[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX_Q69r5z0FMTmdkTmiO-ykIN8vwSWVlOINrS13DuIKs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":52,"analysis":138,"fingerprints":277},"scoreboard-for-html5-game-lite","Scoreboard for HTML5 Games Lite","1.2","demonisblack","https:\u002F\u002Fprofiles.wordpress.org\u002Fdemonisblack\u002F","\u003Cp>Scoreboard for HTML5 Games is a WordPress plugin that lets you embed HTML5 Games with a built-in scoreboard. Players can submit their scores and view the top 10 leaderboard directly on your site. Through the WP Admin Dashboard, you can easily manage and filter player scores, exclude entries by email\u002Fphone, and control score ranges for fair play.\u003C\u002Fp>\n\u003Ch3>How to use?\u003C\u002Fh3>\n\u003Cp>Download the compatible HTML5 Games and integrate the scoreboard files, go to plugin settings to add and upload game, use shortcode to embed game at your WP post or page content.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add and upload games through plugin settings\u003C\u002Fli>\n\u003Cli>Use shortcode to embed game at WP post or page content\u003C\u002Fli>\n\u003Cli>Support landscape and portrait game layout\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Full Version Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Edit scoreboard settings for every games in plugin settings\u003C\u002Fli>\n\u003Cli>Submit score with Name and Email (Unique by Email)\u003C\u002Fli>\n\u003Cli>User unique ID can be email or phone field\u003C\u002Fli>\n\u003Cli>Scoreboard list display (Rank, Name, Score)\u003C\u002Fli>\n\u003Cli>Top 10 rank can be all time, daily, weekly or monthly high score\u003C\u002Fli>\n\u003Cli>Show more than 10 listing\u003C\u002Fli>\n\u003Cli>Admin access to view all user scores.\u003C\u002Fli>\n\u003Cli>Manage and filter users by ID (email\u002Fphone).\u003C\u002Fli>\n\u003Cli>Manage and filter user scores by number range eg. 1 – 1000\u003C\u002Fli>\n\u003Cli>HTML5 Games scoreboard display score list with filters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fscoreboard-for-html5-games\u002F36706894\" title=\"Get the full version!\" rel=\"nofollow ugc\">Get the full version!\u003C\u002Fa>\u003C\u002Fp>\n","Scoreboard for HTML5 Games is a WordPress plugin that lets you embed HTML5 Games with a built-in scoreboard. Players can submit their scores and view  …",30,3196,0,"2026-01-05T09:31:00.000Z","6.8.5","3.6","",[19,20,21,22,23],"extra","filters","game","highscore","html5","https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fscoreboard-for-html5-games\u002F36706894","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscoreboard-for-html5-game-lite.zip",99,1,"2026-03-20 11:20:53","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":27},"CVE-2026-4083","scoreboard-for-html5-games-lite-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes","Scoreboard for HTML5 Games Lite \u003C= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes","The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function sfhg_shortcode() allows arbitrary HTML attributes to be added to the rendered \u003Ciframe> element, with only a small blacklist of four attribute names (same_height_as, onload, onpageshow, onclick) being blocked. While the attribute names are passed through esc_html() and values through esc_attr(), this does not prevent injection of JavaScript event handler attributes like onfocus, onmouseover, onmouseenter, etc., because these attribute names and simple JavaScript payloads contain no characters that would be modified by these escaping functions. The shortcode text is stored in post_content and is only expanded to HTML at render time, after WordPress's kses filtering has already been applied to the raw post content. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2","1.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-20 23:25:11",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F550ae348-254e-49f5-8046-38629c774802?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":26,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},2,40,282,78,"2026-04-05T03:25:36.116Z",[53,74,93,112,123],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":27,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":17,"download_link":73,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"drimify-widget","WP Shortcode by Drimify","1.0.10","Drimlike","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiddir\u002F","\u003Cp>Gamification platform. Engage your audience. Reach your goals.\u003Cbr \u002F>\nCustomise experiences and games in minutes. #GamificationSuperpowers\u003C\u002Fp>\n\u003Cp>Easily integrate your Drimify applications to your WordPress website using shortcodes. A shortcode allows you to add complex features to your site quickly and easily. In this case, you’re simply copying a shortcode specific to your app from Drimify.com, and pasting it into your WordPress site.\u003C\u002Fp>\n\u003Cp>Do not hesitate to get in touch with our Support team if you need help.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>All support for this plugin is provided through our site:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fhelp.drimify.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fhelp.drimify.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Installation ==update spin build\u003C\u002Fh3>\n\u003Cp>This section describes how to install the plugin and get it working.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Upload the Drimify Widget folder to the \u002Fwp-content\u002Fplugins\u002F directory.\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Retrieve the shortcode from your app created in Drimify.com, paste it to your page in WP, and, “Voilà!”\u003C\u002Fli>\n\u003C\u002Fol>\n","Drimify Widget is a free WP plugin, that provides easy way to integrate your HTML5 games and interactive contents created on Drimify.com",60,2214,100,"2025-11-30T17:12:00.000Z","6.9.4","3.0.2",[68,69,70,71,72],"drimify","html5-games","marketing-games","shortcode","shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdrimify-widget.zip",{"slug":75,"name":76,"version":6,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":63,"num_ratings":27,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":17,"tags":86,"homepage":90,"download_link":91,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"snackgame","Snack Game","Ashutosh Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Flooklikeme05\u002F","\u003Cp>This plugin is used for canvas snack game for HTML5 Browser\u003Cbr \u002F>\nVery Lightweight- Only 2KB\u003C\u002Fp>\n\u003Cp>Installation very easy, just install & enjoy.\u003C\u002Fp>\n\u003Cp>Any problem, Please Check FAQ Tab.\u003C\u002Fp>\n\u003Cp>Created By: http:\u002F\u002Fwww.webitmart.com\u003C\u002Fp>\n","This plugin is used for canvas snack game for HTML5 Browser",10,2534,"2017-11-04T17:56:00.000Z","4.8.28","3.0.1",[87,88,89],"html-snack-game","html5-snack-game","snack-game","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsnackgame","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnackgame.zip",85,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":81,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":17,"tags":105,"homepage":110,"download_link":111,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"wi-games-shortcode","WI Games Shortcode","1.0","WI Games","https:\u002F\u002Fprofiles.wordpress.org\u002Fwi-games\u002F","\u003Cp>WI Games Shortcode – allows you to easy and quickly insert any game placed on wigames.net!\u003C\u002Fp>\n\u003Ch3>How To\u003C\u002Fh3>\n\u003Cp>After downloading and installation of plug-in for a game insert you will need to add in new (or edited) record shortcode like that:\u003C\u002Fp>\n\u003Cp>‘[wigames id =” 98″]’\u003C\u002Fp>\n\u003Cp>You can learn id of game from game Url on the site wigames.net.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>‘http:\u002F\u002Fwigames.net\u002Fgame\u002F98-double-edged \u002F’\u003C\u002Fp>\n\u003Cp>Figures at the beginning of utl are also game id.\u003C\u002Fp>\n\u003Cp>In shortcode it is also possible to use the width and height parameters which will help you to adjust the size of game in compliance to the template.\u003C\u002Fp>\n\u003Cp>Example:\u003Cbr \u002F>\n‘[wigames id=”134″ width=”650″ height=”450″]’\u003C\u002Fp>\n","This plug-in will help you to place any game which you can find on wigames.net without problems",3333,"2015-09-07T12:38:00.000Z","4.2.39","3.8",[106,23,107,108,109],"arcade","unity3d","wi-games","widget","http:\u002F\u002Fwi-games.com\u002Fstart\u002Fwordpress-shortcode-plugin-install","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwi-games-shortcode.zip",{"slug":113,"name":114,"version":115,"author":97,"author_profile":98,"description":116,"short_description":117,"active_installs":81,"downloaded":118,"rating":63,"num_ratings":27,"last_updated":17,"tested_up_to":103,"requires_at_least":104,"requires_php":17,"tags":119,"homepage":120,"download_link":121,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":122},"wi-games-widget","WI Games widget Plugin","1.0.2","\u003Cp>WI Games Widget plug-in is created to simplify  installation of a widget which will allow your users to play hundreds of fascinating games without leaving your site as much as possible, and at the same time to gain additional income having placed in it the advertizing codes. (More info http:\u002F\u002Fwi-games.com)\u003C\u002Fp>\n\u003Ch3>How To\u003C\u002Fh3>\n\u003Cp>After installation and activation of a plug-in you need to insert a code similar to this\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cscript type=\"text\u002Fjavascript\" src=\"http:\u002F\u002Foutput.js.wigames.net\u002F?hash=717109d9d379a24131347c7a0ecf3fd4\">\u003C\u002Fscript>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Where to get a code\u003C\u002Fh4>\n\u003Cp>To receive a code you need to become authorized (http:\u002F\u002Fbackend.wigames.net\u002Flogin\u002F) or to create a new account (http:\u002F\u002Fbackend.wigames.net\u002Fregister\u002F) in the WI Games service.\u003C\u002Fp>\n\u003Cp>Further you will be able to add a domain having entered it in the corresponding line. After check of your domain on compliance to requirements to platforms it will receive the status “active” and control of a widget and monetization will be available to you.\u003C\u002Fp>\n\u003Cp>If you have already added the domain and it has the status “active” press the Widget button near the corresponding domain.\u003C\u002Fp>\n\u003Cp>!Attention! All settings of positioning and size of the button of a call of a widget are made from the control panel of the webmaster.\u003C\u002Fp>\n\u003Cp>After a widget code insert in a plug-in on the page of its settings (\u002Fwp-admin\u002Fadmin.php? page=wi-games-settings) keep changes having pressed the Submit button.\u003C\u002Fp>\n","This plugin will help you to smoothly integrate WI Games widget to your website.",3938,[106,23,107,108,109],"http:\u002F\u002Fwi-games.ru\u002Fwordpress-plugin-install","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwi-games-widget.zip","2026-03-15T10:48:56.248Z",{"slug":124,"name":125,"version":96,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":81,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":17,"tags":134,"homepage":136,"download_link":137,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"wp-game","WP-Game","mayxaybot","https:\u002F\u002Fprofiles.wordpress.org\u002Fmayxaybot\u002F","\u003Cp>This isn’t plugin for website game. This plugin include opensource html5 games library for user visit website. This is mini game help user free stress after tired working times.\u003C\u002Fp>\n","This isn't plugin for website game. This plugin include opensource html5 games library for user visit website. This is mini game help user free s …",2878,"2015-02-27T01:31:00.000Z","4.1.42","3.0",[21,135],"html5-game","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-game\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-game.zip",{"attackSurface":139,"codeSignals":180,"taintFlows":229,"riskAssessment":268,"analyzedAt":276},{"hooks":140,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":179,"entryPointCount":27,"unprotectedCount":13},[141,147,151,155,159,163,167],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","wp_enqueue_scripts","sfhg_style_script","scoreboard-for-html5-game-lite.php",405,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_enqueue_scripts","sfhg_admin_style_script",406,{"type":142,"name":152,"callback":153,"file":145,"line":154},"admin_init","sfhg_admin_init",408,{"type":142,"name":156,"callback":157,"file":145,"line":158},"admin_notices","sfhg_admin_notice",409,{"type":142,"name":160,"callback":161,"file":145,"line":162},"admin_menu","sfhg_admin_menu",411,{"type":142,"name":164,"callback":165,"file":145,"line":166},"plugins_loaded","sfhg_plugin_load_text_domain",414,{"type":168,"name":169,"callback":170,"priority":81,"file":145,"line":171},"filter","plugin_row_meta","sfhg_plugin_row_meta",417,[],[],[175],{"tag":176,"callback":177,"file":145,"line":178},"scoreboard","sfhg_shortcode",412,[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":185,"fileOperations":227,"externalRequests":13,"nonceChecks":227,"capabilityChecks":47,"bundledLibraries":228},[],{"prepared":183,"raw":13,"locations":184},9,[],{"escaped":186,"rawEcho":187,"locations":188},122,17,[189,193,195,197,200,202,204,206,208,210,212,214,216,218,220,222,225],{"file":190,"line":191,"context":192},"includes\\admin.php",18,"raw output",{"file":190,"line":194,"context":192},63,{"file":190,"line":196,"context":192},73,{"file":198,"line":199,"context":192},"includes\\game.php",23,{"file":198,"line":201,"context":192},72,{"file":198,"line":203,"context":192},77,{"file":198,"line":205,"context":192},82,{"file":198,"line":207,"context":192},93,{"file":198,"line":209,"context":192},132,{"file":198,"line":211,"context":192},134,{"file":198,"line":213,"context":192},166,{"file":198,"line":215,"context":192},191,{"file":198,"line":217,"context":192},223,{"file":198,"line":219,"context":192},246,{"file":198,"line":221,"context":192},252,{"file":223,"line":224,"context":192},"includes\\quickstart.php",7,{"file":145,"line":226,"context":192},342,5,[],[230],{"entryPoint":231,"graph":232,"unsanitizedCount":13,"severity":267},"\u003Cgame> (includes\\game.php:0)",{"nodes":233,"edges":262},[234,239,245,249,254,257],{"id":235,"type":236,"label":237,"file":198,"line":238},"n0","source","$_POST",160,{"id":240,"type":241,"label":242,"file":198,"line":243,"wp_function":244},"n1","sink","get_results() [SQLi]",163,"get_results",{"id":246,"type":236,"label":247,"file":198,"line":248},"n2","$_REQUEST",270,{"id":250,"type":241,"label":251,"file":198,"line":252,"wp_function":253},"n3","update_option() [Settings Manipulation]",284,"update_option",{"id":255,"type":236,"label":237,"file":198,"line":256},"n4",240,{"id":258,"type":241,"label":259,"file":198,"line":260,"wp_function":261},"n5","echo() [XSS]",422,"echo",[263,265,266],{"from":235,"to":240,"sanitized":264},true,{"from":246,"to":250,"sanitized":264},{"from":255,"to":258,"sanitized":264},"low",{"summary":269,"deductions":270},"The scoreboard-for-html5-game-lite plugin v1.2 demonstrates a generally strong security posture, largely due to its diligent use of prepared statements for all SQL queries and a high percentage of properly escaped output. The plugin also incorporates nonce and capability checks, further reducing its attack surface. The absence of external HTTP requests and bundled libraries are also positive indicators. \n\nHowever, the static analysis reveals potential areas for improvement. While the total attack surface is small and appears to be protected, the presence of file operations without explicit detail on their sanitization warrants caution. The taint analysis, though limited in scope with only one flow analyzed, reported no vulnerabilities, which is encouraging. The complete lack of known CVEs and historical vulnerabilities is a significant strength, suggesting a commitment to security from the developers or a history of thorough vetting.\n\nOverall, the plugin is well-implemented from a security perspective, especially in its handling of database interactions and output. The primary concern would be any potential mishandling of file operations or unforeseen edge cases not covered by the limited taint analysis. Given the strong historical record and good coding practices observed, the risk is currently assessed as low.",[271,273],{"reason":272,"points":227},"File operations without clear sanitization",{"reason":274,"points":275},"Limited scope of taint analysis",3,"2026-03-16T22:34:27.880Z",{"wat":278,"direct":293},{"assetPaths":279,"generatorPatterns":285,"scriptPaths":286,"versionParams":287},[280,281,282,283,284],"\u002Fwp-content\u002Fplugins\u002Fscoreboard-for-html5-game-lite\u002Fcss\u002Fiframe.css","\u002Fwp-content\u002Fplugins\u002Fscoreboard-for-html5-game-lite\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fscoreboard-for-html5-game-lite\u002Fjs\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Fscoreboard-for-html5-game-lite\u002Fjs\u002Fadditional-methods.min.js","\u002Fwp-content\u002Fplugins\u002Fscoreboard-for-html5-game-lite\u002Fjs\u002Fscript.js",[],[284,282,283],[288,289,290,291,292],"scoreboard-for-html5-game-lite\u002Fcss\u002Fiframe.css?ver=","scoreboard-for-html5-game-lite\u002Fcss\u002Fadmin.css?ver=","scoreboard-for-html5-game-lite\u002Fjs\u002Fjquery.validate.min.js?ver=","scoreboard-for-html5-game-lite\u002Fjs\u002Fadditional-methods.min.js?ver=","scoreboard-for-html5-game-lite\u002Fjs\u002Fscript.js?ver=",{"cssClasses":294,"htmlComments":296,"htmlAttributes":297,"restEndpoints":300,"jsGlobals":301,"shortcodeOutput":303},[295],"sfhg-responsive-iframe",[],[298,299],"data-game","data-class",[],[302],"sfhg_scoreboard_settings",[]]