[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH_IA789fiPNxt1nlmW-ciSPv7PGVC0TMUF2Z055nj8Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":53,"analysis":164,"fingerprints":225},"review-disclaimer","Review Disclaimer","2.0.3","AMP-MODE","https:\u002F\u002Fprofiles.wordpress.org\u002Fampmode\u002F","\u003Cp>Clearly disclose to your visitors that you will receive compensation for your review, or endorsement of a particular company, product, or service.\u003C\u002Fp>\n\u003Cp>Recent changes to rules in the United States by the FTC, the United Kingdom by the OFT, and in other countries now require that bloggers disclose the fact that they were compensated (either monetarily  or through free products) for their reviews.\u003C\u002Fp>\n\u003Cp>On blogs that post paid reviews in addition to other tips, it is not useful to add a disclosure to every post that gets written. That would add a lot of unnecessary disclosures to your site and probably confuse some of your visitors. For that reason, the shortcode provided by this plugin will allow you to easily insert a small disclosure statement only to the blog posts or pages you want it added to.\u003C\u002Fp>\n\u003Cp>You may also want to add the disclosure right before, or after the actual endorsement, or referral link in the post. You can use this shortcode to add the disclosure anywhere within the body of your posts.\u003C\u002Fp>\n","Use a shortcode to quickly insert product or service review disclaimers inside your posts.",100,9703,90,2,"2023-05-03T17:22:00.000Z","6.2.9","3.1","",[20,21,22,23],"disclaimer","gutenberg","review","shortcode","https:\u002F\u002Fsurpriseazwebservices.com\u002Fwordpress-plugins\u002Freview-disclaimer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freview-disclaimer.zip",63,1,"2025-12-21 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-67628","review-disclaimer-authenticated-administrator-stored-cross-site-scripting","Review Disclaimer \u003C= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Review Disclaimer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.0.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-05 18:43:39",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4894a24b-aaa4-4d03-a897-9074a194c07f?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"ampmode",15,12530,87,30,85,"2026-04-06T09:36:12.623Z",[54,77,101,127,142],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":18,"download_link":74,"security_score":75,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"shortcode-with-preview-block","Shortcode Preview Block","1.0.0","Ronak Ganatra","https:\u002F\u002Fprofiles.wordpress.org\u002Fronakganatra\u002F","\u003Cp>Normal WordPress gutenberg block do not show How the shortcode will output frontside, so we have created a similar gutenberg block which can preview the shortcode result on editor side.\u003C\u002Fp>\n","Shows preview of any shortcode on editor side. It renders shortcode in the editor side so editor does not need to visit front side.",1000,6899,74,3,"2024-08-01T05:32:00.000Z","6.6.5","5.1","7.0",[71,72,21,73,23],"block","blocks","preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcode-with-preview-block.zip",92,0,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":76,"last_vuln_date":100,"fetched_at":29},"mw-wp-form","MW WP Form","5.1.0","Takashi Kitajima","https:\u002F\u002Fprofiles.wordpress.org\u002Finc2734\u002F","\u003Cp>\u003Cstrong>This plugin currently has only the minimum required maintenance releases.\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Main maintainer has been handed over from @inc2734 to @websoudan.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>MW WP Form can create mail form with a confirmation screen using shortcode.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Form created using shortcodes\u003C\u002Fli>\n\u003Cli>Using confirmation page is possible.\u003C\u002Fli>\n\u003Cli>The page changes by the same URL or individual URL are possible.\u003C\u002Fli>\n\u003Cli>Many validation rules\u003C\u002Fli>\n\u003Cli>Saving inquiry data is possible.\u003C\u002Fli>\n\u003Cli>Displaying Chart using saved inquiry data is possible.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Official\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fmw-wp-form.web-soudan.co.jp\u003C\u002Fp>\n\u003Ch4>GitHub\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fweb-soudan\u002Fmw-wp-form\u003C\u002Fp>\n\u003Ch4>The following third-party resources\u003C\u002Fh4>\n\u003Cp>Google Charts\u003Cbr \u002F>\nSource: https:\u002F\u002Fdevelopers.google.com\u002Fchart\u002F\u003C\u002Fp>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F2inc.org\" rel=\"nofollow ugc\">Takashi Kitajima\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Finc2734\" rel=\"nofollow ugc\">inc2734\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebcre-archive.com\" rel=\"nofollow ugc\">Ryujiro Yamamoto\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fryu263\" rel=\"nofollow ugc\">ryu263\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkee-non.com\" rel=\"nofollow ugc\">Tsujimoto Tomoyuki\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Ftomothumb\" rel=\"nofollow ugc\">tomothumb\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>[Naoyuki Ohata] ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnanniku\" rel=\"nofollow ugc\">nanniku\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmt8.biz\u002F\" rel=\"nofollow ugc\">Kazuto Takeshita\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmt8biz\u002F\" rel=\"nofollow ugc\">moto hachi\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.next-season.net\u002F\" rel=\"nofollow ugc\">Atsushi Ando\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnext-season\u002F\" rel=\"nofollow ugc\">NExt-Season\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvisualive.jp\u002F\" rel=\"nofollow ugc\">Kazuki Tomiyasu\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fkuck1u\u002F\" rel=\"nofollow ugc\">KUCKLU\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmypacecreator.net\u002F\" rel=\"nofollow ugc\">Kei Nomura\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmypacecreator\u002F\" rel=\"nofollow ugc\">mypacecreator\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmh35\" rel=\"nofollow ugc\">mh35\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnojimage\" rel=\"nofollow ugc\">Takashi Nojima\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fherikutu\" rel=\"nofollow ugc\">herikutu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftsucharoku\" rel=\"nofollow ugc\">tsucharoku\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ft-hamano\" rel=\"nofollow ugc\">Tetsuaki Hamano\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwildworks\u002F\" rel=\"nofollow ugc\">t-hamano\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmusus\" rel=\"nofollow ugc\">Susumu Seino\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmusus\u002F\" rel=\"nofollow ugc\">Susumu Seino\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flikr\" rel=\"nofollow ugc\">Yosuke Onoue\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Flikr\u002F\" rel=\"nofollow ugc\">likr\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyudai524\" rel=\"nofollow ugc\">Yudai Konishi\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fyudai524\u002F\" rel=\"nofollow ugc\">Yudai Konishi\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnoldorinfo\" rel=\"nofollow ugc\">takekoshi\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnoldorinfo\u002F\" rel=\"nofollow ugc\">takekoshi\u003C\u002Fa> )\u003C\u002Fli>\n\u003C\u002Ful>\n","MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving,  &hellip;",200000,1771027,86,22,"2024-03-13T02:48:00.000Z","6.4.8","6.0",[93,94,95,73,23],"confirm","form","mail","https:\u002F\u002Fmw-wp-form.web-soudan.co.jp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmw-wp-form.5.1.0.zip",69,6,"2026-04-01 16:50:15",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":123,"download_link":124,"security_score":125,"vuln_count":14,"unpatched_count":76,"last_vuln_date":126,"fetched_at":29},"latest-post-shortcode","Latest Post Shortcode","14.2.2","Iulia Cazan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiulia-cazan\u002F","\u003Cp>The “Latest Post Shortcode” helps you display a list or grid of the posts or pages in a page\u002Fsidebar, without having to code or know PHP. The output parameters are extremely flexible, allowing you to choose the way your selected content will be displayed. You can embed as many shortcodes in a page as you need, each shortcode configured differently. The shortcode for displaying the latest posts is \u003Ccode>[latest-selected-content]\u003C\u002Fcode> and can be generated very easily, the plugin will add a block or a shortcode button in the editor area.\u003C\u002Fp>\n\u003Cp>You can write your own “read more” replacement, choose whether to show\u002Fhide featured images, you can even sort the items by several options, and paginate the output (also AJAX pagination). This plugin works with any modern theme. When used with WordPress >= 5.0 + Gutenberg, the plugin shortcode can be configured from the LPS block or any Classic block, using the plugin button. The plugin can be used with Elementor page builder.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fer5wnGolfw8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Usage example\u003C\u002Fh4>\n\u003Cp>Example of a simple grid with 4 cards per row, with AJAX pagination:\u003Cbr \u002F>\n    [latest-selected-content ver=”2″ perpage=”4″ showpages=”4″ display=”title,date,excerpt-small” titletag=”h3″ chrlimit=”120″ more=”…” url=”yes” linktext=”Read more” image=”thumbnail” image_placeholder=”auto” elements=”25″ image_opacity=”0.3″ css=”four-columns as-overlay content-end pagination-space-between light tall” type=”post” status=”publish” orderby=”dateD” show_extra=”ajax_pagination,pagination_all,trim,date_diff,category,hide_uncategorized_category,oneterm_category,light_spinner”]\u003C\u002Fp>\n\u003Cp>Example of a simple grid with 4 cards (2 per row), filtered by a category (sample term):\u003Cbr \u002F>\n    [latest-selected-content ver=”2″ limit=”4″ display=”title,content-small” titletag=”h3″ chrlimit=”50″ image=”full” image_placeholder=”auto” elements=”0″ css=”two-columns as-column has-shadow content-center” type=”post” taxonomy=”category” term=”sample” orderby=”dateA”]\u003C\u002Fp>\n\u003Cp>Starting with version 8.0.0, the plugin has a new UI and some new cool features. With this version, the output of the shortcode can be configured also as a slider, with responsive and different modes options. In this way, if you previously used the Latest Post Shortcode Extension, this is no longer needed, the plugin handles it all by itself.\u003C\u002Fp>\n\u003Cp>Starting with version 7.0.0, the plugin implements new hooks that allow for defining and managing your custom output, through your theme or your plugins. Check more hook details and code samples at https:\u002F\u002Fiuliacazan.ro\u002Flatest-post-shortcode\u002F.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Custom cards output filters: \u003Ccode>lps\u002Foverride_card_patterns\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_card\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_card_terms\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_post_class\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_card_display\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_section_start\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_section_end\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Pagination filters: \u003Ccode>lps\u002Foverride_pagination_display\u002Ffirst\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Ffirst_icon\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Fprev\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Fprev_icon\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Fnext\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Fnext_icon\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Flast\u003C\u002Fcode>, \u003Ccode>lps\u002Foverride_pagination_display\u002Flast_icon\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Additional filters: \u003Ccode>lps\u002Ffilter_sites_list\u003C\u002Fcode>, \u003Ccode>lps\u002Ffilter_statuses\u003C\u002Fcode>, \u003Ccode>lps\u002Ffilter_front_end_statuses\u003C\u002Fcode>, \u003Ccode>lps\u002Ffilter_types\u003C\u002Fcode>, \u003Ccode>lps\u002Ffilter_taxonomies\u003C\u002Fcode>, \u003Ccode>lps\u002Fusable_taxonomies\u003C\u002Fcode>, \u003Ccode>lps\u002Fcard_output_types\u003C\u002Fcode>, \u003Ccode>lps\u002Fremove_donate_info\u003C\u002Fcode>, \u003Ccode>lps\u002Fload_assets_on_page\u003C\u002Fcode>, \u003Ccode>lps\u002Fexclude_ids\u003C\u002Fcode>, \u003Ccode>lps\u002Fshortcode_arguments\u003C\u002Fcode>, \u003Ccode>lps\u002Fquery_arguments\u003C\u002Fcode>, \u003Ccode>lps\u002Fbefore_check_posts\u003C\u002Fcode>, \u003Ccode>lps\u002Fremove_update_info\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Marked as deprecated: \u003Ccode>lps_filter_tile_patterns\u003C\u002Fcode>, \u003Ccode>lps_filter_display_posts_list\u003C\u002Fcode>, \u003Ccode>lps_filter_remove_update_info\u003C\u002Fcode>, \u003Ccode>lps_filter_use_custom_section_markup_end\u003C\u002Fcode>, \u003Ccode>lps_filter_use_custom_section_markup_start\u003C\u002Fcode>, \u003Ccode>lps_filter_use_custom_tile_markup\u003C\u002Fcode>, \u003Ccode>lps_filter_exclude_previous_content_ids\u003C\u002Fcode>, \u003Ccode>lps_filter_use_custom_shortcode_arguments\u003C\u002Fcode>, \u003Ccode>lps_filter_use_custom_query_arguments\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","The \"Latest Post Shortcode\" allows you to create a dynamic content selection from your posts by combining, limiting, and filtering what you need.",4000,159622,96,46,"2026-02-09T19:43:00.000Z","6.9.4","5.5.0","7.3.5",[118,119,120,121,122],"configurable-shortcode-with-ui","gutenberg-block","paginated-posts","posts-grid","posts-shortcode","https:\u002F\u002Fiuliacazan.ro\u002Flatest-post-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flatest-post-shortcode.14.2.2.zip",98,"2026-01-24 00:00:00",{"slug":128,"name":129,"version":57,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":62,"downloaded":134,"rating":11,"num_ratings":27,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":18,"download_link":141,"security_score":51,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"star-rating-block","Star Rating Block","Achal Jain","https:\u002F\u002Fprofiles.wordpress.org\u002Fibachal\u002F","\u003Cp>The Star Rating block allows you to display author-assigned star ratings within your content created with Gutenberg editor.\u003C\u002Fp>\n\u003Ch3>FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>Rating Scale:\u003C\u002Fem> Choose a scale from 0 to 5 or 0 to 10\u003C\u002Fli>\n\u003Cli>\u003Cem>Rating:\u003C\u002Fem> Assign a numerical rating for the element, based on the scale chosen\u003C\u002Fli>\n\u003Cli>\u003Cem>Title:\u003C\u002Fem> Enter the title for the rating\u003C\u002Fli>\n\u003Cli>Colors, Spacing, and Sizing options\u003C\u002Fli>\n\u003C\u002Ful>\n","The Star Rating block allows you to display author-assigned star ratings within your content.",11700,"2021-08-03T17:24:00.000Z","5.8.0","5.3.2","7.0.0",[71,140,22,128],"gutenberg-rating","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstar-rating-block.zip",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":62,"downloaded":150,"rating":151,"num_ratings":152,"last_updated":153,"tested_up_to":114,"requires_at_least":91,"requires_php":154,"tags":155,"homepage":160,"download_link":161,"security_score":162,"vuln_count":27,"unpatched_count":76,"last_vuln_date":163,"fetched_at":29},"stars-rating","Stars Rating","4.0.7","Fahid Javid","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahidjavid\u002F","\u003Cp>A simple and easy to use plugin that turns post, pages and custom post types comments into reviews.\u003C\u002Fp>\n\u003Cp>Its main features are as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Turns post, pages and custom post types comments into reviews.\u003C\u002Fli>\n\u003Cli>Allows you to choose post types on which you want to enable Stars Rating feature.\u003C\u002Fli>\n\u003Cli>An option to require rating selection to leave a review.\u003C\u002Fli>\n\u003Cli>Also, allows you to enable\u002Fdisable stars rating feature for the posts and pages individually.\u003C\u002Fli>\n\u003Cli>An option to display stars rating in Google search results.\u003C\u002Fli>\n\u003Cli>Choose from two different rating stars styles according to your site look.\u003C\u002Fli>\n\u003Cli>Offers a shortcode \u003Cstrong>[stars_rating_avg]\u003C\u002Fstrong> to display average rating anywhere in the post\u002Fpage\u002FCPTs detail or listing pages.\u003C\u002Fli>\n\u003Cli>Hide average rating text \u003Cstrong>[stars_rating_avg show_text=”no”]\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Hide empty average rating \u003Cstrong>[stars_rating_avg show_empty_rating=”no”]\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>See each review stars rating on the comments page (backend).\u003C\u002Fli>\n\u003Cli>Enhanced SEO with structured data for standout reviews in Google with “Google Review Schema” integration.\u003C\u002Fli>\n\u003Cli>Preempt negativity with the “Negative Rating Alert” feature, promoting issue resolution before reviews are posted.\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin to turn comments into reviews by adding rating feature.",33150,94,23,"2025-12-04T10:00:00.000Z","8.3",[156,157,158,23,159],"comments","rating","reviews","stars","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstars-rating\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstars-rating.4.0.7.zip",99,"2021-12-06 00:00:00",{"attackSurface":165,"codeSignals":197,"taintFlows":210,"riskAssessment":211,"analyzedAt":224},{"hooks":166,"ajaxHandlers":189,"restRoutes":190,"shortcodes":191,"cronEvents":196,"entryPointCount":27,"unprotectedCount":76},[167,173,178,182,186],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","enqueue_block_editor_assets","review_disclaimer_enqueue_block_editor_assets","blocks\\review-disclaimer.php",21,{"type":168,"name":174,"callback":175,"file":176,"line":177},"plugins_loaded","review_disclaimer_i18n","review-disclaimer.php",38,{"type":168,"name":179,"callback":180,"file":176,"line":181},"admin_menu","oizuled_review_disclaimer",42,{"type":168,"name":183,"callback":184,"file":176,"line":185},"admin_init","register_oizuled_review_disclaimer_settings",50,{"type":168,"name":187,"callback":188,"file":176,"line":13},"init","review_disclaimer_shortcode",[],[],[192],{"tag":193,"callback":194,"file":176,"line":195},"ReviewDisclaimer","review_disclaimer_render_shortcode",82,[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":76,"externalRequests":76,"nonceChecks":76,"capabilityChecks":76,"bundledLibraries":209},[],{"prepared":76,"raw":76,"locations":200},[],{"escaped":65,"rawEcho":14,"locations":202},[203,207],{"file":204,"line":205,"context":206},"options.php",24,"raw output",{"file":204,"line":208,"context":206},39,[],[],{"summary":212,"deductions":213},"The 'review-disclaimer' plugin version 2.0.3 exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices by not making external HTTP requests, performing file operations, or utilizing dangerous functions. Its use of prepared statements for all SQL queries is commendable. However, significant concerns arise from the complete lack of nonce and capability checks across all identified entry points, including the single shortcode.  This leaves the plugin highly vulnerable to various attacks that can be executed without user authentication or specific permissions.\n\nThe vulnerability history reveals a past medium severity Cross-site Scripting (XSS) vulnerability, and critically, this vulnerability remains unpatched. The presence of an unpatched medium-severity XSS vulnerability, combined with the absence of authentication and capability checks, creates a substantial risk. This indicates a potential for attackers to inject malicious scripts, which could lead to session hijacking, data theft, or defacement, especially given the lack of proper output escaping on some generated content.\n\nIn conclusion, while the plugin avoids some common pitfalls like raw SQL and dangerous functions, the absence of fundamental security checks and the existence of an unpatched XSS vulnerability represent critical weaknesses. Users should be highly cautious, and the developers need to address these issues promptly to secure the plugin.",[214,216,219,221],{"reason":215,"points":47},"Unpatched medium severity CVE",{"reason":217,"points":218},"Missing capability checks on entry points",10,{"reason":220,"points":218},"Missing nonce checks on entry points",{"reason":222,"points":223},"Improper output escaping on some content",5,"2026-03-16T21:10:31.083Z",{"wat":226,"direct":233},{"assetPaths":227,"generatorPatterns":229,"scriptPaths":230,"versionParams":231},[228],"\u002Fwp-content\u002Fplugins\u002Freview-disclaimer\u002Findex.js",[],[228],[232],"review-disclaimer\u002Findex.js?ver=",{"cssClasses":234,"htmlComments":236,"htmlAttributes":237,"restEndpoints":238,"jsGlobals":239,"shortcodeOutput":240},[235],"review-disclaimer-block",[],[],[],[],[241],"\u003Cdiv class=\"review-disclaimer-block\">"]