[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fk6M3RLOzxPnh--Iq8SKgsu-8yaSjdt54KvRuugbEQRs":3,"$fWcJtDlSZ-xSuiy0XEax49U8aCQkrRqk05xSspqrZqtE":312},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":279},"push-down-banners","Push Down Banners","1.3","Melodic Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelodicmedia\u002F","\u003Cp>Push Down Banners is an easy to use WordPress plugin that allows you to create banner that push any web content down.\u003Cbr \u002F>\nSimply upload your banner which can be an image, flash or HTML, or HTML5 code, set your variables, preview and deploy.\u003Cbr \u002F>\nCustomize it by adding your own close or open button.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Now in 9 Languages: French, Spanish, Portuguese, German, Dutch, Italian, Russian, Arabic, Turkish,\u003C\u002Fli>\n\u003Cli>No coding required!\u003C\u002Fli>\n\u003Cli>Mobile responsive: All images and HTML banners are responsive.\u003C\u002Fli>\n\u003Cli>Banner format can be: JPG, GIF, PNG, SWF, HTML or HTML5.\u003C\u002Fli>\n\u003Cli>Show only on certain screen sizes.\u003C\u002Fli>\n\u003Cli>Click to open, or Rollover to open.\u003C\u002Fli>\n\u003Cli>Paste any HTML code from: (Aweber, GetResponse, iContact, Youtube, Twitter, Facebook and more)\u003C\u002Fli>\n\u003Cli>Set your URL (Open in a new window or not)\u003C\u002Fli>\n\u003Cli>Set the dimensions for any banner\u003C\u002Fli>\n\u003Cli>Set where you want them to be placed. (top of page, middle of page etc.)\u003C\u002Fli>\n\u003Cli>Add a Background Colour or Image.\u003C\u002Fli>\n\u003Cli>Add a cookie to show only once per day.\u003C\u002Fli>\n\u003Cli>Free upgrades\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Links\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.pushdownbanners.com\" rel=\"nofollow ugc\">Main Website & Live Examples\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.pushdownbanners.com\u002Fsupport.php\" rel=\"nofollow ugc\">Support\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.pushdownbanners.com\u002Fpushdownbanners_wordpress.php\" rel=\"nofollow ugc\">Plugin page\u003C\u002Fa> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>NOTE: Certain features are exclusive to the Full version of Push Down Banners.\u003C\u002Fli>\n\u003Cli>Add banners using images, flash, HTML or HTML5\u003C\u002Fli>\n\u003Cli>Add a close button\u003C\u002Fli>\n\u003Cli>Change the speed\u003C\u002Fli>\n\u003Cli>Save unlimited banners\u003C\u002Fli>\n\u003Cli>Daily, Weekly, Monthly with a 6 month history\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Portuguese\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003C\u002Ful>\n","The easiest way to create Push Down Banners for your site. Unlimited creativity! 9 Languages!",10,2082,0,"2016-02-11T07:19:00.000Z","4.4.34","3.8","",[19,20,21,4,22],"html5-push-down-banners","push-banners","push-down-ads","pushing-ads","http:\u002F\u002Fpushdownbanners.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-down-banners.zip",85,null,"2026-04-06T09:54:40.288Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"melodicmedia",2,20,30,84,"2026-04-07T11:16:06.144Z",[],{"attackSurface":38,"codeSignals":106,"taintFlows":126,"riskAssessment":267,"analyzedAt":278},{"hooks":39,"ajaxHandlers":75,"restRoutes":103,"shortcodes":104,"cronEvents":105,"entryPointCount":92,"unprotectedCount":92},[40,46,49,53,58,62,66,71],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","plugins_loaded","push_load_plugin_textdomain","pushdownbanner.php",19,{"type":41,"name":47,"callback":48,"file":44,"line":32},"wp_enqueue_scripts","push_pushdwonhead",{"type":41,"name":50,"callback":51,"file":44,"line":52},"wp_footer","push_pushdowndiv",21,{"type":54,"name":55,"callback":56,"priority":11,"file":44,"line":57},"filter","plugin_row_meta","push_plugin_meta_links",22,{"type":54,"name":59,"callback":60,"priority":11,"file":44,"line":61},"upgrader_pre_install","push_backup",351,{"type":54,"name":63,"callback":64,"priority":11,"file":44,"line":65},"upgrader_post_install","push_recover",352,{"type":41,"name":67,"callback":68,"file":69,"line":70},"admin_menu","push_menu","pushdownoptions.php",3,{"type":41,"name":72,"callback":73,"file":69,"line":74},"admin_init","push_pushdownoptions_init",4,[76,81,85,89,93,97,99,101],{"action":77,"nopriv":78,"callback":79,"hasNonce":78,"hasCapCheck":78,"file":69,"line":80},"push_submit",false,"push_submit_callback",5,{"action":82,"nopriv":78,"callback":83,"hasNonce":78,"hasCapCheck":78,"file":69,"line":84},"push_uplimage","push_uplimage_callback",6,{"action":86,"nopriv":78,"callback":87,"hasNonce":78,"hasCapCheck":78,"file":69,"line":88},"push_clicks","push_clicks_callback",7,{"action":90,"nopriv":78,"callback":91,"hasNonce":78,"hasCapCheck":78,"file":69,"line":92},"push_impressions","push_impressions_callback",8,{"action":94,"nopriv":78,"callback":95,"hasNonce":78,"hasCapCheck":78,"file":69,"line":96},"push_opens","push_opens_callback",9,{"action":86,"nopriv":98,"callback":87,"hasNonce":78,"hasCapCheck":78,"file":69,"line":11},true,{"action":90,"nopriv":98,"callback":91,"hasNonce":78,"hasCapCheck":78,"file":69,"line":100},11,{"action":94,"nopriv":98,"callback":95,"hasNonce":78,"hasCapCheck":78,"file":69,"line":102},12,[],[],[],{"dangerousFunctions":107,"sqlUsage":108,"outputEscaping":111,"fileOperations":102,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":125},[],{"prepared":109,"raw":13,"locations":110},18,[],{"escaped":112,"rawEcho":80,"locations":113},261,[114,117,119,121,123],{"file":69,"line":115,"context":116},143,"raw output",{"file":69,"line":118,"context":116},265,{"file":69,"line":120,"context":116},323,{"file":69,"line":122,"context":116},395,{"file":69,"line":124,"context":116},689,[],[127,145,164,181,195,209,223,233],{"entryPoint":128,"graph":129,"unsanitizedCount":143,"severity":144},"push_uplimage_callback (pushdownoptions.php:82)",{"nodes":130,"edges":141},[131,136],{"id":132,"type":133,"label":134,"file":69,"line":135},"n0","source","$_FILES",98,{"id":137,"type":138,"label":139,"file":69,"line":115,"wp_function":140},"n1","sink","echo() [XSS]","echo",[142],{"from":132,"to":137,"sanitized":78},1,"medium",{"entryPoint":146,"graph":147,"unsanitizedCount":143,"severity":144},"push_preview (pushdownoptions.php:394)",{"nodes":148,"edges":161},[149,152,154,158],{"id":132,"type":133,"label":150,"file":69,"line":151},"$_POST (x9)",443,{"id":137,"type":138,"label":139,"file":69,"line":153,"wp_function":140},474,{"id":155,"type":133,"label":156,"file":69,"line":157},"n2","$_POST",427,{"id":159,"type":138,"label":139,"file":69,"line":160,"wp_function":140},"n3",494,[162,163],{"from":132,"to":137,"sanitized":98},{"from":155,"to":159,"sanitized":78},{"entryPoint":165,"graph":166,"unsanitizedCount":31,"severity":180},"push_clicks_callback (pushdownoptions.php:13)",{"nodes":167,"edges":177},[168,169,172,173],{"id":132,"type":133,"label":156,"file":69,"line":45},{"id":137,"type":138,"label":170,"file":69,"line":57,"wp_function":171},"get_row() [SQLi]","get_row",{"id":155,"type":133,"label":156,"file":69,"line":45},{"id":159,"type":138,"label":174,"file":69,"line":175,"wp_function":176},"query() [SQLi]",26,"query",[178,179],{"from":132,"to":137,"sanitized":78},{"from":155,"to":159,"sanitized":78},"high",{"entryPoint":182,"graph":183,"unsanitizedCount":31,"severity":180},"push_impressions_callback (pushdownoptions.php:36)",{"nodes":184,"edges":192},[185,187,189,190],{"id":132,"type":133,"label":156,"file":69,"line":186},42,{"id":137,"type":138,"label":170,"file":69,"line":188,"wp_function":171},45,{"id":155,"type":133,"label":156,"file":69,"line":186},{"id":159,"type":138,"label":174,"file":69,"line":191,"wp_function":176},49,[193,194],{"from":132,"to":137,"sanitized":78},{"from":155,"to":159,"sanitized":78},{"entryPoint":196,"graph":197,"unsanitizedCount":31,"severity":180},"push_opens_callback (pushdownoptions.php:59)",{"nodes":198,"edges":206},[199,201,203,204],{"id":132,"type":133,"label":156,"file":69,"line":200},65,{"id":137,"type":138,"label":170,"file":69,"line":202,"wp_function":171},68,{"id":155,"type":133,"label":156,"file":69,"line":200},{"id":159,"type":138,"label":174,"file":69,"line":205,"wp_function":176},72,[207,208],{"from":132,"to":137,"sanitized":78},{"from":155,"to":159,"sanitized":78},{"entryPoint":210,"graph":211,"unsanitizedCount":70,"severity":180},"push_submit_callback (pushdownoptions.php:158)",{"nodes":212,"edges":220},[213,215,217,219],{"id":132,"type":133,"label":156,"file":69,"line":214},182,{"id":137,"type":138,"label":174,"file":69,"line":216,"wp_function":176},263,{"id":155,"type":133,"label":218,"file":69,"line":214},"$_POST (x2)",{"id":159,"type":138,"label":139,"file":69,"line":118,"wp_function":140},[221,222],{"from":132,"to":137,"sanitized":78},{"from":155,"to":159,"sanitized":78},{"entryPoint":224,"graph":225,"unsanitizedCount":143,"severity":180},"push_main_options (pushdownoptions.php:555)",{"nodes":226,"edges":231},[227,230],{"id":132,"type":133,"label":228,"file":69,"line":229},"$_POST['did']",585,{"id":137,"type":138,"label":174,"file":69,"line":229,"wp_function":176},[232],{"from":132,"to":137,"sanitized":78},{"entryPoint":234,"graph":235,"unsanitizedCount":102,"severity":180},"\u003Cpushdownoptions> (pushdownoptions.php:0)",{"nodes":236,"edges":260},[237,239,240,242,243,245,247,249,251,254,256,258],{"id":132,"type":133,"label":238,"file":69,"line":45},"$_POST (x3)",{"id":137,"type":138,"label":170,"file":69,"line":57,"wp_function":171},{"id":155,"type":133,"label":241,"file":69,"line":45},"$_POST (x4)",{"id":159,"type":138,"label":174,"file":69,"line":175,"wp_function":176},{"id":244,"type":133,"label":134,"file":69,"line":135},"n4",{"id":246,"type":138,"label":139,"file":69,"line":115,"wp_function":140},"n5",{"id":248,"type":133,"label":238,"file":69,"line":214},"n6",{"id":250,"type":138,"label":139,"file":69,"line":118,"wp_function":140},"n7",{"id":252,"type":133,"label":253,"file":69,"line":151},"n8","$_POST (x18)",{"id":255,"type":138,"label":139,"file":69,"line":153,"wp_function":140},"n9",{"id":257,"type":133,"label":228,"file":69,"line":229},"n10",{"id":259,"type":138,"label":174,"file":69,"line":229,"wp_function":176},"n11",[261,262,263,264,265,266],{"from":132,"to":137,"sanitized":78},{"from":155,"to":159,"sanitized":78},{"from":244,"to":246,"sanitized":78},{"from":248,"to":250,"sanitized":78},{"from":252,"to":255,"sanitized":98},{"from":257,"to":259,"sanitized":78},{"summary":268,"deductions":269},"The push-down-banners plugin v1.3 exhibits a significant security concern due to its extensive attack surface being entirely unprotected. All 8 identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthorized actions. While the plugin demonstrates strong practices in SQL query handling and output escaping, the absence of nonces and capability checks on its AJAX endpoints is a critical oversight.  The taint analysis further highlights this, revealing 6 high-severity flows with unsanitized paths, strongly suggesting potential for injection vulnerabilities or unintended data manipulation when these unprotected AJAX handlers are triggered.  The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past development. However, this lack of history should not overshadow the immediate and substantial risks presented by the current code's lack of essential security controls on its entry points.",[270,272,274,276],{"reason":271,"points":32},"8 AJAX handlers without auth checks",{"reason":273,"points":32},"6 high severity taint flows",{"reason":275,"points":11},"0 Nonce checks on AJAX handlers",{"reason":277,"points":11},"0 Capability checks on AJAX handlers","2026-03-17T00:53:28.399Z",{"wat":280,"direct":289},{"assetPaths":281,"generatorPatterns":284,"scriptPaths":285,"versionParams":286},[282,283],"\u002Fwp-content\u002Fplugins\u002Fpush-down-banners\u002Fpushdownbanners.js","\u002Fwp-content\u002Fplugins\u002Fpush-down-banners\u002Fswfobject\u002Fswfobject.js",[],[],[287,288],"push-down-banners\u002Fpushdownbanners.js?ver=","push-down-banners\u002Fswfobject\u002Fswfobject.js?ver=",{"cssClasses":290,"htmlComments":293,"htmlAttributes":294,"restEndpoints":299,"jsGlobals":300,"shortcodeOutput":311},[291,292],"PushdownAd","show",[],[295,296,297,298],"id=\"PushdownAd2\"","id=\"PushdownAd1\"","id=\"outer\"","id=\"mainimg\"",[],[301,302,303,304,305,306,307,308,309,310],"adm_url","panid","_gPDBSpeed","_gPDBTime","createCookie","readCookie","eraseCookie","_gPDBAutoopen","_gPDBAutoclose","_Toggle",[],{"slug":4,"current_version":6,"total_versions":13,"versions":313},[]]