacReadme\u002Freadme.txt']Short Description,Description[\u002FeacReadme]\n[eacReadme plugin='\u002FeacReadme\u002Freadme.txt']Short Description,Description\u002FShortcode Examples[\u002FeacReadme]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Get a file as a code block…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme theme='\u002Fmy-child-theme\u002Ffunctions.js' lang='js']Code File[\u002FeacReadme]\n[eacReadme theme='\u002Fmy-child-theme\u002Fstyle.css' lang='css']Code File[\u002FeacReadme]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Other Options\u003C\u002Fh4>\n\u003Cp>Change the default cache time-to-live by adding to wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('EAC_README_CACHE_LIFETIME',$seconds);   # default: 1-day (DAY_IN_SECONDS).\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Override the default cache time-to-live\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme ttl=$seconds ...]                    # minimum: 1-minute (MINUTE_IN_SECONDS).\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Set the default GitHub access token (for private repositories):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('GITHUB_ACCESS_TOKEN',$token);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Set\u002Foverride the GitHub access token\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme token=$token ...]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Override option to parse markdown when retrieving a segment\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme parse='true|false' ...]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Set class=’language-*’ on code blocks\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme lang='php|js|css|html' ...]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Translating Header\u002FSection Names\u003C\u002Fh4>\n\u003Cp>Translate header\u002Fsection names when retrieving \u003Cem>All Headers\u003C\u002Fem>, \u003Cem>All Sections\u003C\u002Fem>, or \u003Cem>Document\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme translate='name=newname,...']\n[eacReadme translate='Requires at least=Requires WordPress Version,Screenshots=Screen Shots']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Erase default translation table\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme translate='no|none|false']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Default translation table\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n    'Headers'               => 'Document Header',\n    'Plugin URI'            => 'Homepage',\n    'Stable tag'            => 'Current Version',\n    'Requires at least'     => 'Requires WordPress Version',\n    'Tested up to'          => 'Compatible up to',\n    'Requires PHP'          => 'Requires PHP Version',\n    'WC requires at least'  => 'Requires WooCommerce',\n    'Requires EAC'          => 'Requires {eac}Doojigger',\n    'Changelog'             => 'Change Log',\n    'Screenshots'           => 'Screen Shots',\n];\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Embedding\u003C\u002Fh4>\n\u003Cp>{eac}Readme can also be used to embed URLs in a WordPress Post or Page. Simply paste the url in the \u003Ccode>Embed\u003C\u002Fcode> URL block.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Navigate to the post or page where the readme content is to be embedded.\u003C\u002Fli>\n\u003Cli>Click the ‘+’ (Block Inserter) icon and search for “Embed” or type \u002Fembed.\u003C\u002Fli>\n\u003Cli>Select the “Embed” block.\u003C\u002Fli>\n\u003Cli>Paste the URL to the readme file into the provided field.\u003C\u002Fli>\n\u003Cli>Click the “Embed” button. WordPress will automatically display the unformatted content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The shortcut to this is to simply paste the URL at the end of the page\u002Fpost where it says “Type \u002F to choose a block”. WordPress will automatically convert your URL to an embed block.\u003C\u002Fp>\n\u003Cp>Files can be embedded from your site, from the WordPress repository or from Github. Embedded URLs are transformed internally to the appropriate format.\u003C\u002Fp>\n\u003Cp>\u003Cem>From your site\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002F\u003Cyour_site_url>\u002Fplugins\u002F\u003Cplugin_slug>\u002Freadme.txt\nhttps:\u002F\u002F\u003Cyour_site_url>\u002Fthemes\u002F\u003Ctheme_name>\u002Freadme.txt\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>From the WordPress Repository\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fps.w.org\u002F\u003Cplugin_slug>\u002Freadme.txt\nhttps:\u002F\u002Fplugins.svn.wordpress.org\u002F\u003Cplugin_slug>\u002Freadme.txt\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>From a GitHub Repository\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fgithub.com\u002F\u003Cowner>\u002F\u003Crepository>\u002Fblob\u002Fmain\u002Freadme.md\nhttps:\u002F\u002Fgithub.com\u002F\u003Cowner>\u002F\u003Crepository>\u002Fmain\u002Freadme.md\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>To load only specific sections of the readme file, append a fragment to the url:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002F\u003Cyour_site_url>\u002Fplugins\u002F\u003Cplugin_slug>\u002Freadme.txt#allheaders\nhttps:\u002F\u002Fps.w.org\u002F\u003Cplugin_slug>\u002Freadme.txt#description\nhttps:\u002F\u002Fgithub.com\u002F\u003Cowner>\u002F\u003Crepository>\u002Fmain\u002Freadme.md#screenshots\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Readme Format\u003C\u002Fh4>\n\u003Cp>{eac}Readme expects a well-formed readme.txt file that follows the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fhow-your-readme-txt-works\" rel=\"nofollow ugc\">WordPress readme file standard\u003C\u002Fa>…\u003C\u002Fp>\n\u003Ch3>title\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>header: value\nheader: value\nshort Description\u003Ch3>section\u003C\u002Fh3>    = sub-section =\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>…but supports some extensions to that standard:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Author & Author URI\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>Author\u003C\u002Fcode> header may be a simple name or a markdown link:\n\u003Cul>\n\u003Cli>\u003Ccode>[Author](Author URI)\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The \u003Ccode>Author\u003C\u002Fcode> & \u003Ccode>Author URI\u003C\u002Fcode> headers, if present, are combined as a markdown \u003Ccode>[Author](Author URI)\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Homepage\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Looks for \u003Ccode>Homepage\u003C\u002Fcode> or \u003Ccode>Plugin URI\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Looks for \u003Ccode>Version\u003C\u002Fcode> or \u003Ccode>Stable tag\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Contributors\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>profileId\u003C\u002Fcode> – wordpress profile (standard)\u003C\u002Fli>\n\u003Cli>\u003Ccode>profileId@youremaildomain.com\u003C\u002Fcode> – gravatar profile\u003C\u002Fli>\n\u003Cli>\u003Ccode>profileId@wordpress\u003C\u002Fcode> – wordpress profile\u003C\u002Fli>\n\u003Cli>\u003Ccode>profileId@gravatar\u003C\u002Fcode> – gravatar profile\u003C\u002Fli>\n\u003Cli>\u003Ccode>profileId@github\u003C\u002Fcode> – github profile\u003C\u002Fli>\n\u003Cli>\u003Ccode>[display name](mailto:email@address.com)\u003C\u002Fcode> or \u003Ccode>[display name](http:\u002F\u002Fwww.gravatar.com\u002FprofileId\u002F)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[display name](https:\u002F\u002Fprofiles.wordpress.org\u002FprofileId\u002F)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[your name]((http:\u002F\u002Fyour\u002Fprofile\u002Furl)\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A “banner” section may be included between the top title line and the first header line.\u003C\u002Fp>\n\u003Cp>\u003Ccode>\u003Ch3>title\u003C\u002Fh3>   [![banner](\u002F\u002Fimage_url)](\u002F\u002Flink_url)\u003Cbr \u002F>\nheader: value\u003Cbr \u002F>\nheader: value\u003Cbr \u002F>\nshort Description\u003Ch3>section\u003C\u002Fh3>    = sub-section =\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The header block may be enclosed in an html \u003Ccode>\u003Cheader>\u003C\u002Fcode> or \u003Ccode>\u003Cdetails>\u003C\u002Fcode> tag, opening and closing each on a single line. These tags are ignored by the eacParseReadme parser but may be beneficial if posting your readme file elseware. See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEarthAsylum\u002FeacReadme\" rel=\"nofollow ugc\">{eac}Readme on Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>Note: these extensions are not supported by the WordPress Plugin Repository.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>{eac}Readme supports standard markdown (readme.md) formatting for section identification.\u003Cbr \u002F>\n+   \u003Ccode>=== title ===\u003C\u002Fcode> and \u003Ccode>## title\u003C\u002Fcode> are equivalent\u003Cbr \u002F>\n+   \u003Ccode>== section ==\u003C\u002Fcode> and \u003Ccode>### section\u003C\u002Fcode> are equivalent\u003Cbr \u002F>\n+   \u003Ccode>= sub-section =\u003C\u002Fcode> and \u003Ccode>#### sub-section\u003C\u002Fcode> are equivalent\u003C\u002Fp>\n\u003Ch4>Output HTML\u003C\u002Fh4>\n\u003Cp>When retrieving the header block with …\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]All Headers[\u002FeacReadme] or `\\eacParseReadme::getAllHeaders()`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Or when retrieving all sections with …\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]All Sections[\u002FeacReadme] or `\\eacParseReadme::getAllSections()`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Or when retrieving the entire document with …\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[eacReadme]Document[\u002FeacReadme] or `\\eacParseReadme::getDocument()`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Additional html tags and classes are added, including wrapping blocks within a \u003Ccode>\u003Cdetails>\u003C\u002Fcode> tags, adding \u003Ccode>readme-*\u003C\u002Fcode> class names, and adding \u003Ccode>\u003Ca>\u003C\u002Fcode> anchor links.\u003C\u002Fp>\n\u003Ch4>WordPress Actions\u003C\u002Fh4>\n\u003Cp>3rd-party actors may load and use the parser class included in {eac}Readme…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    do_action('eacReadme_load_parser');     \u002F\u002F loads \\eacParseReadme static class\n    if (class_exists('\\eacParseReadme'))\n    {\n        \\eacParseReadme::loadFile($readme,$context);\n        $html_document  = \\eacParseReadme::getDocument();\n        $title          = \\eacParseReadme::getTitle();\n        $version        = \\eacParseReadme::getVersion();\n        $donations      = \\eacParseReadme::getHeader('donate_link');\n        $description    = \\eacParseReadme::getSection('description');\n    }= Additional Information =\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>{eac}Readme is an extension plugin to and requires installation and registration of \u003Ca href=\"https:\u002F\u002FeacDoojigger.earthasylum.com\u002F\" rel=\"nofollow ugc\">{eac}Doojigger\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>{eac}Readme uses \u003Ca href=\"http:\u002F\u002Fparsedown.org\u002F\" rel=\"nofollow ugc\">Parsedown 1.7.4\u003C\u002Fa>, Copyright (c) 2013-2018 \u003Ca href=\"erusev.com\" rel=\"nofollow ugc\">Emanuil Rusev\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>{eac}Readme uses \u003Ca href=\"https:\u002F\u002Fprismjs.com\u002F\" rel=\"nofollow ugc\">Prism syntax highlighter\u003C\u002Fa>, Copyright (c) 2012 Lea Verou\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fswregistry.earthasylum.com\u002Fsoftware-taxonomy\u002F\" rel=\"nofollow ugc\">{eac}SoftwareRegistry Software Product Taxonomy\u003C\u002Fa> plugin uses {eac}Readme to parse readme markdown files hosted on Github to provide plugin information and automated updates to WordPress for self-hosted plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Ch4>Copyright © 2019-2025, EarthAsylum Consulting, distributed under the terms of the GNU GPL.\u003C\u002Fh4>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should receive a copy of the GNU General Public License along with this program. If not, see \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","{eac}Readme loads and translates a WordPress markdown 'readme' file providing shortcodes and embedding URLs to access header lines and section blocks.",3290,"2025-08-08T11:30:00.000Z","6.8.5","5.8","7.4",[121,122,20,21,68],"code-highlighting","eacdoojigger","https:\u002F\u002Feacdoojigger.earthasylum.com\u002Feacreadme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feacreadme.1.5.1.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":26,"downloaded":133,"rating":26,"num_ratings":26,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":71,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"metaparsedown","MetaParsedown","1.0.0","pagerange","https:\u002F\u002Fprofiles.wordpress.org\u002Fpagerange\u002F","\u003Cp>Import markdown and markdown-extra documents to WordPress posts and pages, output as HTML, parse and save YAML front matter to post_meta, tags, and (optionally) the posts tables.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Built on MetaParsedown, Parsedown and Symfony YAML components\u003C\u002Fli>\n\u003Cli>Supports docments in both Markdown and Markdown-Extra formats\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Lighweight\u003C\u002Fli>\n\u003Cli>Optionally style markdown code snippets for syntax highlighting\u003C\u002Fli>\n\u003Cli>Maintain cannonical markdown documents through your favourite git repository\u003C\u002Fli>\n\u003Cli>Works with both Gutenberg and classic wordpress editors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Cp>Simply add the \u003Ccode>metaparsedown\u003C\u002Fcode> shortcode to your post, identifying the markdown document in the \u003Ccode>url\u003C\u002Fcode> attribute:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[metaparsedown url='https:\u002F\u002Fgitlab.com\u002Fpagerange\u002Fdocs\u002Fraw\u002Fmaster\u002Fmarkdown\u002Ftest_markdown.md' \u002F]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Optionally, parse and save markdown YAML front matter to the post_meta table by adding the \u003Ccode>meta\u003C\u002Fcode> attribute.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[metaparsedown url='https:\u002F\u002Fgitlab.com\u002Fpagerange\u002Fdocs\u002Fraw\u002Fmaster\u002Fmarkdown\u002Ftest_markdown.md' meta=\"true\" \u002F]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Optionally, overwrite the post’s ‘post_title’ and ‘post_excerpt’ fields with YAML values by adding the \u003Ccode>overwrite\u003C\u002Fcode> attribute.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[metaparsedown url='https:\u002F\u002Fgitlab.com\u002Fpagerange\u002Fdocs\u002Fraw\u002Fmaster\u002Fmarkdown\u002Ftest_markdown.md' meta=\"true\" overwrite=\"true\" \u002F]\u003Ch3>Support\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Add issues at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpagerange\u002Fmetaparsedown-wordpress\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fpagerange\u002Fmetaparsedown-wordpress\u002Fissues\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Donate via Paypal at \u003Ca href=\"http:\u002F\u002Fpagerange.com\u002Fprojects\u002Fwordpress\u002Fmetaparsedown\" rel=\"nofollow ugc\">http:\u002F\u002Fpagerange.com\u002Fprojects\u002Fwordpress\u002Fmetaparsedown\u003C\u002Fa>\u003C\u002Fp>\n","Import markdown and markdown-extra documents to Wordpress posts and pages, output as HTML, parse and save YAML front matter to post_meta, tags, and (o &hellip;",1233,"2019-11-05T02:35:00.000Z","5.2.24","5.0","7.0",[20,139,126,21,140],"markdown-extra","parsedown-extra","http:\u002F\u002Fpagerange.com\u002Fprojects\u002Fwordpress\u002Fmetaparsedown","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetaparsedown.1.0.0.zip",{"attackSurface":144,"codeSignals":174,"taintFlows":181,"riskAssessment":182,"analyzedAt":191},{"hooks":145,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":172,"entryPointCount":173,"unprotectedCount":26},[146,151,154,158],{"type":147,"name":148,"callback":149,"file":150,"line":80},"action","plugins_loaded","get_instance","markdown-shortcode.php",{"type":147,"name":152,"callback":152,"file":150,"line":153},"init",26,{"type":147,"name":155,"callback":156,"file":150,"line":157},"wp_enqueue_scripts","init_highlight",30,{"type":159,"name":160,"callback":161,"priority":25,"file":150,"line":162},"filter","the_content","markdown_shortcode_preprocess",32,[],[],[166,169],{"tag":20,"callback":167,"file":150,"line":168},"markdown_shortcode",31,{"tag":20,"callback":170,"file":150,"line":171},"markdown_shortcode_pre",76,[],2,{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":180},[],{"prepared":26,"raw":26,"locations":177},[],{"escaped":25,"rawEcho":26,"locations":179},[],[],[],{"summary":183,"deductions":184},"The 'markdown-shortcode' plugin v0.2.3 exhibits a generally positive security posture, with no identified critical or high severity vulnerabilities in the static and taint analysis. The code correctly utilizes prepared statements for SQL queries and properly escapes all identified output, demonstrating adherence to secure coding practices in these areas. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its robust security profile.  However, a medium severity vulnerability was previously identified, specifically a Cross-Site Scripting (XSS) issue, which was reportedly patched. The fact that a vulnerability was present, even if patched, suggests potential areas where input sanitization might require ongoing vigilance. While the current analysis shows no immediate flaws, the historical medium vulnerability warrants a cautious approach. The plugin has a small attack surface consisting only of shortcodes, and all entry points are protected by capability checks (implied by '0 without auth checks' and '0 without permission callbacks' for other entry points).",[185,188],{"reason":186,"points":187},"Previous medium severity XSS vulnerability",8,{"reason":189,"points":190},"No nonce checks on entry points",5,"2026-03-16T21:32:52.758Z",{"wat":193,"direct":204},{"assetPaths":194,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[195,196,197],"\u002Fwp-content\u002Fplugins\u002Fmarkdown-shortcode\u002Fhighlight\u002Fstyles\u002Fgithub.css","\u002Fwp-content\u002Fplugins\u002Fmarkdown-shortcode\u002Fhighlight\u002Fhighlight.min.js","\u002Fwp-content\u002Fplugins\u002Fmarkdown-shortcode\u002Finit_highlight.js",[],[196,197],[201,202,203],"markdown-shortcode\u002Fhighlight\u002Fstyles\u002Fgithub.css?ver=","markdown-shortcode\u002Fhighlight\u002Fhighlight.min.js?ver=","markdown-shortcode\u002Finit_highlight.js?ver=",{"cssClasses":205,"htmlComments":206,"htmlAttributes":207,"restEndpoints":208,"jsGlobals":209,"shortcodeOutput":210},[20],[],[],[],[],[211,212],"\u003Cdiv class=\"markdown\">","\u003C\u002Fdiv>",{"error":214,"url":215,"statusCode":216,"statusMessage":217,"message":217},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmarkdown-shortcode\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":25,"versions":219},[220],{"version":6,"download_url":221,"svn_tag_url":222,"released_at":36,"has_diff":46,"diff_files_changed":223,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":224,"is_current":214},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarkdown-shortcode.0.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmarkdown-shortcode\u002Ftags\u002F0.2.3\u002F",[],[]]