[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f28urRJGKTDt04JGn4vGWMeh3BNpuPCvx1yMcJzQkeG4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":76,"crawl_stats":38,"alternatives":83,"analysis":84,"fingerprints":457},"quotes-and-tips","Quotes and Tips by BestWebSoft","1.46","bestwebsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestwebsoft\u002F","\u003Cp>\u003Cstrong>Quotes and Tips\u003C\u002Fstrong> is a lightweight and flexible WordPress plugin that allows you to \u003Cstrong>add, customize, and display quotes and tips\u003C\u002Fstrong> anywhere on your site — posts, pages, widgets, or template files.\u003C\u002Fp>\n\u003Cp>Easily share motivational quotes, helpful tips, testimonials, or custom messages with your audience using a stylish, customizable block. Choose backgrounds, manage content, enable auto-rotation, and much more — no coding needed.\u003C\u002Fp>\n\u003Cp>Start engaging your visitors today with useful and inspirational content!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-quotes-and-tips\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=kSR0mERfxBI\" rel=\"nofollow ugc\">Watch Overview Video\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add unlimited quotes and tips:\n\u003Cul>\n\u003Cli>Include author name and official position\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Create content using the \u003Cstrong>TinyMCE editor\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Insert quotes and tips using shortcode into:\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Widgets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Display random quotes:\n\u003Cul>\n\u003Cli>On page reload\u003C\u002Fli>\n\u003Cli>Dynamically without reload\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>automatic rotation interval\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Customize appearance:\n\u003Cul>\n\u003Cli>Background and text colors\u003C\u002Fli>\n\u003Cli>Background image or \u003Cstrong>video background\u003C\u002Fstrong> [NEW]\u003C\u002Fli>\n\u003Cli>Image repeat: horizontal or vertical\u003C\u002Fli>\n\u003Cli>Image alignment (left\u002Fcenter\u002Fright, top\u002Fcenter\u002Fbottom)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Include quotes in search results using \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fcustom-search\u002F?k=02f29128229d89fbd99d8251200ff455\" rel=\"nofollow ugc\">Custom Search\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Enable email notifications for new quotes\u002Ftips using \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fsender\u002F?k=9e068dce9989e5146fafbf42ee471f54\" rel=\"nofollow ugc\">Sender plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Add or remove \u003Cstrong>quotation marks\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Insert custom code via plugin settings\u003C\u002Fli>\n\u003Cli>Easy to use — no coding required\u003C\u002Fli>\n\u003Cli>Fully compatible with the latest WordPress version\u003C\u002Fli>\n\u003Cli>RTL and multilingual ready\u003C\u002Fli>\n\u003Cli>Clean and responsive layout\u003C\u002Fli>\n\u003Cli>Includes step-by-step documentation and videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All Free features included, plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Resize the quotes block\u003C\u002Fli>\n\u003Cli>Import\u002Fexport quotes and tips\u003C\u002Fli>\n\u003Cli>Edit author position style\u003C\u002Fli>\n\u003Cli>Add a \u003Cstrong>button to switch quotes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Gutenberg block support\u003C\u002Fli>\n\u003Cli>Priority support — response within 1 business day (\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fsupport-policy\u002F\" rel=\"nofollow ugc\">Support Policy\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fquotes-and-tips\u002F?k=6cc239b8b3f5357ca53ad8ce19bf4c2d\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Have an idea or feature request? \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Let us know!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fquotes-and-tips\u002Fquotes-and-tips-user-guide\u002F\" rel=\"nofollow ugc\">User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-install-a-wordpress-product\u002Fhow-to-install-a-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Installation Instructions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=tEOjkZrwdNA\" rel=\"nofollow ugc\">Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Need help? Visit our \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">Help Center\u003C\u002Fa> — our team is here to assist you.\u003C\u002Fp>\n\u003Ch4>Affiliate Program\u003C\u002Fh4>\n\u003Cp>Earn 20% commission by promoting BestWebSoft plugins and themes.\u003Cbr \u002F>\nJoin here: https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>German (de_DE) — thanks to Arnold Montjoie  \u003C\u002Fli>\n\u003Cli>Hebrew (he_IL) — thanks to Sagive SEO  \u003C\u002Fli>\n\u003Cli>Hungarian (hu_HU) — thanks to Peter Aprily (\u003Ca href=\"http:\u002F\u002Fwww.aprily.com\" rel=\"nofollow ugc\">www.aprily.com\u003C\u002Fa>)  \u003C\u002Fli>\n\u003Cli>Russian (ru_RU)  \u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Want to help improve translations or add a new one?\u003Cbr \u002F>\nSend us your PO and MO files via \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">this form\u003C\u002Fa>.\u003Cbr \u002F>\nGet \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">Poedit\u003C\u002Fa> to get started.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=e8f05fa90cedfd3a96483e8f0ca60ab5\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically update WordPress core, themes, and plugins.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fcustom-search\u002F?k=02f29128229d89fbd99d8251200ff455\" rel=\"nofollow ugc\">Custom Search\u003C\u002Fa> – Add custom post types and taxonomies to search results.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add quotes and tips to posts, pages, and widgets. Customize design, rotation, and display using shortcodes or blocks.",1000,58251,90,11,"2025-12-03T11:31:00.000Z","6.9.4","5.6","",[20,21,22,23,24],"add-quotes","create-quotes","display-quotes","publish-quotes","quote-label","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fquotes-and-tips\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquotes-and-tips.1.46.zip",97,3,0,"2024-06-21 00:00:00","2026-03-15T15:16:48.613Z",[33,49,65],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-3112","quotes-and-tips-by-bestwebsoft-authenticated-admin-arbitrary-file-upload","Quotes and Tips by BestWebSoft \u003C= 1.44 - Authenticated (Admin+) Arbitrary File Upload","The Quotes and Tips by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_options() function in all versions up to, and including, 1.44. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.",null,"\u003C=1.44","1.45","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2024-08-09 17:16:43",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3b5f1a1e-8066-4f20-af36-a778e50a3f64?source=api-prod",50,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64},"WF-7c307d66-11f9-4593-9ada-252d034fd421-quotes-and-tips","quotes-and-tips-by-bestwebsoft-reflected-cross-site-scripting","Quotes and Tips by BestWebSoft \u003C 1.3.2 - Reflected Cross-Site Scripting","The Quotes and Tips by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘category’ parameter in versions before 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C1.3.2","1.3.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2017-04-12 00:00:00","2024-01-22 19:56:02",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7c307d66-11f9-4593-9ada-252d034fd421?source=api-prod",2477,{"id":66,"url_slug":67,"title":68,"description":69,"plugin_slug":4,"theme_slug":38,"affected_versions":70,"patched_in_version":71,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":72,"updated_date":61,"references":73,"days_to_patch":75},"CVE-2015-9385","quotes-and-tips-by-bestwebsoft-cross-site-scripting","Quotes and Tips by BestWebSoft \u003C 1.20 - Cross-Site Scripting","The quotes-and-tips plugin before 1.20 for WordPress has XSS.","\u003C1.20","1.20","2015-10-03 00:00:00",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc942fd74-7a2d-43ec-9806-cdfe21a83149?source=api-prod",3034,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":77,"total_installs":78,"avg_security_score":79,"avg_patch_time_days":80,"trust_score":81,"computed_at":82},17,207410,95,1729,76,"2026-04-04T03:51:16.009Z",[],{"attackSurface":85,"codeSignals":257,"taintFlows":327,"riskAssessment":446,"analyzedAt":456},{"hooks":86,"ajaxHandlers":224,"restRoutes":240,"shortcodes":241,"cronEvents":252,"entryPointCount":255,"unprotectedCount":256},[87,94,98,102,107,111,115,119,124,129,134,137,140,144,148,152,155,159,163,166,170,174,177,179,182,186,190,194,198,202,205,209,213,217,220],{"type":88,"name":89,"callback":90,"priority":91,"file":92,"line":93},"filter","load_textdomain_mofile","bws_get_mofile",10,"bws_menu\\bws_functions.php",43,{"type":88,"name":95,"callback":96,"file":92,"line":97},"mce_external_plugins","bws_add_buttons",1294,{"type":88,"name":99,"callback":100,"file":92,"line":101},"mce_buttons","bws_register_buttons",1295,{"type":103,"name":104,"callback":105,"file":92,"line":106},"action","admin_init","bws_plugins_admin_init",1581,{"type":103,"name":108,"callback":109,"file":92,"line":110},"admin_enqueue_scripts","bws_admin_enqueue_scripts",1582,{"type":103,"name":112,"callback":113,"file":92,"line":114},"admin_head","bws_plugins_admin_head",1583,{"type":103,"name":116,"callback":117,"file":92,"line":118},"admin_footer","bws_plugins_admin_footer",1584,{"type":103,"name":120,"callback":121,"priority":122,"file":92,"line":123},"admin_notices","bws_admin_notices",30,1586,{"type":103,"name":125,"callback":126,"priority":127,"file":92,"line":128},"wp_enqueue_scripts","bws_enqueue_custom_code_css_js",20,1588,{"type":103,"name":130,"callback":131,"file":132,"line":133},"load-post.php","qtsndtps_add_tabs","quotes-and-tips.php",56,{"type":103,"name":135,"callback":131,"file":132,"line":136},"load-edit.php",57,{"type":103,"name":138,"callback":131,"file":132,"line":139},"load-post-new.php",58,{"type":88,"name":141,"callback":142,"file":132,"line":143},"manage_quote_posts_columns","qtsndtps_quote_change_columns",181,{"type":103,"name":145,"callback":146,"priority":91,"file":132,"line":147},"manage_quote_posts_custom_column","qtsndtps_custom_columns",182,{"type":88,"name":149,"callback":150,"file":132,"line":151},"manage_tips_posts_columns","qtsndtps_tips_change_columns",183,{"type":103,"name":153,"callback":146,"priority":91,"file":132,"line":154},"manage_tips_posts_custom_column",184,{"type":103,"name":156,"callback":157,"file":132,"line":158},"admin_menu","add_qtsndtps_admin_menu",1755,{"type":103,"name":160,"callback":161,"file":132,"line":162},"init","qtsndtps_plugin_init",1757,{"type":103,"name":104,"callback":164,"file":132,"line":165},"qtsndtps_plugin_admin_init",1758,{"type":103,"name":167,"callback":168,"file":132,"line":169},"plugins_loaded","qtsndtps_plugins_loaded",1759,{"type":103,"name":171,"callback":172,"file":132,"line":173},"wp_head","qtsndtps_print_style_script",1761,{"type":103,"name":108,"callback":175,"file":132,"line":176},"qtsndtps_wp_head",1762,{"type":103,"name":125,"callback":175,"file":132,"line":178},1763,{"type":103,"name":125,"callback":180,"file":132,"line":181},"qtsndtps_enqueue_scripts",1767,{"type":103,"name":183,"callback":184,"file":132,"line":185},"save_post","qtsndtps_save_custom_quote",1769,{"type":103,"name":187,"callback":188,"file":132,"line":189},"qtsndtps_update_quotes_tips_daily","qtsndtps_update_quotes_tips",1775,{"type":88,"name":191,"callback":192,"file":132,"line":193},"bws_shortcode_button_content","qtsndtps_shortcode_button_content",1778,{"type":88,"name":195,"callback":196,"priority":91,"file":132,"line":197},"plugin_row_meta","qtsndtps_register_plugin_links",1780,{"type":88,"name":199,"callback":200,"priority":91,"file":132,"line":201},"plugin_action_links","qtsndtps_plugin_action_links",1782,{"type":103,"name":120,"callback":203,"file":132,"line":204},"qtsndtps_admin_notices",1784,{"type":88,"name":206,"callback":207,"file":132,"line":208},"mce_buttons_2","qtsndtps_show_font_selector",1786,{"type":88,"name":210,"callback":211,"file":132,"line":212},"manage_edit-quotes_categories_columns","qtsndtps_add_column",1788,{"type":88,"name":214,"callback":215,"priority":91,"file":132,"line":216},"manage_quotes_categories_custom_column","qtsndtps_quotes_fill_column",1790,{"type":88,"name":218,"callback":211,"file":132,"line":219},"manage_edit-tips_categories_columns",1792,{"type":88,"name":221,"callback":222,"priority":91,"file":132,"line":223},"manage_tips_categories_custom_column","qtsndtps_tips_fill_column",1794,[225,231,235,238],{"action":226,"nopriv":227,"callback":226,"hasNonce":228,"hasCapCheck":227,"file":229,"line":230},"bws_submit_request_feature_action",false,true,"bws_menu\\class-bws-settings.php",1466,{"action":232,"nopriv":227,"callback":232,"hasNonce":228,"hasCapCheck":227,"file":233,"line":234},"bws_submit_uninstall_reason_action","bws_menu\\deactivation-form.php",433,{"action":236,"nopriv":227,"callback":236,"hasNonce":227,"hasCapCheck":227,"file":132,"line":237},"qtsndtps_change_block",1765,{"action":236,"nopriv":228,"callback":236,"hasNonce":227,"hasCapCheck":227,"file":132,"line":239},1766,[],[242,246,249],{"tag":243,"callback":244,"file":132,"line":245},"quotes_and_tips","qtsndtps_create_tip_quote_block",1771,{"tag":247,"callback":244,"file":132,"line":248},"print_qts",1772,{"tag":250,"callback":244,"file":132,"line":251},"print_tps",1773,[253],{"hook":187,"callback":187,"file":132,"line":254},114,7,2,{"dangerousFunctions":258,"sqlUsage":259,"outputEscaping":267,"fileOperations":323,"externalRequests":324,"nonceChecks":325,"capabilityChecks":260,"bundledLibraries":326},[],{"prepared":260,"raw":256,"locations":261},4,[262,265],{"file":92,"line":263,"context":264},1558,"$wpdb->get_col() with variable interpolation",{"file":132,"line":266,"context":264},1596,{"escaped":268,"rawEcho":269,"locations":270},633,24,[271,274,276,278,280,283,285,287,289,291,293,295,297,299,301,303,305,308,311,313,315,317,319,321],{"file":92,"line":272,"context":273},170,"raw output",{"file":92,"line":275,"context":273},189,{"file":92,"line":277,"context":273},191,{"file":92,"line":279,"context":273},216,{"file":281,"line":282,"context":273},"bws_menu\\bws_menu.php",589,{"file":281,"line":284,"context":273},674,{"file":281,"line":286,"context":273},678,{"file":281,"line":288,"context":273},681,{"file":281,"line":290,"context":273},765,{"file":229,"line":292,"context":273},555,{"file":229,"line":294,"context":273},581,{"file":229,"line":296,"context":273},920,{"file":229,"line":298,"context":273},1203,{"file":229,"line":300,"context":273},1205,{"file":229,"line":302,"context":273},1207,{"file":229,"line":304,"context":273},1210,{"file":306,"line":307,"context":273},"bws_menu\\deprecated.php",131,{"file":309,"line":310,"context":273},"includes\\class-qtsndtps-settings.php",515,{"file":309,"line":312,"context":273},646,{"file":309,"line":314,"context":273},687,{"file":132,"line":316,"context":273},660,{"file":132,"line":318,"context":273},877,{"file":132,"line":320,"context":273},1408,{"file":132,"line":322,"context":273},1437,5,6,25,[],[328,362,376,386,394,404,412,424,435],{"entryPoint":329,"graph":330,"unsanitizedCount":29,"severity":361},"bws_add_menu_render (bws_menu\\bws_menu.php:18)",{"nodes":331,"edges":357},[332,337,343,347,350,354],{"id":333,"type":334,"label":335,"file":281,"line":336},"n0","source","$_GET (x14)",27,{"id":338,"type":339,"label":340,"file":281,"line":341,"wp_function":342},"n1","sink","echo() [XSS]",374,"echo",{"id":344,"type":334,"label":345,"file":281,"line":346},"n2","$_POST (x2)",101,{"id":348,"type":339,"label":340,"file":281,"line":349,"wp_function":342},"n3",424,{"id":351,"type":334,"label":352,"file":281,"line":353},"n4","$_REQUEST (x2)",288,{"id":355,"type":339,"label":340,"file":281,"line":356,"wp_function":342},"n5",468,[358,359,360],{"from":333,"to":338,"sanitized":228},{"from":344,"to":348,"sanitized":228},{"from":351,"to":355,"sanitized":228},"low",{"entryPoint":363,"graph":364,"unsanitizedCount":29,"severity":361},"\u003Cbws_menu> (bws_menu\\bws_menu.php:0)",{"nodes":365,"edges":372},[366,367,368,369,370,371],{"id":333,"type":334,"label":335,"file":281,"line":336},{"id":338,"type":339,"label":340,"file":281,"line":341,"wp_function":342},{"id":344,"type":334,"label":345,"file":281,"line":346},{"id":348,"type":339,"label":340,"file":281,"line":349,"wp_function":342},{"id":351,"type":334,"label":352,"file":281,"line":353},{"id":355,"type":339,"label":340,"file":281,"line":356,"wp_function":342},[373,374,375],{"from":333,"to":338,"sanitized":228},{"from":344,"to":348,"sanitized":228},{"from":351,"to":355,"sanitized":228},{"entryPoint":377,"graph":378,"unsanitizedCount":29,"severity":361},"display_tabs (bws_menu\\class-bws-settings.php:291)",{"nodes":379,"edges":384},[380,383],{"id":333,"type":334,"label":381,"file":229,"line":382},"$_REQUEST['bws_active_tab']",301,{"id":338,"type":339,"label":340,"file":229,"line":382,"wp_function":342},[385],{"from":333,"to":338,"sanitized":228},{"entryPoint":387,"graph":388,"unsanitizedCount":29,"severity":361},"\u003Cclass-bws-settings> (bws_menu\\class-bws-settings.php:0)",{"nodes":389,"edges":392},[390,391],{"id":333,"type":334,"label":381,"file":229,"line":382},{"id":338,"type":339,"label":340,"file":229,"line":382,"wp_function":342},[393],{"from":333,"to":338,"sanitized":228},{"entryPoint":395,"graph":396,"unsanitizedCount":29,"severity":361},"bws_go_pro_tab_show (bws_menu\\deprecated.php:227)",{"nodes":397,"edges":402},[398,400],{"id":333,"type":334,"label":345,"file":306,"line":399},229,{"id":338,"type":339,"label":340,"file":306,"line":401,"wp_function":342},269,[403],{"from":333,"to":338,"sanitized":228},{"entryPoint":405,"graph":406,"unsanitizedCount":29,"severity":361},"\u003Cdeprecated> (bws_menu\\deprecated.php:0)",{"nodes":407,"edges":410},[408,409],{"id":333,"type":334,"label":345,"file":306,"line":399},{"id":338,"type":339,"label":340,"file":306,"line":401,"wp_function":342},[411],{"from":333,"to":338,"sanitized":228},{"entryPoint":413,"graph":414,"unsanitizedCount":29,"severity":361},"qtsndtps_csv_upload (quotes-and-tips.php:671)",{"nodes":415,"edges":422},[416,419],{"id":333,"type":334,"label":417,"file":132,"line":418},"$_FILES",675,{"id":338,"type":339,"label":420,"file":132,"line":286,"wp_function":421},"file_get_contents() [SSRF\u002FLFI]","file_get_contents",[423],{"from":333,"to":338,"sanitized":228},{"entryPoint":425,"graph":426,"unsanitizedCount":29,"severity":361},"qtsndtps_change_block (quotes-and-tips.php:1233)",{"nodes":427,"edges":433},[428,431],{"id":333,"type":334,"label":429,"file":132,"line":430},"$_POST",1236,{"id":338,"type":339,"label":340,"file":132,"line":432,"wp_function":342},1238,[434],{"from":333,"to":338,"sanitized":228},{"entryPoint":436,"graph":437,"unsanitizedCount":29,"severity":361},"\u003Cquotes-and-tips> (quotes-and-tips.php:0)",{"nodes":438,"edges":443},[439,440,441,442],{"id":333,"type":334,"label":417,"file":132,"line":418},{"id":338,"type":339,"label":420,"file":132,"line":286,"wp_function":421},{"id":344,"type":334,"label":429,"file":132,"line":430},{"id":348,"type":339,"label":340,"file":132,"line":432,"wp_function":342},[444,445],{"from":333,"to":338,"sanitized":228},{"from":344,"to":348,"sanitized":228},{"summary":447,"deductions":448},"The \"quotes-and-tips\" plugin v1.46 exhibits a mixed security posture.  On the positive side, the plugin demonstrates strong adherence to secure coding practices in many areas. The vast majority of output is properly escaped, and a significant percentage of SQL queries utilize prepared statements. Furthermore, the presence of numerous nonce and capability checks suggests an effort to protect against common WordPress attacks.  Crucially, there are no currently unpatched CVEs, and the taint analysis shows no critical or high severity flows with unsanitized paths, indicating that direct code execution or privilege escalation vulnerabilities are not immediately apparent from this analysis.\n\nHowever, several concerns warrant attention. The presence of two unprotected AJAX handlers represents a significant attack surface that could be exploited by unauthenticated users. While no dangerous functions were identified in static analysis and taint analysis is clean, the historical vulnerability data reveals a pattern of past security issues, including Cross-site Scripting and Unrestricted File Uploads. The recurrence of these common vulnerability types suggests potential recurring weaknesses in how user-supplied data is handled or how file operations are secured, even if current versions don't explicitly show these in the taint analysis. The existence of these past issues, even if patched, highlights a need for ongoing vigilance and thorough security audits.\n\nIn conclusion, \"quotes-and-tips\" v1.46 has made improvements in its security implementation, particularly in output escaping and SQL querying. The absence of critical taint issues and unpatched CVEs is reassuring. Nevertheless, the unprotected AJAX endpoints pose a clear and present risk, and the plugin's history of past vulnerabilities, especially those related to XSS and file uploads, indicates that developers should remain cautious and ensure robust input validation and authorization are consistently applied across all entry points.",[449,451,454],{"reason":450,"points":91},"Unprotected AJAX handlers",{"reason":452,"points":453},"History of High severity CVEs",15,{"reason":455,"points":91},"History of Medium severity CVEs","2026-03-16T18:51:41.635Z",{"wat":458,"direct":471},{"assetPaths":459,"generatorPatterns":464,"scriptPaths":465,"versionParams":466},[460,461,462,463],"\u002Fwp-content\u002Fplugins\u002Fquotes-and-tips\u002Fcss\u002Fquotes-and-tips-public.css","\u002Fwp-content\u002Fplugins\u002Fquotes-and-tips\u002Fcss\u002Fquotes-and-tips-admin.css","\u002Fwp-content\u002Fplugins\u002Fquotes-and-tips\u002Fjs\u002Fquotes-and-tips-public.js","\u002Fwp-content\u002Fplugins\u002Fquotes-and-tips\u002Fjs\u002Fquotes-and-tips-admin.js",[],[],[467,468,469,470],"quotes-and-tips\u002Fcss\u002Fquotes-and-tips-public.css?ver=","quotes-and-tips\u002Fcss\u002Fquotes-and-tips-admin.css?ver=","quotes-and-tips\u002Fjs\u002Fquotes-and-tips-public.js?ver=","quotes-and-tips\u002Fjs\u002Fquotes-and-tips-admin.js?ver=",{"cssClasses":472,"htmlComments":476,"htmlAttributes":478,"restEndpoints":481,"jsGlobals":482,"shortcodeOutput":484},[473,474,475],"qtsndtps-wrapper","qtsndtps-content","qtsndtps-author",[477],"\u003C!-- Quotes and Tips by BestWebSoft -->",[479,480],"data-qtsndtps-id","data-qtsndtps-type",[],[483],"qtsndtps_params",[485,486,487],"[quotes-and-tips]","[qtsndtps_quote]","[qtsndtps_tip]"]