[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxHz9QR3jZqBuM0dFCJg5EjQxh4Sqhzlat1_DSD-3dsg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":115,"fingerprints":265},"narrative-so","Narrative Publisher","1.0.7","Narrative","https:\u002F\u002Fprofiles.wordpress.org\u002Fnarrative\u002F","\u003Cp>This plugin connects your WordPress website with your \u003Ca href=\"http:\u002F\u002Fwww.narrative.so\" rel=\"nofollow ugc\">Narrative App\u003C\u002Fa> allowing you to publish your Narrative posts directly to your WordPress website. Please contact support@narrative.so for any help.\u003C\u002Fp>\n\u003Ch3>Get Started\u003C\u002Fh3>\n\u003Cp>Sign up with a free trial to Narrative \u003Ca href=\"https:\u002F\u002Fmy.narrative.so\u002F#\u002Ffree-trial\" rel=\"nofollow ugc\">here\u003C\u002Fa> and download the app to get started.\u003C\u002Fp>\n\u003Ch3>Technical info\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin uses \u003Ca href=\"https:\u002F\u002Fnarrative.so\" rel=\"nofollow ugc\">www.narrative.so\u003C\u002Fa> to input your Narrative Posts into your WordPress website.\u003C\u002Fli>\n\u003Cli>Narrative has the ability to create and edit posts on your WordPress website\u003C\u002Fli>\n\u003Cli>When creating a post Narrative will input HTML and JS into your a post.\u003C\u002Fli>\n\u003Cli>For more info please see Narrative’s \u003Ca href=\"https:\u002F\u002Fnarrative.so\u002Fterms-and-conditions\" rel=\"nofollow ugc\">Terms and Conditions\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fnarrative.so\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin connects your Wordpress website with your Narrative App allowing you to publish your Narrative posts directly to your Wordpress website.",1000,102015,0,"2023-02-15T21:20:00.000Z","6.1.10","4.7.0","5.3",[19,20,21,22],"narrative","narrative-app","narrative-blog-builder","narrative-publisher","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnarrative-so.1.0.7.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":19,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-05T08:35:02.063Z",[35,56,75,96],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":23,"tags":48,"homepage":53,"download_link":54,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"narrafirma","NarraFirma","1.6.11","cfkurtz","https:\u002F\u002Fprofiles.wordpress.org\u002Fcfkurtz\u002F","\u003Cp>NarraFirma is companion software to the textbook \u003Ca href=\"http:\u002F\u002Fwww.workingwithstories.org\" rel=\"nofollow ugc\">Working with Stories in Your Community Or Organization: Participatory Narrative Inquiry\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Participatory narrative inquiry is an approach in which groups of people participate in gathering and working with raw stories of personal experience in order to make sense of complex patterns for better decision making. PNI focuses on the profound consideration of values, beliefs, feelings, and perspectives through the recounting and interpretation of lived experience.\u003C\u002Fp>\n\u003Ch4>What is NarraFirma?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>It’s a checklist. NarraFirma provides practical guidance as you work, with questions for you to answer, recommendations based on the conditions you describe, activities that help you make decisions, and just-in-time advice.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It’s a journal. NarraFirma helps you keep careful records about what happened in your project, and it gives you places to reflect on what happened. This reminds you to keep learning as you work, and it helps you to document your project for future reference.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It’s a kiosk. NarraFirma helps you collect stories, on-line and\u002For off-line, based on question forms you design (with sample questions you can copy). Because story collection is integrated, there is no need to export or import data.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It’s a workstation. NarraFirma helps you explore and interpret patterns in your data (stories and answers to questions about stories), creating annotated visualizations you can use to make sense of the stories you collected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why choose NarraFirma?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>It’s portable. You can install NarraFirma anywhere, as a WordPress plugin or a Node.js web application. Web hosting is inexpensive, popular, and well supported. You can also install NarraFirma on your local computer and use it off-line. (Whichever installation method you choose, we strongly suggest that you set up SSL security on your web site before collecting or entering confidential or important information. Many hosting providers can help you with this task.)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It’s a team player. With NarraFirma your team can work on projects together in real time without having to hand files back and forth. You can plan your project, collect stories, discover patterns, and reflect on what you’ve learned – together.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It’s an open book. NarraFirma is open source software. So if you have a question about how something works, you can just look at the source code to find out. If you need the software to do something it can’t do, you can add new functionality yourself or ask someone else to add it.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It works in the real world. One NarraFirma installation supports multiple projects, forms, data sets, and reports. Why? Because real-life story projects are rarely simple or predictable. So go ahead and make a mess. NarraFirma is ready for it.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>We have spent a lot of time developing NarraFirma. We appreciate donations, and will use them to keep working on it. You can donate at \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=DGVVDT2D49QA8\" rel=\"nofollow ugc\">PayPal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Need some help?\u003C\u002Fh3>\n\u003Cp>I offer training in the use of NarraFirma and consulting for PNI projects. If you are interested, check out my web site at \u003Ca href=\"cfkurtz.com\" rel=\"nofollow ugc\">cfkurtz.com\u003C\u002Fa>, or send me a note at cfkurtz at cfkurtz dot com.\u003C\u002Fp>\n","Participatory Narrative Inquiry in a box. Gather stories and make sense of challenges and opportunities in your community or organization.",40,5620,"2025-07-28T21:42:00.000Z","6.8.5","4.3.1",[49,19,50,51,52],"community","participation","research","stories","http:\u002F\u002Fnarrafirma.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnarrafirma.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":55,"num_ratings":30,"last_updated":23,"tested_up_to":66,"requires_at_least":67,"requires_php":23,"tags":68,"homepage":72,"download_link":73,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":74},"plusnarrative-admin-theme","PlusNarrative Admin Theme","1.1","lliamscholtz","https:\u002F\u002Fprofiles.wordpress.org\u002Flliamscholtz\u002F","\u003Cp>The PlusNarrative Admin Theme plugin easily allows users to access critical information from PlusNarrative.\u003C\u002Fp>\n\u003Cp>The plugin does the following:\u003Cbr \u002F>\n*   Adds a PlusNarrative website link to the admin bar\u003Cbr \u002F>\n*   Cleans up the dashboard to highlight important information\u003Cbr \u002F>\n*   Brands the login page\u003Cbr \u002F>\n*   Adds additional dashboard widgets\u003Cbr \u002F>\n*   Displays the latest PlusNarrative blog posts\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you experience any issues please feel free to email \u003Ca href=\"mailto:lliam@plusnarrative.com\" rel=\"nofollow ugc\">lliam@plusnarrative.com\u003C\u002Fa>\u003C\u002Fp>\n","The PlusNarrative Admin Theme plugin easily allows users to access critical information from PlusNarrative",10,1422,"4.1.42","3.3",[69,70,71],"admin","plusnarrative","theme","http:\u002F\u002Fplusnarrative.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplusnarrative-admin-theme.zip","2026-03-15T10:48:56.248Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":13,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":94,"download_link":95,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"orbem-studio","Orbem Studio","1.2.6","Orbem Order®","https:\u002F\u002Fprofiles.wordpress.org\u002Forbemorder\u002F","\u003Cp>\u003Cstrong>Orbem Studio\u003C\u002Fstrong> turns WordPress into a fully featured, browser-based game engine.\u003C\u002Fp>\n\u003Cp>Design immersive, map-driven experiences with characters, missions, cutscenes, items, abilities, and progression systems all managed through WordPress’ familiar admin interface.\u003C\u002Fp>\n\u003Cp>Orbem Studio is built for developers and creators who want real gameplay, not just gamified UI. It provides structured systems, performance-focused architecture, and developer tooling that allows complete games to be authored, played, and extended entirely within WordPress.\u003C\u002Fp>\n\u003Cp>Whether you’re building a narrative RPG, an educational experience, or an experimental interactive world, Orbem Studio gives you the tools to ship.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>🎮 Full Front-End Game Engine\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Real-time player movement\u003C\u002Fli>\n\u003Cli>Interactive maps and collision-aware elements\u003C\u002Fli>\n\u003Cli>Directional character asset and animations assignments\u003C\u002Fli>\n\u003Cli>Trigger-based interactions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🧩 Modular Game Objects\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Areas, missions, cutscenes, enemies, items, explainer popups, focus view items, weapons, and characters\u003C\u002Fli>\n\u003Cli>All content managed as WordPress custom post types using proprietary custom fields\u003C\u002Fli>\n\u003Cli>Fully extensible metadata-driven design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🧠 Mission & Progression System\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Branching mission chains\u003C\u002Fli>\n\u003Cli>Conditional triggers and unlocks\u003C\u002Fli>\n\u003Cli>Persistent player state\u003C\u002Fli>\n\u003Cli>Health, mana, power, experience, currency, and leveling\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛠 Developer Mode (Admin-Only)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Live in-game object\u002Fcharacter placement\u003C\u002Fli>\n\u003Cli>Visual trigger overlays\u003C\u002Fli>\n\u003Cli>Admin-only editing tools\u003C\u002Fli>\n\u003Cli>Level selector for easy level building\u003C\u002Fli>\n\u003Cli>Rapid iteration without page reloads\u003C\u002Fli>\n\u003Cli>Front end wall-builder\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📦 Inventory & Equipment System\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Storage limits\u003C\u002Fli>\n\u003Cli>Weapons, gear, and consumables\u003C\u002Fli>\n\u003Cli>Equip \u002F unequip logic\u003C\u002Fli>\n\u003Cli>Character-bound equipment support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔊 Media-Rich Storytelling\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Cutscenes and scripted events\u003C\u002Fli>\n\u003Cli>Per-area & per-cutscene music\u003C\u002Fli>\n\u003Cli>Sound effects and audio triggers\u003C\u002Fli>\n\u003Cli>Intro videos and cinematic playback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔐 Secure & Performant\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>REST API–based architecture\u003C\u002Fli>\n\u003Cli>Permission-aware custom endpoints\u003C\u002Fli>\n\u003Cli>Subscriber-safe gameplay routes\u003C\u002Fli>\n\u003Cli>Optimized meta access and caching strategies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🧑‍💻 Built for Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean, modern PHP architecture\u003C\u002Fli>\n\u003Cli>Environment-aware behavior (local vs production)\u003C\u002Fli>\n\u003Cli>Extensible via hooks and filters\u003C\u002Fli>\n\u003Cli>No hard dependency on third-party services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Narrative RPGs\u003C\u002Fli>\n\u003Cli>Interactive fiction\u003C\u002Fli>\n\u003Cli>Educational games\u003C\u002Fli>\n\u003Cli>Gamified onboarding\u003C\u002Fli>\n\u003Cli>Experimental storytelling\u003C\u002Fli>\n\u003Cli>Browser-based adventure games\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If it can be represented spatially and interactively, Orbem Studio can power it.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to third-party services to provide optional functionality related to authentication and text-to-speech features.\u003C\u002Fp>\n\u003Ch4>Google Text-to-Speech API\u003C\u002Fh4>\n\u003Cp>Orbem Studio can optionally use the Google Text-to-Speech API to generate spoken audio for in-game dialogue and narration.\u003C\u002Fp>\n\u003Cp>What the service is used for:\u003Cbr \u002F>\nThe service is used to convert in-game cutscene and explainer popup text content into synthesized speech audio.\u003C\u002Fp>\n\u003Cp>What data is sent and when:\u003Cbr \u002F>\nWhen text-to-speech is enabled by the site administrator and triggered by player interaction, the plugin sends the following data to Google:\u003Cbr \u002F>\n– The text content to be synthesized\u003Cbr \u002F>\n– The configured language and voice parameters\u003Cbr \u002F>\n– The API key provided by the site administrator\u003C\u002Fp>\n\u003Cp>No personal user data is sent by default. The text content is only sent at the moment audio generation is requested.\u003C\u002Fp>\n\u003Cp>Service provider:\u003Cbr \u002F>\nGoogle LLC\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fcloud.google.com\u002Fterms\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch4>Google OAuth \u002F Token Verification\u003C\u002Fh4>\n\u003Cp>Orbem Studio supports optional Google Sign-In functionality to allow users to authenticate using their Google account.\u003C\u002Fp>\n\u003Cp>What the service is used for:\u003Cbr \u002F>\nThe service is used to verify the authenticity of a Google ID token during login.\u003C\u002Fp>\n\u003Cp>What data is sent and when:\u003Cbr \u002F>\nWhen a user logs in using Google Sign-In, the plugin sends:\u003Cbr \u002F>\n– The Google ID token provided by the user’s browser\u003C\u002Fp>\n\u003Cp>This request is made once per login attempt to verify the token’s validity. The plugin does not store Google credentials.\u003C\u002Fp>\n\u003Cp>Service provider:\u003Cbr \u002F>\nGoogle LLC\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fterms\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n","Build fully interactive, story-driven games directly inside WordPress. No external engines required!",702,"2026-03-15T01:50:00.000Z","6.9.4","6.1","8.1",[89,90,91,92,93],"game-engine","gamification","narrative-game","rpg","storytelling","https:\u002F\u002Forbem.studio\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Forbem-studio.1.2.6.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":13,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":23,"download_link":114,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"yu-story","YU STORY","1.0.0","Yusuf","https:\u002F\u002Fprofiles.wordpress.org\u002Fyusufbiberoglu\u002F","\u003Cp>Yu Story allows you to transform your WordPress website with an immersive stories. With an intuitive interface and powerful features, you can easily create and share interactive stories that captivate your audience. Engage your visitors with visually rich narratives, complete with custom URLs that lead to related content or external sites. Add descriptive text over your images to provide context. Whether you’re a blogger, marketer, or educator, Yu Story provides the tools for share your stories.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Interactive Stories\u003C\u002Fstrong>: Create engaging and interactive stories that keep your audience captivated.🚀🚀🚀\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom URLs\u003C\u002Fstrong>: Easily add custom URLs to each story, guiding your visitors to any site page or external link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Text Overlays\u003C\u002Fstrong>: Enhance your stories with text overlays, providing context or narration directly on your images.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight Design\u003C\u002Fstrong>: Yu Story is designed to be fast and efficient, ensuring a smooth experience for your visitors without slowing down your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Thumbnail Titles\u003C\u002Fstrong>: Display titles under thumbnails to give visitors a preview of your stories.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive and Mobile-Friendly\u003C\u002Fstrong>: Stories look great on all devices, providing a consistent experience across desktop, tablet, and mobile.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong>: With a user-friendly interface, you can create and manage stories with no coding required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable\u003C\u002Fstrong>: Tailor the look and feel of your stories to match your brand or site design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong>: Embed stories anywhere on your site with simple shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Friendly\u003C\u002Fstrong>: Crafted with the best SEO practices in mind to help enhance your site’s visibility.\u003C\u002Fli>\n\u003C\u002Ful>\n","Yu Story is a WordPress plugin that lets you create and share interactive stories with ease, enhancing your site with engaging visual narratives.",529,"2024-02-05T12:50:00.000Z","6.4.8","5.0.0","7.4",[110,111,19,112,113],"engagement","interactive","story","visual","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyu-story.zip",{"attackSurface":116,"codeSignals":218,"taintFlows":229,"riskAssessment":256,"analyzedAt":264},{"hooks":117,"ajaxHandlers":203,"restRoutes":210,"shortcodes":211,"cronEvents":215,"entryPointCount":216,"unprotectedCount":217},[118,124,128,132,135,138,142,146,151,155,158,162,165,169,173,176,181,184,189,193,197,199],{"type":119,"name":120,"callback":121,"file":122,"line":123},"action","admin_menu","add_menu_items","includes\\class-admin.php",31,{"type":119,"name":125,"callback":126,"file":122,"line":127},"admin_init","settings_init",33,{"type":119,"name":129,"callback":130,"file":122,"line":131},"init","add_tiny_plugin",35,{"type":119,"name":133,"callback":133,"file":122,"line":134},"admin_print_styles",37,{"type":119,"name":133,"callback":136,"file":122,"line":137},"admin_print_script",39,{"type":119,"name":139,"callback":140,"file":122,"line":141},"admin_enqueue_scripts","admin_enqueue",42,{"type":119,"name":143,"callback":144,"priority":55,"file":122,"line":145},"edit_form_after_title","do_meta_boxes",44,{"type":147,"name":148,"callback":149,"file":122,"line":150},"filter","tiny_mce_before_init","fb_change_mce_options",49,{"type":147,"name":152,"callback":153,"file":122,"line":154},"pre_update_option_narrative_options","update_option",52,{"type":119,"name":156,"callback":156,"file":122,"line":157},"admin_notices",54,{"type":147,"name":159,"callback":160,"file":122,"line":161},"mce_external_plugins","closure",62,{"type":147,"name":163,"callback":160,"file":122,"line":164},"mce_buttons",69,{"type":119,"name":129,"callback":166,"priority":64,"file":167,"line":168},"init_narrative_rewrite","includes\\class-api.php",24,{"type":147,"name":170,"callback":171,"priority":64,"file":167,"line":172},"query_vars","add_query_vars",25,{"type":119,"name":129,"callback":129,"file":174,"line":175},"includes\\class-blocks.php",29,{"type":147,"name":177,"callback":178,"file":179,"line":180},"content_save_pre","wp_filter_post_kses","includes\\class-handlers.php",270,{"type":147,"name":182,"callback":178,"file":179,"line":183},"content_filtered_save_pre",271,{"type":119,"name":185,"callback":186,"priority":13,"file":187,"line":188},"add_meta_boxes","register_meta_boxes","includes\\class-metabox.php",26,{"type":119,"name":190,"callback":191,"file":187,"line":192},"save_post","savePost",27,{"type":119,"name":194,"callback":195,"priority":13,"file":187,"line":196},"wp_head","display_html_meta",28,{"type":119,"name":198,"callback":198,"file":187,"line":175},"wp_enqueue_scripts",{"type":119,"name":200,"callback":201,"priority":13,"file":202,"line":31},"wp","get_query","includes\\class-request.php",[204,208],{"action":19,"nopriv":205,"callback":206,"hasNonce":205,"hasCapCheck":205,"file":202,"line":207},false,"ajax_narrative",32,{"action":19,"nopriv":209,"callback":206,"hasNonce":205,"hasCapCheck":205,"file":202,"line":127},true,[],[212],{"tag":19,"callback":213,"file":214,"line":192},"add_shortcode_narrative","includes\\class-shortcodes.php",[],3,2,{"dangerousFunctions":219,"sqlUsage":220,"outputEscaping":222,"fileOperations":216,"externalRequests":13,"nonceChecks":30,"capabilityChecks":217,"bundledLibraries":228},[],{"prepared":217,"raw":13,"locations":221},[],{"escaped":223,"rawEcho":30,"locations":224},53,[225],{"file":179,"line":226,"context":227},298,"raw output",[],[230,248],{"entryPoint":231,"graph":232,"unsanitizedCount":13,"severity":247},"admin_print_script (includes\\class-admin.php:138)",{"nodes":233,"edges":245},[234,239],{"id":235,"type":236,"label":237,"file":122,"line":238},"n0","source","$_GET",144,{"id":240,"type":241,"label":242,"file":122,"line":243,"wp_function":244},"n1","sink","echo() [XSS]",156,"echo",[246],{"from":235,"to":240,"sanitized":209},"low",{"entryPoint":249,"graph":250,"unsanitizedCount":13,"severity":247},"\u003Cclass-admin> (includes\\class-admin.php:0)",{"nodes":251,"edges":254},[252,253],{"id":235,"type":236,"label":237,"file":122,"line":238},{"id":240,"type":241,"label":242,"file":122,"line":243,"wp_function":244},[255],{"from":235,"to":240,"sanitized":209},{"summary":257,"deductions":258},"The \"narrative-so\" plugin version 1.0.7 exhibits a generally good security posture, with strong practices in SQL query handling and output escaping. The absence of any recorded vulnerabilities in its history is a significant positive indicator. However, there are notable concerns regarding its attack surface and the implementation of security checks. The presence of two AJAX handlers without authentication checks represents a direct vulnerability. While the plugin demonstrates good coding practices in other areas, these unprotected entry points could be exploited by authenticated users to perform unintended actions, depending on the functionality of these handlers. The limited number of entry points and the lack of critical findings in taint analysis mitigate the immediate risk, but the unprotected AJAX endpoints require attention.\n\nDespite the positive aspects, the unprotected AJAX handlers present a clear security gap that needs addressing. The plugin's adherence to prepared statements for SQL and robust output escaping are commendable, suggesting a developer mindful of common web vulnerabilities. The lack of past vulnerabilities further reinforces a notion of relative stability. However, the introduction of new vulnerabilities remains a possibility if these security gaps are not rectified. A balanced view suggests that while the plugin has a solid foundation, the exposed AJAX endpoints create a tangible risk that should not be overlooked. Prioritizing the securing of these handlers would significantly enhance the plugin's overall security.",[259,262],{"reason":260,"points":261},"Unprotected AJAX handlers",8,{"reason":263,"points":216},"Limited nonce check coverage","2026-03-16T19:05:29.767Z",{"wat":266,"direct":274},{"assetPaths":267,"generatorPatterns":270,"scriptPaths":271,"versionParams":273},[268,269],"\u002Fwp-content\u002Fplugins\u002Fnarrative-publisher\u002Fassets\u002Fmoment.min.js","\u002Fwp-content\u002Fplugins\u002Fnarrative-publisher\u002Fassets\u002Fadmin-script.js",[],[272],"\u002Fwp-content\u002Fplugins\u002Fnarrative-publisher\u002Fassets\u002Ftiny-plugin.js",[],{"cssClasses":275,"htmlComments":277,"htmlAttributes":278,"restEndpoints":280,"jsGlobals":281,"shortcodeOutput":283},[276],"narrative_open_app_button",[],[279],"href=\"narrative-app:\u002F\u002Fopen\u002F\"",[],[282],"narrative_post_script",[284,285,286],"\u003Ca target=\"_blank\" href=\"narrative-app:\u002F\u002Fopen\u002F\" class=\"button button-primary button-large narrative_open_app_button\">","Edit in Narrative","\u003C\u002Fa>"]