[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcqvbratTvXPjtB_bPqMyc2nW4zo1ej8EOWWKC_HZNMA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":144,"fingerprints":614},"require-taxonomy-image-category-tag","Require & Limit Categories, Tags, Featured Image and taxonomies","1.30","Puvox Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuvoxsoftware\u002F","\u003Ch4>[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍] :\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>• Revised for security to be reliable and free of vulnerability holes.\u003Cbr \u002F>\n  • Efficient, not to add any extra load\u002Fslowness to site.\u003Cbr \u002F>\n  • Don’t collect private data.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>Force dashboard users to select chosen fields during publishing. You can force users to insert\u002Fchoose category, tag (or specific taxonomy) or Featured Image (a.k.a. thumbnails) when they publish any post.\u003Cbr \u002F>\nYou can also limit maximum allowed tags\u002Fcategories to be chosen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Programatical hooks\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>to change the \u003Ccode>$args\u003C\u002Fcode> passed to javascript handler:\u003C\u002Fp>\n\u003Cp>add_filter(“rtict_javascript_object”, “your_func”);\u003Cbr \u002F>\nfunction your_func($args) {\u003Cbr \u002F>\n    …\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>to change the javascript handler’s error-output callback, define this in global JS scope:\u003C\u002Fp>\n\u003Cp>function rtict_error_handler(args) {\u003Cbr \u002F>\n    \u002F\u002F … console.log(args);\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See all available options and their description on plugin’s settings page.\u003C\u002Fp>\n","[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍]  Force dashboard users to select chosen fields during publishing",20,2063,100,2,"2024-10-30T11:25:00.000Z","6.5.8","6.0","",[20,21,22,23,24],"category","post","require","tag","taxonomy","https:\u002F\u002Fpuvox.software\u002Fsoftware\u002Fwordpress-plugins\u002F?plugin=require-taxonomy-image-category-tag","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frequire-taxonomy-image-category-tag.zip",92,1,0,"2022-08-01 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-988c1968-ef92-4d3d-bbd5-88e73512ebb4-require-taxonomy-image-category-tag","require-limit-categories-tags-featured-image-and-taxonomies-reflected-cross-site-scripting","Require & Limit Categories, Tags, Featured Image and taxonomies \u003C= 1.26 - Reflected Cross-Site Scripting","The Require & Limit Categories, Tags, Featured Image and taxonomies plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.26 due to the use of add_query_arg\u002Fremove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.26","1.27","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F988c1968-ef92-4d3d-bbd5-88e73512ebb4?source=api-prod",540,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":48,"trust_score":54,"computed_at":55},"puvoxsoftware",16,51190,94,75,"2026-04-04T13:50:17.878Z",[57,75,93,111,129],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":16,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":73,"download_link":74,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"require-post-category","Require Post Category","2.1","Josh Hartman","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshhartman\u002F","\u003Cp>Tired of uncategorized posts? Use this simple plugin to require users to choose a post category before updating or publishing a post. By default this only applies to normal posts. If you wish to require a category\u002Ftaxonomy for a custom post type see the FAQ for filter hook usage examples.\u003C\u002Fp>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>French (fr_FR) – Dominique V.\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) – \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\" rel=\"nofollow ugc\">Andrew Kurtis – WebHostingHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Polish (pl_PL) – Michał Papliński\u003C\u002Fli>\n\u003Cli>Finnish (fi) – Sanapaino\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fwww.warpconduit.net\u002Fcontact\" rel=\"nofollow ugc\">me\u003C\u002Fa> so that I can bundle it into the plugin. \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Frequire-post-category\u002Ftrunk\u002Flanguages\u002Frequire-post-category.pot\" rel=\"nofollow ugc\">Download the latest POT file\u003C\u002Fa>.\u003C\u002Fp>\n","Require users to choose a post category before updating or publishing a post.",1000,26442,98,11,"2024-04-05T05:51:00.000Z","5.5",[20,21,22,72,24],"tags","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frequire-post-category\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frequire-post-category.2.1.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":65,"downloaded":83,"rating":13,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":17,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"archive-title","Archive Title","1.0.2","WebMan Design | Oliver Juhas","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmandesign\u002F","\u003Cp>This plugin provides options to tweak an archive page title, such as removing annoying archive label (see FAQ). You can remove the label for any archive page completely, or just hide it accessibly.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Modifying category, tag, author, custom post type and custom taxonomy archive title (no need to modify the date archive title)\u003C\u002Fli>\n\u003Cli>Removing archive page title label completely\u003C\u002Fli>\n\u003Cli>Hiding archive page title label accessibly (using a CSS class of \u003Ccode>screen-reader-text\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Resources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Farchive-title\u002F\" rel=\"ugc\">Have a question?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmandesign\u002F#content-themes\" rel=\"nofollow ugc\">Grab a free theme\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.webmandesign.eu\u002F\" rel=\"nofollow ugc\">WebMan Design website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides options to control an archive page title.",19244,5,"2025-12-13T09:32:00.000Z","6.9.4","7.0",[20,89,90,23,24],"label","post-type","https:\u002F\u002Fwww.webmandesign.eu\u002Fportfolio\u002Farchive-title-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farchive-title.1.0.2.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":102,"num_ratings":14,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":108,"download_link":109,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"tag-selector","Tag Selector","1.0.0","robmarston","https:\u002F\u002Fprofiles.wordpress.org\u002Frobmarston\u002F","\u003Cp>Tag Selector adds an additional meta box to your page\u002Fpost edit pages that allows you to select tags for your post\u002Fpage much the same way you select categories. This is especially nice if you have more tags than you keep track of and don’t have time to wait for predictive text results.\u003C\u002Fp>\n","Tag Selector allows you to select tags for your post\u002Fpage much the same way you select categories.",4343,70,"2016-03-01T22:17:00.000Z","4.4.34","4.4.2",[20,107,21,23,24],"meta-box","http:\u002F\u002Ftag-selector.robmarston.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftag-selector.zip",85,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":29,"num_ratings":29,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":87,"tags":124,"homepage":127,"download_link":128,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"kntnts-bb-any-term","Kntnt's Any Term for Beaver Builder Page Builder","1.0.4","Thomas Barregren","https:\u002F\u002Fprofiles.wordpress.org\u002Ftbarregren\u002F","\u003Cp>This WordPress plugin extends the functionality of both the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbeaver-builder-lite-version\u002F\" rel=\"ugc\">free\u003C\u002Fa> and the \u003Ca href=\"https:\u002F\u002Fwww.wpbeaverbuilder.com\u002F\" rel=\"nofollow ugc\">paid\u003C\u002Fa> versions of the \u003Cem>Beaver Builder Page Builder\u003C\u002Fem>.\u003C\u002Fp>\n\u003Ch4>How to use the plugin\u003C\u002Fh4>\n\u003Cp>When you configure a Page Builder module that allows you to filter posts based on category, tag or any other \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTaxonomies\" rel=\"nofollow ugc\">taxonomy\u003C\u002Fa>, you will also find a special purpose term called \u003Ccode>Any term of the post\u003C\u002Fcode>. If you select it for a taxonomy, it will match posts that has at least on term in that taxonomy in common with the post that the module appears on. This is also true for pages and other \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPost_Types\" rel=\"nofollow ugc\">built in or custom post types\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This can be used for instead to create reading recommendations at the end of a blog post. For an example, scroll down to the bottom of any article in \u003Ca href=\"https:\u002F\u002Fwww.wtcmalmo.se\u002Fmagasinet\u002Fsex-tips-att-lyckas-internationellt\u002F2599\" rel=\"nofollow ugc\">the online magazine of Word Trade Center in Malmö\u003C\u002Fa> (in Swedish).\u003C\u002Fp>\n\u003Ch4>Detailed description\u003C\u002Fh4>\n\u003Cp>For each existing or in the future added taxonomy, including \u003Cem>category\u003C\u002Fem> and \u003Cem>tags\u003C\u002Fem>, this plugin adds a term with the human readable name \u003Ccode>Any term of the post\u003C\u002Fcode> and the machine readable name (a.k.a. slug) \u003Ccode>kntnt-bb-any-term\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>The human readable name can be translated (or altered) through \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Finternationalization\u002Flocalization\u002F\" rel=\"nofollow ugc\">localization\u003C\u002Fa>. The easiest way might be \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Floco-translate\u002F\" rel=\"ugc\">Loco Translate\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The special terms are hidden in the user interface, except for Beaver Builder Page Builder plugin, as long as the plugin is active.\u003C\u002Fp>\n\u003Cp>If you deactivate the plugin (but not uninstall it), the special terms will be visible in the user interface as regular terms. They will be hidden again if you re-actiavate the plugin.\u003C\u002Fp>\n\u003Cp>The special terms are completely removed when the plugin is \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FManaging_Plugins#Uninstalling_Plugins\" rel=\"nofollow ugc\">properly uninstalled\u003C\u002Fa>.\u003C\u002Fp>\n","WordPress plugin that adds special purpose term to every taxonomy (including categories and tags) that makes taxonomy filters in post modules of Beave …",10,2808,"2018-04-12T16:32:00.000Z","4.9.29","4.6",[125,20,126,72,24],"beaver-builder","related-posts","https:\u002F\u002Fgithub.com\u002FTBarregren\u002Fkntnt-bb-any-term","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkntnts-bb-any-term.1.0.4.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":29,"downloaded":137,"rating":29,"num_ratings":29,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":18,"tags":141,"homepage":18,"download_link":143,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"post-category-advanced","Post Category Advanced","1.0.1","matteomontipo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatteomontipo\u002F","\u003Cul>\n\u003Cli>\n\u003Cp>Create relationships between post categories and tags.\u003Cbr \u002F>\nExample of a rule you can create: assign tags to a category, then when you create a post, if you select that category the tags will be automatically assigned to the post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to apply the rules you create to all existent posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to automatically select parent category when selecting a sub-category in a post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create relationships between post categories and tags.\u003Cbr \u002F>\nExample of a rule you can create: assign tags to a category, then when you create a post, if you select that category the tags will be automatically assigned to the post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to apply the rules you create to all existent posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to automatically select parent category when selecting a sub-category in a post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Create relationships between post categories and tags, and more.",742,"2022-10-20T16:56:00.000Z","6.0.11","3.0.1",[20,142,23,24],"posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-category-advanced.1.0.1.zip",{"attackSurface":145,"codeSignals":263,"taintFlows":468,"riskAssessment":597,"analyzedAt":613},{"hooks":146,"ajaxHandlers":259,"restRoutes":260,"shortcodes":261,"cronEvents":262,"entryPointCount":29,"unprotectedCount":29},[147,153,158,161,167,169,172,175,178,182,185,188,191,193,196,199,201,204,207,210,213,216,220,224,228,230,234,237,240,244,247,250,252,256],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","admin_enqueue_scripts","admin_enqueue_scripts_action","index.php",62,{"type":148,"name":154,"callback":155,"priority":28,"file":156,"line":157},"wp_head","closure","library.php",4768,{"type":148,"name":159,"callback":155,"priority":28,"file":156,"line":160},"admin_head",4769,{"type":148,"name":162,"callback":163,"priority":164,"file":165,"line":166},"wp_enqueue_scripts","my_styles_hook",9,"library_wp.php",73,{"type":148,"name":149,"callback":163,"priority":164,"file":165,"line":168},74,{"type":148,"name":170,"callback":155,"file":165,"line":171},"admin_footer",148,{"type":148,"name":173,"callback":155,"file":165,"line":174},"init",163,{"type":148,"name":176,"callback":155,"file":165,"line":177},"admin_init",210,{"type":179,"name":180,"callback":155,"file":165,"line":181},"filter","mce_external_plugins",212,{"type":179,"name":183,"callback":155,"file":165,"line":184},"mce_buttons_2",213,{"type":179,"name":186,"callback":155,"file":165,"line":187},"tiny_mce_version",215,{"type":148,"name":189,"callback":155,"priority":28,"file":165,"line":190},"wp",231,{"type":148,"name":192,"callback":155,"priority":28,"file":165,"line":48},"plugins_loaded",{"type":148,"name":189,"callback":194,"file":165,"line":195},"my_flush__rewrite",550,{"type":148,"name":197,"callback":155,"file":165,"line":198},"wp_footer",700,{"type":148,"name":173,"callback":155,"file":165,"line":200},711,{"type":148,"name":202,"callback":155,"file":165,"line":203},"wp_loaded",854,{"type":148,"name":205,"callback":155,"file":165,"line":206},"shutdown",859,{"type":148,"name":173,"callback":208,"file":165,"line":209},"load_textdomain",1732,{"type":148,"name":159,"callback":211,"file":165,"line":212},"admin_head_func",1743,{"type":148,"name":214,"callback":155,"file":165,"line":215},"current_screen",1744,{"type":148,"name":189,"callback":217,"priority":218,"file":165,"line":219},"flush_checkpoint",999,1753,{"type":179,"name":221,"callback":222,"priority":28,"file":165,"line":223},"upload_mimes","upload_mimes_filter",1759,{"type":179,"name":225,"callback":226,"priority":119,"file":165,"line":227},"wp_handle_upload","wp_handle_upload_filter",1760,{"type":148,"name":173,"callback":155,"file":165,"line":229},1822,{"type":148,"name":231,"callback":232,"file":165,"line":233},"network_admin_menu","plugin__add_menu_or_submenu",1912,{"type":148,"name":235,"callback":232,"file":165,"line":236},"admin_menu",1914,{"type":148,"name":238,"callback":155,"file":165,"line":239},"activated_plugin",1916,{"type":148,"name":241,"callback":242,"file":165,"line":243},"network_admin_notices","admin_error_notice_pro",2103,{"type":148,"name":245,"callback":242,"file":165,"line":246},"admin_notices",2104,{"type":179,"name":248,"callback":155,"priority":119,"file":165,"line":249},"wp_php_error_message",2187,{"type":148,"name":197,"callback":155,"file":165,"line":251},2375,{"type":179,"name":253,"callback":254,"file":165,"line":255},"widget_text","do_shortcode",2399,{"type":179,"name":257,"callback":155,"file":165,"line":258},"site_transient_update_plugins",3266,[],[],[],[],{"dangerousFunctions":264,"sqlUsage":269,"outputEscaping":304,"fileOperations":465,"externalRequests":466,"nonceChecks":84,"capabilityChecks":14,"bundledLibraries":467},[265],{"fn":266,"file":156,"line":267,"context":268},"unserialize",3813,"if ( @unserialize($serialized_string) !== false ) \treturn $serialized_string;",{"prepared":270,"raw":271,"locations":272},46,14,[273,276,278,280,282,285,287,289,291,293,296,298,300,302],{"file":156,"line":274,"context":275},645,"$wpdb->query() with variable interpolation",{"file":165,"line":277,"context":275},784,{"file":165,"line":279,"context":275},785,{"file":165,"line":281,"context":275},1023,{"file":165,"line":283,"context":284},1224,"$wpdb->get_var() with variable interpolation",{"file":165,"line":286,"context":275},1353,{"file":165,"line":288,"context":275},1355,{"file":165,"line":290,"context":275},1368,{"file":165,"line":292,"context":275},1420,{"file":165,"line":294,"context":295},1421,"$wpdb->get_results() with variable interpolation",{"file":165,"line":297,"context":275},1430,{"file":165,"line":299,"context":275},1434,{"file":165,"line":301,"context":295},3058,{"file":165,"line":303,"context":275},3074,{"escaped":305,"rawEcho":306,"locations":307},80,82,[308,311,313,314,315,317,319,320,321,323,325,327,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,371,372,374,376,378,380,382,384,386,388,390,392,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463],{"file":151,"line":309,"context":310},131,"raw output",{"file":151,"line":312,"context":310},136,{"file":151,"line":312,"context":310},{"file":151,"line":312,"context":310},{"file":151,"line":316,"context":310},144,{"file":151,"line":318,"context":310},149,{"file":151,"line":318,"context":310},{"file":151,"line":318,"context":310},{"file":151,"line":322,"context":310},157,{"file":151,"line":324,"context":310},171,{"file":151,"line":326,"context":310},176,{"file":151,"line":326,"context":310},{"file":156,"line":329,"context":310},480,{"file":156,"line":331,"context":310},2316,{"file":156,"line":333,"context":310},2915,{"file":156,"line":335,"context":310},3231,{"file":156,"line":337,"context":310},3238,{"file":156,"line":339,"context":310},3278,{"file":156,"line":341,"context":310},3391,{"file":156,"line":343,"context":310},3646,{"file":156,"line":345,"context":310},4194,{"file":156,"line":347,"context":310},4195,{"file":156,"line":349,"context":310},4245,{"file":156,"line":351,"context":310},4247,{"file":156,"line":353,"context":310},4442,{"file":156,"line":355,"context":310},4451,{"file":156,"line":357,"context":310},4453,{"file":156,"line":359,"context":310},4602,{"file":156,"line":361,"context":310},4694,{"file":156,"line":363,"context":310},4698,{"file":156,"line":365,"context":310},4705,{"file":156,"line":367,"context":310},4716,{"file":156,"line":369,"context":310},4722,{"file":156,"line":157,"context":310},{"file":156,"line":160,"context":310},{"file":156,"line":373,"context":310},5119,{"file":156,"line":375,"context":310},5121,{"file":165,"line":377,"context":310},396,{"file":165,"line":379,"context":310},401,{"file":165,"line":381,"context":310},410,{"file":165,"line":383,"context":310},442,{"file":165,"line":385,"context":310},576,{"file":165,"line":387,"context":310},655,{"file":165,"line":389,"context":310},660,{"file":165,"line":391,"context":310},674,{"file":165,"line":391,"context":310},{"file":165,"line":394,"context":310},1312,{"file":165,"line":396,"context":310},1317,{"file":165,"line":398,"context":310},1328,{"file":165,"line":400,"context":310},2320,{"file":165,"line":402,"context":310},2499,{"file":165,"line":404,"context":310},2513,{"file":165,"line":406,"context":310},2551,{"file":165,"line":408,"context":310},2553,{"file":165,"line":410,"context":310},2554,{"file":165,"line":412,"context":310},2582,{"file":165,"line":414,"context":310},2586,{"file":165,"line":416,"context":310},2589,{"file":165,"line":418,"context":310},2636,{"file":165,"line":420,"context":310},2656,{"file":165,"line":422,"context":310},2666,{"file":165,"line":424,"context":310},2671,{"file":165,"line":426,"context":310},2673,{"file":165,"line":428,"context":310},2700,{"file":165,"line":430,"context":310},2707,{"file":165,"line":432,"context":310},2754,{"file":165,"line":434,"context":310},2769,{"file":165,"line":436,"context":310},2782,{"file":165,"line":438,"context":310},2789,{"file":165,"line":440,"context":310},2790,{"file":165,"line":442,"context":310},2791,{"file":165,"line":444,"context":310},2796,{"file":165,"line":446,"context":310},2798,{"file":165,"line":448,"context":310},2806,{"file":165,"line":450,"context":310},2867,{"file":165,"line":452,"context":310},2981,{"file":165,"line":454,"context":310},2997,{"file":165,"line":456,"context":310},3006,{"file":165,"line":458,"context":310},3148,{"file":165,"line":460,"context":310},3393,{"file":165,"line":462,"context":310},3420,{"file":165,"line":464,"context":310},3423,19,4,[],[469,486,495,506,516,556,567,588],{"entryPoint":470,"graph":471,"unsanitizedCount":28,"severity":41},"force_redirect_to_https (library.php:103)",{"nodes":472,"edges":483},[473,478],{"id":474,"type":475,"label":476,"file":156,"line":477},"n0","source","$_SERVER['REQUEST_URI']",104,{"id":479,"type":480,"label":481,"file":156,"line":477,"wp_function":482},"n1","sink","header() [Header Injection]","header",[484],{"from":474,"to":479,"sanitized":485},false,{"entryPoint":487,"graph":488,"unsanitizedCount":28,"severity":41},"password_site (library.php:2312)",{"nodes":489,"edges":493},[490,492],{"id":474,"type":475,"label":476,"file":156,"line":491},2315,{"id":479,"type":480,"label":481,"file":156,"line":491,"wp_function":482},[494],{"from":474,"to":479,"sanitized":485},{"entryPoint":496,"graph":497,"unsanitizedCount":28,"severity":41},"redirect_to_https (library.php:3790)",{"nodes":498,"edges":504},[499,502],{"id":474,"type":475,"label":500,"file":156,"line":501},"$_SERVER",3793,{"id":479,"type":480,"label":481,"file":156,"line":503,"wp_function":482},3795,[505],{"from":474,"to":479,"sanitized":485},{"entryPoint":507,"graph":508,"unsanitizedCount":28,"severity":41},"redirect_to_nonwww (library.php:3800)",{"nodes":509,"edges":514},[510,512],{"id":474,"type":475,"label":500,"file":156,"line":511},3802,{"id":479,"type":480,"label":481,"file":156,"line":513,"wp_function":482},3804,[515],{"from":474,"to":479,"sanitized":485},{"entryPoint":517,"graph":518,"unsanitizedCount":164,"severity":41},"\u003Clibrary> (library.php:0)",{"nodes":519,"edges":550},[520,522,523,526,531,533,538,541,543,546],{"id":474,"type":475,"label":521,"file":156,"line":477},"$_SERVER['REQUEST_URI'] (x2)",{"id":479,"type":480,"label":481,"file":156,"line":477,"wp_function":482},{"id":524,"type":475,"label":500,"file":156,"line":525},"n2",256,{"id":527,"type":480,"label":528,"file":156,"line":529,"wp_function":530},"n3","wp_remote_get() [SSRF]",3066,"wp_remote_get",{"id":532,"type":475,"label":500,"file":156,"line":525},"n4",{"id":534,"type":480,"label":535,"file":156,"line":536,"wp_function":537},"n5","wp_remote_post() [SSRF]",3072,"wp_remote_post",{"id":539,"type":475,"label":540,"file":156,"line":501},"n6","$_SERVER (x2)",{"id":542,"type":480,"label":481,"file":156,"line":503,"wp_function":482},"n7",{"id":544,"type":475,"label":545,"file":156,"line":525},"n8","$_SERVER (x3)",{"id":547,"type":480,"label":548,"file":156,"line":349,"wp_function":549},"n9","echo() [XSS]","echo",[551,552,553,554,555],{"from":474,"to":479,"sanitized":485},{"from":524,"to":527,"sanitized":485},{"from":532,"to":534,"sanitized":485},{"from":539,"to":542,"sanitized":485},{"from":544,"to":547,"sanitized":485},{"entryPoint":557,"graph":558,"unsanitizedCount":29,"severity":566},"ajax_backend_call (library_wp.php:432)",{"nodes":559,"edges":563},[560,562],{"id":474,"type":475,"label":561,"file":165,"line":383},"$_POST['PRO_check_key']",{"id":479,"type":480,"label":548,"file":165,"line":383,"wp_function":549},[564],{"from":474,"to":479,"sanitized":565},true,"low",{"entryPoint":568,"graph":569,"unsanitizedCount":29,"severity":566},"\u003Clibrary_wp> (library_wp.php:0)",{"nodes":570,"edges":584},[571,572,573,576,580,583],{"id":474,"type":475,"label":561,"file":165,"line":383},{"id":479,"type":480,"label":548,"file":165,"line":383,"wp_function":549},{"id":524,"type":475,"label":574,"file":165,"line":575},"$_POST (x2)",1454,{"id":527,"type":480,"label":577,"file":165,"line":578,"wp_function":579},"get_var() [SQLi]",1456,"get_var",{"id":532,"type":475,"label":581,"file":165,"line":582},"$_POST",2527,{"id":534,"type":480,"label":548,"file":165,"line":434,"wp_function":549},[585,586,587],{"from":474,"to":479,"sanitized":565},{"from":524,"to":527,"sanitized":565},{"from":532,"to":534,"sanitized":565},{"entryPoint":589,"graph":590,"unsanitizedCount":14,"severity":596},"change_slug_2_old (library_wp.php:1451)",{"nodes":591,"edges":594},[592,593],{"id":474,"type":475,"label":574,"file":165,"line":575},{"id":479,"type":480,"label":577,"file":165,"line":578,"wp_function":579},[595],{"from":474,"to":479,"sanitized":485},"high",{"summary":598,"deductions":599},"The \"require-taxonomy-image-category-tag\" plugin, version 1.30, presents a mixed security posture. On the positive side, it demonstrates a robust effort in securing its entry points, with zero identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. The use of prepared statements for 77% of SQL queries and the presence of nonce and capability checks are also good security practices.\n\nHowever, significant concerns arise from the static analysis. The presence of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution if not handled with extreme caution and validation of input. Furthermore, a high-severity taint flow with unsanitized paths indicates a potential pathway for attackers to manipulate file operations or other sensitive actions. The fact that 6 out of 8 analyzed flows have unsanitized paths is particularly worrying, suggesting a broad exposure to input validation weaknesses.\n\nThe plugin's vulnerability history, while currently showing no unpatched CVEs, reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability discovered in August 2022. This history, combined with the current taint analysis findings, suggests a pattern of potential input sanitization issues that could resurface or lead to new vulnerabilities. While the limited attack surface is a strength, the identified critical code patterns and past XSS incident warrant a cautious approach to its usage.",[600,603,606,608,611],{"reason":601,"points":602},"Presence of dangerous function: unserialize",15,{"reason":604,"points":605},"High severity taint flow found",12,{"reason":607,"points":119},"Large number of unsanitized paths in taint flows",{"reason":609,"points":610},"Low percentage of properly escaped output",8,{"reason":612,"points":119},"Past medium severity CVE for XSS","2026-03-16T23:07:30.769Z",{"wat":615,"direct":622},{"assetPaths":616,"generatorPatterns":618,"scriptPaths":619,"versionParams":620},[617],"\u002Fwp-content\u002Fplugins\u002Frequire-taxonomy-image-category-tag\u002Fassets\u002Fscripts-admin.js",[],[617],[621],"require-taxonomy-image-category-tag\u002Fassets\u002Fscripts-admin.js?ver=",{"cssClasses":623,"htmlComments":624,"htmlAttributes":625,"restEndpoints":626,"jsGlobals":627,"shortcodeOutput":629},[],[],[],[],[628],"rtict_object",[]]