[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXB4ni6FpHJZS2ejNDbkBFtjWV_DOTyWRYO3h_wSD9Q4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":144,"fingerprints":184},"memorialday","MemorialDay","1.1.0","沈唁","https:\u002F\u002Fprofiles.wordpress.org\u002Fshenyanzhi\u002F","\u003Cp>「特殊节日使用」在国家公祭日、全国哀悼日时网站增加灰色滤镜\u003C\u002Fp>\n\u003Ch3>作者博客\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fqq52o.me\" title=\"沈唁志\" rel=\"nofollow ugc\">沈唁志\u003C\u002Fa>\u003C\u002Fp>\n","「特殊节日使用」在国家公祭日、全国哀悼日时网站增加灰色滤镜",40,3118,0,"2025-12-05T03:13:00.000Z","6.9.4","4.6","5.6.0",[19,20,21,22],"918","1213","mourning","nanjing","https:\u002F\u002Fgithub.com\u002Fsy-records\u002FMemorialDay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemorialday.1.1.0.zip",99,1,"2025-02-17 17:31:51","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":26},"CVE-2024-13523","memorialday-cross-site-request-forgery-to-stored-cross-site-scripting","MemorialDay \u003C= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-02-18 07:02:26",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F96cec16e-7bb3-4279-8c17-eca88d413ad8?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":25,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"shenyanzhi",13,3950,143,78,"2026-04-05T11:54:46.944Z",[52,75,91,110,127],{"slug":21,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":72,"download_link":73,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"Mourning","1.0.3","jojoee","https:\u002F\u002Fprofiles.wordpress.org\u002Fjojoee\u002F","\u003Cp>Add black ribbon and grey out the website\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add ribbon to the site (4 ribbon positions)\u003C\u002Fli>\n\u003Cli>Grey out the website with percentage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compatible with all browsers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fchrome\u002F\" rel=\"nofollow ugc\">Google Chrome\u003C\u002Fa> 19+\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.mozilla.org\u002Ffirefox\u002F\" rel=\"nofollow ugc\">Mozilla Firefox\u003C\u002Fa> 3.6+\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.apple.com\u002Fsafari\u002F\" rel=\"nofollow ugc\">Safari\u003C\u002Fa> 3+\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fdownload\u002Finternet-explorer.aspx\" rel=\"nofollow ugc\">Internet Explorer\u003C\u002Fa> 9+\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.opera.com\u002F\" rel=\"nofollow ugc\">Opera\u003C\u002Fa> 11.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FWordPress_Coding_Standards\" rel=\"nofollow ugc\">WordPress Coding Standards\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>2 spaces for indent\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwoodpeckerr\u002Fmourning\" rel=\"nofollow ugc\">Repository on Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>TODO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>[ ] Localization\u003C\u002Fli>\n\u003Cli>[ ] Fix all TODOs\u003C\u002Fli>\n\u003Cli>[ ] Grey out switcher\u003C\u002Fli>\n\u003Cli>[ ] Valid input on admin board\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributor\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install \u003Ccode>Node.js\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm install\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run zip\u003C\u002Fcode> to pack the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Thank you\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fabout\u002Fvalidator\u002F\" rel=\"ugc\">WordPress Plugin readme.txt Validator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fautoprefixer.github.io\u002F\" rel=\"nofollow ugc\">Autoprefixer CSS online\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.piliapp.com\u002Fphp-syntax-check\u002F\" rel=\"nofollow ugc\">PHP code syntax check\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Ribbon from \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fjibbazee\" rel=\"nofollow ugc\">Jatuporn Jib Piyawarinwong\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Converted to svg by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkristw\u002Fribbon\" rel=\"nofollow ugc\">Krist Wongsuphasawat\u003C\u002Fa> with help from potrace 1.10, written by Peter Selinger 2001-2011\u003C\u002Fli>\n\u003C\u002Ful>\n","Add black ribbon and grey out the website",200,2754,100,2,"2020-08-04T00:53:00.000Z","5.4.19","3.0.1","",[68,69,70,21,71],"condolence","grayscale","grey","remembrance","https:\u002F\u002Fgithub.com\u002Fwoodpeckerr\u002Fmourning","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmourning.zip",85,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":61,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":66,"tags":89,"homepage":66,"download_link":90,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"wp-mourning","WP Mourning","1.0","Chanon Srithongsook","https:\u002F\u002Fprofiles.wordpress.org\u002Fninenote\u002F","\u003Cp>A simple plugin to Gray out website with specific percentage and show black ribbon on the top on scheduled date to show mourning for your loved one.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Turn whole website into gray with adjustable percentage\u003C\u002Fli>\n\u003Cli>Floating black ribbon on top left or top right (Ribbon fade out if user click on the ribbon to avoid UX problem)\u003C\u002Fli>\n\u003Cli>Adjust percentage with scroll bar and sample image that reflect the percentage\u003C\u002Fli>\n\u003Cli>Schedule date to show mourning, once or anually.\u003C\u002Fli>\n\u003Cli>Closable mourning message on the top\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple plugin to Gray out website showing the black ribbon to show mourning for your loved one.",3351,86,3,"2016-10-30T06:55:00.000Z","4.6.30","3.7",[68,69,70,21,71],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mourning.1.0.zip",{"slug":92,"name":93,"version":78,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":62,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":66,"download_link":109,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"wp-simple-mouring","WP Simple Mourning","montowniastron","https:\u002F\u002Fprofiles.wordpress.org\u002Fmontowniastron\u002F","\u003Cp>Grey out the website with percentage.\u003C\u002Fp>\n\u003Ch3>Contact and Credits\u003C\u002Fh3>\n\u003Cp>WP Simple Mourning for WordPress is developed by \u003Ca href=\"http:\u002F\u002Fmontownia-stron.pl\" rel=\"nofollow ugc\">Montownia Stron\u003C\u002Fa>.\u003C\u002Fp>\n","Simple implementation of mourning in your page. Grey out your website.",20,1207,80,"2019-01-22T20:42:00.000Z","5.0.25","4.9","5.6",[106,107,69,21,108],"black-page","css","zaloba","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-mouring.1.0.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":120,"tested_up_to":87,"requires_at_least":65,"requires_php":66,"tags":121,"homepage":66,"download_link":126,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"black-ribbon-by-attawit","Black Ribbon by Attawit","1.1.3","atton16","https:\u002F\u002Fprofiles.wordpress.org\u002Fatton16\u002F","\u003Cp>Display mourning Black Ribbon at selected corner on every page of your website. The plugin has schedule capability in which the user can select the period of mourning.\u003C\u002Fp>\n\u003Cp>The plugin is created to enable every website to bid farewell to His Majesty King Bhumibol Adulyadej, our beloved king.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Selectable placement of the ribbon in four corners\u003C\u002Fli>\n\u003Cli>Schedule-able by start date and end date\u003C\u002Fli>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compatibilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All modern browsers including mobiles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Acknowledgements\u003C\u002Fh3>\n\u003Cp>The ribbon images are provided by http:\u002F\u002Fnuuneoi.com. Original images by Jatuporn Jib Piyawarinwong.\u003C\u002Fp>\n","Display mourning Black Ribbon at selected corner on every page of your website.",10,1884,"2016-10-31T09:10:00.000Z",[122,123,124,21,125],"black","black-ribbon","mourn","ribbon","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblack-ribbon-by-attawit.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":118,"downloaded":135,"rating":61,"num_ratings":26,"last_updated":66,"tested_up_to":136,"requires_at_least":65,"requires_php":66,"tags":137,"homepage":141,"download_link":142,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":143},"paris-attacks-mc","Paris Attacks Ribbon MC","1.00a","Laurent ROCHE - Mistral Consulting","https:\u002F\u002Fprofiles.wordpress.org\u002Fcomputingfroggy\u002F","\u003Cp>To show support to  Parisian and French people on your web site, after the terrorists attacks in Paris (13 November 2015),\u003Cbr \u002F>\nthis plugin will put a ribbon on the (left or right) corner of your website.\u003C\u002Fp>\n\u003Cp>There’s a simple black ribbon that could be used for any mourning (not only the for November 13th Paris attacks).\u003C\u002Fp>\n\u003Cp>The ribbon is half transparent to be able to view the part of the web site underneath the ribbon.\u003Cbr \u002F>\nWhen moving over the ribbon, the ribbon changes to solid display, without any transparency.\u003C\u002Fp>\n\u003Cp>When clicking on the ribbon, a new page will be displayed (or not) according to your choice from the \u003Cem>Settings\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>In the \u003Cem>Settings\u003C\u002Fem>, you will also choose which ribbon to display (the image) and the position: top left or top right.\u003C\u002Fp>\n","Show support to Parisian and French people with a selected ribbon in your website corner. Configure the display via the Settings panel.",1453,"4.3.34",[138,21,139,140,125],"13-november-2015","paris","parisattacks","http:\u002F\u002Fapps.mistralconsulting.com\u002Fen\u002Fparisattacks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fparis-attacks-mc.zip","2026-03-15T10:48:56.248Z",{"attackSurface":145,"codeSignals":166,"taintFlows":176,"riskAssessment":177,"analyzedAt":183},{"hooks":146,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[147,153,158],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","wp_head","memorial_day_wp_head","memorial-day.php",34,{"type":154,"name":155,"callback":156,"priority":118,"file":151,"line":157},"filter","plugin_action_links","memorial_day_plugin_action_links",45,{"type":148,"name":159,"callback":160,"file":151,"line":161},"admin_menu","memorial_day_add_setting_page",52,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":175},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":85,"rawEcho":26,"locations":171},[172],{"file":151,"line":173,"context":174},81,"raw output",[],[],{"summary":178,"deductions":179},"The \"memorialday\" plugin v1.1.0 demonstrates several positive security practices, including the absence of dangerous functions, all SQL queries utilizing prepared statements, and the presence of nonce and capability checks. The static analysis also indicates a complete lack of file operations and external HTTP requests, further contributing to a generally secure baseline. However, the plugin's attack surface is currently zero, which is unusual and might suggest it's a very simple plugin or that the static analysis tool might not be detecting all potential entry points if the plugin is not actively used or has no user-facing features.\n\nDespite the clean code analysis, the plugin has a history of a medium-severity vulnerability, specifically Cross-Site Request Forgery (CSRF), with the last known vulnerability occurring relatively recently in February 2025. While this vulnerability is marked as currently unpatched, the fact that it's the *only* listed vulnerability and is not critical suggests a medium-term risk. The absence of critical taint flows and the high percentage of properly escaped output are strong points, but the single past CSRF vulnerability warrants attention, especially if it was not explicitly addressed in this version, even though the history states \"currently unpatched: 0\". This could indicate a discrepancy or that the vulnerability was fixed but the history hasn't updated fully.\n\nIn conclusion, the \"memorialday\" plugin v1.1.0 appears to be built with good security in mind, as evidenced by its clean code signals. The lack of detected entry points and dangerous functions is encouraging. The primary concern stems from its vulnerability history, particularly the medium-severity CSRF vulnerability. While the plugin is not currently unpatched, a past CSRF issue always suggests a potential risk if not rigorously addressed. The overall security posture is good, but vigilance regarding past vulnerabilities is advised.",[180],{"reason":181,"points":182},"Past medium severity vulnerability (CSRF)",8,"2026-03-16T22:20:59.871Z",{"wat":185,"direct":190},{"assetPaths":186,"generatorPatterns":187,"scriptPaths":188,"versionParams":189},[],[],[],[],{"cssClasses":191,"htmlComments":192,"htmlAttributes":193,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":196},[],[],[],[],[],[197],"\u003Cstyle type='text\u002Fcss'>html{ filter: grayscale(100%); -webkit-filter: grayscale(100%); -moz-filter: grayscale(100%); -ms-filter: grayscale(100%); -o-filter: grayscale(100%); filter: url('data:image\u002Fsvg+xml;utf8,#grayscale'); filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=1); -webkit-filter: grayscale(1);}\u003C\u002Fstyle>"]