[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVlDOJuAKBXCg50dpGeOaM8Kaq5mKOSpXMoxEGA3VaHo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":161,"fingerprints":224},"pinterest-verify-meta-tag","Pinterest Verify Meta Tag","1.3","Marvie Pons","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarviepons\u002F","\u003Cp>Pinterest Verify Meta Tag is a simple plugin which simply insert Pinterest meta tag verification code to the HEAD section of your site.\u003C\u002Fp>\n\u003Cp>Once you completed the verification process, people will see a checkmark next to your domain in your Pinterest profile and in pinner search results. That check mark emphasis you have confirmed the ownership of your blog or website on Pinterest.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with Pinterest Verify Meta Tag. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Add Pinterest meta tag verification code to the HEAD section of your site.",600,30249,84,5,"2014-04-27T09:56:00.000Z","3.9.40","3.0","",[20,21,22,23,24],"admin","meta-tag","pinterest","pinterest-meta-tag","pinterest-site-verification","http:\u002F\u002Ftutskid.com\u002Fpinterest-verify-meta-tag\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpinterest-verify-meta-tag.zip",63,1,"2025-06-05 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-30941","pinterest-verify-meta-tag-authenticated-administrator-stored-cross-site-scripting","Pinterest Verify Meta Tag \u003C= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Pinterest Verify Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-11 20:08:33",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1879fc8e-614b-4938-9274-e35de8db393f?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":50,"computed_at":52},"marviepons",4,650,80,30,"2026-04-04T14:22:08.456Z",[54,77,94,114,137],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":72,"download_link":73,"security_score":74,"vuln_count":28,"unpatched_count":75,"last_vuln_date":76,"fetched_at":30},"auto-seo","Auto SEO","2.6.6","Phillip.Gooch","https:\u002F\u002Fprofiles.wordpress.org\u002Fphillipgooch\u002F","\u003Cp>Auto SEO is a simple way to add all your SEO header tags from a single interface. It will generate new meta tags, replacing any old ones your theme may add already, that are fully customized to target the audience you want. Don’t want to override everything? No problem, you choose what to override and on what post types to do it. Take the tedium out of SEO.\u003C\u002Fp>\n\u003Cp>\u003Cem>Note: because Auto SEO is designed to override existing meta tags when needed it works a bit differently than other SEO plugins and as such may not work on every theme. While it has been tested with a wide variety of different themes naturally it would be impossible to test them all. If your having trouble getting it to active on your site I’m more than willing to help, just let me know what theme your using and I’ll take a look, contact information inside the plugin.\u003C\u002Fem>\u003C\u002Fp>\n","Auto SEO is a quick, simple way to add title, meta keywords, and meta descriptions to your site all at one from a single page.",39448,60,2,"2025-02-14T21:37:00.000Z","6.7.5","3.4",[20,69,70,71],"meta-tags","pages","seo","http:\u002F\u002Ffatfolderdesign.com\u002Fauto-seo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-seo.2.6.6.zip",91,0,"2025-02-03 00:00:00",{"slug":24,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":85,"num_ratings":64,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":92,"download_link":93,"security_score":85,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"Pinterest Site Verification plugin using Meta Tag","1.8","Himanshu Parashar","https:\u002F\u002Fprofiles.wordpress.org\u002Funiquecodergmailcom\u002F","\u003Cp>Simply insert your Pinterest meta tag verification code using this helpful plugin.\u003C\u002Fp>\n\u003Cp>Once your blog is verified, you will get Pinterest web analytics feature enabled for you which will show you how people are pinning your pictures.\u003C\u002Fp>\n\u003Cp>If you are using caching plugins like WP-Cache or WP Super Cache, you may need to temporarily clear or disable your cache for this plugin to work.\u003C\u002Fp>\n","Simply insert your Pinterest meta tag verification code using this helpful plugin.",13469,100,"2025-08-10T19:43:00.000Z","6.8.5","4.5",[21,22,71,90,91],"site-verification","webmaster-tools","http:\u002F\u002Ftwitter.com\u002Fhimanshumaker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpinterest-site-verification.1.8.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":85,"downloaded":102,"rating":85,"num_ratings":14,"last_updated":103,"tested_up_to":87,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":112,"vuln_count":64,"unpatched_count":75,"last_vuln_date":113,"fetched_at":30},"wp-basic-elements","WP Basic Elements","5.4.5","DamirCalusic","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebkreativ\u002F","\u003Cp>With WP Basic Elements you can disable unnecessary features and speed up your site. Make the WP Admin simple and clean.\u003C\u002Fp>\n\u003Cp>You can change admin footers in backend, activate shortcodes in widgets, remove admin toolbar options and you can clean the code markup from unnecessary code snippets like WordPress generator meta tag and a bunch of other non important code snippets in the code.\u003C\u002Fp>\n\u003Cp>Cleaning the code markup will speed up your sites loadtime and increase the overall performance.\u003C\u002Fp>\n\u003Cp>Follow me on Twitter to keep up with the latest updates \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fdamircalusic\u002F\" rel=\"nofollow ugc\">Damir Calusic\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>WP Basic Elements plugin can be translated to any language. Currently available translations are listed below.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Norwegian\u003C\u002Fli>\n\u003Cli>Serbian – \u003Ca href=\"https:\u002F\u002Fwww.firstsiteguide.com\u002F\" rel=\"nofollow ugc\">Ognjend Djuraskovic\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Note: Some translations are not entirely up to date with the latest release, so parts of the interface may appear untranslated.\u003C\u002Fem>\u003C\u002Fp>\n","WP Basic Elements is a WordPress plugin that simplifys your WP Admin and cleans your markup in the code for faster loadtime.",23932,"2025-08-29T10:36:00.000Z","6.0.0","8.0",[107,69,108,71,109],"compress","optimisation","wp-admin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-basic-elements\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-basic-elements.5.4.5.zip",99,"2023-03-16 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":85,"num_ratings":28,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":18,"tags":127,"homepage":134,"download_link":135,"security_score":136,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"plug-and-play","Plug & Play","1.2","Bassem Rabia","https:\u002F\u002Fprofiles.wordpress.org\u002Fdjerba\u002F","\u003Cp>\u003Cstrong>Plug and Play\u003C\u002Fstrong> our feautures and turn your WordPress Blog into a \u003Cstrong>Highly Interactive, Elegant and Secure\u003C\u002Fstrong> Blog.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplug-and-play\u002F\" rel=\"ugc\">Read more\u003C\u002Fa> about with this plugin!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hide Admin Bar: Disable WordPress Admin bar for front end user, Speedup your web site loading.\u003C\u002Fli>\n\u003Cli>WP Generator Meta Tag Remover: Customize your own website loogin form logo.\u003C\u002Fli>\n\u003Cli>Security Tools:     It can be considered a security risk to make your wordpress version visible and public you should hide it.\u003C\u002Fli>\n\u003Cli>Versus: Shows recently viewed posts by visitor as a sidebar.\u003C\u002Fli>\n\u003Cli>Maintenance Mode: Easily create a maintenance mode page for your WordPress site.\u003C\u002Fli>\n\u003C\u002Ful>\n","Plug and Play our feautures and turn your WordPress Blog into a Highly Interactive, Elegant and Secure Blog.",10,1497,"2016-07-11T14:28:00.000Z","4.5.33","3.9.0",[128,129,130,131,132,133],"posts-comparator","wordpress-change-login-logo","wordpress-hide-admin-bar","wordpress-security-tools","wp-generator-meta-tag-remover","wp-recents-posts-shows","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplug-and-play\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplug-and-play.zip",85,{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":145,"downloaded":146,"rating":147,"num_ratings":148,"last_updated":149,"tested_up_to":150,"requires_at_least":17,"requires_php":151,"tags":152,"homepage":156,"download_link":157,"security_score":158,"vuln_count":159,"unpatched_count":75,"last_vuln_date":160,"fetched_at":30},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,96,1020,"2026-03-02T12:38:00.000Z","6.9.4","5.5",[153,20,154,138,155],"access","login","security","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"attackSurface":162,"codeSignals":190,"taintFlows":210,"riskAssessment":211,"analyzedAt":223},{"hooks":163,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":75,"unprotectedCount":75},[164,170,173,177,182],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","admin_init","pvmt_requires_wordpress_version","pinterest-verify-meta-tag.php",31,{"type":165,"name":166,"callback":171,"file":168,"line":172},"pvmt_init",36,{"type":165,"name":174,"callback":175,"file":168,"line":176},"admin_menu","pvmt_add_options_page",37,{"type":178,"name":179,"callback":180,"priority":122,"file":168,"line":181},"filter","plugin_action_links","pvmt_plugin_action_links",38,{"type":165,"name":183,"callback":184,"file":168,"line":185},"wp_head","pvmt_pinterest_meta",194,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":194,"fileOperations":75,"externalRequests":75,"nonceChecks":75,"capabilityChecks":75,"bundledLibraries":209},[],{"prepared":75,"raw":75,"locations":193},[],{"escaped":75,"rawEcho":195,"locations":196},6,[197,200,201,203,205,207],{"file":168,"line":198,"context":199},98,"raw output",{"file":168,"line":112,"context":199},{"file":168,"line":202,"context":199},139,{"file":168,"line":204,"context":199},140,{"file":168,"line":206,"context":199},141,{"file":168,"line":208,"context":199},201,[],[],{"summary":212,"deductions":213},"The \"pinterest-verify-meta-tag\" plugin v1.3 exhibits a mixed security posture. While the static analysis reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and all SQL queries utilize prepared statements, significant concerns arise from output escaping. The fact that 0% of the 6 total outputs are properly escaped is a critical weakness, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks further exacerbates this issue, as these are fundamental security measures for protecting against unauthorized actions.\n\nThe vulnerability history further amplifies these concerns. The plugin has a known CVE, specifically a medium severity Cross-Site Scripting vulnerability, which is currently unpatched. This indicates a recurring pattern of security flaws, particularly in output sanitization, and the failure to address past vulnerabilities promptly suggests a lack of proactive security maintenance. While the plugin benefits from a small attack surface and secure SQL practices, the critical lack of output escaping and the presence of an unpatched XSS vulnerability represent substantial security risks that require immediate attention.",[214,217,219,221],{"reason":215,"points":216},"Unpatched medium severity CVE",15,{"reason":218,"points":159},"Outputs not properly escaped",{"reason":220,"points":14},"Missing nonce checks",{"reason":222,"points":14},"Missing capability checks","2026-03-16T19:27:44.440Z",{"wat":225,"direct":230},{"assetPaths":226,"generatorPatterns":227,"scriptPaths":228,"versionParams":229},[],[],[],[],{"cssClasses":231,"htmlComments":232,"htmlAttributes":233,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":236},[],[],[],[],[],[]]