[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEyH0MG0i_xoa0MbJqfIbEjF7V9zAfG3EX0ov_M8alMU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":50,"analysis":151,"fingerprints":558},"myshouts-shoutbox","Author: Munzir","0.9","Munzir","https:\u002F\u002Fprofiles.wordpress.org\u002Fmunzir\u002F","\u003Cp>A ported version of the shoutbox I’ve made for myself to wordpress. It has accordion function, styling in admin and other basic stuff.\u003C\u002Fp>\n","A simple shoutbox with accordion option and customizable through admin panel.",50,24733,100,2,"2013-09-26T17:32:00.000Z","3.6.1","3","",[20,21,22,23],"ajax","chat","shoutbox","simple","http:\u002F\u002Fwww.munzir.net\u002Fentry\u002Fmyshouts-wordpress-shoutbox-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmyshouts-shoutbox.zip",63,1,"2025-09-19 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-58916","author-munzir-reflected-cross-site-scripting","Author: Munzir \u003C= 0.9 - Reflected Cross-Site Scripting","The Author: Munzir plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=0.9","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-29 20:20:45",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F92c22d7e-64d5-465e-b7c2-62b6d9db4cc5?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"munzir",30,68,"2026-04-03T17:58:40.425Z",[51,77,97,117,136],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":75,"last_vuln_date":76,"fetched_at":29},"simple-ajax-chat","Simple Ajax Chat – Add a Fast, Secure Chat Box","20260301","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>⭐ Lightweight and fast, persistent chat solution!\u003C\u002Fp>\n\u003Cp>⭐ Fully self-hosted: No 3rd-party account required 🙂\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Simple Ajax Chat makes it easy for your visitors to chat with each other on your website. Simply add a shortcode to any post or page and done! Instant chat forum anywhere. The chat form is fully customizable with many options, so you can create the perfect chat box for your visitors.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>👉 Check out a \u003Ca href=\"https:\u002F\u002Fwp-mix.com\u002Fchat\u002F\" rel=\"nofollow ugc\">Live Demo of Simple Ajax Chat at WP-Mix »\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> supports unlimited chat forms!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Simple Ajax Chat is fully self-hosted with NO 3rd-party service required. Many (if not all) of the other free chat plugins require registration and monthly service from a 3rd-party provider. With Simple Ajax Chat, there is no 3rd-party: WordPress is all that’s required. Own your chats!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Difference between SAC free and SAC Pro\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>main\u003C\u002Fstrong> difference between SAC free and SAC Pro? Easy:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SAC free supports 1 chat form\u003C\u002Fli>\n\u003Cli>SAC Pro supports unlimited chat forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro can do everything free can do and SO much more. Customize each chat form with unique features. SAC Pro is an all new plugin written with smarter, faster code and all the latest techniques. \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Get SAC Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SAC Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The simplest possible \u003Cem>persistent\u003C\u002Fem> chat\u003C\u002Fli>\n\u003Cli>Fully self-hosted: No 3rd-party account required\u003C\u002Fli>\n\u003Cli>Ajax goodness loads new chats without page refresh\u003C\u002Fli>\n\u003Cli>Smart chat processing optimizes for performance\u003C\u002Fli>\n\u003Cli>Works with all browsers (Chrome, Firefox, Safari, etc.)\u003C\u002Fli>\n\u003Cli>Works with all mobile devices (iPhone, Android, etc.)\u003C\u002Fli>\n\u003Cli>Display easily via shortcode or template tag\u003C\u002Fli>\n\u003Cli>Display chat box in multiple locations\u003C\u002Fli>\n\u003Cli>Regularly updated & “future proof”\u003C\u002Fli>\n\u003Cli>Supports custom CSS styles\u003C\u002Fli>\n\u003Cli>Strong anti-spam security\u003C\u002Fli>\n\u003Cli>Clean HTML markup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plug-&-play: no configuration required\u003C\u002Fli>\n\u003Cli>Built-in control panel to edit and delete chats\u003C\u002Fli>\n\u003Cli>Define your own list of banned words and phrases\u003C\u002Fli>\n\u003Cli>Display chat messages in ascending or descending order\u003C\u002Fli>\n\u003Cli>Display custom content before\u002Fafter the chat form\u003C\u002Fli>\n\u003Cli>Option to play sound alert for chat messages\u003C\u002Fli>\n\u003Cli>Option to restrict chat to logged-in users\u003C\u002Fli>\n\u003Cli>Option to restore default plugin settings\u003C\u002Fli>\n\u003Cli>Option to enable browser notifications\u003C\u002Fli>\n\u003Cli>Export all chat messages via CSV file\u003C\u002Fli>\n\u003Cli>Supports emoticons and emojis 🙂\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Customize Everything\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit maximum number of chat messages\u003C\u002Fli>\n\u003Cli>Limit maximum length of each chat message\u003C\u002Fli>\n\u003Cli>Advanced customization via filter hooks\u003C\u002Fli>\n\u003Cli>Option to use textarea for larger input field\u003C\u002Fli>\n\u003Cli>Option to use logged-in username as the chat name\u003C\u002Fli>\n\u003Cli>Option to enable\u002Fdisable URL field for chat names\u003C\u002Fli>\n\u003Cli>Load JavaScript only when chat box is displayed\u003C\u002Fli>\n\u003Cli>Customize the update interval for Ajax requests\u003C\u002Fli>\n\u003Cli>Customize the fade-in colors for new chats\u003C\u002Fli>\n\u003Cli>Customize the fade-duration for new chats\u003C\u002Fli>\n\u003Cli>Plus much more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 That’s a LOT of features, but the Pro version has WAY more. \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F#free-vs-pro\" rel=\"nofollow ugc\">Compare features (free vs. pro) »\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable Google reCaptcha (invisible) for all chat forms\u003C\u002Fli>\n\u003Cli>Choose from six form styles, or use custom styles\u003C\u002Fli>\n\u003Cli>Advanced chat management tools and user statistics\u003C\u002Fli>\n\u003Cli>Mute any user so they are not allowed to chat\u003C\u002Fli>\n\u003Cli>Ban any non-admin users from any chat session\u003C\u002Fli>\n\u003Cli>Enable customizable emoji picker for any chat form\u003C\u002Fli>\n\u003Cli>Display user avatars next to chat messages\u003C\u002Fli>\n\u003Cli>Display the user role next to chat messages\u003C\u002Fli>\n\u003Cli>Define your own Bang (!bang) shortcuts\u003C\u002Fli>\n\u003Cli>Email notifications for new chat messages\u003C\u002Fli>\n\u003Cli>Limit number of users for any chat form\u003C\u002Fli>\n\u003Cli>Create private chat boxes between users\u003C\u002Fli>\n\u003Cli>Banned phrases in text messages and user names\u003C\u002Fli>\n\u003Cli>Fine-grain control over allowed chat content\u003C\u002Fli>\n\u003Cli>Built with vanilla JavaScript (jQuery not required)\u003C\u002Fli>\n\u003Cli>Optionally display inline images in chat messages\u003C\u002Fli>\n\u003Cli>Automatically clear chat messages and send email alert\u003C\u002Fli>\n\u003Cli>Display a “current online users” widget for any form\u003C\u002Fli>\n\u003Cli>Displays a max-character counter for messages\u003C\u002Fli>\n\u003Cli>Display a role-based chat box on the WP Dashboard\u003C\u002Fli>\n\u003Cli>Choose from six sound alerts for new chat messages\u003C\u002Fli>\n\u003Cli>Option to include your own CSS and JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">get SAC Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin collects voluntary user chat data (i.e., Name, Chat Message, and optional URL field). It also gives the administrator the option to collect or not collect user IP information. Aside from those two things, this plugin does not collect or store any user data. This plugin uses a few cookies for the chat functionality. It does not connect to any third-party locations. Minimal impact on privacy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin supports \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsimple-ajax-chat\" rel=\"nofollow ugc\">translation into any language »\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Simple Ajax Chat is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Display an Ajax-powered chat box anywhere. Lightweight, flexible, fast, and secure. Fully customizable with many options.",2000,173429,98,212,"2026-03-01T21:28:00.000Z","6.9.4","4.7","5.6.20",[20,21,68,69,70],"chat-box","forum","instant-message","https:\u002F\u002Fperishablepress.com\u002Fsimple-ajax-chat\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ajax-chat.20260301.zip",92,8,0,"2026-03-12 00:21:55",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":13,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":75,"unpatched_count":75,"last_vuln_date":36,"fetched_at":29},"bp-group-chatroom","BuddyPress Group Chatroom","1.7.7","Venutius","https:\u002F\u002Fprofiles.wordpress.org\u002Fvenutius\u002F","\u003Cp>This plugin provides neat chatrooms into BuddyPress groups. Each Group admin can enable a group Chat room, available for all group members to view and post.\u003C\u002Fp>\n\u003Cp>The Chat area provides an ajax chat room which displays the most recent messages along with timestamps and usernames.  It also has a “who’s online” area which shows other group members viewing the Chat page.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Who’s Online list of members in the chatroom.\u003C\u002Fli>\n\u003Cli>Text Chat: Supports text and links added via the text input box.\u003C\u002Fli>\n\u003Cli>Video and other embeds – Videos such as You-tube can be added as an embedded video using the Video button. The same link can be used for other WordPress embedable urls.\u003C\u002Fli>\n\u003Cli>Emojis supported: over 1,000 emojis easily inserted into the chat stream with options to load them all or just a subset.\u003C\u002Fli>\n\u003Cli>Images: Users with upload_files capability can add images from the media directory\u002Fupload into the chat stream.\u003C\u002Fli>\n\u003Cli>Images Lightbox: Supports WP Featherlight lightbox, if you install this plugin then images loaded into chat will open in a lightbox.\u003C\u002Fli>\n\u003Cli>Activity threading: chat conversations can be collected and posted to the activity stream.\u003C\u002Fli>\n\u003Cli>Moderation: Group admin and moderators can delete chat messages.\u003C\u002Fli>\n\u003Cli>Theming: Chat message box colours can be set by Group Admin\u003C\u002Fli>\n\u003Cli>Auto-hide of chat messages after up to 30 days.\u003C\u002Fli>\n\u003Cli>Auto-deletion of chat messages after up to 30 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Chat messages support links, embeded video is supported an it’s possible to call in another site member to the chat using @mentions.\u003C\u002Fp>\n\u003Cp>I’ve introduced rudimentary threads support. The behavior is that a new message, posted more then 15 minutes after the last message will be marked as a new thread. All messages posted after that initial message will be regarded as part of that thread. After 15 minutes the thread will be deemed closed and if posting of threads to group activity is enabled then all messages in the thread will be posted in a single activity update. I’m expecting this functionality to change as the plugin develops.\u003C\u002Fp>\n\u003Cp>Currently the chat supports text chat and the sharing of links. I’m interested in adding further features but would like to see some user requests for the same.\u003C\u002Fp>\n\u003Cp>This plugin was originally created by David Cartwright and has been forked by Venutius. It includes an emoji set which was sourced from WP Emoji One by Monchito.net.\u003C\u002Fp>\n\u003Cp>This plugin runs from your own server, no chat data leaves your site. This has has the benefit of minimizing your exposure regarding user privacy and GDPR, however chat will be as responsive as your server and can be laggy because of this. User conversations are stored for one month then deleted.\u003C\u002Fp>\n","This plugin provides neat chatrooms into BuddyPress groups. Each Group admin can enable a group Chat room, available for all group members to view and …",13444,74,3,"2021-02-10T12:30:00.000Z","5.6.17","4.6.0",[20,92,21,93],"buddypress","groups","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-group-chatroom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-chatroom.1.7.7.zip",85,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":13,"downloaded":105,"rating":106,"num_ratings":87,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":18,"download_link":116,"security_score":96,"vuln_count":75,"unpatched_count":75,"last_vuln_date":36,"fetched_at":29},"custom-post-type-ajax-pagnaition","CPTA Pagination","1.2","Naveenkumar C","https:\u002F\u002Fprofiles.wordpress.org\u002Fcnaveenkumar\u002F","\u003Cp>It’s a simple custom post type ajax pagination plugin.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily customizable.\u003C\u002Fli>\n\u003Cli>Lightweight.\u003C\u002Fli>\n\u003Cli>Custom post type ajax pagination with category\u003C\u002Fli>\n\u003C\u002Ful>\n","It's a simple custom post type ajax pagination plugin.",8784,86,"2021-03-13T09:57:00.000Z","5.7.15","3.0.1",[111,112,113,114,115],"ajax-pagination","custom-post-type-pagination","custom-post-type-with-ajax-pagination","pagination","simple-pagination","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-ajax-pagnaition.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":13,"num_ratings":14,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":134,"download_link":135,"security_score":96,"vuln_count":75,"unpatched_count":75,"last_vuln_date":36,"fetched_at":29},"ajax-simplecontact-form","Ajax Simple Contact Form","1.0","mamunitiw","https:\u002F\u002Fprofiles.wordpress.org\u002Fmamunitiw\u002F","\u003Cp>This is really a simple wordpress ajax contact form. This plugin is appropriate for those who want to use customizable ajax contact form in wordpress. Just install and use shortcode in the wordpress post, page, template to show the contat form. It will fit with your design.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using shortcode in wordpress post\u002Fpage: [ajax_contact_form]\u003C\u002Fli>\n\u003Cli>Using shortcode in wordpress template: do_shortcode(“[ajax_contact_form]”); \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Live Demo\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Ajax Simple Contact Form Demo: [ajaxsimplecontactform] (http:\u002F\u002Fwww.pranms.com\u002Fajax-simple-contact-form\u002F)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Youtube Video\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Youtube Video Link:https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=FA9HGdwrv2s\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFA9HGdwrv2s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","This is a simple and customizable wordpress ajax contact form.",10,2912,"2016-09-11T23:16:00.000Z","4.5.33","3.0",[20,131,132,133,23],"contact","contact-form","email","http:\u002F\u002Fwww.pranms.com\u002Fajax-simple-contact-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-simplecontact-form.zip",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":125,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":18,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":147,"homepage":148,"download_link":149,"security_score":13,"vuln_count":75,"unpatched_count":75,"last_vuln_date":36,"fetched_at":150},"bp-group-livechat","BuddyPress Group Livechat","1.1","D Cartwright","https:\u002F\u002Fprofiles.wordpress.org\u002Faekeron\u002F","\u003Cp>Basic live chat within groups.\u003C\u002Fp>\n\u003Cp>Once installed, activate Live Chat in the group admin area (or during group creation).\u003C\u002Fp>\n\u003Cp>The Live Chat area provides an ajax chat room which displays the most recent messages along with timestamps and usernames.  It also has a “who’s online” area which shows other group members viewing the Live Chat page.  “Super Admins” can spy on the chats of all groups.\u003C\u002Fp>\n\u003Cp>This plugin is extremely basic and has no promises of support.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>History.txt – contains all the changes since version 1.0\u003Cbr \u002F>\nLicense.txt – contains the licensing details for this component\u003C\u002Fp>\n","Basic live chat within groups.",12665,96,5,[20,92,21,93],"http:\u002F\u002Flinktart.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-livechat.zip","2026-03-15T10:48:56.248Z",{"attackSurface":152,"codeSignals":177,"taintFlows":299,"riskAssessment":537,"analyzedAt":557},{"hooks":153,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":75,"unprotectedCount":75},[154,160,164,169],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","init","myshouts_init","myshouts.php",27,{"type":155,"name":161,"callback":162,"file":158,"line":163},"admin_menu","myshouts_adminmenu",28,{"type":155,"name":165,"callback":166,"priority":167,"file":158,"line":168},"wp_head","myshouts_headstuff",12,29,{"type":155,"name":170,"callback":171,"file":158,"line":172},"widgets_init","register",391,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":185,"outputEscaping":212,"fileOperations":75,"externalRequests":75,"nonceChecks":75,"capabilityChecks":75,"bundledLibraries":298},[179,183],{"fn":180,"file":158,"line":181,"context":182},"unserialize",203,"$Styles = unserialize(get_option('myshouts_styles'));",{"fn":180,"file":158,"line":184,"context":182},625,{"prepared":186,"raw":125,"locations":187},4,[188,191,194,197,199,202,204,206,208,210],{"file":158,"line":189,"context":190},93,"$wpdb->query() with variable interpolation",{"file":158,"line":192,"context":193},114,"$wpdb->get_row() with variable interpolation",{"file":158,"line":195,"context":196},277,"$wpdb->get_results() with variable interpolation",{"file":158,"line":198,"context":196},293,{"file":158,"line":200,"context":201},454,"$wpdb->get_col() with variable interpolation",{"file":158,"line":203,"context":201},463,{"file":158,"line":205,"context":196},679,{"file":158,"line":207,"context":190},861,{"file":158,"line":209,"context":193},871,{"file":158,"line":211,"context":190},880,{"escaped":27,"rawEcho":213,"locations":214},44,[215,218,220,222,224,226,228,230,232,234,236,238,240,242,244,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,276,277,278,280,282,284,286,288,290,291,293,294,296],{"file":158,"line":216,"context":217},116,"raw output",{"file":158,"line":219,"context":217},127,{"file":158,"line":221,"context":217},153,{"file":158,"line":223,"context":217},156,{"file":158,"line":225,"context":217},173,{"file":158,"line":227,"context":217},177,{"file":158,"line":229,"context":217},218,{"file":158,"line":231,"context":217},234,{"file":158,"line":233,"context":217},241,{"file":158,"line":235,"context":217},242,{"file":158,"line":237,"context":217},243,{"file":158,"line":239,"context":217},322,{"file":158,"line":241,"context":217},325,{"file":158,"line":243,"context":217},326,{"file":158,"line":243,"context":217},{"file":158,"line":246,"context":217},329,{"file":158,"line":248,"context":217},332,{"file":158,"line":250,"context":217},398,{"file":158,"line":252,"context":217},412,{"file":158,"line":254,"context":217},413,{"file":158,"line":256,"context":217},415,{"file":158,"line":258,"context":217},417,{"file":158,"line":260,"context":217},455,{"file":158,"line":262,"context":217},482,{"file":158,"line":264,"context":217},505,{"file":158,"line":266,"context":217},509,{"file":158,"line":268,"context":217},550,{"file":158,"line":270,"context":217},551,{"file":158,"line":272,"context":217},591,{"file":158,"line":274,"context":217},632,{"file":158,"line":274,"context":217},{"file":158,"line":274,"context":217},{"file":158,"line":274,"context":217},{"file":158,"line":279,"context":217},667,{"file":158,"line":281,"context":217},690,{"file":158,"line":283,"context":217},708,{"file":158,"line":285,"context":217},709,{"file":158,"line":287,"context":217},744,{"file":158,"line":289,"context":217},821,{"file":158,"line":289,"context":217},{"file":158,"line":292,"context":217},822,{"file":158,"line":292,"context":217},{"file":158,"line":295,"context":217},823,{"file":158,"line":297,"context":217},824,[],[300,316,324,337,350,361,376,397,466],{"entryPoint":301,"graph":302,"unsanitizedCount":27,"severity":38},"myshouts_headstuff (myshouts.php:121)",{"nodes":303,"edges":313},[304,308],{"id":305,"type":306,"label":307,"file":158,"line":219},"n0","source","$_SERVER['PHP_SELF']",{"id":309,"type":310,"label":311,"file":158,"line":219,"wp_function":312},"n1","sink","echo() [XSS]","echo",[314],{"from":305,"to":309,"sanitized":315},false,{"entryPoint":317,"graph":318,"unsanitizedCount":27,"severity":38},"myshouts_manage_row (myshouts.php:817)",{"nodes":319,"edges":322},[320,321],{"id":305,"type":306,"label":307,"file":158,"line":297},{"id":309,"type":310,"label":311,"file":158,"line":297,"wp_function":312},[323],{"from":305,"to":309,"sanitized":315},{"entryPoint":325,"graph":326,"unsanitizedCount":27,"severity":336},"control (myshouts.php:394)",{"nodes":327,"edges":334},[328,331],{"id":305,"type":306,"label":329,"file":158,"line":330},"$_POST['myshouts_title']",402,{"id":309,"type":310,"label":332,"file":158,"line":330,"wp_function":333},"update_option() [Settings Manipulation]","update_option",[335],{"from":305,"to":309,"sanitized":315},"low",{"entryPoint":338,"graph":339,"unsanitizedCount":27,"severity":349},"myshouts_add (myshouts.php:47)",{"nodes":340,"edges":347},[341,344],{"id":305,"type":306,"label":342,"file":158,"line":343},"$_POST",90,{"id":309,"type":310,"label":345,"file":158,"line":189,"wp_function":346},"query() [SQLi]","query",[348],{"from":305,"to":309,"sanitized":315},"high",{"entryPoint":351,"graph":352,"unsanitizedCount":27,"severity":349},"myshouts_newshouts (myshouts.php:271)",{"nodes":353,"edges":359},[354,356],{"id":305,"type":306,"label":342,"file":158,"line":355},275,{"id":309,"type":310,"label":357,"file":158,"line":195,"wp_function":358},"get_results() [SQLi]","get_results",[360],{"from":305,"to":309,"sanitized":315},{"entryPoint":362,"graph":363,"unsanitizedCount":27,"severity":349},"myshouts_options (myshouts.php:476)",{"nodes":364,"edges":373},[365,368,371],{"id":305,"type":306,"label":366,"file":158,"line":367},"$_GET",651,{"id":309,"type":369,"label":370,"file":158,"line":367},"transform","→ myshouts_manage_paged()",{"id":372,"type":310,"label":357,"file":158,"line":205,"wp_function":358},"n2",[374,375],{"from":305,"to":309,"sanitized":315},{"from":309,"to":372,"sanitized":315},{"entryPoint":377,"graph":378,"unsanitizedCount":87,"severity":349},"myshouts_manage_paged (myshouts.php:656)",{"nodes":379,"edges":393},[380,383,384,385,387,391],{"id":305,"type":306,"label":381,"file":158,"line":382},"$_page",656,{"id":309,"type":310,"label":357,"file":158,"line":205,"wp_function":358},{"id":372,"type":306,"label":307,"file":158,"line":283},{"id":386,"type":310,"label":311,"file":158,"line":283,"wp_function":312},"n3",{"id":388,"type":306,"label":389,"file":158,"line":390},"n4","$_SERVER",677,{"id":392,"type":310,"label":311,"file":158,"line":287,"wp_function":312},"n5",[394,395,396],{"from":305,"to":309,"sanitized":315},{"from":372,"to":386,"sanitized":315},{"from":388,"to":392,"sanitized":315},{"entryPoint":398,"graph":399,"unsanitizedCount":167,"severity":349},"myshouts_admin_submits (myshouts.php:828)",{"nodes":400,"edges":455},[401,403,405,408,411,414,415,419,421,425,427,431,433,437,439,442,444,446,450,453],{"id":305,"type":306,"label":342,"file":158,"line":402},834,{"id":309,"type":310,"label":332,"file":158,"line":404,"wp_function":333},835,{"id":372,"type":306,"label":406,"file":158,"line":407},"$_SERVER['PHP_SELF'] (x3)",837,{"id":386,"type":310,"label":409,"file":158,"line":407,"wp_function":410},"wp_redirect() [Open Redirect]","wp_redirect",{"id":388,"type":306,"label":412,"file":158,"line":413},"$_POST['myshouts_ignorestyles']",848,{"id":392,"type":310,"label":332,"file":158,"line":413,"wp_function":333},{"id":416,"type":306,"label":417,"file":158,"line":418},"n6","$_POST['myshouts_total']",849,{"id":420,"type":310,"label":332,"file":158,"line":418,"wp_function":333},"n7",{"id":422,"type":306,"label":423,"file":158,"line":424},"n8","$_POST['myshouts_useaccordion']",850,{"id":426,"type":310,"label":332,"file":158,"line":424,"wp_function":333},"n9",{"id":428,"type":306,"label":429,"file":158,"line":430},"n10","$_POST['myshouts_accordionshow']",851,{"id":432,"type":310,"label":332,"file":158,"line":430,"wp_function":333},"n11",{"id":434,"type":306,"label":435,"file":158,"line":436},"n12","$_POST['myshouts_gravatar']",852,{"id":438,"type":310,"label":332,"file":158,"line":436,"wp_function":333},"n13",{"id":440,"type":306,"label":366,"file":158,"line":441},"n14",859,{"id":443,"type":310,"label":345,"file":158,"line":207,"wp_function":346},"n15",{"id":445,"type":306,"label":366,"file":158,"line":441},"n16",{"id":447,"type":310,"label":448,"file":158,"line":209,"wp_function":449},"n17","get_row() [SQLi]","get_row",{"id":451,"type":306,"label":342,"file":158,"line":452},"n18",878,{"id":454,"type":310,"label":345,"file":158,"line":211,"wp_function":346},"n19",[456,457,458,459,460,461,462,463,464,465],{"from":305,"to":309,"sanitized":315},{"from":372,"to":386,"sanitized":315},{"from":388,"to":392,"sanitized":315},{"from":416,"to":420,"sanitized":315},{"from":422,"to":426,"sanitized":315},{"from":428,"to":432,"sanitized":315},{"from":434,"to":438,"sanitized":315},{"from":440,"to":443,"sanitized":315},{"from":445,"to":447,"sanitized":315},{"from":451,"to":454,"sanitized":315},{"entryPoint":467,"graph":468,"unsanitizedCount":536,"severity":349},"\u003Cmyshouts> (myshouts.php:0)",{"nodes":469,"edges":518},[470,472,473,474,475,476,477,478,479,481,482,483,484,485,486,487,488,489,490,491,492,494,496,498,500,502,504,506,508,510,512,514,516],{"id":305,"type":306,"label":471,"file":158,"line":343},"$_POST (x2)",{"id":309,"type":310,"label":345,"file":158,"line":189,"wp_function":346},{"id":372,"type":306,"label":406,"file":158,"line":219},{"id":386,"type":310,"label":311,"file":158,"line":219,"wp_function":312},{"id":388,"type":306,"label":342,"file":158,"line":355},{"id":392,"type":310,"label":357,"file":158,"line":195,"wp_function":358},{"id":416,"type":306,"label":329,"file":158,"line":330},{"id":420,"type":310,"label":332,"file":158,"line":330,"wp_function":333},{"id":422,"type":306,"label":366,"file":158,"line":480},649,{"id":426,"type":310,"label":357,"file":158,"line":205,"wp_function":358},{"id":428,"type":306,"label":389,"file":158,"line":390},{"id":432,"type":310,"label":311,"file":158,"line":287,"wp_function":312},{"id":434,"type":306,"label":342,"file":158,"line":402},{"id":438,"type":310,"label":332,"file":158,"line":404,"wp_function":333},{"id":440,"type":306,"label":406,"file":158,"line":407},{"id":443,"type":310,"label":409,"file":158,"line":407,"wp_function":410},{"id":445,"type":306,"label":412,"file":158,"line":413},{"id":447,"type":310,"label":332,"file":158,"line":413,"wp_function":333},{"id":451,"type":306,"label":417,"file":158,"line":418},{"id":454,"type":310,"label":332,"file":158,"line":418,"wp_function":333},{"id":493,"type":306,"label":423,"file":158,"line":424},"n20",{"id":495,"type":310,"label":332,"file":158,"line":424,"wp_function":333},"n21",{"id":497,"type":306,"label":429,"file":158,"line":430},"n22",{"id":499,"type":310,"label":332,"file":158,"line":430,"wp_function":333},"n23",{"id":501,"type":306,"label":435,"file":158,"line":436},"n24",{"id":503,"type":310,"label":332,"file":158,"line":436,"wp_function":333},"n25",{"id":505,"type":306,"label":366,"file":158,"line":441},"n26",{"id":507,"type":310,"label":345,"file":158,"line":207,"wp_function":346},"n27",{"id":509,"type":306,"label":366,"file":158,"line":441},"n28",{"id":511,"type":310,"label":448,"file":158,"line":209,"wp_function":449},"n29",{"id":513,"type":306,"label":366,"file":158,"line":367},"n30",{"id":515,"type":369,"label":370,"file":158,"line":367},"n31",{"id":517,"type":310,"label":357,"file":158,"line":205,"wp_function":358},"n32",[519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535],{"from":305,"to":309,"sanitized":315},{"from":372,"to":386,"sanitized":315},{"from":388,"to":392,"sanitized":315},{"from":416,"to":420,"sanitized":315},{"from":422,"to":426,"sanitized":315},{"from":428,"to":432,"sanitized":315},{"from":434,"to":438,"sanitized":315},{"from":440,"to":443,"sanitized":315},{"from":445,"to":447,"sanitized":315},{"from":451,"to":454,"sanitized":315},{"from":493,"to":495,"sanitized":315},{"from":497,"to":499,"sanitized":315},{"from":501,"to":503,"sanitized":315},{"from":505,"to":507,"sanitized":315},{"from":509,"to":511,"sanitized":315},{"from":513,"to":515,"sanitized":315},{"from":515,"to":517,"sanitized":315},21,{"summary":538,"deductions":539},"The \"myshouts-shoutbox\" v0.9 plugin presents a significant security risk due to several concerning indicators in its static analysis and a known vulnerability. While the plugin has a seemingly small attack surface with no direct AJAX, REST API, shortcode, or cron event entry points exposed without authentication, the code signals reveal critical weaknesses. The presence of the `unserialize` function is a major red flag, as it can be exploited if attackers can control the data being unserialized, potentially leading to remote code execution. Furthermore, a very low percentage of SQL queries use prepared statements, increasing the risk of SQL injection vulnerabilities. The extremely low rate of proper output escaping (2%) suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities across many output points.\n\nTaint analysis reveals that all analyzed flows have unsanitized paths, with six flows identified as high severity. This, combined with the historical data showing one medium severity CVE for XSS and the fact that this vulnerability remains unpatched, strongly indicates a pattern of insecure coding practices. The plugin has a history of XSS vulnerabilities, and the current analysis suggests that similar vulnerabilities are likely present and unaddressed. The complete lack of nonce and capability checks further exacerbates these risks, as there are no built-in mechanisms to verify user authorization or prevent CSRF attacks.\n\nIn conclusion, while the plugin's attack surface appears limited in terms of traditional entry points, the internal code quality is severely lacking. The combination of dangerous functions, unescaped output, insecure SQL queries, a high number of unsanitized taint flows, and a persistent, unpatched XSS vulnerability makes this plugin a high-risk component. The absence of essential security checks like nonces and capability checks compounds these issues, leaving any website using this plugin vulnerable to significant security threats.",[540,543,545,547,549,551,553,555],{"reason":541,"points":542},"Unpatched CVE",15,{"reason":544,"points":542},"Dangerous function: unserialize",{"reason":546,"points":167},"High severity taint flows",{"reason":548,"points":125},"Low percentage of prepared SQL statements",{"reason":550,"points":74},"Very low rate of proper output escaping",{"reason":552,"points":125},"No nonce checks",{"reason":554,"points":125},"No capability checks",{"reason":556,"points":125},"All flows have unsanitized paths","2026-03-16T22:03:31.396Z",{"wat":559,"direct":568},{"assetPaths":560,"generatorPatterns":563,"scriptPaths":564,"versionParams":565},[561,562],"\u002Fwp-content\u002Fplugins\u002Fmyshouts-shoutbox\u002Fmyshouts.css","\u002Fwp-content\u002Fplugins\u002Fmyshouts-shoutbox\u002Fshout.js",[],[562],[566,567],"myshouts-shoutbox\u002Fmyshouts.css?ver=","myshouts-shoutbox\u002Fshout.js?ver=",{"cssClasses":569,"htmlComments":575,"htmlAttributes":577,"restEndpoints":579,"jsGlobals":580,"shortcodeOutput":583},[570,571,572,573,133,574],"theshouts","myshouts_title","inputtext","name","website",[576],"wrapper",[578],"data-options",[],[581,582],"post_file","myshouts_check_stream",[584,585,586,587],"\u003Cdiv id=\"myshouts_wrapper\"","\u003Cdiv id=\"myshouts_shouts\" class=\"theshouts\"","\u003Cform name=\"myshouts_form\" id=\"myshouts_form\"","\u003Cinput type=\"hidden\" value=\""]