[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgk6xwCuuWJBZoZLzf2IZcOkdgHLX43KaZBBjrtgMEy0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":16,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":149,"fingerprints":246},"raw-html-snippets","Raw HTML Snippets","2.0.4","Andy Stratton","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheandystratton\u002F","\u003Cp>Create a library of raw HTML snippets that you can easily insert into any page\u002Fpost content using a shortcode:\u003C\u002Fp>\n\u003Cp>[raw_html_snippet id=”my-snippet”]\u003C\u002Fp>\n\u003Cp>Snippets consist of a unique ID (e.g. “my-snippet”) and raw HTML code. This plugin was written to stop using hacks that override WordPress’ core content filters and affect shortcode output.\u003C\u002Fp>\n\u003Cp>This plugin will NOT taint your content or the output of other shortcodes. If you delete a snippet, any existing shortcodes with that snipet’s ID will output an empty string.\u003C\u002Fp>\n\u003Cp>Remember, this allows you to output raw HTML. Use at your own risk. It will not check for malicious HTML\u002FCSS\u002FJavascript!\u003C\u002Fp>\n","Create a library of raw HTML snippets that you can easily insert into any page\u002Fpost content using a shortcode.",2000,41050,94,11,"2023-07-31T18:12:00.000Z","","2.6",[19,20,21,22],"autoformatting","embed-html","html","raw-html","http:\u002F\u002Ftheandystratton.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraw-html-snippets.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"theandystratton",4,2240,2,90,"2026-04-04T15:12:18.984Z",[38,59,78,103,126],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":34,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":16,"download_link":58,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ace-html-block","ACE HTML Block","1.0.1","willdelphia","https:\u002F\u002Fprofiles.wordpress.org\u002Fwilldelphia\u002F","\u003Cp>Registers a raw html block which uses the ACE Editor. Features include syntax highligting, line numbers, indentation, and HTML validation.\u003C\u002Fp>\n\u003Cp>Any HTML markup included in your block will be interpreted and rendered on your user-facing page or post just like the core “Custom HTML” block. This plugin is not for embedding pretty markup on your front-end site, rather it is for those developers that need to include raw HTML in their pages or posts and want to improve the readability of their HTML snippets and have a better in-browser code editing experience.\u003C\u002Fp>\n\u003Ch3>To Use:\u003C\u002Fh3>\n\u003Cp>Create a new block in the editor and look for “ACE HTML Block” in the Formatting section. It has a heart icon.\u003C\u002Fp>\n\u003Ch3>Note on block transforms:\u003C\u002Fh3>\n\u003Cp>There (hopefully) may come a time in the future when WordPress introduces native syntax highlighting on core “Custom HTML” blocks. This block is configured to transform to (and from) the core HTML block so the transition away from this plugin will be easy if you ever want to disable it.  To transform this block click on the heart icon in the upper left corner of the block and select “Custom HTML” from the dropdown menu.\u003C\u002Fp>\n\u003Ch3>Thanks:\u003C\u002Fh3>\n\u003Cp>Under the hood it uses \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsecuringsincity\u002Freact-ace\" rel=\"nofollow ugc\">react-ace\u003C\u002Fa>.\u003C\u002Fp>\n","Registers a raw html block which uses the ACE Editor. Features include syntax highligting, line numbers, indentation, and HTML validation.",50,2839,100,"2019-02-06T23:26:00.000Z","5.1.22","5.0","5.2.4",[54,55,56,22,57],"ace-editor","block","html-block","syntax-highlighting","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Face-html-block.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":26,"num_ratings":26,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":16,"download_link":77,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"custom-html-js-shortcodes-by-anwppro","Custom HTML & JS Shortcodes by AnWP.pro","0.2.1","anwppro","https:\u002F\u002Fprofiles.wordpress.org\u002Fanwppro\u002F","\u003Cp>Easily create custom HTML and Javascript shortcodes. Syntax highlighting and revisions support.\u003C\u002Fp>\n\u003Ch4>How to Use\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the \u003Cstrong>HTML Shortcodes\u003C\u002Fstrong> and click \u003Cstrong>Add new shortcode\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Add your HTML or JS code to the editor field. Publish shortcode.\u003C\u002Fli>\n\u003Cli>Copy ready-to-use shortcode (from \u003Cstrong>Shortcode\u003C\u002Fstrong> sidebar metabox or from \u003Cstrong>Shortcode\u003C\u002Fstrong> column in the admin list ) and paste it to your post or page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The plugin requires PHP version 5.4 or greater and WordPress 4.9 or greater.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creating custom html or js shortcodes as custom post types\u003C\u002Fli>\n\u003Cli>Inserting shortcode by id or title\u003C\u002Fli>\n\u003Cli>Syntax highlighting ( embed CodeMirror editor )\u003C\u002Fli>\n\u003Cli>Revisions support ( history of your shortcode )\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily create custom HTML and Javascript shortcodes. Syntax highlighting and revisions support.",10,1496,"2018-02-25T12:48:00.000Z","4.9.29","4.9","5.4",[74,22,75,76],"custom-shortcodes","short-code","shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-html-js-shortcodes-by-anwppro.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":51,"tags":93,"homepage":99,"download_link":100,"security_score":88,"vuln_count":101,"unpatched_count":26,"last_vuln_date":102,"fetched_at":28},"google-sitemap-generator","XML Sitemap Generator for Google","4.1.23","Auctollo","https:\u002F\u002Fprofiles.wordpress.org\u002Fauctollo\u002F","\u003Cp>Generate XML and HTML sitemaps for your website with ease using the XML Sitemap Generator for Google. This plugin enables you to improve your SEO rankings by creating page, image, news, video, HTML, and RSS sitemaps. It also supports custom post types and taxonomies, allowing you to ensure that all of your content is being indexed by search engines. With a user-friendly interface, you can easily configure the plugin to suit your needs and generate sitemaps in just a few clicks. Keep your website up-to-date and make sure that search engines are aware of all of your content by using the XML Sitemap Generator for Google.\u003C\u002Fp>\n\u003Cp>The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.\u003C\u002Fp>\n\u003Cp>Supported for more than a decade and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbrowse\u002Fpopular\u002Fpage\u002F2\u002F#:~:text=XML%20Sitemap%20Generator%20for%20Google\" rel=\"ugc\">rated among the best\u003C\u002Fa>, it will do exactly what it’s supposed to do – providing a complete XML sitemap for search engines!\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>If you like the plugin, feel free to rate it! 🙂\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Related Links:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fread-before-opening-a-new-support-topic\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial site.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>The plugin comes with various translations, please refer to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FInstalling_WordPress_in_Your_Language\" title=\"Installing WordPress in Your Language\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa> for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the sitemap.pot file which contains all definitions and may be used with a \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fsoftware\u002Fgettext\u002F\" rel=\"nofollow ugc\">gettext\u003C\u002Fa> editor like \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002F\" rel=\"nofollow ugc\">Poedit\u003C\u002Fa> (Windows).\u003C\u002Fp>\n","Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.",1000000,42745610,96,2229,"2026-02-07T04:58:00.000Z","6.9.4","4.6",[94,95,96,97,98],"html-sitemap","news-sitemap","seo","video-sitemap","xml-sitemap","https:\u002F\u002Fauctollo.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-sitemap-generator.4.1.23.zip",3,"2025-10-31 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":88,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":16,"tags":117,"homepage":122,"download_link":123,"security_score":48,"vuln_count":124,"unpatched_count":26,"last_vuln_date":125,"fetched_at":28},"wp-sitemap-page","WP Sitemap Page","1.9.5","Tony Archambeau","https:\u002F\u002Fprofiles.wordpress.org\u002Ffunnycat\u002F","\u003Cp>An easy way to \u003Cstrong>add a sitemap\u003C\u002Fstrong> on one of your pages becomes reality thanks to this WordPress plugin. Just use the shortcode [wp_sitemap_page] on any of your pages. This will automatically generate a sitemap of all your pages and posts.\u003C\u002Fp>\n\u003Cp>Be carefull, this plugin do not generate an XML sitemap. It only allow you to list all your pages and posts on a single page. This is a sitemap for human not for search engines bots.\u003C\u002Fp>\n\u003Ch4>Why this plugin is useful?\u003C\u002Fh4>\n\u003Cp>Such a sitemap is useful for many reasons:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy navigation\u003C\u002Fstrong> for the users. They can find easily pages or previous posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Improve the SEO\u003C\u002Fstrong> of a website\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Current features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display all pages, posts and categories\u003C\u002Fli>\n\u003Cli>Display the Custom Post Type (such as: “event”, “book” …)\u003C\u002Fli>\n\u003Cli>Display the taxonomies\u003C\u002Fli>\n\u003Cli>Display only one kind of content using the attribute “only”, like \u003Ccode>[wp_sitemap_page only=\"page\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Possibility to customize the way it will be displayed through the admin panel\u003C\u002Fli>\n\u003Cli>Possibility to exclude some pages or some Custom Post Type (CPT)\u003C\u002Fli>\n\u003Cli>Posts and categories displayed hierarchically\u003C\u002Fli>\n\u003Cli>Has CSS class to customize it if you want\u003C\u002Fli>\n\u003Cli>Available in multi-languages (cf. English, French, Russian, Italian, Spanish, Dutch, Czech, Persian …). You can add your own translation if you want\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Want a WordPress developer? Want to add a translation? Feel free to \u003Ca href=\"http:\u002F\u002Fen.tonyarchambeau.com\u002Fcontact.html\" rel=\"nofollow ugc\">contact me\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>How to uninstall WP Sitemap Page\u003C\u002Fh3>\n\u003Cp>To uninstall WP Sitemap Page, you just have to de-activate the plugin from the plugins list.\u003C\u002Fp>\n","Add a sitemap on any of your page using the simple shortcode [wp_sitemap_page]. Improve the SEO and navigation of your website.",300000,3403865,205,"2025-04-15T20:10:00.000Z","6.8.5","3.0",[118,94,119,120,121],"generator","page-list","site-map","sitemap","http:\u002F\u002Ftonyarchambeau.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sitemap-page.zip",1,"2021-09-07 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":91,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":146,"download_link":147,"security_score":136,"vuln_count":34,"unpatched_count":26,"last_vuln_date":148,"fetched_at":28},"shortcoder","Shortcoder — Create Shortcodes for Anything","6.5.2","vaakash","https:\u002F\u002Fprofiles.wordpress.org\u002Fvaakash\u002F","\u003Cp>Shortcoder plugin allows to create a custom shortcodes for HTML, JavaScript, CSS and other code snippets. Now the shortcodes can be used in posts\u002Fpages and the snippet will be replaced in place.\u003C\u002Fp>\n\u003Ch3>✍ Create shortcodes easily\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Give a name for the shortcode\u003C\u002Fli>\n\u003Cli>Paste the HTML\u002FJavaScript\u002FCSS as shortcode content\u003C\u002Fli>\n\u003Cli>Save !\u003C\u002Fli>\n\u003Cli>Now insert the shortcode \u003Ccode>[sc name=\"my_shortcode\"]\u003C\u002Fcode> in your post\u002Fpage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Voila !\u003C\u002Fstrong> You got the HTML\u002FJavascript\u002FCSS in your post.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>✨ Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create \u003Cstrong>custom shortcodes\u003C\u002Fstrong> easily and use them in any place where shortcode is supported.\u003C\u002Fli>\n\u003Cli>Have any \u003Cstrong>HTML\u003C\u002Fstrong>, \u003Cstrong>Javascript\u003C\u002Fstrong>, \u003Cstrong>CSS\u003C\u002Fstrong> as Shortcode content.\u003C\u002Fli>\n\u003Cli>Insert: \u003Cstrong>Custom parameters\u003C\u002Fstrong> in shortcode\u003C\u002Fli>\n\u003Cli>Insert: \u003Cstrong>WordPress parameters\u003C\u002Fstrong> in shortcode\u003C\u002Fli>\n\u003Cli>Multiple editors: Code, Visual and text modes.\u003C\u002Fli>\n\u003Cli>Globally disable the shortcode when not needed.\u003C\u002Fli>\n\u003Cli>Disable shortcode on desktop, mobile devices.\u003C\u002Fli>\n\u003Cli>A button in post editor to pick the shortcodes to insert.\u003C\u002Fli>\n\u003Cli>Execute blocks HTML in shortcode content.\u003C\u002Fli>\n\u003Cli>Insert shortcodes in Gutenberg\u002Fblock editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎲 An example usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create a shortcode named “adsenseAd” in the Shortcoder admin page.\u003C\u002Fli>\n\u003Cli>Paste the adsense code in the box given and save it.\u003C\u002Fli>\n\u003Cli>Use \u003Ccode>[sc name=\"adsenseAd\"]\u003C\u002Fcode> in your posts and pages.\u003C\u002Fli>\n\u003Cli>Tada !!! the ad code is replaced and it appears in the post.\u003C\u002Fli>\n\u003Cli>Now you can edit the ad code at one place and the code is updated in all the locations where the shortcode is used.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Similarly shortcodes can be created for frequently used snippets.\u003C\u002Fp>\n\u003Cp>You can also add \u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fdocs\u002Fshortcoder\u002F\" rel=\"nofollow ugc\">custom parameters\u003C\u002Fa> (like \u003Ccode>%%id%%\u003C\u002Fcode>) inside the snippets, and change it’s value like \u003Ccode>[sc name=\"youtube\" id=\"GrlRADfvjII\"]\u003C\u002Fcode> when using them.\u003C\u002Fp>\n\u003Ch3>🧱 Using in block editor\u003C\u002Fh3>\n\u003Cp>Though shortcodes can be used in \u003Cstrong>any\u003C\u002Fstrong> place manually, Shortcoder provides below options to select and insert the shortcodes created easily when working with the block editor.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shortcoder block\u003C\u002Fli>\n\u003Cli>Toolbar button to select and insert shortcodes inline (under “more”)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to PRO\u003C\u002Fh3>\n\u003Cp>Shortcoder also provides a \u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fwordpress-plugins\u002Fshortcoder\u002F\" rel=\"nofollow ugc\">PRO version\u003C\u002Fa> which has additional features to further enhance the experience. Below features are offered in the PRO version.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom editor\u003C\u002Fstrong> – Edit Shortcode content using block editor or page builder plugins like Elementor and WPBakery.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>(New) Translation with WPML\u003C\u002Fstrong> – Translate Shortcode content with WPML.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Revisions\u003C\u002Fstrong> – Revisions support for Shortcode content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Locate shortcode\u003C\u002Fstrong> – Search posts and pages where a shortcode is used.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extra code\u003C\u002Fstrong> – Include extra code to the footer when a shortcode is used in a page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fwordpress-plugins\u002Fshortcoder\u002F\" rel=\"nofollow ugc\">Get started with Shortcoder – PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fdocs\u002Fshortcoder\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fdocs\u002Fshortcoder\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fforum\u002F\" rel=\"nofollow ugc\">Support forum\u002FReport bugs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.aakashweb.com\u002Fwordpress-plugins\u002Fshortcoder\u002F#pro\" rel=\"nofollow ugc\">PRO features\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create custom \"Shortcodes\" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets",100000,1888190,98,225,"2026-03-01T17:44:00.000Z","4.9.0","5.3",[142,21,143,144,145],"code","javascript","shortcode","snippets","https:\u002F\u002Fwww.aakashweb.com\u002Fwordpress-plugins\u002Fshortcoder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcoder.6.5.2.zip","2026-01-09 00:00:00",{"attackSurface":150,"codeSignals":156,"taintFlows":191,"riskAssessment":234,"analyzedAt":245},{"hooks":151,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":26,"unprotectedCount":26},[],[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":190},[],{"prepared":26,"raw":26,"locations":159},[],{"escaped":14,"rawEcho":161,"locations":162},13,[163,167,169,171,173,175,177,178,180,182,184,186,188],{"file":164,"line":165,"context":166},"raw-html-snippets.php",134,"raw output",{"file":164,"line":168,"context":166},136,{"file":164,"line":170,"context":166},141,{"file":164,"line":172,"context":166},148,{"file":164,"line":174,"context":166},149,{"file":164,"line":176,"context":166},220,{"file":164,"line":137,"context":166},{"file":164,"line":179,"context":166},228,{"file":164,"line":181,"context":166},236,{"file":164,"line":183,"context":166},294,{"file":164,"line":185,"context":166},297,{"file":164,"line":187,"context":166},307,{"file":164,"line":189,"context":166},314,[],[192,210,220],{"entryPoint":193,"graph":194,"unsanitizedCount":26,"severity":209},"rhs_raw_html_snippet_editor (raw-html-snippets.php:196)",{"nodes":195,"edges":206},[196,201],{"id":197,"type":198,"label":199,"file":164,"line":200},"n0","source","$_GET (x2)",198,{"id":202,"type":203,"label":204,"file":164,"line":176,"wp_function":205},"n1","sink","echo() [XSS]","echo",[207],{"from":197,"to":202,"sanitized":208},true,"low",{"entryPoint":211,"graph":212,"unsanitizedCount":26,"severity":209},"rhs_raw_html_snippet_add (raw-html-snippets.php:249)",{"nodes":213,"edges":218},[214,217],{"id":197,"type":198,"label":215,"file":164,"line":216},"$_POST (x2)",262,{"id":202,"type":203,"label":204,"file":164,"line":187,"wp_function":205},[219],{"from":197,"to":202,"sanitized":208},{"entryPoint":221,"graph":222,"unsanitizedCount":26,"severity":209},"\u003Craw-html-snippets> (raw-html-snippets.php:0)",{"nodes":223,"edges":231},[224,226,227,229],{"id":197,"type":198,"label":225,"file":164,"line":200},"$_GET (x4)",{"id":202,"type":203,"label":204,"file":164,"line":176,"wp_function":205},{"id":228,"type":198,"label":215,"file":164,"line":216},"n2",{"id":230,"type":203,"label":204,"file":164,"line":187,"wp_function":205},"n3",[232,233],{"from":197,"to":202,"sanitized":208},{"from":228,"to":230,"sanitized":208},{"summary":235,"deductions":236},"The raw-html-snippets plugin v2.0.4 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the lack of critical or high-severity vulnerabilities in its history are positive indicators of development attention to security. The static analysis reveals a remarkably small attack surface, with no apparent entry points that are unprotected. Furthermore, the code demonstrates a commitment to secure coding practices by exclusively using prepared statements for SQL queries, and there are no detected file operations or external HTTP requests, which are common vectors for vulnerabilities. The taint analysis also shows no critical or high-severity issues with unsanitized paths, indicating that data inputs are likely handled safely within the analyzed flows.\n\nHowever, there are areas for potential concern that warrant attention. The most significant weakness identified is the output escaping, where only 46% of outputs are properly escaped. This percentage is considerably low and suggests a risk of cross-site scripting (XSS) vulnerabilities. If user-supplied data is being outputted without sufficient sanitization, an attacker could potentially inject malicious scripts. Additionally, the complete absence of nonce and capability checks across all entry points, while zero in number, is a concern if the plugin were to introduce any AJAX handlers or similar features in the future without implementing these essential security mechanisms. While the current attack surface is zero, this lack of fundamental security checks could become a significant risk if the plugin evolves.",[237,240,243],{"reason":238,"points":239},"Low percentage of properly escaped outputs",8,{"reason":241,"points":242},"No nonce checks on any entry points",5,{"reason":244,"points":242},"No capability checks on any entry points","2026-03-16T18:29:51.067Z",{"wat":247,"direct":252},{"assetPaths":248,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[],[],[],[],{"cssClasses":253,"htmlComments":254,"htmlAttributes":255,"restEndpoints":257,"jsGlobals":258,"shortcodeOutput":260},[],[],[256],"data-target",[],[259],"jQuery",[261],"[raw_html_snippet id=\""]