[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQuQfe4DfvOr0NaFn-UL78vjTSdjDM3C9MnbqIuXgEog":3,"$f7kkbq79HV4HiwdzrR7-bdAIURy4eCWWHb8hmSMLe8SI":284,"$fgThFh1tVFPRkN8fkP7L8q0NDaRsAMl4F68p3V7S7--Q":289},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":51,"crawl_stats":39,"alternatives":59,"analysis":158,"fingerprints":265},"preserve-code-formatting","Preserve Code Formatting","5.0","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>This plugin preserves formatting of code for display by preventing its modification by WordPress and other plugins while also retaining whitespace.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin does \u003Cstrong>NOT\u003C\u002Fstrong> handle posts containing blocks. For such posts, use the built-in code or preformatted blocks to format your code for display. However, this plugin would still be needed if you have text-based posts from before using the blocks-based editor.\u003C\u002Fp>\n\u003Cp>NOTE: Use of the visual text editor will pose problems as it can mangle your intent in terms of \u003Ccode>code\u003C\u002Fcode> tags. I strongly suggest you not use the visual editor in conjunction with this plugin as I have taken no effort to make the two compatible.\u003C\u002Fp>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cp>Basically, you can just paste code into \u003Ccode>code\u003C\u002Fcode>, \u003Ccode>pre\u003C\u002Fcode>, and\u002For other tags you additionally specify and this plugin will:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent WordPress from HTML-encoding text (i.e. single- and double-quotes will not become curly; “–” and “—” will not become en dash and em dash, respectively; “…” will not become a horizontal ellipsis, etc)\u003C\u002Fli>\n\u003Cli>Prevent most other plugins from modifying preserved code\u003C\u002Fli>\n\u003Cli>Prevent shortcodes from being processed\u003C\u002Fli>\n\u003Cli>Optionally preserve whitespace (in a variety of methods)\u003C\u002Fli>\n\u003Cli>Optionally preserve code added in comments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Keep these things in mind:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ALL embedded HTML tags and HTML entities will be rendered as text to browsers, appearing exactly as you wrote them (including any \u003Ccode>br\u003C\u002Fcode> tags).\u003C\u002Fli>\n\u003Cli>By default this plugin filters ‘the_content’ (post content), ‘the_excerpt’ (post excerpt), and ‘get_comment_text (comment content)’.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>A post containing this within \u003Ccode>code\u003C\u002Fcode> tags:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$wpdb->query(\"\n        INSERT INTO $tablepostmeta\n        (post_id,meta_key,meta_value)\n        VALUES ('$post_id','link','$extended')\n\");\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Would, with this plugin enabled, look in a browser pretty much how it does above, instead of like:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$wpdb->query(&#8212;\nINSERT INTO $tablepostmeta\n(post_id,meta_key,meta_value)\nVALUES ('$post_id','link','$extended')\n&#8213;);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fpreserve-code-formatting\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpreserve-code-formatting\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fpreserve-code-formatting\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Preserve formatting of code for display by preventing its modification by WordPress and other plugins while also retaining whitespace.",400,49085,94,3,"2025-08-15T05:13:00.000Z","6.8.5","5.5","",[20,21,22,23,24],"code","content","escape","formatting","post","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fpreserve-code-formatting\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.5.0.zip",98,1,0,"2025-08-01 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-49386","preserve-code-formatting-authenticated-contributor-php-object-injection","Preserve Code Formatting \u003C= 4.0.1 - Authenticated (Contributor+) PHP Object Injection","The Preserve Code Formatting plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.0.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",null,"\u003C=4.0.1","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2025-11-11 17:15:58",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F27e85966-0fc7-4a28-bfc2-af62a1a56d0a?source=api-prod",103,[],false,{"slug":52,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":55,"avg_patch_time_days":56,"trust_score":57,"computed_at":58},"coffee2code",63,91830,88,374,71,"2026-05-19T19:28:47.185Z",[60,79,96,114,134],{"slug":61,"name":62,"version":63,"author":7,"author_profile":8,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":18,"tags":73,"homepage":75,"download_link":76,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":78},"extra-sentence-space","Extra Sentence Space","1.3.9","\u003Cp>Even though you may add two spaces after each sentence when writing a post (assuming you subscribe to a writing style that suggests such spacing) web browsers will collapse consecutive blank spaces into a single space when viewed. This plugin adds a \u003Ccode>&nbsp;\u003C\u002Fcode> (non-breaking space) after sentence-ending punctuation to retain the appearance of your two-space intent.\u003C\u002Fp>\n\u003Cp>NOTE: The plugin will only enforce the two-space gap in places where two or more spaces actually separate sentences in your posts. It will NOT insert a second space if only one space is present.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fextra-sentence-space\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fextra-sentence-space\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fextra-sentence-space\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>The plugin is further customizable via two filters. Typically, these customizations would be put into your active theme’s functions.php file, or used by another plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>c2c_extra_sentence_space\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The ‘c2c_extra_sentence_space’ filter allows you to use an alternative approach to safely invoke \u003Ccode>c2c_extra_sentence_space()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site. This only applies if you use the function directly, which is not typical usage for most users.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_extra_sentence_space( $mytext ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_extra_sentence_space', $mytext ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>c2c_extra_sentence_space_punctuation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The ‘c2c_extra_sentence_space_punctuation’ filter allows you to customize the punctuation, characters, and\u002For symbols after which double-spacing (when present) is preserved. By default these are ‘.!?’.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$punctuation (string): The default characters after which double-spacing should be preserved. Default is ‘.!?’.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * Modifies the list of characters after which two spaces should be preserved\n * to include a forward slash.\n *\n * @param string $punctuation The punctuation.\n * @return string\n *\u002F\nfunction more_extra_space_punctuation( $punctuation ) {\n    \u002F\u002F Add the '\u002F' and ')' characters to the list of characters\n    return $punctuation . '\u002F)';\n}\nadd_filter( 'c2c_extra_sentence_space_punctuation', 'more_extra_space_punctuation' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Force browsers to display two spaces (when present) between sentences.",50,10711,60,2,"2020-01-01T08:14:00.000Z","5.3.21","1.5",[52,21,23,24,74],"space","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fextra-sentence-space\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextra-sentence-space.1.3.9.zip",85,"2026-04-06T09:54:40.288Z",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":29,"num_ratings":29,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":93,"download_link":94,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":95},"kg-inline-code","KG Inline Code","1.0","killergege","https:\u002F\u002Fprofiles.wordpress.org\u002Fkillergege\u002F","\u003Cp>Replaces any word or sentence between backquotes (`) by a \u003Ccode> block in a StackOverflow \u002F Markdown way.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fkg-inline-code\u002F\" rel=\"ugc\">plugin’s home page\u003C\u002Fa> to leave comments, ask questions, etc.\u003C\u002Fp>\n","Replaces any word or sentence between backquotes (`) by a \u003Ccode> block in a StackOverflow \u002F Markdown way.",10,2184,"2012-01-09T13:58:00.000Z","3.3.2","3.0.0",[20,21,23,24],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fkg-inline-code\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkg-inline-code.zip","2026-03-15T15:16:48.613Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":87,"downloaded":104,"rating":29,"num_ratings":29,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":18,"download_link":113,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"wpautop-mask","Wpautop Mask","1.0.0","g737a6b","https:\u002F\u002Fprofiles.wordpress.org\u002Fg737a6b\u002F","\u003Cp>This plugin disables automatic formatting of WordPress (wpautop) between specific shortcode tags.\u003C\u002Fp>\n\u003Ch4>This plugin will help you to:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>write a post using HTML\u003C\u002Fli>\n\u003Cli>put bits and pieces of code (HTML, JavaScript, PHP, etc.) in your post\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can see examples of how this plugin works on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fg737a6b\u002Fwordpress-plugin-wpautop-mask\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Toggle wpautop with shortcodes.",1366,"2016-09-02T14:00:00.000Z","4.6.30","4.3",[109,23,110,111,112],"filter","post-content","shortcode","wpautop","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpautop-mask.1.0.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":132,"download_link":133,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"advanced-excerpt","Advanced Excerpt","4.4.1","WPKube","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkube\u002F","\u003Cp>This plugin adds several improvements to WordPress’ default way of creating excerpts.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Keeps HTML markup in the excerpt (and you get to choose which tags are included)\u003C\u002Fli>\n\u003Cli>Trims the excerpt to a given length using either character count or word count\u003C\u002Fli>\n\u003Cli>Only the ‘real’ text is counted (HTML is ignored but kept)\u003C\u002Fli>\n\u003Cli>Customizes the excerpt length and the ellipsis character that are used\u003C\u002Fli>\n\u003Cli>Completes the last word or sentence in an excerpt (no weird cuts)\u003C\u002Fli>\n\u003Cli>Adds a \u003Cem>read-more\u003C\u002Fem> link to the text\u003C\u002Fli>\n\u003Cli>Ignores custom excerpts and use the generated one instead\u003C\u002Fli>\n\u003Cli>Theme developers can use \u003Ccode>the_advanced_excerpt()\u003C\u002Fcode> for even more control (see the FAQ)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Most of the above features are optional and\u002For can be customized by the user or theme developer.\u003C\u002Fp>\n\u003Cp>Banner image credit – \u003Ca href=\"https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fchillihead\u002F\" rel=\"nofollow ugc\">chillihead\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Original plugin author – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fbasvd\" rel=\"nofollow ugc\">basvd\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Useful Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwhat-is-wordpress\u002F\" rel=\"friend nofollow ugc\">What is WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-themes\" rel=\"friend nofollow ugc\">Fee Themes\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-plugins\u002F\" rel=\"friend nofollow ugc\">plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Control the appearance of WordPress post excerpts",80000,1544514,86,101,"2024-01-19T20:32:00.000Z","6.4.8","3.2",[21,130,23,24,131],"excerpt","post-excerpt","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-excerpt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-excerpt.4.4.1.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":27,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":18,"tags":148,"homepage":153,"download_link":154,"security_score":155,"vuln_count":156,"unpatched_count":29,"last_vuln_date":157,"fetched_at":31},"custom-post-widget","Content Blocks (Custom Post Widget)","3.4.1","Johan van der Wijk","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanderwijk\u002F","\u003Cp>The \u003Ca href=\"http:\u002F\u002Fwww.vanderwijk.com\u002Fwordpress\u002Fwordpress-custom-post-widget\u002F?utm_source=wordpress&utm_medium=website&utm_campaign=custom_post_widget\" rel=\"nofollow ugc\">Content Blocks\u003C\u002Fa> allows you to display the contents of a specific custom post in a widget on in the content area using a shortcode.\u003C\u002Fp>\n\u003Cp>Even though you could use the text widget that comes with the default WordPress install, this plugin has some major benefits:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The Content Blocks plugin enables users to \u003Cstrong>use the WYSIWYG editor\u003C\u002Fstrong> for editing the content and adding images.\u003C\u002Fli>\n\u003Cli>If you are using the standard WordPress text widgets to display content on various areas of your template, this content can only be edited by users with administrator access. If you would like \u003Cstrong>non-administrator accounts to modify the widget content\u003C\u002Fstrong>, you can use this plugin to provide them access to the custom posts that provide the content for the widget areas.\u003C\u002Fli>\n\u003Cli>You can even use the \u003Cstrong>featured image functionality\u003C\u002Fstrong> to display them in a widget.\u003C\u002Fli>\n\u003Cli>The Content Blocks plugin is \u003Cstrong>compatible with the WPML\u003C\u002Fstrong> Multi-Language plugin and automatically shows the correct language in the widget area.\u003C\u002Fli>\n\u003Cli>The Content Blocks can be included in posts and pages using the \u003Cstrong>built-in shortcode functionality\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin creates a ‘content_block’ custom post type. You can choose to either display the title on the page or use it to describe the contents and widget position of the content block. Note that these content blocks can only be displayed in the context of the page. I have added ‘public’ => false to the custom post type which means that it is not accessible outside the page context.\u003C\u002Fp>\n\u003Cp>To add content to a widget, drag it to the required position in the sidebar and select the title of the custom post in the widget configuration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Includes the following translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Swedish (sv_SE) by \u003Ca href=\"http:\u002F\u002Fkrokedil.se\" rel=\"nofollow ugc\">Andreas Larsson\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) by \u003Ca href=\"https:\u002F\u002Fwww.ibidemgroup.com\" rel=\"nofollow ugc\">IBIDEM GROUP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portuguese (pt_BR) by Ronaldo Chevalier\u003C\u002Fli>\n\u003Cli>Polish (pl_PL) by Kuba Skublicki\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) by \u003Ca href=\"https:\u002F\u002Fvanderwijk.nl\" rel=\"nofollow ugc\">Johan van der Wijk\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Czech (cs_CZ) by \u003Ca href=\"http:\u002F\u002Fjsemweb.cz\u002F\" rel=\"nofollow ugc\">Martin Kucera\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcustom-post-widget\" rel=\"nofollow ugc\">More translations are very welcome!\u003C\u002Fa>\u003C\u002Fp>\n","This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.",10000,729431,80,"2026-01-27T13:29:00.000Z","6.9.4","4.6",[149,150,151,111,152],"block","content-block","custom-post","widget","https:\u002F\u002Fvanderwijk.com\u002Fwordpress\u002Fwordpress-custom-post-widget\u002F?utm_source=wordpress&utm_medium=plugin&utm_campaign=custom_post_widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-widget.3.4.1.zip",92,6,"2026-04-17 21:21:37",{"attackSurface":159,"codeSignals":236,"taintFlows":255,"riskAssessment":256,"analyzedAt":264},{"hooks":160,"ajaxHandlers":232,"restRoutes":233,"shortcodes":234,"cronEvents":235,"entryPointCount":29,"unprotectedCount":29},[161,166,170,174,178,183,186,189,193,198,202,205,208,211,213,216,218,221,223,226,228],{"type":162,"name":163,"callback":163,"file":164,"line":165},"action","init","c2c-plugin.php",189,{"type":162,"name":167,"callback":168,"file":164,"line":169},"admin_init","init_options",192,{"type":162,"name":171,"callback":172,"file":164,"line":173},"admin_head","add_c2c_admin_css",193,{"type":109,"name":175,"callback":176,"priority":87,"file":164,"line":177},"plugin_row_meta","donate_link",253,{"type":109,"name":179,"callback":180,"priority":181,"file":164,"line":182},"http_request_args","disable_update_check",5,256,{"type":162,"name":184,"callback":184,"file":164,"line":185},"admin_menu",260,{"type":109,"name":187,"callback":187,"priority":87,"file":164,"line":188},"contextual_help",263,{"type":162,"name":190,"callback":191,"file":164,"line":192},"admin_enqueue_scripts","add_thickbox",265,{"type":109,"name":194,"callback":195,"priority":69,"file":196,"line":197},"the_content","preserve_preprocess","preserve-code-formatting.php",274,{"type":109,"name":194,"callback":199,"priority":200,"file":196,"line":201},"preserve_postprocess_and_preserve",100,275,{"type":109,"name":203,"callback":195,"priority":69,"file":196,"line":204},"content_save_pre",276,{"type":109,"name":203,"callback":206,"priority":200,"file":196,"line":207},"preserve_postprocess",277,{"type":109,"name":209,"callback":195,"priority":69,"file":196,"line":210},"the_excerpt",279,{"type":109,"name":209,"callback":199,"priority":200,"file":196,"line":212},280,{"type":109,"name":214,"callback":195,"priority":69,"file":196,"line":215},"excerpt_save_pre",281,{"type":109,"name":214,"callback":206,"priority":200,"file":196,"line":217},282,{"type":109,"name":219,"callback":195,"priority":69,"file":196,"line":220},"comment_text",286,{"type":109,"name":219,"callback":199,"priority":200,"file":196,"line":222},287,{"type":109,"name":224,"callback":195,"priority":69,"file":196,"line":225},"pre_comment_content",288,{"type":109,"name":224,"callback":206,"priority":200,"file":196,"line":227},289,{"type":162,"name":229,"callback":230,"file":196,"line":231},"plugins_loaded","get_instance",784,[],[],[],[],{"dangerousFunctions":237,"sqlUsage":242,"outputEscaping":244,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":28,"bundledLibraries":254},[238],{"fn":239,"file":164,"line":240,"context":241},"unserialize",362,"$plugins = unserialize( $r['body']['plugins'] );",{"prepared":29,"raw":29,"locations":243},[],{"escaped":245,"rawEcho":14,"locations":246},58,[247,250,252],{"file":164,"line":248,"context":249},1312,"raw output",{"file":196,"line":251,"context":249},303,{"file":196,"line":253,"context":249},314,[],[],{"summary":257,"deductions":258},"The \"preserve-code-formatting\" plugin v5.0 exhibits a generally good security posture with no identified attack surface points and a high percentage of properly escaped output. The absence of critical or high severity taint flows and the exclusive use of prepared statements for SQL queries are positive indicators. However, the presence of the `unserialize` function, even without immediate observable taint flows, introduces a potential risk. This function can be dangerous if used with untrusted data, leading to object injection vulnerabilities. The plugin's vulnerability history includes one high-severity CVE related to \"Deserialization of Untrusted Data,\" which strongly aligns with the risk posed by `unserialize`. While this specific vulnerability is marked as patched, the past occurrence highlights a recurring area of concern and suggests that developers should be particularly vigilant about how serialized data is handled in future versions. The plugin's strengths lie in its limited attack surface and good output escaping practices, but the `unserialize` function and its historical vulnerability pattern warrant ongoing attention.",[259,262],{"reason":260,"points":261},"Dangerous function detected (unserialize)",15,{"reason":263,"points":261},"Past high severity CVE for deserialization","2026-03-16T19:39:01.687Z",{"wat":266,"direct":275},{"assetPaths":267,"generatorPatterns":270,"scriptPaths":271,"versionParams":272},[268,269],"\u002Fwp-content\u002Fplugins\u002Fpreserve-code-formatting\u002Fcss\u002Fpreserve-code-formatting.css","\u002Fwp-content\u002Fplugins\u002Fpreserve-code-formatting\u002Fjs\u002Fpreserve-code-formatting.js",[],[269],[273,274],"preserve-code-formatting\u002Fcss\u002Fpreserve-code-formatting.css?ver=","preserve-code-formatting\u002Fjs\u002Fpreserve-code-formatting.js?ver=",{"cssClasses":276,"htmlComments":277,"htmlAttributes":280,"restEndpoints":281,"jsGlobals":282,"shortcodeOutput":283},[],[278,279],"\u003C!-- CODE BLOCK START -->","\u003C!-- CODE BLOCK END -->",[],[],[],[],{"error":285,"url":286,"statusCode":287,"statusMessage":288,"message":288},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpreserve-code-formatting\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":290,"versions":291},19,[292,297,305,313,321,329,337,345,353,361,369,376,384,392,400,408,416,424,432],{"version":6,"download_url":26,"svn_tag_url":293,"released_at":39,"has_diff":50,"diff_files_changed":294,"diff_lines":39,"trac_diff_url":295,"vulnerabilities":296,"is_current":285},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F4.0.1&new_path=%2Fpreserve-code-formatting%2Ftags%2F5.0",[],{"version":298,"download_url":299,"svn_tag_url":300,"released_at":39,"has_diff":50,"diff_files_changed":301,"diff_lines":39,"trac_diff_url":302,"vulnerabilities":303,"is_current":50},"4.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.4.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F4.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F4.0&new_path=%2Fpreserve-code-formatting%2Ftags%2F4.0.1",[304],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":306,"download_url":307,"svn_tag_url":308,"released_at":39,"has_diff":50,"diff_files_changed":309,"diff_lines":39,"trac_diff_url":310,"vulnerabilities":311,"is_current":50},"4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.9.2&new_path=%2Fpreserve-code-formatting%2Ftags%2F4.0",[312],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":314,"download_url":315,"svn_tag_url":316,"released_at":39,"has_diff":50,"diff_files_changed":317,"diff_lines":39,"trac_diff_url":318,"vulnerabilities":319,"is_current":50},"3.9.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.9.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.9.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.9.1&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.9.2",[320],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":322,"download_url":323,"svn_tag_url":324,"released_at":39,"has_diff":50,"diff_files_changed":325,"diff_lines":39,"trac_diff_url":326,"vulnerabilities":327,"is_current":50},"3.9.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.9.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.9.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.9&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.9.1",[328],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":330,"download_url":331,"svn_tag_url":332,"released_at":39,"has_diff":50,"diff_files_changed":333,"diff_lines":39,"trac_diff_url":334,"vulnerabilities":335,"is_current":50},"3.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.8&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.9",[336],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":338,"download_url":339,"svn_tag_url":340,"released_at":39,"has_diff":50,"diff_files_changed":341,"diff_lines":39,"trac_diff_url":342,"vulnerabilities":343,"is_current":50},"3.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.7&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.8",[344],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":346,"download_url":347,"svn_tag_url":348,"released_at":39,"has_diff":50,"diff_files_changed":349,"diff_lines":39,"trac_diff_url":350,"vulnerabilities":351,"is_current":50},"3.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.6&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.7",[352],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":354,"download_url":355,"svn_tag_url":356,"released_at":39,"has_diff":50,"diff_files_changed":357,"diff_lines":39,"trac_diff_url":358,"vulnerabilities":359,"is_current":50},"3.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.5&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.6",[360],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":362,"download_url":363,"svn_tag_url":364,"released_at":39,"has_diff":50,"diff_files_changed":365,"diff_lines":39,"trac_diff_url":366,"vulnerabilities":367,"is_current":50},"3.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.2&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.5",[368],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":128,"download_url":370,"svn_tag_url":371,"released_at":39,"has_diff":50,"diff_files_changed":372,"diff_lines":39,"trac_diff_url":373,"vulnerabilities":374,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.1&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.2",[375],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":377,"download_url":378,"svn_tag_url":379,"released_at":39,"has_diff":50,"diff_files_changed":380,"diff_lines":39,"trac_diff_url":381,"vulnerabilities":382,"is_current":50},"3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F3.0&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.1",[383],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":385,"download_url":386,"svn_tag_url":387,"released_at":39,"has_diff":50,"diff_files_changed":388,"diff_lines":39,"trac_diff_url":389,"vulnerabilities":390,"is_current":50},"3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.4&new_path=%2Fpreserve-code-formatting%2Ftags%2F3.0",[391],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":393,"download_url":394,"svn_tag_url":395,"released_at":39,"has_diff":50,"diff_files_changed":396,"diff_lines":39,"trac_diff_url":397,"vulnerabilities":398,"is_current":50},"2.5.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.2.5.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F2.5.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.3&new_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.4",[399],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":401,"download_url":402,"svn_tag_url":403,"released_at":39,"has_diff":50,"diff_files_changed":404,"diff_lines":39,"trac_diff_url":405,"vulnerabilities":406,"is_current":50},"2.5.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.2.5.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F2.5.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.2&new_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.3",[407],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":409,"download_url":410,"svn_tag_url":411,"released_at":39,"has_diff":50,"diff_files_changed":412,"diff_lines":39,"trac_diff_url":413,"vulnerabilities":414,"is_current":50},"2.5.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.2.5.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F2.5.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.1&new_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.2",[415],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":417,"download_url":418,"svn_tag_url":419,"released_at":39,"has_diff":50,"diff_files_changed":420,"diff_lines":39,"trac_diff_url":421,"vulnerabilities":422,"is_current":50},"2.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.2.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F2.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F2.5&new_path=%2Fpreserve-code-formatting%2Ftags%2F2.5.1",[423],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":425,"download_url":426,"svn_tag_url":427,"released_at":39,"has_diff":50,"diff_files_changed":428,"diff_lines":39,"trac_diff_url":429,"vulnerabilities":430,"is_current":50},"2.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpreserve-code-formatting%2Ftags%2F2.0&new_path=%2Fpreserve-code-formatting%2Ftags%2F2.5",[431],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":433,"download_url":434,"svn_tag_url":435,"released_at":39,"has_diff":50,"diff_files_changed":436,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":437,"is_current":50},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserve-code-formatting.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpreserve-code-formatting\u002Ftags\u002F2.0\u002F",[],[438],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]