[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWaV4aU6VDfTm_DIySASEYh-0lU6qP0jCmoPOPR8kFpw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":79,"fingerprints":125},"pdf-viewer-blocks","kitpdf | WordPress Gutenberg PDF viewer blocks .","1.0.0","KitBug","https:\u002F\u002Fprofiles.wordpress.org\u002Fkitbug\u002F","\u003Cp>WordPress Gutenberg PDF viewer blocks helps you upload PDF and embed PDF documents to gutenberg blocks quickly and easily and PDF is viewed via Google docs viewer.\u003Cbr \u002F>\nEmbed PDF documents in Gutenberg blocks with kitpdf.\u003C\u002Fp>\n\u003Ch3>Need Help?\u003C\u002Fh3>\n\u003Cp>Is there any feature that you want to get in this plugin?\u003Cbr \u002F>\nNeeds assistance to use this plugin?\u003Cbr \u002F>\nFeel free to \u003Ca href=\"http:\u002F\u002Fkitbug.com\u002F\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>\u003C\u002Fp>\n","WordPress Gutenberg PDF viewer blocks helps you upload PDF and embed PDF documents to gutenberg blocks quickly and easily and PDF is viewed via Google &hellip;",10,1061,0,"2020-09-08T19:49:00.000Z","5.5.18","5.0","5.4",[19,20,21],"gutenberg-pdf-blocks","pdf-block","pdf-blocks","http:\u002F\u002Fkitbug.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpdf-viewer-blocks.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"kitbug",4,30,84,"2026-04-04T13:09:31.152Z",[35,58],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"pdf-embed","Pdf Embed","0.5.8","tropicalista","https:\u002F\u002Fprofiles.wordpress.org\u002Ftropicalista\u002F","\u003Cp>A simple, responsive and 100% free Gutenberg Block to display PDF on your website using the official \u003Ca href=\"https:\u002F\u002Fwww.adobe.io\u002Fapis\u002Fdocumentcloud\u002Fdcsdk\u002Fpdf-embed.html\" rel=\"nofollow ugc\">Adobe PDF Embed API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmcKJXWmyre4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Embed or inline PDF\u003C\u002Fli>\n\u003Cli>Fully responsive\u003C\u002Fli>\n\u003Cli>Works fine on Chrome, Firefox, Opera, Edge and IE11\u003C\u002Fli>\n\u003Cli>Show download button\u003C\u002Fli>\n\u003Cli>Show print button\u003C\u002Fli>\n\u003Cli>Show full screen\u003C\u002Fli>\n\u003Cli>📈Track Pdf events in Google Analytics (\u003Ca href=\"https:\u002F\u002Fdeveloper.adobe.com\u002Fdocument-services\u002Fdocs\u002Foverview\u002Fpdf-embed-api\u002Fhowtodata\u002F#google-analytics\" rel=\"nofollow ugc\">docs\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>🔥Show PDF in Lightbox on button click\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Browsers\u003C\u002Fh3>\n\u003Cp>PDF Embed API is supported on the latest versions of the following browsers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Windows – Microsoft Edge, Google Chrome, Mozilla Firefox.\u003C\u002Fli>\n\u003Cli>macOS – Safari, Google Chrome, Microsoft Edge, Mozilla Firefox.\u003C\u002Fli>\n\u003Cli>Android – Google Chrome.\u003C\u002Fli>\n\u003Cli>iOS – Safari, Google Chrome.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WHAT’S NEXT\u003C\u002Fh3>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformello\" rel=\"ugc\">Formello\u003C\u002Fa>: a form builder to collect leads, newsletter signup, contact form and more.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpopper\" rel=\"ugc\">Popper\u003C\u002Fa>: a popup builder to increase leads with exit intent.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmortgage\" rel=\"ugc\">Mortgage Calculator\u003C\u002Fa>: a mortgage calculator block for Gutenberg.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch-console\" rel=\"ugc\">Search Console\u003C\u002Fa>: view all your search console data inside WordPress admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Pdf Embed uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","PDF embedder with official Adobe Embed API.",10000,243966,100,6,"2025-09-10T10:02:00.000Z","6.8.5","5.6.0","5.6",[52,53,20,54,55],"block","embed-pdf","pdf-embed-api","pdf-embedder","https:\u002F\u002Fwww.francescopepe.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpdf-embed.0.5.8.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":43,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":16,"requires_php":50,"tags":71,"homepage":75,"download_link":76,"security_score":45,"vuln_count":77,"unpatched_count":13,"last_vuln_date":78,"fetched_at":26},"pdf-viewer-block","PDF Viewer Block for Gutenberg","1.1","Jb Audras","https:\u002F\u002Fprofiles.wordpress.org\u002Faudrasjb\u002F","\u003Cp>A simple, responsive and 100% free Gutenberg Block to display PDF Viewers \u002F Readers on your website.\u003C\u002Fp>\n\u003Cp>You can easily configure the Reader’s width, height and alignment on the fly.\u003C\u002Fp>\n\u003Cp>Compatibility:\u003Cbr \u002F>\n– Fully responsive\u003Cbr \u002F>\n– Works fine on Chrome, Firefox, Opera, Edge and IE11\u003Cbr \u002F>\n– If javascript is disabled, a download link is provided as a fallback\u003C\u002Fp>\n\u003Cp>This plugin uses \u003Ca href=\"https:\u002F\u002Fmozilla.github.io\u002Fpdf.js\u002F\" rel=\"nofollow ugc\">PDF.js\u003C\u002Fa> library, provided by Mozilla under Apache license.\u003C\u002Fp>\n","A simple and 100% free Gutenberg Block to display PDF Viewers \u002F Readers on your website.",72473,96,9,"2025-11-27T08:56:00.000Z","6.9.4",[72,20,73,74],"pdf","reader","viewer","https:\u002F\u002Fwww.whodunit.fr\u002Fgutenberg-pdf-viewer-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpdf-viewer-block.1.1.zip",1,"2021-09-20 00:00:00",{"attackSurface":80,"codeSignals":104,"taintFlows":117,"riskAssessment":118,"analyzedAt":124},{"hooks":81,"ajaxHandlers":100,"restRoutes":101,"shortcodes":102,"cronEvents":103,"entryPointCount":13,"unprotectedCount":13},[82,87,92,96],{"type":83,"name":84,"callback":85,"priority":11,"file":86,"line":30},"filter","block_categories","kitpdf_block_categories","function\\blocks-cat.php",{"type":88,"name":89,"callback":90,"priority":11,"file":91,"line":68},"action","plugins_loaded","kitpdf_carbon_loader","function\\carbon-loader.php",{"type":88,"name":93,"callback":94,"file":95,"line":30},"wp_footer","kitpdf_js","function\\kitpdf-scripts.php",{"type":88,"name":97,"callback":98,"file":99,"line":11},"carbon_fields_register_fields","kitpdf_block_fun","includes\\pdf-block\\block-kitpdf.php",[],[],[],[],{"dangerousFunctions":105,"sqlUsage":106,"outputEscaping":108,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":116},[],{"prepared":13,"raw":13,"locations":107},[],{"escaped":13,"rawEcho":109,"locations":110},2,[111,114],{"file":99,"line":112,"context":113},78,"raw output",{"file":99,"line":115,"context":113},79,[],[],{"summary":119,"deductions":120},"The plugin 'pdf-viewer-blocks' v1.0.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The complete absence of detectable entry points like AJAX handlers, REST API routes, and shortcodes is a significant positive, as it drastically limits the potential attack surface. Furthermore, the fact that all SQL queries utilize prepared statements is excellent practice, mitigating risks of SQL injection. The absence of any recorded vulnerabilities in its history is also a strong indicator of a well-maintained and secure plugin.\n\nHowever, the static analysis reveals a critical weakness: 100% of outputs are not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic content displayed to users, if not properly escaped, could be manipulated by an attacker to inject malicious scripts. The lack of capability checks and nonce checks, while less concerning given the limited attack surface, would become a significant risk if any entry points were ever added without proper authorization mechanisms. The absence of taint analysis flows and dangerous functions is good, but the unescaped output remains a primary concern that needs immediate attention.\n\nIn conclusion, while the plugin has commendable aspects like a small attack surface and secure database interactions, the severe lack of output escaping presents a clear and present danger for XSS attacks. This overshadows the otherwise positive indicators. The vulnerability history is clean, but this is likely due to the limited exposure of the plugin's functionalities. The focus should be on addressing the unescaped output to improve its overall security.",[121],{"reason":122,"points":123},"Unescaped output detected",8,"2026-03-17T01:16:53.450Z",{"wat":126,"direct":133},{"assetPaths":127,"generatorPatterns":129,"scriptPaths":130,"versionParams":131},[128],"\u002Fwp-content\u002Fplugins\u002Fpdf-viewer-blocks\u002Fincludes\u002Fpdf-block\u002Fblock-kitpdf.css",[],[],[132],"kitpdf-block-stylesheet",{"cssClasses":134,"htmlComments":136,"htmlAttributes":137,"restEndpoints":139,"jsGlobals":140,"shortcodeOutput":141},[135],"pdf-some-",[],[138],"data-crb-fields",[],[],[142,143,144],"\u003Ciframe class=\"pdf-some-","https:\u002F\u002Fdocs.google.com\u002Fviewer?url=","&amp;embedded=true\" style=\""]