[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKlBdWVsR1bcZi8XWFwMofNXSuCk0ypGSLL6g_Y7pitU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":53,"analysis":163,"fingerprints":223},"rps-include-content","RPS Include Content","1.2.2","redpixelstudios","https:\u002F\u002Fprofiles.wordpress.org\u002Fredpixelstudios\u002F","\u003Cp>The RPS Include Content plugin is useful when you need to include the same content across many posts or pages. For example, you may want to place your company boilerplate at the bottom of press releases in your News section. Instead of pasting the boilerplate copy at the end of each of these pages, you can now insert the shortcode (along with the post ID, and for multisite configurations, the blog ID) where that content should appear.\u003C\u002Fp>\n\u003Cp>When you modify your source copy, changes will appear on all pages that contain the shortcode. There’s no need to open and modify multiple pages.\u003C\u002Fp>\n\u003Cp>When a user previews the post from the WordPress Administration, the included content is distinguished with an on-hover highlight. A link is provided so that the source content can be conveniently accessed and modified. The preview of the include will not distort the target page – the width, height and position will remain as defined by the site.\u003C\u002Fp>\n\u003Cp>To easily obtain the blog ID and post ID, install the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frps-blog-info\u002F\" rel=\"ugc\">RPS Blog Info\u003C\u002Fa> plugin, which places that information (and much more) on your WordPress 3.3 Toolbar.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Include featured image of the included post with optional wrapper and custom class.\u003C\u002Fli>\n\u003Cli>Allows specific shortcodes to display within included posts.\u003C\u002Fli>\n\u003Cli>Allows oEmbeds to display within included posts.\u003C\u002Fli>\n\u003Cli>Respects the more tag in posts automatically.\u003C\u002Fli>\n\u003Cli>Set the length of the content to be displayed by word count.\u003C\u002Fli>\n\u003Cli>Option to remove the hover interface.\u003C\u002Fli>\n\u003Cli>Option to include private content.\u003C\u002Fli>\n\u003Cli>Display the title of the included post without any content.\u003C\u002Fli>\n\u003Cli>Include the title of the included post with or without a hyperlink.\u003C\u002Fli>\n\u003Cli>Include a page or a post in another page or post.\u003C\u002Fli>\n\u003Cli>Specify whether the content or the excerpt should be used.\u003C\u002Fli>\n\u003Cli>Updates made to source content are reflected on all target pages.\u003C\u002Fli>\n\u003Cli>Source content pulled into a page is easily distinguishable and accessible when viewing the page on the front-end while logged into the WordPress back-end.\u003C\u002Fli>\n\u003Cli>Protects against generating include loops and calling nonexistent source content.\u003C\u002Fli>\n\u003Cli>Displays errors on the front-end to logged-in page\u002Fpost editors.\u003C\u002Fli>\n\u003Cli>Compatible with single and multisite installs.\u003C\u002Fli>\n\u003Cli>Support for password protected posts.\u003C\u002Fli>\n\u003Cli>Strip shortcodes from included posts.\u003C\u002Fli>\n\u003Cli>Default Settings page.\u003C\u002Fli>\n\u003C\u002Ful>\n","Makes it easy to pull content from one post or page and place it on another using a simple shortcode, even in a multisite environment.",800,23895,98,18,"2025-03-24T20:16:00.000Z","6.7.5","5.0","",[20,21,22,23,24],"copy-content","duplicate-content","include","include-content","includes","http:\u002F\u002Fredpixel.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frps-include-content.1.2.2.zip",91,1,0,"2025-03-28 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-31093","rps-include-content-authenticated-contributor-stored-cross-site-scripting","RPS Include Content \u003C= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The RPS Include Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-02 20:15:07",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F371e0f8b-4e2c-4425-a77d-7cbe1adba8e2?source=api-prod",6,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":47,"trust_score":27,"computed_at":52},3,1700,87,"2026-04-04T15:29:54.183Z",[54,76,94,120,142],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"include-content-by-shortcode","Include Content By Shortcode","0.5","kashanshah","https:\u002F\u002Fprofiles.wordpress.org\u002Fkashanshah\u002F","\u003Cp>This plugin enables users to add the same content to multiple posts and pages using a shortcode. It functions similarly to PHP’s ‘include’ function.\u003C\u002Fp>\n\u003Cp>Users can include HTML, CSS, and JavaScript in their content with a simple shortcode.\u003Cbr \u002F>\nFor example, if my brand’s tagline, “The Best Of Its Kind,” needs to be displayed on various pages and posts, I would add it to the Included Content section. The plugin will generate a shortcode for this content, which I can then place wherever I want the tagline to appear.\u003C\u002Fp>\n\u003Cp>Additionally, CSS and JavaScript can be added alongside the HTML content, ensuring they are included wherever the shortcode is used.\u003C\u002Fp>\n\u003Cp>In the future, if I change my tagline, I only need to update it in the Included Content section, and it will be updated everywhere the shortcode has been used.\u003C\u002Fp>\n","This plugin allows you to include content from a custom post type by using a shortcode. You can also add custom CSS and JS to the included content.",50,2212,100,4,"2024-10-25T03:46:00.000Z","6.6.5","4.0.1","5.2.4",[20,22,23,71,72],"include-html","nested-content","https:\u002F\u002Fwww.kashanshah.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finclude-content-by-shortcode.0.5.zip",92,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":29,"num_ratings":29,"last_updated":18,"tested_up_to":86,"requires_at_least":18,"requires_php":18,"tags":87,"homepage":18,"download_link":92,"security_score":64,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":93},"post-head-includes","Post Head Includes","0.2.1","Rick Buczynski","https:\u002F\u002Fprofiles.wordpress.org\u002Frbuczynski\u002F","\u003Cp>Easily add scripts and stylesheets per post. This is a great tool for developers creating custom pages for their clients, but also useful for the blogger who wants to separate inline CSS & JS from their post content.\u003C\u002Fp>\n\u003Cp>This plugin provides an interface for wp_enqueue_script and wp_enqueue_style functions, so all of the functionality that a developer would find there is available in this plugin.\u003C\u002Fp>\n\u003Cp>However, script localization differs from wp_localize_script in that with this plugin you are allowed to input raw JavaScript code for localization, library initialization, and more.\u003C\u002Fp>\n\u003Cp>This plugin may also help to alleviate modern browser XSS detection from blocking potentially unsafe JavaScript.\u003C\u002Fp>\n","Easily add scripts and stylesheets to the HEAD of your posts, keeping your HTML cleaner without inline scripts or styles.",10,1856,"3.5.2",[88,89,77,90,91],"css","javascript","wp_enqueue_script","wp_enqueue_style","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-head-includes.zip","2026-03-15T10:48:56.248Z",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":29,"last_vuln_date":119,"fetched_at":31},"include-me","Include Me","1.3.7","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Include Me helps to include in posts or pages external files usually to be shared\u003Cbr \u002F>\nbetween different posts or pages or that contains PHP or other code that can be\u003Cbr \u002F>\ncompromised by the visual editor.\u003C\u002Fp>\n\u003Cp>The use is immediate: the shortcode [includeme] is all that you need (see the documentation\u003Cbr \u002F>\non \u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me official page\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>The best way to use it is to include functionalities\u003Cbr \u002F>\nwritten in external PHP that will be rendered in post body or to include pieces of\u003Cbr \u002F>\njavascript that will be hard to add with WordPress editor.\u003C\u002Fp>\n\u003Cp>Inclusions can be rendered with IFRAME if needed to create boxes that display\u003Cbr \u002F>\nexternal web pages.\u003C\u002Fp>\n\u003Cp>This plugin is made of few line of code, ultralite!\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>You can contribute to translate this plugin in your language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">WordPress Translate\u003C\u002Fa>\u003C\u002Fp>\n","Include Me helps to include any external file (textual, HTML or PHP) in posts or pages.",4000,91243,96,21,"2026-02-05T15:36:00.000Z","6.9.4","6.1","7.0",[111,112,22,113,114],"external-page","iframe","php","php-execute","https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finclude-me.1.3.7.zip",97,2,"2025-09-09 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":65,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":140,"download_link":141,"security_score":64,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"advance-canonical-url","Advance Canonical URL","1.0.4","Usman Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fusmanaliqureshi\u002F","\u003Cp>Advanced Canonical URL is a powerful WordPress plugin designed to enhance your website’s SEO by preventing duplicate content issues. With its advanced settings, you can easily configure canonical URLs across your site, ensuring search engines prioritize the right pages for better rankings and improved visibility.\u003C\u002Fp>\n","Advanced Canonical URL is a powerful WordPress plugin designed to enhance your website’s SEO by preventing duplicate content issues.",2000,17843,80,"2025-05-19T05:22:00.000Z","6.8.5","5.2","7.3",[136,137,138,21,139],"canonical","canonical-url","duplicate","url","https:\u002F\u002Fgithub.com\u002Fusmanaliqureshi\u002Fadvance-canonical-url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvance-canonical-url.1.0.4.zip",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":84,"last_updated":153,"tested_up_to":107,"requires_at_least":154,"requires_php":18,"tags":155,"homepage":160,"download_link":161,"security_score":13,"vuln_count":118,"unpatched_count":29,"last_vuln_date":162,"fetched_at":31},"copyscape-premium","Copyscape Premium","1.4.2","Copyscape","https:\u002F\u002Fprofiles.wordpress.org\u002Fcopyscape\u002F","\u003Cp>The Copyscape Premium plugin lets you check if a WordPress post is original before it’s published, by using the Copyscape Premium API to check for duplicate content on the web.\u003C\u002Fp>\n\u003Cp>The plugin will add a ‘Copyscape Check’ button to your WordPress interface, allowing you to check your posts whenever you wish. You may also set the plugin to automatically check your posts when you click ‘Publish’ and\u002For ‘Update’.\u003C\u002Fp>\n\u003Cp>When duplicate content is found, a report of matching pages is shown. You may also see a detailed comparison that highlights your content on the found page.\u003C\u002Fp>\n\u003Cp>If you do not already have a Copyscape Premium account, please \u003Ca href=\"http:\u002F\u002Fwww.copyscape.com\u002Fredirect\u002F?to=prosignup\" title=\"Copyscape Premium sign up\" rel=\"nofollow ugc\">sign up\u003C\u002Fa>,  \u003Ca href=\"http:\u002F\u002Fwww.copyscape.com\u002Fredirect\u002F?to=propurchase\" title=\"Purchase Copyscape Premium Credits\" rel=\"nofollow ugc\">purchase some credits\u003C\u002Fa>, and enable your \u003Ca href=\"http:\u002F\u002Fwww.copyscape.com\u002Fredirect\u002F?to=apiconfigure#key\" title=\"Copyscape Premium API page\" rel=\"nofollow ugc\">API access\u003C\u002Fa>. You may then begin using the plugin.\u003C\u002Fp>\n","The Copyscape Premium plugin lets you check if a WordPress post is unique before it's published, by searching for duplicate content on the web.",1000,53159,64,"2025-12-24T18:07:00.000Z","3.0.1",[156,21,157,158,159],"copyscape","original","plagiarism","unique","http:\u002F\u002Fwww.copyscape.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcopyscape-premium.1.4.2.zip","2026-01-10 00:00:00",{"attackSurface":164,"codeSignals":198,"taintFlows":213,"riskAssessment":214,"analyzedAt":222},{"hooks":165,"ajaxHandlers":188,"restRoutes":189,"shortcodes":190,"cronEvents":197,"entryPointCount":118,"unprotectedCount":29},[166,172,176,180,184],{"type":167,"name":168,"callback":169,"file":170,"line":171},"action","init","cb_init","rps-include-content.php",67,{"type":167,"name":173,"callback":174,"file":170,"line":175},"wp_enqueue_scripts","cb_enqueue_styles_scripts",68,{"type":167,"name":177,"callback":178,"file":170,"line":179},"admin_menu","_admin_menu",69,{"type":167,"name":181,"callback":182,"file":170,"line":183},"admin_init","_add_plugin_caps",71,{"type":167,"name":185,"callback":186,"file":170,"line":187},"plugins_loaded","_plugins_loaded",74,[],[],[191,195],{"tag":192,"callback":193,"file":170,"line":194},"rps-include","cb_include_shortcode",78,{"tag":4,"callback":193,"file":170,"line":196},79,[],{"dangerousFunctions":199,"sqlUsage":200,"outputEscaping":202,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":84,"bundledLibraries":212},[],{"prepared":29,"raw":29,"locations":201},[],{"escaped":203,"rawEcho":49,"locations":204},29,[205,208,210],{"file":170,"line":206,"context":207},498,"raw output",{"file":170,"line":209,"context":207},500,{"file":170,"line":211,"context":207},530,[],[],{"summary":215,"deductions":216},"The \"rps-include-content\" plugin version 1.2.2 demonstrates a generally good security posture based on the static analysis. The absence of AJAX handlers and REST API routes without proper authentication checks significantly limits the attack surface. The code also shows strong adherence to secure SQL practices by exclusively using prepared statements and a high percentage of output escaping, indicating an effort to prevent common web vulnerabilities. Furthermore, the presence of nonce and capability checks, along with no detected file operations or external HTTP requests, are positive security indicators. The taint analysis showing zero flows with unsanitized paths further supports this. However, the plugin does have a history of known vulnerabilities, including one classified as medium severity. While this specific vulnerability is currently unpatched, the fact that there are no *currently* unpatched CVEs is a positive sign for this specific version. The past presence of cross-site scripting vulnerabilities suggests that vigilance in output escaping and input sanitization, even with current good scores, is crucial for future development.",[217,219],{"reason":218,"points":84},"Past medium severity CVE",{"reason":220,"points":221},"History of XSS vulnerabilities",5,"2026-03-16T19:19:33.796Z",{"wat":224,"direct":231},{"assetPaths":225,"generatorPatterns":227,"scriptPaths":228,"versionParams":229},[226],"\u002Fwp-content\u002Fplugins\u002Frps-include-content\u002Frps-include-content.css",[],[],[230],"rps-include-content\u002Frps-include-content.css?ver=",{"cssClasses":232,"htmlComments":233,"htmlAttributes":234,"restEndpoints":254,"jsGlobals":255,"shortcodeOutput":256},[],[],[235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253],"data-rps-include-blog","data-rps-include-post","data-rps-include-page","data-rps-include-title","data-rps-include-titletag","data-rps-include-titlelink","data-rps-include-content","data-rps-include-filter","data-rps-include-shortcodes","data-rps-include-embeds","data-rps-include-more-text","data-rps-include-length","data-rps-include-allow-shortcodes","data-rps-include-hover","data-rps-include-private","data-rps-include-featured-image","data-rps-include-featured-image-size","data-rps-include-featured-image-wrap","data-rps-include-featured-image-wrap-class",[],[],[257,258],"[rps-include","[rps-include-content"]