[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f70pgeYukYJBuldavSN0Dj2TfDSSqCMuFh6DtEeeOWy8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":139,"fingerprints":245},"qualtrics-survey-embeds","Qualtrics Survey Embeds","1.0","michaelryanmcneill","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaelryanmcneill\u002F","\u003Cp>This plugin allows you to more easily embed \u003Ca href=\"http:\u002F\u002Fwww.qualtrics.com\u002F\" rel=\"nofollow ugc\">Qualtrics\u003C\u002Fa> surveys on your WordPress site.\u003C\u002Fp>\n\u003Cp>To embed a Qualtrics survey, simply paste the public URL to your survey on its own line in the editor. WordPress will do the rest.\u003C\u002Fp>\n\u003Cp>You can change the default embed settings on the Settings > Qualtrics Settings page.\u003C\u002Fp>\n","Adds a Qualtrics Embed Handler to WordPress allowing for quick survey embeds.",100,4169,0,"2015-08-10T16:06:00.000Z","4.3.34","2.9.0","",[19,20,21,22],"embed","oembed","qualtrics","surveys","https:\u002F\u002Fgithub.com\u002Fmichaelryanmcneill\u002Fqualtrics-embed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqualtrics-survey-embeds.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,3100,93,2883,74,"2026-04-05T03:04:05.615Z",[37,61,79,102,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":30,"unpatched_count":13,"last_vuln_date":60,"fetched_at":27},"embed-pdf-viewer","Embed PDF Viewer","2.4.8","Andy Fragen","https:\u002F\u002Fprofiles.wordpress.org\u002Fafragen\u002F","\u003Cp>Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an \u003Ccode>iframe\u003C\u002Fcode> tag. The URL only has to be world reachable link. Chrome uses Google Doc Viewer as Chrome seems to automatically rendered embedded JS in PDFs automatically. Uses Google Doc Viewer with mobile.\u003C\u002Fp>\n\u003Cp>Inspired by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdirtysuds-embed-pdf\u002F\" rel=\"ugc\">Embed PDF\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frv-embed-pdf\u002F\" rel=\"ugc\">RV Embed PDF\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Many thanks to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fakirk\" rel=\"nofollow ugc\">Alex Kirk\u003C\u002Fa> for making Embed PDF Viewer compatible with the new block editor.\u003C\u002Fp>\n\u003Cp>Development on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fafragen\u002Fembed-pdf-viewer\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Pull requests are welcome against the \u003Ccode>develop\u003C\u002Fcode> branch.\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cp>Occasionally Google Doc Viewer will not correctly load the PDF. Reloading the page should correct the issue, though this may need to be done several times.\u003C\u002Fp>\n","Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an iframe tag.",20000,307147,94,19,"2026-02-21T16:59:00.000Z","7.0","6.0","7.4",[54,19,20,55,56],"block","pdf","viewer","https:\u002F\u002Fgithub.com\u002Fafragen\u002Fembed-pdf-viewer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-pdf-viewer.2.4.8.zip",99,"2024-12-19 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":17,"tags":76,"homepage":17,"download_link":78,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-embeds","Disable Embeds","1.5.0","Pascal Birchler","https:\u002F\u002Fprofiles.wordpress.org\u002Fswissspidy\u002F","\u003Cp>What this plugin does:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevents others from embedding your site.\u003C\u002Fli>\n\u003Cli>Prevents you from embedding other non-whitelisted sites.\u003C\u002Fli>\n\u003Cli>Disables all JavaScript related to the feature.\u003C\u002Fli>\n\u003Cli>Removes support for the WordPress embed block in the new block editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Just activate the plugin and you’re good to go.\u003C\u002Fp>\n\u003Cp>Want embeds back again? Simply deactivate the plugin.\u003C\u002Fp>\n","Don’t like the enhanced embeds in WordPress 4.4? Easily disable the feature using this plugin.",10000,270545,86,20,"2025-04-08T09:00:00.000Z","6.8.5","4.4",[19,77,20],"embeds","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-embeds.1.5.0.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":69,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":17,"download_link":99,"security_score":11,"vuln_count":100,"unpatched_count":13,"last_vuln_date":101,"fetched_at":27},"embed-privacy","Embed Privacy","1.12.3","epiphyt","https:\u002F\u002Fprofiles.wordpress.org\u002Fepiphyt\u002F","\u003Cp>Content embedded from external sites such as YouTube or Twitter is loaded immediately when visitors access your site. Embed Privacy addresses this issue and prevents the loading of these contents until the visitor decides to allow loading of external content.\u003Cbr \u002F>\nBut Embed Privacy not only protects your visitor’s privacy but also makes your site load faster.\u003C\u002Fp>\n\u003Cp>All embeds will be replaced by placeholders, ready for you to apply style as you wish. With only a couple of lines of CSS.\u003C\u002Fp>\n\u003Cp>By clicking on the placeholder the respective content will then be loaded.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: This plugins requires the PHP extension \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fbook.dom.php\" rel=\"nofollow ugc\">“Document Object Model” (php-dom)\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Embed Privacy prevents the loading of embedded external content and allows your site visitors to opt-in.",531266,98,26,"2026-01-20T16:55:00.000Z","6.9.4","5.9","5.6",[95,96,20,97,98],"gutenberg","iframes","performance","privacy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-privacy.1.12.3.zip",1,"2023-11-18 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":11,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":120,"download_link":121,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"oembed-plus","oEmbed Plus","1.6","Ayesh Karunaratne","https:\u002F\u002Fprofiles.wordpress.org\u002Fayeshrajans\u002F","\u003Cp>Adds support for embedding Facebook and Instagram posts in Block Editor (Gutenberg) and Classic Editor. This feature was removed in WordPress core due to deprecation of legacy APIs WordPress core used.\u003C\u002Fp>\n\u003Cp>Prior to WordPress 5.5.1, WordPress had support to embed Instagram and Facebook photos, videos, notes, quizes, etc in posts created with Block Editor and Classic Editor. However, Facebook removed this legacy API in October 2020, and this plugin implements the new APIs to bring back support for Facebook and Instagram content embedding.\u003C\u002Fp>\n\u003Cp>Note that you will need to register a Facebook developer account and create an app to get API credentials that this plugin uses. There is no coding necessary, but an API key needs to be created and set for the plugin.\u003C\u002Fp>\n\u003Cp>Detailed setup instructions are available in \u003Ca href=\"https:\u002F\u002Fphp.watch\u002Farticles\u002Fwordpress-facebook-instagram-oembed\" rel=\"nofollow ugc\">oEmbed Plus guide at PHP.Watch\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This project is not owned, endorsed, or otherwise affiliated with Facebook Inc. or Instagram LLC.\u003C\u002Fp>\n","Adds support for embedding Facebook and Instagram posts in Block Editor (Gutenberg) and Classic Editor.",4000,108320,7,"2021-07-15T10:24:00.000Z","5.6.17","4.9","7.1",[19,118,119,20],"facebook","instagram","https:\u002F\u002Fphp.watch\u002Farticles\u002Fwordpress-facebook-instagram-oembed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foembed-plus.1.6.zip",{"slug":123,"name":124,"version":125,"author":124,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":72,"last_updated":132,"tested_up_to":91,"requires_at_least":133,"requires_php":52,"tags":134,"homepage":137,"download_link":138,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"embedly","Embedly","4.9.3","https:\u002F\u002Fprofiles.wordpress.org\u002Fembedly\u002F","\u003Cp>Enhance the default WordPress embedding to get previews for any article,\u003Cbr \u002F>\nincluding your own blog posts. You also get embeds for YouTube, Vimeo, Twitch,\u003Cbr \u002F>\nGoogle Maps, and Embedly’s growing list of \u003Ca href=\"https:\u002F\u002Fembed.ly\u002Fproviders\" rel=\"nofollow ugc\">1000+ supported\u003Cbr \u002F>\nproviders\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can customize the style of the embeds, to optimize for darker WP themes,\u003Cbr \u002F>\nalignment, and width. In addition, social buttons can be added around the embeds\u003Cbr \u002F>\nto make it easier to share content from your blog posts.\u003C\u002Fp>\n\u003Cp>If you have an Embedly Cards account, you can link it to the plugin with your Embedly API key. Not only does this remove branding from the cards, it also gives you access to analytics and viewer behaviors for most popular music and video player embeds (YouTube, Vimeo, Instagram, SoundCloud). Find out how many people viewed your embeds for how long. To learn more about Embedly Cards please visit \u003Ca href=\"https:\u002F\u002Fembed.ly\u002Fcards\" rel=\"nofollow ugc\">our website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Using it is as simple as the default WordPress embedding. Embed media by pasting its URL in a single line when writing a post.\u003C\u002Fp>\n\u003Cp>The plugin automatically displays an embed of the media in the WordPress post editor.\u003C\u002Fp>\n\u003Cp>Fair Warning: This plugin generates static HTML content for your posts.  After you deactivate\u003Cbr \u002F>\nthe plugin, that HTML will still remain behind in all posts where the plugin was used to create\u003Cbr \u002F>\nembeds.\u003C\u002Fp>\n","The Embedly Plugin extends WordPress's auto-embed feature to give your blog more media types and style options.",2000,203815,70,"2026-02-20T06:02:00.000Z","5.0",[19,135,20,55,136],"image","video","https:\u002F\u002Fembed.ly\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembedly.4.9.3.zip",{"attackSurface":140,"codeSignals":166,"taintFlows":232,"riskAssessment":233,"analyzedAt":244},{"hooks":141,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[142,147,150,153,159],{"type":143,"name":144,"callback":144,"file":145,"line":146},"action","admin_init","inc\\options.php",57,{"type":143,"name":148,"callback":148,"file":145,"line":149},"admin_notices",58,{"type":143,"name":151,"callback":151,"file":145,"line":152},"admin_enqueue_scripts",59,{"type":154,"name":155,"callback":156,"file":157,"line":158},"filter","qse_register_settings","qse_settings","inc\\settings\\default.php",13,{"type":143,"name":160,"callback":160,"priority":59,"file":161,"line":72},"admin_menu","qualtrics-embed.php",[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":231},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":171,"rawEcho":172,"locations":173},15,28,[174,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229],{"file":145,"line":175,"context":176},125,"raw output",{"file":145,"line":178,"context":176},186,{"file":145,"line":180,"context":176},187,{"file":145,"line":182,"context":176},191,{"file":145,"line":184,"context":176},192,{"file":145,"line":186,"context":176},196,{"file":145,"line":188,"context":176},197,{"file":145,"line":190,"context":176},201,{"file":145,"line":192,"context":176},202,{"file":145,"line":194,"context":176},207,{"file":145,"line":196,"context":176},209,{"file":145,"line":198,"context":176},212,{"file":145,"line":200,"context":176},217,{"file":145,"line":202,"context":176},219,{"file":145,"line":204,"context":176},223,{"file":145,"line":206,"context":176},224,{"file":145,"line":208,"context":176},232,{"file":145,"line":210,"context":176},233,{"file":145,"line":212,"context":176},235,{"file":145,"line":214,"context":176},240,{"file":145,"line":216,"context":176},241,{"file":145,"line":218,"context":176},242,{"file":145,"line":220,"context":176},243,{"file":145,"line":222,"context":176},260,{"file":145,"line":224,"context":176},261,{"file":145,"line":226,"context":176},262,{"file":145,"line":228,"context":176},280,{"file":145,"line":230,"context":176},283,[],[],{"summary":234,"deductions":235},"The \"qualtrics-survey-embeds\" plugin v1.0 exhibits a generally good security posture based on the provided static analysis. It has no recorded CVEs, a clean vulnerability history, and the static analysis reveals no critical or high-severity issues in taint flows.  Furthermore, it has zero identified AJAX handlers, REST API routes, shortcodes, or cron events, indicating a very small attack surface with no immediately apparent entry points.  All identified SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are positive indicators.\n\nHowever, a significant concern arises from the output escaping. With 43 total outputs and only 35% properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This lack of consistent output sanitization means that user-supplied data, if not handled carefully before being displayed, could be maliciously injected and executed in the user's browser.  The absence of nonce and capability checks, while potentially mitigated by the lack of entry points, still represents a missed opportunity for robust security, especially if functionality were to be added or discovered later.\n\nIn conclusion, while the plugin's minimal attack surface and lack of historical vulnerabilities are strengths, the poor output escaping presents a clear and present danger. The vulnerability history shows no past issues, which is a positive sign, but the current code analysis highlights a critical weakness that needs immediate attention to prevent potential security breaches.",[236,239,242],{"reason":237,"points":238},"Low output escaping percentage",8,{"reason":240,"points":241},"Missing nonce checks",5,{"reason":243,"points":241},"Missing capability checks","2026-03-16T20:35:18.476Z",{"wat":246,"direct":253},{"assetPaths":247,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[248],"\u002Fwp-content\u002Fplugins\u002Fqualtrics-survey-embeds\u002Finc\u002Fjs\u002Ftablefix.js",[],[],[252],"qualtrics-survey-embeds\u002Finc\u002Fjs\u002Ftablefix.js?ver=",{"cssClasses":254,"htmlComments":257,"htmlAttributes":258,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":262},[255,256],"wrap","icon32",[],[259],"placeholder",[],[],[]]