[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXW42Vaauq1q5X236vDQmd7ZQK80BM-sYau9grYYVlt4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":50,"analysis":149,"fingerprints":303},"post-list-featured-image","Post List Featured Image","0.5.9","Johnny","https:\u002F\u002Fprofiles.wordpress.org\u002Fjakzam\u002F","\u003Cp>Finally a simple plugin that adds the “Featured Image” column in admin posts and pages list. It lets the wordpress site owners see which posts or pages have a featured image set.\u003C\u002Fp>\n\u003Cp>Choose between three thumbnail sizes.\u003Cbr \u002F>\nSort the Post List by Featured Image\u003Cbr \u002F>\nFilter the Post List by Has\u002FDoes Not Have Featured Image\u003C\u002Fp>\n\u003Cp>Of course, this is mainly intended for use on the Post List page, since most themes require a featured image be set for the excerpt thumbnail image. It doesn’t seem like much, and the plugin is truly non-invasive to the rest for the WP install. But the value that this simple tool can have on the overall organization for Admins and Developers of WordPress websites is priceless.\u003C\u002Fp>\n\u003Cp>By enhancing the plugin with the Pro Addon, you can easily change, add, or remove images with the \u003Cstrong>Quick Edit\u003C\u002Fstrong> feature, directly from your Posts List Page, which now includes standard Post Editor Media Library selection. Pro also now supports \u003Cstrong>Custom Post Type\u003C\u002Fstrong> lists.\u003C\u002Fp>\n\u003Ch3>Instructions and Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Thumbnail Size\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Choose between 50px, 100px and 150px\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sorting by Featured Image\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On the Post\u002FPage list pages of the Admin area, click on the Featured Image column heading to sort by Featured Image ID.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Filtering by Featured Image\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On the Post\u002FPage list pages of the Admin area, Choose to Filter the posts by “Show All Posts with Featured Image” or “Show All Posts without Featured Image”\u003C\u002Fp>\n\u003Cp>This is especially helpful for assigning new featured image to posts that do not have them. Or this helps with large sites, with many posts, and editing the post featured images for those posts using the “Quick Edit” feature, available with the \u003Cstrong>Pro Addon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Please remember, if you do not see the Featured Image column in your Post\u002FPage Lists to click on “Screen Options” in the upper right corner, and tick the box for Featured Image.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Set featured images in \u003Cem>QUICK EDIT\u003C\u002Fem> mode\u003C\u002Fli>\n\u003Cli>Custom post type support\u003C\u002Fli>\n\u003Cli>\u003Cem>NEW\u003C\u002Fem> Auto set the first image of a post as featured image in \u003Cem>QUICK EDIT\u003C\u002Fem> mode\u003C\u002Fli>\n\u003Cli>\u003Cem>NEW\u003C\u002Fem> Auto set the first image of a post as featured image by \u003Cem>post type\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that adds the \"Featured Image\" column in admin posts and pages list.",1000,37987,94,12,"2016-04-04T10:22:00.000Z","4.5.33","",[19,20,21,22,23],"developer-tools","featured","image","pages","posts","http:\u002F\u002Fjaggededgemedia.com\u002Fblog\u002Fpost-list-featured-image\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-list-featured-image.0.5.9.zip",63,1,"2025-10-09 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-62937","post-list-featured-image-authenticated-contributor-stored-cross-site-scripting","Post List Featured Image \u003C= 0.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Post List Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.5.9","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-29 14:54:01",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd7a298c9-c688-4c39-bd68-2a58ff8d1402?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"jakzam",30,68,"2026-04-04T16:16:57.074Z",[51,69,85,108,130],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":10,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":17,"requires_php":17,"tags":64,"homepage":17,"download_link":66,"security_score":67,"vuln_count":68,"unpatched_count":68,"last_vuln_date":36,"fetched_at":29},"featured-image-column-display","Featured Image Column Display","2.0","Sawai S.","https:\u002F\u002Fprofiles.wordpress.org\u002Fssdheerawat\u002F","\u003Cp>It is a simple plugin to add a column for “Featured Image” in post type listing display.\u003C\u002Fp>\n",40,2069,100,4,"2019-07-17T09:14:00.000Z","5.2.24",[19,65,21,22,23],"featured-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeatured-image-column-display.zip",85,0,{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":68,"downloaded":77,"rating":68,"num_ratings":68,"last_updated":78,"tested_up_to":17,"requires_at_least":79,"requires_php":17,"tags":80,"homepage":83,"download_link":84,"security_score":67,"vuln_count":68,"unpatched_count":68,"last_vuln_date":36,"fetched_at":29},"everything-accordion","Everything Accordion","1.0","Mostafa Shahiri","https:\u002F\u002Fprofiles.wordpress.org\u002Fmostafadeveloper\u002F","\u003Cp>The Everything Accordion is a simple widget that shows wordpress widgets, posts and pages in an pretty accordion. It enables you to control:\u003C\u002Fp>\n\u003Col>\n\u003Cli>displaying the widgets\u003C\u002Fli>\n\u003Cli>displaying the separated posts\u003C\u002Fli>\n\u003Cli>displaying the pages\u003C\u002Fli>\n\u003Cli>displaying posts of some specific categories\u003C\u002Fli>\n\u003Cli>different filters for posts and pages\u003C\u002Fli>\n\u003Cli>Ordering posts and pages based on created date, modified date, views, comments count and random.\u003C\u002Fli>\n\u003Cli>Showing pages and posts in two different modes: 1)Introtext includes featured image+inro content+readmore link.  2)Fulltext mode\u003C\u002Fli>\n\u003Cli>Custom text for readmore links.\u003C\u002Fli>\n\u003Cli>Some other filters for showing the categories, author, published date, modified date and comments count of the pages or posts.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you like to apply your style to this widget, you can edit everythingaccordion.css file. The ID of this widget is everything_accordion.\u003C\u002Fp>\n\u003Cp>Now we explain about CSS classes are used in Everything Accordion :\u003C\u002Fp>\n\u003Cp>\u003Cstrong>.evachead:\u003C\u002Fstrong> CSS class for styling accordion headers\u003Cbr \u002F>\n\u003Cstrong>.accord_widget:\u003C\u002Fstrong> CSS class for styling widgets\u003Cbr \u002F>\n\u003Cstrong>.accord_content:\u003C\u002Fstrong> CSS class for styling accordion panel\u003Cbr \u002F>\n\u003Cstrong>.info:\u003C\u002Fstrong> CSS class for styling info small tags\u003Cbr \u002F>\n\u003Cstrong>.infoblock:\u003C\u002Fstrong> All small tags have been placed in a div with this CSS class. (Parent div class for small tags)\u003Cbr \u002F>\n\u003Cstrong>.accord_img:\u003C\u002Fstrong> CSS class for featured images divs\u003Cbr \u002F>\n\u003Cstrong>.accord_post:\u003C\u002Fstrong> CSS class for styling posts or pages content divs\u003Cbr \u002F>\n\u003Cstrong>.accord_readmore:\u003C\u002Fstrong> CSS class for parent divs of readmore links.\u003C\u002Fp>\n","The Everything Accordion is a simple widget that shows wordpress widgets, posts and pages in an pretty accordion.",1168,"2020-06-27T09:19:00.000Z","3.6.1",[81,65,22,23,82],"accordion","widget","https:\u002F\u002Fgithub.com\u002Fmostafa272\u002FEverything-Accordion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feverything-accordion.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":17,"tags":100,"homepage":104,"download_link":105,"security_score":106,"vuln_count":27,"unpatched_count":68,"last_vuln_date":107,"fetched_at":29},"ultimate-posts-widget","Ultimate Posts Widget","2.3.2","cl272","https:\u002F\u002Fprofiles.wordpress.org\u002Fcl272\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fultimate-posts-widget\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fultimate-posts-widget\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr \u002F>\n(this trick works for all plugins in the WP repo – just replace “wordpress” with “tastewp” in the URL)\u003C\u002Fp>\n\u003Cp>UPDATE: Plugin ownership changed for this plugin. We are currently evaluating possible enhancements for it. Stay tuned! If you have any suggestions yourself, please let us know in the Support Forum.\u003C\u002Fp>\n\u003Cp>Note: This is a \u003Cstrong>classic widget\u003C\u002Fstrong> type, in order for it to work on the latest version of WordPress you will need \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F\" rel=\"ugc\">Classic Widgets\u003C\u002Fa> plugin installed on your site.\u003C\u002Fp>\n\u003Cp>The ultimate widget for displaying posts, custom post types or sticky posts with an array of options to customize the display.\u003C\u002Fp>\n\u003Cp>Designed for both the average user and developer, Ultimate Posts Widgets aims to provide flexibility and ease of use for displaying any kinds of posts within your widget areas. An array of widget options are available as well as hooks, filters and custom templates for more advanced customization.\u003C\u002Fp>\n\u003Ch4>Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Filter by categories\u003C\u002Fli>\n\u003Cli>Filter by current category\u003C\u002Fli>\n\u003Cli>Filter by tags\u003C\u002Fli>\n\u003Cli>Filter by current tag\u003C\u002Fli>\n\u003Cli>Filter by custom post types\u003C\u002Fli>\n\u003Cli>Filter by sticky posts\u003C\u002Fli>\n\u003Cli>Select number of posts to display\u003C\u002Fli>\n\u003Cli>Display title\u003C\u002Fli>\n\u003Cli>Display publish date\u002Ftime with custom format options\u003C\u002Fli>\n\u003Cli>Display post author and link\u003C\u002Fli>\n\u003Cli>Display post comment count\u003C\u002Fli>\n\u003Cli>Display excerpt or full content\u003C\u002Fli>\n\u003Cli>Display read more link with custom label\u003C\u002Fli>\n\u003Cli>Display featured image and at any size\u003C\u002Fli>\n\u003Cli>Display post categories\u003C\u002Fli>\n\u003Cli>Display post tags\u003C\u002Fli>\n\u003Cli>Display custom fields\u003C\u002Fli>\n\u003Cli>Add text or HTML before and after posts list\u003C\u002Fli>\n\u003Cli>Add CSS class to widget\u003C\u002Fli>\n\u003Cli>Add widget title link\u003C\u002Fli>\n\u003Cli>Change excerpt length (in words)\u003C\u002Fli>\n\u003Cli>Order by date, title, number of comments, random or a custom field\u003C\u002Fli>\n\u003Cli>Exclude current post from the list\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-posts-widget\u002Ffaq\u002F\" rel=\"ugc\">FAQ tab\u003C\u002Fa> for documentation on custom templates, hooks, common issues, and more.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For help please ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fultimate-posts-widget\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Enjoy this plugin? \u003Ca href=\"https:\u002F\u002Fsellcodes.com\u002F5U4SICyc\" rel=\"nofollow ugc\">Send a tip to support development\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is part of the Inisev product family – \u003Ca href=\"https:\u002F\u002Finisev.com\" rel=\"nofollow ugc\">check out our other products\u003C\u002Fa>.\u003C\u002Fp>\n","The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.",10000,492332,90,55,"2024-07-17T01:21:00.000Z","6.6.5","3.5",[101,65,102,103,82],"custom-post-types","recent-posts","sticky-posts","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-posts-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-posts-widget.2.3.2.zip",92,"2024-02-13 00:00:00",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":60,"num_ratings":118,"last_updated":119,"tested_up_to":98,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":128,"download_link":129,"security_score":106,"vuln_count":68,"unpatched_count":68,"last_vuln_date":36,"fetched_at":29},"preload-featured-images","Preload Featured Images","1.0.0","WPZOOM","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpzoom\u002F","\u003Cp>Preload Featured Images automatically in posts to increase the PageSpeed Score.\u003C\u002Fp>\n\u003Cp>This plugin is a “must-have” for websites using themes that display the Featured Image automatically at the top in single post pages.\u003C\u002Fp>\n\u003Ch3>Why was this plugin created?\u003C\u002Fh3>\n\u003Cp>Suppose your theme displays the Featured Image at the top in posts automatically. In that case, the chances that the image is the \u003Cstrong>LCP (Largest Contentful Paint)\u003C\u002Fstrong> are very high, so the PageSpeed tool will highly recommend you to preload it.\u003C\u002Fp>\n\u003Cp>Are you getting the following recommendation when testing the PageSpeed score of a single post: \u003Cstrong>“Preload Largest Contentful Paint image”\u003C\u002Fstrong>? Then this plugin will help you!\u003C\u002Fp>\n\u003Ch3>How it works?\u003C\u002Fh3>\n\u003Cp>Go to the \u003Cstrong>Settings > Preload Featured Images\u003C\u002Fstrong> page and choose the image size used by your theme to make sure the right image size is preloaded.\u003C\u002Fp>\n\u003Ch3>Compatible Themes\u003C\u002Fh3>\n\u003Cp>The plugin supports all themes, but it’s very important to choose the right Image Size on the settings page.\u003C\u002Fp>\n\u003Cp>If you are not sure which is the image size used by your theme, simply get in touch with your theme’s developer and they will be able to help you with that.\u003C\u002Fp>\n\u003Cp>If you’re using one of the following popular themes, then the plugin will automatically pick the right Image Size, so you don’t have to configure anything:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Foodica\u003C\u002Fli>\n\u003Cli>Foodica PRO\u003C\u002Fli>\n\u003Cli>Gourmand\u003C\u002Fli>\n\u003Cli>Cookely\u003C\u002Fli>\n\u003Cli>Astra\u003C\u002Fli>\n\u003Cli>Neve\u003C\u002Fli>\n\u003Cli>OceanWP\u003C\u002Fli>\n\u003Cli>GeneratePress\u003C\u002Fli>\n\u003Cli>BlossomRecipe\u003C\u002Fli>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>Ashe\u003C\u002Fli>\n\u003C\u002Ful>\n","Preload Featured Images automatically in posts to increase the PageSpeed Score.",2000,17991,3,"2024-07-17T13:40:00.000Z","5.0","7.4",[123,124,125,126,127],"featured-images","image-preload","pagespeed","prefetch","preload","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpreload-featured-images\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreload-featured-images.zip",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":11,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":17,"requires_at_least":142,"requires_php":17,"tags":143,"homepage":147,"download_link":148,"security_score":67,"vuln_count":68,"unpatched_count":68,"last_vuln_date":36,"fetched_at":29},"bulk-images-to-posts","Bulk Images to Posts","3.6.6.3","mezzaninegold","https:\u002F\u002Fprofiles.wordpress.org\u002Fmezzaninegold\u002F","\u003Ch4>Bulk upload Images to automatically create Posts\u003C\u002Fh4>\n\u003Cp>The perfect tool to quickly populate your site.\u003C\u002Fp>\n\u003Cp>Ideal for photographers, artists, galleries, photo blogs or any image based site.\u003Cbr \u002F>\nEasily batch upload images after an event, gig, exhibition, wedding etc creating individual posts.\u003C\u002Fp>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Cp>Simply drag and drop your images and posts will automatically be created with post titles, featured images and the other options you’ve selected.\u003C\u002Fp>\n\u003Ch4>Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Featured image automatically assigned.\u003C\u002Fli>\n\u003Cli>Image file name is used as the post title.\u003C\u002Fli>\n\u003Cli>Works with Custom Post Types.\u003C\u002Fli>\n\u003Cli>Select multiple Categories, Tags, Post Formats and Custom Taxonomies at once.\u003C\u002Fli>\n\u003Cli>Select the Post Status: Published \u002F Draft.\u003C\u002Fli>\n\u003Cli>Options for including the image in the body of the post.\u003C\u002Fli>\n\u003Cli>Image metadata title can also be used as the post title\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Suggestions\u003C\u002Fh4>\n\u003Cp>Please leave a support message and I will respond asap.\u003C\u002Fp>\n","Bulk upload images to automatically create posts \u002F custom posts with featured images.",18376,96,18,"2019-02-28T13:43:00.000Z","3.0.0",[144,20,145,146,23],"artists","images","photographers","http:\u002F\u002Fwww.mezzaninegold.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-images-to-posts.zip",{"attackSurface":150,"codeSignals":216,"taintFlows":290,"riskAssessment":291,"analyzedAt":302},{"hooks":151,"ajaxHandlers":201,"restRoutes":208,"shortcodes":209,"cronEvents":214,"entryPointCount":215,"unprotectedCount":68},[152,158,163,167,172,175,178,181,184,189,193,198],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","plugins_loaded","initControllers","autoload.php",26,{"type":153,"name":159,"callback":160,"file":161,"line":162},"init","plfi_load_plugin_textdomain","post-list-featured-image.php",44,{"type":153,"name":164,"callback":165,"file":161,"line":166},"admin_notices","plfi_required_php_version",58,{"type":153,"name":168,"callback":169,"file":170,"line":171},"admin_init","register_settings","PostListFeaturedImage\\Controller\\Admin.php",71,{"type":153,"name":168,"callback":173,"file":170,"line":174},"list_table_customization",72,{"type":153,"name":176,"callback":176,"file":170,"line":177},"admin_enqueue_scripts",73,{"type":153,"name":179,"callback":179,"file":170,"line":180},"admin_menu",74,{"type":153,"name":182,"callback":182,"file":170,"line":183},"network_admin_menu",75,{"type":153,"name":185,"callback":186,"priority":187,"file":170,"line":188},"after_setup_theme","add_theme_support",20,76,{"type":153,"name":190,"callback":191,"file":170,"line":192},"restrict_manage_posts","filter_list_table_by_featured_image_dropdown",431,{"type":194,"name":195,"callback":196,"file":170,"line":197},"filter","pre_get_posts","orderby_featured_image_title",435,{"type":194,"name":195,"callback":199,"file":170,"line":200},"filter_list_table_by_featured_image",436,[202],{"action":203,"nopriv":204,"callback":205,"hasNonce":206,"hasCapCheck":204,"file":170,"line":207},"do_save_plfi_plugin_settings",false,"save_plfi_plugin_settings",true,77,[],[210],{"tag":211,"callback":212,"file":213,"line":162},"featured_img","sc_featured_image","PostListFeaturedImage\\Controller\\Front.php",[],2,{"dangerousFunctions":217,"sqlUsage":218,"outputEscaping":220,"fileOperations":118,"externalRequests":68,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":289},[],{"prepared":68,"raw":68,"locations":219},[],{"escaped":221,"rawEcho":222,"locations":223},5,31,[224,227,228,230,233,234,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,270,273,275,278,280,283,284,286],{"file":170,"line":225,"context":226},218,"raw output",{"file":170,"line":225,"context":226},{"file":170,"line":229,"context":226},220,{"file":231,"line":232,"context":226},"PostListFeaturedImage\\Lib\\Debugger.php",91,{"file":231,"line":13,"context":226},{"file":231,"line":139,"context":226},{"file":231,"line":236,"context":226},138,{"file":231,"line":238,"context":226},181,{"file":231,"line":240,"context":226},195,{"file":231,"line":242,"context":226},198,{"file":231,"line":244,"context":226},201,{"file":231,"line":246,"context":226},204,{"file":231,"line":248,"context":226},211,{"file":231,"line":250,"context":226},215,{"file":231,"line":252,"context":226},224,{"file":231,"line":254,"context":226},227,{"file":231,"line":256,"context":226},230,{"file":231,"line":258,"context":226},233,{"file":231,"line":260,"context":226},239,{"file":231,"line":262,"context":226},242,{"file":231,"line":264,"context":226},245,{"file":231,"line":266,"context":226},248,{"file":268,"line":269,"context":226},"PostListFeaturedImage\\Lib\\Helper.php",139,{"file":271,"line":272,"context":226},"PostListFeaturedImage\\Lib\\TabsData.php",154,{"file":271,"line":274,"context":226},158,{"file":276,"line":277,"context":226},"PostListFeaturedImage\\View\\help-tab.php",16,{"file":276,"line":279,"context":226},17,{"file":281,"line":282,"context":226},"PostListFeaturedImage\\View\\plugin-admin-page.php",41,{"file":281,"line":282,"context":226},{"file":281,"line":285,"context":226},49,{"file":287,"line":288,"context":226},"PostListFeaturedImage\\View\\plugin-author-news.php",52,[],[],{"summary":292,"deductions":293},"The plugin \"post-list-featured-image\" v0.5.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks. The attack surface is relatively small, with no apparent vulnerabilities in REST API routes or cron events, and no dangerous functions identified in the code. However, a significant concern arises from the low percentage (14%) of properly escaped output. This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied input could be injected into web pages without proper sanitization, potentially leading to malicious script execution.\n\nThe plugin's vulnerability history is also a cause for concern. It has a known CVE, which is currently unpatched, and it falls into the medium severity category. The common vulnerability type being Cross-Site Scripting further reinforces the risks identified in the static code analysis. The fact that the last vulnerability was in the future (2025-10-09) suggests this historical data might be simulated or indicative of a recurring issue. The lack of taint analysis results, while potentially indicating no critical flows were found, does not negate the clear risks identified in output escaping and historical vulnerabilities.\n\nIn conclusion, while the plugin employs some secure coding practices, the high prevalence of unescaped output and the presence of an unpatched medium-severity XSS vulnerability present a notable security risk. Developers should prioritize addressing the output escaping issues and promptly patching the known CVE to improve the plugin's overall security. The limited attack surface and use of prepared statements are strengths, but they are overshadowed by the evident XSS risk.",[294,296,299],{"reason":295,"points":279},"Currently unpatched CVE (medium severity)",{"reason":297,"points":298},"Low percentage of properly escaped output",10,{"reason":300,"points":301},"Historical XSS vulnerability pattern",8,"2026-03-16T19:06:39.988Z",{"wat":304,"direct":312},{"assetPaths":305,"generatorPatterns":309,"scriptPaths":310,"versionParams":311},[306,307,308],"\u002Fwp-content\u002Fplugins\u002Fpost-list-featured-image\u002Fassets\u002Fcss\u002Fflexbox-grid.css","\u002Fwp-content\u002Fplugins\u002Fpost-list-featured-image\u002Fassets\u002Fcss\u002Fsettings-page.css","\u002Fwp-content\u002Fplugins\u002Fpost-list-featured-image\u002Fassets\u002Fjs\u002Fsettings-page.js",[],[308],[],{"cssClasses":313,"htmlComments":314,"htmlAttributes":326,"restEndpoints":331,"jsGlobals":332,"shortcodeOutput":334},[],[315,316,315,317,318,319,320,321,322,323,324,325],"\u003C!-- Plugin Settings Page -->","\u003C!-- WHAT Settings Section -->","\u003C!-- End Plugin Settings Page -->","\u003C!-- Network Admin Settings Page -->","\u003C!-- End Network Admin Settings Page -->","\u003C!-- Plugin Action Links -->","\u003C!-- End Plugin Action Links -->","\u003C!-- Network Admin Plugin Action Links -->","\u003C!-- End Network Admin Plugin Action Links -->","\u003C!-- Plugin List Table Customization -->","\u003C!-- End Plugin List Table Customization -->",[327,328,329,330],"data-plfi-tab=\"general\"","data-plfi-tab=\"list-table\"","data-plfi-tab=\"advanced\"","data-plfi-tab=\"license\"",[],[333],"plfi",[]]