[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4WpjeU6FeV81lioDfmkmZpTwtEapxewyXU4Iw2JrQuY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":5,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":516},"merging-image-boxes","Merging Image Boxes","1.0.2","GraphicEdit","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraphicedit\u002F","\u003Cp>Merging Image Boxes is powered by the awesome jQuery plugin.  The plugin creates a image matrix for your slides and allows the user to create simple slideshows.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fgraphicedit.com\u002F\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n",10,2640,0,"2018-03-24T15:32:00.000Z","4.9.29","4.9.4","",[18,19,20,21,22],"gallery","image","images","photo","photography","http:\u002F\u002Fgraphicedit.com\u002Fblog\u002Fplugin\u002Fmerging-image-boxes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmerging-image-boxes.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"graphicedit",7,610,30,84,"2026-04-04T09:05:46.346Z",[37,58,75,95,112],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":16,"tags":52,"homepage":54,"download_link":55,"security_score":25,"vuln_count":56,"unpatched_count":12,"last_vuln_date":57,"fetched_at":27},"fullscreen-galleria","Fullscreen Galleria","1.6.12","pdamsten","https:\u002F\u002Fprofiles.wordpress.org\u002Fpdamsten\u002F","\u003Cp>Fullscreen gallery for WordPress. Based on \u003Ca href=\"http:\u002F\u002Fgalleria.io\u002F\" rel=\"nofollow ugc\">Galleria\u003C\u002Fa> JavaScript image gallery framework.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean fullscreen interface. Only image and carousel is shown when idle.\u003C\u002Fli>\n\u003Cli>Custom link support for media eg. link to Flickr page that is shown for the image.\u003C\u002Fli>\n\u003Cli>If image has gps coordinates it can be shown on map.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Use WordPress Gallery feature and media as usual. Images are handled automatically and shown in fullscreen viewer.\u003C\u002Fli>\n\u003C\u002Fol>\n","A simple fullscreen gallery to Wordpress",900,106424,96,15,"2023-12-12T10:04:00.000Z","6.4.8","4.0",[53,18,20,22],"galleria","https:\u002F\u002Fpetridamsten.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffullscreen-galleria.zip",1,"2024-03-25 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":66,"num_ratings":68,"last_updated":16,"tested_up_to":50,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":16,"download_link":73,"security_score":66,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":74},"fcp-lightest-lightbox","FCP Lightest Lightbox","1.4.2","FirmCatalyst","https:\u002F\u002Fprofiles.wordpress.org\u002Ffirmcatalyst\u002F","\u003Cp>Simple and super lightweight Lightbox for WordPress with gallery navigation support.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Zero render-blocking tags are added on the page\u003C\u002Fli>\n\u003Cli>Only 0.5 kB is loaded if no linked images found\u003C\u002Fli>\n\u003Cli>Gallery support\u003C\u002Fli>\n\u003Cli>Caching, minifying & combining friendly\u003C\u002Fli>\n\u003Cli>jQuery independent (in case it’s async)\u003C\u002Fli>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>Keyboard navigation\u003C\u002Fli>\n\u003Cli>Swipe navigation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffirmcatalyst.com\u002Flightest-lightbox\u002F\" rel=\"nofollow ugc\">firmcatalyst.com\u002Flightest-lightbox\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Starts working just by the plugin activation. Opens linked images in a popup Lightbox by click. Adds arrow navigation, if an image is a part of a gallery or other links sequence.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>You can modify the code for your needs, or suggest improvemens on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FVVolkov833\u002Ffcp-lightbox\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. It is pretty transparent and well-commented.\u003C\u002Fp>\n","Super lightweight Lighbox for WordPress",100,2575,2,"5.7","7.0.0",[18,20,72,22],"lightbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffcp-lightest-lightbox.zip","2026-03-15T10:48:56.248Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":68,"last_updated":16,"tested_up_to":86,"requires_at_least":87,"requires_php":16,"tags":88,"homepage":93,"download_link":94,"security_score":66,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":74},"wp-isell-photo","WP iSell Photo","1.0.7","wpecommerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpecommerce\u002F","\u003Cp>WP iSell Photo enhances the functionality of your existing WordPress photo gallery and turns it into an e-commerce photo gallery. It makes  photo selling easier. You don’t have to maintain another heavy weight photo gallery plugin for your WordPress blog. This in turn should help you maintain a fast loading site.\u003C\u002Fp>\n\u003Ch4>WP iSell Photo Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Sell photos from your WordPress blog easily.\u003C\u002Fli>\n\u003Cli>Increase your photo selling conversion rate with one-click PayPal checkout.\u003C\u002Fli>\n\u003Cli>Create beautiful e-commerce photo gallery on your WordPress blog.\u003C\u002Fli>\n\u003Cli>No advanced technical knowledge required to use this photo selling plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WP iSell Photo Plugin Usage\u003C\u002Fh4>\n\u003Cp>Since WordPress 2.5 there is a new feature in the WordPress media library that allows you to create a gallery of photos\u002Fimages and add it to a post\u002Fpage. Lot of users don’t even know about this neat little feature of WordPress. WP iSell Photo plugin will help you convert a built in WordPress gallery into a photo selling platform.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>a)\u003C\u002Fstrong> Creating a Photo Gallery in WordPress\u003C\u002Fp>\n\u003Cp>Create a new post\u002Fpage on your WordPress Dashboard. There is an option to upload\u002Finsert media. Now select the photos\u002Fimages from your computer and upload them to the media library. As you upload each image you will see a “Gallery” tab which contains those images. Switch to that tab once you are ready to insert the gallery to your current post\u002Fpage.\u003C\u002Fp>\n\u003Cp>There are some options that you can configure for the gallery you just created (under the “Gallery Settings” section).\u003C\u002Fp>\n\u003Col>\n\u003Cli>Link thumbnails to: a) Attachment Page (the page\u002Fpost you are currently editing) b) Media File c) None\u003C\u002Fli>\n\u003Cli>Columns: 1 – 9 ( Number of thumbnails in each row)\u003C\u002Fli>\n\u003Cli>Thumbnail Order: a) Random b) Reverse c) Custom (Drag and drop to reorder images)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Finally hit the “Insert Gallery” button and the gallery will be automatically inserted to your current post\u002Fpage.\u003C\u002Fp>\n\u003Cp>If you want to edit the gallery at any time you can always select the gallery (It looks like a rectangular image in the visual editor) and click on the “Edit” option. Alternatively you can also customize the shortcode for the gallery. You need to switch to the “Text” editor to do it. You will see a shortcode similar to the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gallery ids=\"126,125,124,123,122\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Here ids parameter represents all the images that are currently present in the gallery.\u003C\u002Fp>\n\u003Cp>For more information on how to customize the WordPress gallery shortcode please refer to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FGallery_Shortcode\" rel=\"nofollow ugc\">WordPress Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>b)\u003C\u002Fstrong> WP iSell Photo Settings\u003C\u002Fp>\n\u003Cp>There are some options that you need to configure in the General Settings of the plugin before your site goes live. On your \u003Cem>WordPress Dashboard\u003C\u002Fem> under \u003Cem>Settings\u003C\u002Fem> click on the \u003Cem>WP iSell Photo\u003C\u002Fem> option. It will take you to the Settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PayPal Email Address: Your PayPal email address\u003C\u002Fli>\n\u003Cli>PayPal Currency: The currency code (e.g. USD, GBP etc)\u003C\u002Fli>\n\u003Cli>Currency Symbol: The symbol for your currency code (e.g. $). It’s for display purpose only.\u003C\u002Fli>\n\u003Cli>Return URL: The URL where your customer will be redirected to after a successful payment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>c)\u003C\u002Fstrong> Creating Buy Now buttons to sell photos\u003C\u002Fp>\n\u003Cp>Go to the post\u002Fpage where you already have an existing gallery embedded. Add an additional \u003Ccode>amount\u003C\u002Fcode> parameter to the gallery shortcode and specify the price in it. For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gallery amount=\"5.00\" ids=\"126,125,124,123,122\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>now each image of the current gallery will have a “Buy Now” button with price 5.00\u003C\u002Fp>\n\u003Cp>You can also customize the look and feel of the “Buy Now” button. Simply include a \u003Ccode>button\u003C\u002Fcode> parameter in the gallery shortcode and specify the text you want to use for the button. For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gallery amount=\"3.99\" button=\"Buy it Now\" ids=\"126,125,124,123,122\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you want to use an image for the button you can do so by specifying the URL in the \u003Ccode>button\u003C\u002Fcode> parameter. For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gallery amount=\"3.99\" button=\"http:\u002F\u002Fwww.paypal.com\u002Fen_US\u002Fi\u002Fbtn\u002Fbtn_buynow_LG.gif\" ids=\"126,125,124,123,122\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For detailed documentation please visit the \u003Ca href=\"https:\u002F\u002Fwp-ecommerce.net\u002Fwp-isell-photo-easily-sell-photos-wordpress-1800\" rel=\"nofollow ugc\">WordPress iSell Photo\u003C\u002Fa> plugin page\u003C\u002Fp>\n","Easily Sell photos, images, digital print etc. using the built-in WordPress gallery feature. Convert your WordPress gallery into a photo store.",50,25092,90,"4.8.28","4.1",[89,22,90,91,92],"photo-gallery","sell-digital-print","sell-images","sell-photos","https:\u002F\u002Fwp-ecommerce.net\u002Fwp-isell-photo-easily-sell-photos-wordpress-1800","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-isell-photo.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":10,"downloaded":103,"rating":12,"num_ratings":12,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":110,"download_link":111,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":27},"basic-protected-lightbox","Basic Protected Lightbox","1.1","justincardoza","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustincardoza\u002F","\u003Cp>This plugin provides a very lightweight, minimalist, jQuery-based lightbox for displaying full-screen versions of the images from WordPress galleries. It also gives some basic copy protection that should foil relatively unmotivated image thieves by inserting a transparent overlay over the lightbox and all gallery thumbnails. This will prevent people from copying images in your galleries via right-click or drag-and-drop. It’s not a true preventative measure, in that someone who really wants to download copies of your images will most likely find a different way, but it is a little more secure than linking directly to the full resolution versions. Image copying is pretty much impossible to fully prevent aside from just not publishing your work in the first place; my goal with this plugin is to find a good middle ground.\u003C\u002Fp>\n\u003Cp>Want to see it in action? Check out the \u003Ca href=\"https:\u002F\u002Fjustincardoza.com\u002Fphotos\" rel=\"nofollow ugc\">photos page\u003C\u002Fa> on my personal website for a live demo.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Minimalist and lightweight: the 3 public-facing files are only about 8KB total\u003C\u002Fli>\n\u003Cli>Mobile-friendly with swipe gesture support\u003C\u002Fli>\n\u003Cli>Prevents some common image download methods with a transparent overlay\u003C\u002Fli>\n\u003Cli>Works immediately and seamlessly with the WordPress default gallery block\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight, simple lightbox with basic image protection capabilities.",1163,"2020-08-17T07:01:00.000Z","5.5.18","3.3","5.6",[109,18,20,72,22],"copy-protection","https:\u002F\u002Fjustincardoza.com\u002Fsoftware\u002Fbasic-protected-lightbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-protected-lightbox.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":132,"vuln_count":56,"unpatched_count":12,"last_vuln_date":133,"fetched_at":27},"simple-lightbox","Simple Lightbox","2.9.5","Archetyped","https:\u002F\u002Fprofiles.wordpress.org\u002Farchetyped\u002F","\u003Cp>Simple Lightbox is a very simple and customizable lightbox that is easy to add to your WordPress website.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Options for customizing the lightbox behavior are located in the \u003Cstrong>Appearance > Lightbox\u003C\u002Fstrong> admin menu (or just click the \u003Cstrong>Settings\u003C\u002Fstrong> link below the plugin’s name when viewing the list of installed plugins)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically activate links (no manual coding required)\u003C\u002Fli>\n\u003Cli>Automatically resize lightbox to fit in window\u003C\u002Fli>\n\u003Cli>Customize lightbox with \u003Cstrong>themes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Mobile-optimized responsive themes included\u003C\u002Fli>\n\u003Cli>Customizable lightbox animations\u003C\u002Fli>\n\u003Cli>Infinitely customizable with \u003Cstrong>add-ons\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Supports WordPress \u003Cstrong>image attachment\u003C\u002Fstrong> links\u003C\u002Fli>\n\u003Cli>Supports links in \u003Cstrong>widgets\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Keyboard Navigation\u003C\u002Fli>\n\u003Cli>Display media metadata (caption, description, etc.) in lightbox\u003C\u002Fli>\n\u003Cli>Enable Lightbox depending on Page Type (Home, Pages, Archive, etc.)\u003C\u002Fli>\n\u003Cli>Group image links (play as a slideshow)\u003C\u002Fli>\n\u003Cli>Group image links by Post (separate slideshow for each post on page)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Insert links to images\u002Fimage attachments into your posts\u002Fpages\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>That’s it! The image will be displayed in a lightbox automatically.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For more usage tips, go to \u003Ca href=\"http:\u002F\u002Farchetyped.com\u002Ftools\u002Fsimple-lightbox\u002F\" rel=\"nofollow ugc\">Simple Lightbox’s official page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farchetyped\u002Fsimple-lightbox\u002Fwiki\" rel=\"nofollow ugc\">Simple Lightbox’s documentation\u003C\u002Fa> for in-depth information on using and customizing SLB.\u003C\u002Fli>\n\u003C\u002Ful>\n","The highly customizable lightbox for WordPress",100000,2960784,86,236,"2026-02-24T03:21:00.000Z","6.9.4","5.3","5.6.20",[18,19,72,22,129],"slideshow","http:\u002F\u002Farchetyped.com\u002Ftools\u002Fsimple-lightbox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-lightbox.2.9.5.zip",99,"2025-04-25 00:00:00",{"attackSurface":135,"codeSignals":155,"taintFlows":257,"riskAssessment":502,"analyzedAt":515},{"hooks":136,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":154,"entryPointCount":56,"unprotectedCount":12},[137,143],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","init","merging_image_boxes_init","merging-image-boxes.php",125,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_menu","merging_image_boxes_options",126,[],[],[150],{"tag":151,"callback":152,"file":141,"line":153},"mib","merging_image_boxes_show",127,[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":12,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":256},[],{"prepared":12,"raw":12,"locations":158},[],{"escaped":12,"rawEcho":160,"locations":161},48,[162,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,237,239,240,242,244,245,246,248,250,252,254],{"file":163,"line":164,"context":165},"merging-image-boxes-options.php",16,"raw output",{"file":163,"line":167,"context":165},17,{"file":163,"line":169,"context":165},18,{"file":163,"line":171,"context":165},19,{"file":163,"line":173,"context":165},20,{"file":163,"line":175,"context":165},21,{"file":163,"line":177,"context":165},24,{"file":163,"line":179,"context":165},25,{"file":163,"line":181,"context":165},26,{"file":163,"line":183,"context":165},27,{"file":163,"line":185,"context":165},28,{"file":163,"line":187,"context":165},29,{"file":163,"line":189,"context":165},32,{"file":163,"line":191,"context":165},33,{"file":163,"line":193,"context":165},34,{"file":163,"line":195,"context":165},35,{"file":163,"line":197,"context":165},36,{"file":163,"line":199,"context":165},37,{"file":163,"line":201,"context":165},40,{"file":163,"line":203,"context":165},41,{"file":163,"line":205,"context":165},42,{"file":163,"line":207,"context":165},43,{"file":163,"line":209,"context":165},44,{"file":163,"line":211,"context":165},45,{"file":141,"line":213,"context":165},60,{"file":141,"line":215,"context":165},62,{"file":141,"line":217,"context":165},64,{"file":141,"line":219,"context":165},66,{"file":141,"line":221,"context":165},68,{"file":141,"line":223,"context":165},70,{"file":141,"line":225,"context":165},73,{"file":141,"line":227,"context":165},75,{"file":141,"line":229,"context":165},77,{"file":141,"line":231,"context":165},79,{"file":141,"line":233,"context":165},81,{"file":141,"line":235,"context":165},83,{"file":141,"line":122,"context":165},{"file":141,"line":238,"context":165},88,{"file":141,"line":85,"context":165},{"file":141,"line":241,"context":165},92,{"file":141,"line":243,"context":165},94,{"file":141,"line":47,"context":165},{"file":141,"line":132,"context":165},{"file":141,"line":247,"context":165},101,{"file":141,"line":249,"context":165},103,{"file":141,"line":251,"context":165},105,{"file":141,"line":253,"context":165},107,{"file":141,"line":255,"context":165},109,[],[258,425],{"entryPoint":259,"graph":260,"unsanitizedCount":177,"severity":424},"pluginoptions_update (merging-image-boxes-options.php:58)",{"nodes":261,"edges":398},[262,267,272,275,277,281,283,286,288,292,294,297,299,303,305,308,310,314,316,319,321,325,327,331,333,336,338,342,344,347,349,353,355,358,360,364,366,369,371,375,377,380,382,386,388,391,393,396],{"id":263,"type":264,"label":265,"file":163,"line":266},"n0","source","$_POST['merging_image_boxes_1']",61,{"id":268,"type":269,"label":270,"file":163,"line":266,"wp_function":271},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":273,"type":264,"label":274,"file":163,"line":215},"n2","$_POST['merging_image_boxes_2']",{"id":276,"type":269,"label":270,"file":163,"line":215,"wp_function":271},"n3",{"id":278,"type":264,"label":279,"file":163,"line":280},"n4","$_POST['merging_image_boxes_3']",63,{"id":282,"type":269,"label":270,"file":163,"line":280,"wp_function":271},"n5",{"id":284,"type":264,"label":285,"file":163,"line":217},"n6","$_POST['merging_image_boxes_4']",{"id":287,"type":269,"label":270,"file":163,"line":217,"wp_function":271},"n7",{"id":289,"type":264,"label":290,"file":163,"line":291},"n8","$_POST['merging_image_boxes_5']",65,{"id":293,"type":269,"label":270,"file":163,"line":291,"wp_function":271},"n9",{"id":295,"type":264,"label":296,"file":163,"line":219},"n10","$_POST['merging_image_boxes_6']",{"id":298,"type":269,"label":270,"file":163,"line":219,"wp_function":271},"n11",{"id":300,"type":264,"label":301,"file":163,"line":302},"n12","$_POST['merging_image_boxes_7']",67,{"id":304,"type":269,"label":270,"file":163,"line":302,"wp_function":271},"n13",{"id":306,"type":264,"label":307,"file":163,"line":221},"n14","$_POST['merging_image_boxes_8']",{"id":309,"type":269,"label":270,"file":163,"line":221,"wp_function":271},"n15",{"id":311,"type":264,"label":312,"file":163,"line":313},"n16","$_POST['merging_image_boxes_9']",69,{"id":315,"type":269,"label":270,"file":163,"line":313,"wp_function":271},"n17",{"id":317,"type":264,"label":318,"file":163,"line":223},"n18","$_POST['merging_image_boxes_10']",{"id":320,"type":269,"label":270,"file":163,"line":223,"wp_function":271},"n19",{"id":322,"type":264,"label":323,"file":163,"line":324},"n20","$_POST['merging_image_boxes_11']",71,{"id":326,"type":269,"label":270,"file":163,"line":324,"wp_function":271},"n21",{"id":328,"type":264,"label":329,"file":163,"line":330},"n22","$_POST['merging_image_boxes_12']",72,{"id":332,"type":269,"label":270,"file":163,"line":330,"wp_function":271},"n23",{"id":334,"type":264,"label":335,"file":163,"line":225},"n24","$_POST['merging_image_boxes_13']",{"id":337,"type":269,"label":270,"file":163,"line":225,"wp_function":271},"n25",{"id":339,"type":264,"label":340,"file":163,"line":341},"n26","$_POST['merging_image_boxes_14']",74,{"id":343,"type":269,"label":270,"file":163,"line":341,"wp_function":271},"n27",{"id":345,"type":264,"label":346,"file":163,"line":227},"n28","$_POST['merging_image_boxes_15']",{"id":348,"type":269,"label":270,"file":163,"line":227,"wp_function":271},"n29",{"id":350,"type":264,"label":351,"file":163,"line":352},"n30","$_POST['merging_image_boxes_16']",76,{"id":354,"type":269,"label":270,"file":163,"line":352,"wp_function":271},"n31",{"id":356,"type":264,"label":357,"file":163,"line":229},"n32","$_POST['merging_image_boxes_17']",{"id":359,"type":269,"label":270,"file":163,"line":229,"wp_function":271},"n33",{"id":361,"type":264,"label":362,"file":163,"line":363},"n34","$_POST['merging_image_boxes_18']",78,{"id":365,"type":269,"label":270,"file":163,"line":363,"wp_function":271},"n35",{"id":367,"type":264,"label":368,"file":163,"line":231},"n36","$_POST['merging_image_boxes_19']",{"id":370,"type":269,"label":270,"file":163,"line":231,"wp_function":271},"n37",{"id":372,"type":264,"label":373,"file":163,"line":374},"n38","$_POST['merging_image_boxes_20']",80,{"id":376,"type":269,"label":270,"file":163,"line":374,"wp_function":271},"n39",{"id":378,"type":264,"label":379,"file":163,"line":233},"n40","$_POST['merging_image_boxes_21']",{"id":381,"type":269,"label":270,"file":163,"line":233,"wp_function":271},"n41",{"id":383,"type":264,"label":384,"file":163,"line":385},"n42","$_POST['merging_image_boxes_22']",82,{"id":387,"type":269,"label":270,"file":163,"line":385,"wp_function":271},"n43",{"id":389,"type":264,"label":390,"file":163,"line":235},"n44","$_POST['merging_image_boxes_23']",{"id":392,"type":269,"label":270,"file":163,"line":235,"wp_function":271},"n45",{"id":394,"type":264,"label":395,"file":163,"line":34},"n46","$_POST['merging_image_boxes_24']",{"id":397,"type":269,"label":270,"file":163,"line":34,"wp_function":271},"n47",[399,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423],{"from":263,"to":268,"sanitized":400},false,{"from":273,"to":276,"sanitized":400},{"from":278,"to":282,"sanitized":400},{"from":284,"to":287,"sanitized":400},{"from":289,"to":293,"sanitized":400},{"from":295,"to":298,"sanitized":400},{"from":300,"to":304,"sanitized":400},{"from":306,"to":309,"sanitized":400},{"from":311,"to":315,"sanitized":400},{"from":317,"to":320,"sanitized":400},{"from":322,"to":326,"sanitized":400},{"from":328,"to":332,"sanitized":400},{"from":334,"to":337,"sanitized":400},{"from":339,"to":343,"sanitized":400},{"from":345,"to":348,"sanitized":400},{"from":350,"to":354,"sanitized":400},{"from":356,"to":359,"sanitized":400},{"from":361,"to":365,"sanitized":400},{"from":367,"to":370,"sanitized":400},{"from":372,"to":376,"sanitized":400},{"from":378,"to":381,"sanitized":400},{"from":383,"to":387,"sanitized":400},{"from":389,"to":392,"sanitized":400},{"from":394,"to":397,"sanitized":400},"low",{"entryPoint":426,"graph":427,"unsanitizedCount":177,"severity":424},"\u003Cmerging-image-boxes-options> (merging-image-boxes-options.php:0)",{"nodes":428,"edges":477},[429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476],{"id":263,"type":264,"label":265,"file":163,"line":266},{"id":268,"type":269,"label":270,"file":163,"line":266,"wp_function":271},{"id":273,"type":264,"label":274,"file":163,"line":215},{"id":276,"type":269,"label":270,"file":163,"line":215,"wp_function":271},{"id":278,"type":264,"label":279,"file":163,"line":280},{"id":282,"type":269,"label":270,"file":163,"line":280,"wp_function":271},{"id":284,"type":264,"label":285,"file":163,"line":217},{"id":287,"type":269,"label":270,"file":163,"line":217,"wp_function":271},{"id":289,"type":264,"label":290,"file":163,"line":291},{"id":293,"type":269,"label":270,"file":163,"line":291,"wp_function":271},{"id":295,"type":264,"label":296,"file":163,"line":219},{"id":298,"type":269,"label":270,"file":163,"line":219,"wp_function":271},{"id":300,"type":264,"label":301,"file":163,"line":302},{"id":304,"type":269,"label":270,"file":163,"line":302,"wp_function":271},{"id":306,"type":264,"label":307,"file":163,"line":221},{"id":309,"type":269,"label":270,"file":163,"line":221,"wp_function":271},{"id":311,"type":264,"label":312,"file":163,"line":313},{"id":315,"type":269,"label":270,"file":163,"line":313,"wp_function":271},{"id":317,"type":264,"label":318,"file":163,"line":223},{"id":320,"type":269,"label":270,"file":163,"line":223,"wp_function":271},{"id":322,"type":264,"label":323,"file":163,"line":324},{"id":326,"type":269,"label":270,"file":163,"line":324,"wp_function":271},{"id":328,"type":264,"label":329,"file":163,"line":330},{"id":332,"type":269,"label":270,"file":163,"line":330,"wp_function":271},{"id":334,"type":264,"label":335,"file":163,"line":225},{"id":337,"type":269,"label":270,"file":163,"line":225,"wp_function":271},{"id":339,"type":264,"label":340,"file":163,"line":341},{"id":343,"type":269,"label":270,"file":163,"line":341,"wp_function":271},{"id":345,"type":264,"label":346,"file":163,"line":227},{"id":348,"type":269,"label":270,"file":163,"line":227,"wp_function":271},{"id":350,"type":264,"label":351,"file":163,"line":352},{"id":354,"type":269,"label":270,"file":163,"line":352,"wp_function":271},{"id":356,"type":264,"label":357,"file":163,"line":229},{"id":359,"type":269,"label":270,"file":163,"line":229,"wp_function":271},{"id":361,"type":264,"label":362,"file":163,"line":363},{"id":365,"type":269,"label":270,"file":163,"line":363,"wp_function":271},{"id":367,"type":264,"label":368,"file":163,"line":231},{"id":370,"type":269,"label":270,"file":163,"line":231,"wp_function":271},{"id":372,"type":264,"label":373,"file":163,"line":374},{"id":376,"type":269,"label":270,"file":163,"line":374,"wp_function":271},{"id":378,"type":264,"label":379,"file":163,"line":233},{"id":381,"type":269,"label":270,"file":163,"line":233,"wp_function":271},{"id":383,"type":264,"label":384,"file":163,"line":385},{"id":387,"type":269,"label":270,"file":163,"line":385,"wp_function":271},{"id":389,"type":264,"label":390,"file":163,"line":235},{"id":392,"type":269,"label":270,"file":163,"line":235,"wp_function":271},{"id":394,"type":264,"label":395,"file":163,"line":34},{"id":397,"type":269,"label":270,"file":163,"line":34,"wp_function":271},[478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501],{"from":263,"to":268,"sanitized":400},{"from":273,"to":276,"sanitized":400},{"from":278,"to":282,"sanitized":400},{"from":284,"to":287,"sanitized":400},{"from":289,"to":293,"sanitized":400},{"from":295,"to":298,"sanitized":400},{"from":300,"to":304,"sanitized":400},{"from":306,"to":309,"sanitized":400},{"from":311,"to":315,"sanitized":400},{"from":317,"to":320,"sanitized":400},{"from":322,"to":326,"sanitized":400},{"from":328,"to":332,"sanitized":400},{"from":334,"to":337,"sanitized":400},{"from":339,"to":343,"sanitized":400},{"from":345,"to":348,"sanitized":400},{"from":350,"to":354,"sanitized":400},{"from":356,"to":359,"sanitized":400},{"from":361,"to":365,"sanitized":400},{"from":367,"to":370,"sanitized":400},{"from":372,"to":376,"sanitized":400},{"from":378,"to":381,"sanitized":400},{"from":383,"to":387,"sanitized":400},{"from":389,"to":392,"sanitized":400},{"from":394,"to":397,"sanitized":400},{"summary":503,"deductions":504},"The \"merging-image-boxes\" v1.0.2 plugin exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and demonstrates good practices regarding SQL queries, exclusively using prepared statements. The absence of external HTTP requests and file operations also reduces potential attack vectors. However, significant concerns arise from the static analysis. The plugin fails to properly escape any of its 48 detected output points, making it highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, while the attack surface appears small with only one shortcode and no direct AJAX or REST API endpoints, the lack of nonce checks and capability checks is concerning, especially if the shortcode's functionality involves any sensitive operations or user interaction.\n\nTaint analysis revealed two flows with unsanitized paths, which is a critical finding. Although these flows are not classified as 'critical' or 'high' severity by the analysis tool, the presence of unsanitized paths indicates potential for privilege escalation or information disclosure if exploited in conjunction with other weaknesses. The complete absence of nonce and capability checks, coupled with unescaped output, creates a fertile ground for attackers to inject malicious scripts or manipulate plugin behavior. The lack of historical vulnerabilities is positive, but it does not negate the immediate risks identified in the current code analysis. Overall, the plugin has a strong foundation in SQL security but suffers from critical flaws in output sanitization and authorization checks.",[505,507,510,513],{"reason":506,"points":164},"No properly escaped output points",{"reason":508,"points":509},"Unsanitized paths in taint flows",12,{"reason":511,"points":512},"Missing nonce checks",5,{"reason":514,"points":512},"Missing capability checks","2026-03-17T05:40:44.353Z",{"wat":517,"direct":525},{"assetPaths":518,"generatorPatterns":522,"scriptPaths":523,"versionParams":524},[519,520,521],"\u002Fwp-content\u002Fplugins\u002Fmerging-image-boxes\u002Fmerging-image-boxes.css","\u002Fwp-content\u002Fplugins\u002Fmerging-image-boxes\u002Fjquery.transform-0.9.1.min.js","\u002Fwp-content\u002Fplugins\u002Fmerging-image-boxes\u002Fmerging-image-boxes.js",[],[520,521],[],{"cssClasses":526,"htmlComments":531,"htmlAttributes":534,"restEndpoints":536,"jsGlobals":537,"shortcodeOutput":538},[527,528,529,530],"im_wrapper","im_loading","im_next","im_prev",[532,533]," merging_image_boxes [ start ] "," merging_image_boxes [ end ] ",[535],"background-position",[],[],[539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563],"\u003Cdiv id=\"im_wrapper\" class=\"im_wrapper\">\n\t\u003Cdiv style=\"background-position:0px 0px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-125px 0px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-250px 0px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-375px 0px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-500px 0px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-625px 0px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\n\t\u003Cdiv style=\"background-position:0px -125px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-125px -125px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-250px -125px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-375px -125px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-500px -125px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-625px -125px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\n\t\u003Cdiv style=\"background-position:0px -250px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-125px -250px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-250px -250px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-375px -250px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-500px -250px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-625px -250px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\n\t\u003Cdiv style=\"background-position:0px -375px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-125px -375px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-250px -375px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-375px -375px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-500px -375px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\t\u003Cdiv style=\"background-position:-625px -375px;\">\n\t\t\u003Cimg src=\"","\"\u002F>\u003C\u002Fdiv>\n\u003C\u002Fdiv>\n\t\t\n\t\t\u003Cdiv id=\"im_loading\" class=\"im_loading\">\u003C\u002Fdiv>\n\t\t\u003Cdiv id=\"im_next\" class=\"im_next\">\u003C\u002Fdiv>\n\t\t\u003Cdiv id=\"im_prev\" class=\"im_prev\">\u003C\u002Fdiv>"]