[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWoax-kgX42YM4BHzAQRPHC4ahl3BugJJjgc_Ctra0iU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":29,"analysis":30,"fingerprints":181},"mlr-tabs","ML Responsive Tabs Shortcode","0.1","ersatzpole","https:\u002F\u002Fprofiles.wordpress.org\u002Fersatzpole\u002F","\u003Cul>\n\u003Cli>\n\u003Cp>The plugin generates custom made tabs and is displayed using a shortcode or action hook.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Concertina or Left-justified tabs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add tabs to action hook from admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add text and shortcodes in content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Concertina specific options – start open or closed, prevent complete collapse, limit height of tabs (a jquery scollbar will be employed).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Customisable colours.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Cp>Add unique shortcode generated from tab post type anywhere to display.\u003Cbr \u002F>\nAdd to an action hook using the meta box in tab post type.\u003C\u002Fp>\n","Donate link: http:\u002F\u002Flillistone.me\u002F2016\u002F04\u002Ftab-demo\u002F Tags: text, tabs, php, plugin, shortcode, posts, audio, jquery Requires at least: 2.",10,1174,0,"2016-08-27T16:39:00.000Z","",[],"http:\u002F\u002Flillistone.me\u002F2016\u002F04\u002Ftab-demo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmlr-tabs.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":24,"total_installs":25,"avg_security_score":19,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},2,20,30,84,"2026-04-05T14:56:51.681Z",[],{"attackSurface":31,"codeSignals":84,"taintFlows":170,"riskAssessment":171,"analyzedAt":180},{"hooks":32,"ajaxHandlers":76,"restRoutes":77,"shortcodes":78,"cronEvents":83,"entryPointCount":59,"unprotectedCount":13},[33,39,43,47,51,56,62,66,71],{"type":34,"name":35,"callback":36,"priority":11,"file":37,"line":38},"action","contextual_help","mlpt_contextual_help","inc\\ml_product_tabs.php",775,{"type":34,"name":40,"callback":41,"file":42,"line":24},"init","mlpt_create_post_type","inc\\ml_product_tabs_custom.php",{"type":34,"name":44,"callback":45,"file":42,"line":46},"add_meta_boxes","mlpt_dynamic_custom_box",44,{"type":34,"name":48,"callback":49,"file":42,"line":50},"save_post","mlpt_dynamic_save_postdata",45,{"type":52,"name":53,"callback":54,"file":42,"line":55},"filter","widget_text","do_shortcode",359,{"type":34,"name":57,"callback":58,"priority":59,"file":60,"line":61},"plugins_loaded","setup",1,"product_tabs.php",69,{"type":34,"name":57,"callback":63,"priority":64,"file":60,"line":65},"includes",3,72,{"type":34,"name":67,"callback":68,"priority":69,"file":60,"line":70},"admin_enqueue_scripts","enqueue_admin_scripts",5,75,{"type":34,"name":72,"callback":73,"priority":74,"file":60,"line":75},"wp_enqueue_scripts","enqueue_scripts",15,78,[],[],[79],{"tag":80,"callback":81,"file":37,"line":82},"mlpt","mlpt_shortcode",428,[],{"dangerousFunctions":85,"sqlUsage":86,"outputEscaping":88,"fileOperations":13,"externalRequests":13,"nonceChecks":59,"capabilityChecks":13,"bundledLibraries":169},[],{"prepared":13,"raw":13,"locations":87},[],{"escaped":89,"rawEcho":90,"locations":91},9,38,[92,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167],{"file":37,"line":93,"context":94},306,"raw output",{"file":37,"line":96,"context":94},348,{"file":37,"line":98,"context":94},779,{"file":37,"line":100,"context":94},780,{"file":37,"line":102,"context":94},781,{"file":37,"line":104,"context":94},782,{"file":37,"line":106,"context":94},783,{"file":37,"line":108,"context":94},784,{"file":37,"line":110,"context":94},785,{"file":37,"line":112,"context":94},786,{"file":37,"line":114,"context":94},790,{"file":37,"line":116,"context":94},791,{"file":37,"line":118,"context":94},792,{"file":37,"line":120,"context":94},793,{"file":42,"line":122,"context":94},100,{"file":42,"line":124,"context":94},113,{"file":42,"line":126,"context":94},114,{"file":42,"line":128,"context":94},115,{"file":42,"line":130,"context":94},116,{"file":42,"line":132,"context":94},117,{"file":42,"line":134,"context":94},118,{"file":42,"line":136,"context":94},119,{"file":42,"line":138,"context":94},120,{"file":42,"line":140,"context":94},121,{"file":42,"line":142,"context":94},122,{"file":42,"line":144,"context":94},134,{"file":42,"line":146,"context":94},142,{"file":42,"line":148,"context":94},143,{"file":42,"line":150,"context":94},186,{"file":42,"line":152,"context":94},187,{"file":42,"line":154,"context":94},194,{"file":42,"line":156,"context":94},195,{"file":42,"line":158,"context":94},201,{"file":42,"line":160,"context":94},209,{"file":42,"line":162,"context":94},210,{"file":42,"line":164,"context":94},227,{"file":42,"line":166,"context":94},238,{"file":42,"line":168,"context":94},259,[],[],{"summary":172,"deductions":173},"The mlr-tabs plugin version 0.1 exhibits a mixed security posture. On the positive side, it shows excellent practices by having no known vulnerabilities, no dangerous functions, no file operations, no external HTTP requests, and importantly, all SQL queries utilize prepared statements. The presence of a nonce check and a sole shortcode as the only entry point also suggests a deliberate effort to limit the attack surface. However, a significant concern arises from the low rate of proper output escaping. With 47 total outputs and only 19% properly escaped, there's a high probability of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user's browser. The absence of capability checks on the shortcode is another area of potential weakness, as it means the shortcode's functionality could be accessed by any logged-in user without proper authorization.",[174,177],{"reason":175,"points":176},"Low output escaping rate (19%)",8,{"reason":178,"points":179},"Missing capability checks on shortcode",7,"2026-03-17T00:48:36.751Z",{"wat":182,"direct":194},{"assetPaths":183,"generatorPatterns":189,"scriptPaths":190,"versionParams":191},[184,185,186,187,188],"\u002Fwp-content\u002Fplugins\u002Fmlr-tabs\u002Fjs\u002Fml.producttabs.admin.js","\u002Fwp-content\u002Fplugins\u002Fmlr-tabs\u002Fcss\u002Fadmin_tabs.css","\u002Fwp-content\u002Fplugins\u002Fmlr-tabs\u002Fjs\u002Fml.product.tabs.js","\u002Fwp-content\u002Fplugins\u002Fmlr-tabs\u002Fjs\u002Fimagesloaded.pkgd.min.js","\u002Fwp-content\u002Fplugins\u002Fmlr-tabs\u002Fcss\u002Ftabs.css",[],[184,186,187],[192,193],"mlr-tabs\u002Fstyle.css?ver=","mlr-tabs\u002Fscript.js?ver=",{"cssClasses":195,"htmlComments":200,"htmlAttributes":201,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":206},[196,197,198,199],"mlpt_img_icon","mlpt_img_full","mlpt_audio_element","mlpt_video_element",[],[202],"data-mlpt-id",[],[205],"mlpt_shortcode_tabs",[207],"[mlr-tabs]"]