[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fU-pnGIt_iPPYfpizvuh9fSG28093NwwL06aSTG6F9cc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":14,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":45,"crawl_stats":34,"alternatives":52,"analysis":147,"fingerprints":266},"page-parts","Page Parts","1.5","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cp>Manage subsections of a page. Create ‘page parts’ as children of a page to display in different areas of your templates. Requires WordPress 3.4.\u003C\u002Fp>\n\u003Cp>For more information, view the documentation link on the admin plugins page after activating the plugin.\u003C\u002Fp>\n","Manage subsections of a page. Create 'page parts' as children of a page to display in different areas of your templates. Requires WordPress 3.4.",50,6595,100,1,"2025-11-26T13:13:00.000Z","6.8.5","3.9","",[20,21],"cms","pages","https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fpage-parts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-parts.1.5.zip",99,0,"2024-11-20 13:48:43","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":36,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2024-11360","page-parts-reflected-cross-site-scripting","Page Parts \u003C= 1.4.3 - Reflected Cross-Site Scripting","The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.4.3","1.4.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-11-22 14:49:58",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F72f3416a-4d5e-4b95-8f83-7b9440f9e9df?source=api-prod",2,{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":44,"trust_score":50,"computed_at":51},"husobj",16,20750,85,90,"2026-04-04T21:19:10.747Z",[53,73,94,114,129],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":69,"download_link":70,"security_score":71,"vuln_count":14,"unpatched_count":14,"last_vuln_date":72,"fetched_at":27},"next-page-not-next-post","Next Page, Not Next Post","0.3.0","Matt McInvale","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcinvale\u002F","\u003Cp>\u003Cstrong>Next Page, Not Next Post\u003C\u002Fstrong> is a very simple plugin that creates navigation between sibling pages.\u003C\u002Fp>\n\u003Cp>This plugin gives you two new functions, \u003Ccode>next_page_not_post($anchor_text, $loop, $sort)\u003C\u002Fcode> & \u003Ccode>previous_page_not_post($anchor_text, $loop, $sort)\u003C\u002Fcode>. Each function has three simple options.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Anchor Text\u003C\u002Fstrong> – Either set the anchor text manually or use the page title. Use %title to use page title with other strings. Defaults to page title, just leave blank for that.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Looping\u003C\u002Fstrong> – Link the first element to the last and the last to the first, or not. Defaults to not looping. Set to true for looping, cousins for cousin based navigation and cousinsloop for cousins navigation that loops.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Get Pages\u003C\u002Fstrong> – This is used to determine how to sort your results. Use the documentation at \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fget_pages\" rel=\"nofollow ugc\">Get Pages\u003C\u002Fa> to find all available options here. Defaults to menu_order ascending.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>SHORTCODES\u003C\u002Fstrong> You can use [next_page] and [previous_page] shortcodes within your page content. Supported options are ‘anchor’, ‘loop’ and ‘getPagesQuery’.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fbinarym.com\u002F2009\u002Fnext-page-not-next-post\u002F\" rel=\"nofollow ugc\">More documentation for Next Page, Not Next Post on BinaryM.com\u003C\u002Fa>\u003C\u002Fp>\n","Easily create navigation to sibling pages. Similar to next_post_link() and previous_post_link() but for pages.",1000,33829,12,"2014-09-04T22:30:00.000Z","4.0.38","2.7",[68,20,21],"awesome","http:\u002F\u002Fbinarym.com\u002F2009\u002Fnext-page-not-next-post\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnext-page-not-next-post.zip",63,"2025-10-10 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":13,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":18,"download_link":92,"security_score":24,"vuln_count":14,"unpatched_count":25,"last_vuln_date":93,"fetched_at":27},"better-section-navigation","Better Section Navigation","1.7.0","cornershop","https:\u002F\u002Fprofiles.wordpress.org\u002Fcornershop\u002F","\u003Cp>Adds a new widget type you can deploy in your sidebar regions (and\u002For elsewhere) to display section-based navigation, along with the ability to exclude certain pages from showing up.\u003C\u002Fp>\n\u003Cp>The title of the widget is the top level page within the current section. The widget then can show all of the page’s published siblings (except on the top level page), all parents and grandparents (and higher), the siblings of all parents and grandparents (up to top level page), and any immediate children of the current page. It can also be called by a function inside template files.\u003C\u002Fp>\n\u003Cp>It includes a simple widget configuration panel. From this panel you can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Determine whether the widget should appear on the home page\u003C\u002Fli>\n\u003Cli>Override standard behavior and have the widget show all pages in the current section\u003C\u002Fli>\n\u003Cli>Determine whether the widget should appear even if the section only has one page (the top level)\u003C\u002Fli>\n\u003Cli>Provide a list of pages to exclude from the output\u003C\u002Fli>\n\u003Cli>Determine whether the section navigation should still appear when viewing excluded pages\u003C\u002Fli>\n\u003Cli>Use a specific widget title (i.e. In This Section), or just use the top level page title\u003C\u002Fli>\n\u003Cli>Determine whether the section title should be linked\u003C\u002Fli>\n\u003Cli>Determine page sort order (defaults to menu order)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The widget uses standard WordPress navigation classes, in addition to a unique class around the widget, for easy styling. The UL of the page list also has a custom class, \u003Ccode>bsn-list\u003C\u002Fcode>, that can be altered via the \u003Ccode>bsn_list_class\u003C\u002Fcode> filter.\u003C\u002Fp>\n\u003Cp>Beginning with version 1.5, Better Section Navigation also incorporates the features of the defunct \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexclude-pages\u002F\" rel=\"ugc\">Exclude Pages\u003C\u002Fa> plugin, giving you the ability to selectively exclude specific pages from appearing in the widget generated by Better Section Navigation. This per-page control is managed via a metabox on the post edit screen. Note: On activation, BSN will automatically import the list of “excluded pages” set via that plugin, so you don’t have to manually re-assign excludes pages before deactivating the old one.\u003C\u002Fp>\n\u003Cp>Compatible with WordPress Multisite.\u003C\u002Fp>\n\u003Cp>This plugin started life as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-section-navigation\u002F\" rel=\"ugc\">Simple Section Navigation Widget\u003C\u002Fa>, but since that plugin hasn’t been updated in a while, we’ve taken up the reins with the goal of keeping it up to date with the latest WordPress conventions (i.e. getting rid of deprecation warnings) and adding a few nice-to-have features while retaining some of the simplicity of the original plugin.\u003C\u002Fp>\n\u003Cp>Simple Section Navigation Widget is incompatible with PHP 8.x, so as of October 2022, Better Section Navigation is now a drop-in replacement for Simple Section Navigation Widget. If you’ve been using Simple Section Navigation, you can now use this one instead without changing any settings! \u003Cem>NOTE: Deactivate Simple Section Navigation Widget\u003C\u002Fem> before activating Better Section Navigation.\u003C\u002Fp>\n","Creates a new widget for listing section-based navigation -- essential for contextual navigation. Also implements a template function and a shortcode.",700,15641,4,"2025-12-03T19:09:00.000Z","6.9.4","2.8","5.6",[20,89,90,21,91],"hierarchy","navigation","section","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-section-navigation.1.7.0.zip","2025-03-28 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":14,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":112,"download_link":113,"security_score":49,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"content-management-system-dashboard","CMS Dashboard","2.0","3pointross","https:\u002F\u002Fprofiles.wordpress.org\u002F3pointross\u002F","\u003Cp>Improve the usability of your WordPress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common tasks one would perform when using wordpress as a content management system.\u003C\u002Fp>\n\u003Cp>I have found that particularly when handing a WordPress CMS over to less than tech-savvy clients, there is often confusion on how to perform some of the more simple tasks simply because the WordPress side menu can be overwhelming. This plugin creates a simple to use dashboard interface that will let clients easily post, edit, manage users and change widgets with out having to do any hunting or searching.\u003C\u002Fp>\n","Improve the usability of your Wordpress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common task …",300,23105,80,"2010-09-07T19:39:00.000Z","3.0.5","3.0",[109,110,111,20,21],"admin","administration","client","http:\u002F\u002Fworkshop.37designs.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-management-system-dashboard.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":102,"downloaded":122,"rating":104,"num_ratings":44,"last_updated":123,"tested_up_to":124,"requires_at_least":107,"requires_php":18,"tags":125,"homepage":127,"download_link":128,"security_score":49,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"lock-pages","Lock Pages","0.3.1","Steve Taylor","https:\u002F\u002Fprofiles.wordpress.org\u002Fgyrus\u002F","\u003Cp>NOTE: This plugin is not tested with Gutenberg, and we have no near-term plans to do so. If using WP > 5.0, use the Classic Editor if there are problems.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin was originally designed to only lock pages, and only later added custom post type functionality. Hence the name, and sometimes the terminology will say “pages” when it means “any post type”.\u003C\u002Fp>\n\u003Cp>Sometimes some pages or other posts are too important to allow them to be casually moved about or deleted by site editors. An editor may think nothing of renaming a page’s slug, or deleting a page to replace it with something similar, perhaps unaware of effects on SEO. Also, certain pages might be essential to keep in place because of a site’s structure, or because of aspects of a custom theme.\u003C\u002Fp>\n\u003Cp>This plugin lets administrators “lock” any or all pages, and any post of any post type. “Locking” here basically means preventing non-admins from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Editing the item’s slug\u003C\u002Fli>\n\u003Cli>Changing the item’s parent\u003C\u002Fli>\n\u003Cli>Changing the item’s template\u003C\u002Fli>\n\u003Cli>Deleting the item\u003C\u002Fli>\n\u003Cli>Changing the item’s status\u003C\u002Fli>\n\u003Cli>Changing the item’s password protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Locking is implemented by preventing the actual database update being performed as well as, where possible, having the interface element for that field removed. Where possible interface elements are removed via WP filters on the server; otherwise, jQuery is used on the client.\u003C\u002Fp>\n\u003Cp>NOTE: Currently, I’ve been unable to get this working with the Quick Edit functionality. As a stop-gap measure, which is only in place because it seems to be better than nothing, the Quick Edit link is removed for users who can’t edit locked pages. I know, it’s not great. But until I work out how to selectively block Quick Editing, I’m assuming a locked page should be locked. Users can always edit the other fields via the normal edit page.\u003C\u002Fp>\n\u003Cp>Go to GitHub for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgyrus\u002FLock-Pages\" rel=\"nofollow ugc\">development code\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgyrus\u002FLock-Pages\u002Fissues\" rel=\"nofollow ugc\">issue tracking\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Quick Edit presents problems. I’ve worked out how to create hidden fields in the Quick Edit box, and to put the values in the hidden div, but I can’t work out how to dynamically populate the fields with the values, so the old values can be used if necessary on saving. For now Quick Edit is blocked for users who can’t edit locked pages.\u003C\u002Fli>\n\u003Cli>Although I’ve fixed the lock_parent function so it allows uploaded files to be attached to a locked page, it still prevents media already in the library from being attached when inserted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Ideas\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Include the locking checkbox for admins in the Quick Edit form.\u003C\u002Fli>\n\u003Cli>On the settings screen, use a drop-down for selecting which capability is needed for editing locked page elements.\u003C\u002Fli>\n\u003Cli>Implement a system to deal with descendants, e.g. an option to lock all descendants of a locked page or not.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lock Pages prevents specified pages (or all pages), posts, or custom post types from having their slug, parent, status or password edited, or from bei …",17843,"2018-12-19T15:28:00.000Z","4.9.29",[109,110,20,126,21],"page","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flock-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flock-pages.0.3.1.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":102,"downloaded":137,"rating":138,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":145,"download_link":146,"security_score":49,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"pagely-multiedit","Pagely MultiEdit","0.9.8.6","joshua strebel","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshuastrebel\u002F","\u003Cp>One thing I always wished WP would do better is allow for multiple editable content blocks on page templates. This plugin uses custom fields to create simple tinyMCE editable regions on page templates.\u003C\u002Fp>\n\u003Cp>See Instructions and Usage Examples here: \u003Ca href=\"https:\u002F\u002Fpagely.com\u002Fmultiedit-plugin\u002F\" rel=\"nofollow ugc\">Pagely MultiEdit plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>NOTE: Must be used inside\u002Fafter the opening loop statement:\u003Cbr \u002F>\nwhile (have_posts()) : the_post();\u003Cbr \u002F>\n  multieditDisplay(‘YourBlockName’);\u003C\u002Fp>\n\u003Cp>Brought to you by: \u003Ca href=\"https:\u002F\u002Fpagely.com\" rel=\"nofollow ugc\">Pagely WordPress Hosting\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fstrebel\" rel=\"nofollow ugc\">@strebel\u003C\u002Fa> and feel free to check out \u003Ca href=\"https:\u002F\u002Fpagely.com\" rel=\"nofollow ugc\">Pagely\u003C\u002Fa>\u003C\u002Fp>\n","MultiEdit adds tinyMCE editable \"blocks\" to WordPress custom page templates.",34377,84,5,"2016-05-10T20:26:00.000Z","4.5.33","2.9",[109,20,144,126,21],"formatting","https:\u002F\u002Fpagely.com\u002Fmultiedit-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpagely-multiedit.zip",{"attackSurface":148,"codeSignals":231,"taintFlows":257,"riskAssessment":258,"analyzedAt":265},{"hooks":149,"ajaxHandlers":212,"restRoutes":227,"shortcodes":228,"cronEvents":229,"entryPointCount":230,"unprotectedCount":25},[150,156,159,163,164,168,172,176,178,182,185,188,192,195,199,205,209],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","wp","add_post_type_part_column","admin\\admin.php",9,{"type":151,"name":157,"callback":157,"file":154,"line":158},"admin_head",10,{"type":151,"name":160,"callback":161,"file":154,"line":162},"admin_enqueue_scripts","admin_enqueue_styles",11,{"type":151,"name":160,"callback":160,"file":154,"line":63},{"type":151,"name":165,"callback":166,"file":154,"line":167},"save_post","save_page_parts",13,{"type":169,"name":170,"callback":170,"priority":139,"file":154,"line":171},"filter","http_request_args",14,{"type":151,"name":173,"callback":174,"file":154,"line":175},"load-post.php","add_help_tabs",15,{"type":151,"name":177,"callback":174,"file":154,"line":47},"load-edit.php",{"type":169,"name":179,"callback":180,"file":154,"line":181},"manage_edit-page-part_columns","manage_edit_page_part_columns",17,{"type":151,"name":183,"callback":183,"priority":158,"file":154,"line":184},"manage_posts_custom_column",18,{"type":151,"name":186,"callback":186,"priority":158,"file":154,"line":187},"add_meta_boxes",19,{"type":169,"name":189,"callback":190,"file":154,"line":191},"post_updated_messages","page_part_updated_messages",23,{"type":169,"name":193,"callback":193,"priority":158,"file":154,"line":194},"plugin_row_meta",24,{"type":169,"name":196,"callback":197,"file":154,"line":198},"admin_menu","add_documentation_page",25,{"type":151,"name":200,"callback":201,"priority":202,"file":203,"line":204},"init","register_post_types",6,"page-parts.php",29,{"type":169,"name":206,"callback":207,"priority":158,"file":203,"line":208},"post_type_link","post_part_link",30,{"type":169,"name":210,"callback":210,"priority":158,"file":203,"line":211},"post_class",31,[213,219,223],{"action":214,"nopriv":215,"callback":216,"hasNonce":217,"hasCapCheck":215,"file":154,"line":218},"page_parts_dragndrop_order",false,"dragndrop_order_ajax_callback",true,20,{"action":220,"nopriv":215,"callback":221,"hasNonce":217,"hasCapCheck":215,"file":154,"line":222},"page_parts_location","location_ajax_callback",21,{"action":224,"nopriv":215,"callback":225,"hasNonce":217,"hasCapCheck":215,"file":154,"line":226},"page_parts_template","template_ajax_callback",22,[],[],[],3,{"dangerousFunctions":232,"sqlUsage":237,"outputEscaping":239,"fileOperations":44,"externalRequests":25,"nonceChecks":255,"capabilityChecks":230,"bundledLibraries":256},[233],{"fn":234,"file":154,"line":235,"context":236},"unserialize",879,"$plugins = unserialize( $r['body']['plugins'] );",{"prepared":25,"raw":25,"locations":238},[],{"escaped":240,"rawEcho":202,"locations":241},81,[242,245,247,249,251,253],{"file":154,"line":243,"context":244},163,"raw output",{"file":154,"line":246,"context":244},275,{"file":154,"line":248,"context":244},319,{"file":154,"line":250,"context":244},639,{"file":154,"line":252,"context":244},682,{"file":154,"line":254,"context":244},720,7,[],[],{"summary":259,"deductions":260},"The page-parts plugin v1.5 exhibits a generally good security posture with several strengths, including a low number of entry points, all of which appear to have authentication checks. The plugin also demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage (93%) of output properly escaped. Nonce and capability checks are also present on its entry points.  However, a significant concern is the presence of the 'unserialize' function, which is a known vector for Remote Code Execution (RCE) if improperly handled. While no direct taint flows were detected in this analysis, the potential for abuse with unserialization remains. The vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting that while the developers have addressed past issues, the potential for input validation weaknesses exists. The single unpatched CVE (though marked as 0 currently) indicates a need for vigilance. Overall, while the current static analysis shows no immediate critical threats, the 'unserialize' function represents a latent risk that warrants careful monitoring and potential remediation if its usage involves untrusted input.",[261,263],{"reason":262,"points":175},"Dangerous function: unserialize present",{"reason":264,"points":158},"Past medium severity CVE (XSS)","2026-03-16T22:02:08.418Z",{"wat":267,"direct":276},{"assetPaths":268,"generatorPatterns":271,"scriptPaths":272,"versionParams":273},[269,270],"\u002Fwp-content\u002Fplugins\u002Fpage-parts\u002Fcss\u002Fpage-parts-admin.css","\u002Fwp-content\u002Fplugins\u002Fpage-parts\u002Fjs\u002Fpage-parts-admin.js",[],[270],[274,275],"page-parts-admin.css?ver=","page-parts-admin.js?ver=",{"cssClasses":277,"htmlComments":281,"htmlAttributes":282,"restEndpoints":284,"jsGlobals":285,"shortcodeOutput":287},[278,279,280],"page-part-template","page-part-template-","page-part-default",[],[283],"data-page-part-id",[],[286],"page_parts_admin_vars",[]]