[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmOdBIX48GprMsCLv5TlAqJ6T1qKy6CfpXEGMKd2wEE8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":53,"analysis":148,"fingerprints":550},"scripts-n-styles","Scripts n Styles","3.5.8","WraithKenny","https:\u002F\u002Fprofiles.wordpress.org\u002Fwraithkenny\u002F","\u003Cp>This plugin allows Admin users the ability to add custom CSS and JavaScript directly into individual Post, Pages or any other registered custom post types. You can also add classes to the body tag and the post container. There is a Global settings page for which you can write Scripts n Styles for the entire blog.\u003C\u002Fp>\n\u003Cp>Admin’s can also add classes to the TinyMCE “Formats” dropdown which users can use to style posts and pages directly. As of Scripts n Styles 3+ styles are reflected in the post editor.\u003C\u002Fp>\n\u003Cp>Because only well trusted users should ever be allowed to insert JavaScript directly into the pages of your site, this plugin restricts usage to admin type users. Admin’s have access to even more sensitive areas by definition, so that should be relatively safe 😉\u003C\u002Fp>\n\u003Ch4>Notes about the implementation:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Admin users, or more specifically, \u003Cem>any user with the \u003Ccode>manage_options\u003C\u002Fcode> and \u003Ccode>unfiltered_html\u003C\u002Fcode> capabilities\u003C\u002Fem> (which by default is \u003Cem>only\u003C\u002Fem> the admin type user) can use this plugin’s functionality. Some plugins extend user rolls, and so this plugin would naturally extend include rolls that have the appropriate capability.\u003C\u002Fli>\n\u003Cli>CSS Styles are embeded, not linked, at the bottom of the \u003Ccode>head\u003C\u002Fcode> element with \u003Ccode>style\u003C\u002Fcode> tags by using \u003Ccode>wp-head\u003C\u002Fcode>. If your theme doesn’t have this hook, this plugin (as well as most others) won’t work.\u003C\u002Fli>\n\u003Cli>JavaScript is embeded, not linked, at the bottom of the \u003Ccode>body\u003C\u002Fcode> (or \u003Ccode>head\u003C\u002Fcode>) element with \u003Ccode>script\u003C\u002Fcode> tags by using \u003Ccode>wp-footer\u003C\u002Fcode> (or \u003Ccode>wp-head\u003C\u002Fcode>). If your theme doesn’t have this hook, this plugin (as well as most others) won’t work.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>There is no input validation.\u003C\u002Fstrong> This plugin puts exactly what you type in the meta box directly into the \u003Ccode>html\u003C\u002Fcode> with no error checking. You are an Admin, and we trust you to be carefull. Try not to break anything.\u003C\u002Fli>\n\u003Cli>Do to the licensing of the libraries used, this plugin is released “GPL 3.0 or later” if you care about those things.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows Admin users to individually add HTML, custom CSS, Classes and JavaScript directly to Post, Pages or any other custom post types.",30000,379153,88,30,"2023-06-06T19:13:00.000Z","6.2.9","5.0","7.4",[20,21,22,23,24],"admin","code","css","custom","javascript","https:\u002F\u002Fwww.unfocus.com\u002Fprojects\u002Fscripts-n-styles\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscripts-n-styles.3.5.8.zip",85,1,0,"2023-05-18 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-31236","scripts-n-styles-authenticated-administrator-stored-cross-site-scripting","Scripts n Styles \u003C= 3.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Scripts n Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.5.3","3.5.4","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa86d8f97-54dc-4c6b-92c0-05a8625cc073?source=api-prod",250,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":51,"computed_at":52},"wraithkenny",69,"2026-04-04T00:34:12.684Z",[54,74,92,109,127],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":29,"num_ratings":29,"last_updated":64,"tested_up_to":65,"requires_at_least":17,"requires_php":66,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"customeasy","CustomEasy","1.0.2","LCweb","https:\u002F\u002Fprofiles.wordpress.org\u002Flcweb-projects\u002F","\u003Cp>Tiny plugin allowing you to write code directly in website’s head and\u002For footer. Insert code globally or specifically for single pages \u002F posts \u002F etc\u003C\u002Fp>\n\u003Cp>Features also a syntax highlighter (ACE) editor, to code faster and safer.\u003C\u002Fp>\n\u003Ch4>NOTE:\u003C\u002Fh4>\n\u003Cp>No support provided\u003C\u002Fp>\n","Gives you a quick and superlight way to inject codes in your website's HEAD or FOOTER",10,1931,"2024-12-10T20:00:00.000Z","6.7.5","7.0",[68,22,69,24,70],"code-injection","custom-code","jquery","https:\u002F\u002Flcweb.it\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomeasy.zip",92,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":62,"downloaded":82,"rating":83,"num_ratings":28,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":90,"download_link":91,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"nuno-sarmento-custom-css-js","Nuno Sarmento Custom CSS – JS","1.0.3","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>Custom CSS & JS plugin allows us to add custom CSS and Javascript functions on your WordPress website without editing any theme’s style and script files, the plugin also allows us to add external URLs with your style or script\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom CSS, JS and external URLs(scripts, CSS) on individual posts.\u003C\u002Fli>\n\u003Cli>Custom CSS, JS and external URLs(scripts, CSS) on pages.\u003C\u002Fli>\n\u003Cli>Custom CSS, JS and external URLs(scripts, CSS) across the whole website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FHRJLXe2eCSA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>If you have suggestions for a new add-on, feel free to email me at hello@nuno-sarmento.com\u003C\u002Fp>\n","Custom CSS & JavaScripts functions.",2076,100,"2020-11-27T10:05:00.000Z","5.6.17","3.0.1","",[20,22,23,24,89],"style","https:\u002F\u002Fen-gb.wordpress.org\u002Fplugins\u002Fnuno-sarmento-custom-css-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnuno-sarmento-custom-css-js.1.0.3.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":29,"downloaded":100,"rating":29,"num_ratings":29,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":87,"tags":104,"homepage":87,"download_link":108,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"cmc-hook","CMC Hook","1.0.6","Edem","https:\u002F\u002Fprofiles.wordpress.org\u002Flovnic\u002F","\u003Cp>a. Targeted at developers for quick test and development of plugins\u003Cbr \u002F>\na. Register php functions to hooks ( action and filter ) live from wordpress dashboard tools.\u003Cbr \u002F>\nb. Run php, html, css and javascript codes safely. php codes are enclosed between php tags eg. “”\u003Cbr \u002F>\nc. Hooks can be disabled from the url, so your system can recover from erroneous php codes\u003Cbr \u002F>\nd. create and quickly live test plugins from your website before deployment\u003Cbr \u002F>\ne. Easy to use with shortcodes\u003Cbr \u002F>\nf. Very extendable with other plugins as it has lots of filters and actions.\u003C\u002Fp>\n\u003Ch3>shortcode\u003C\u002Fh3>\n\u003Cp>[cmchksh id=”” slug=””]\u003C\u002Fp>\n","Register php functions to hooks(action and filter), run php codes safely, create and test plugins all from dashboard tools",1590,"2017-07-24T14:39:00.000Z","4.8.28","4.6.0",[22,105,24,106,107],"custom-filters","php","shortcode-generator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcmc-hook.1.0.6.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":65,"requires_at_least":86,"requires_php":87,"tags":122,"homepage":125,"download_link":126,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"simple-custom-css","Simple Custom CSS Plugin","4.0.7","John Regan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnregan3\u002F","\u003Cp>Add Custom CSS to your WordPress site without any hassles.\u003C\u002Fp>\n\u003Cp>An easy-to-use WordPress Plugin to add custom CSS styles that override Plugin and Theme default styles. This plugin is designed to meet the needs of administrators who would like to add their own CSS to their WordPress website. Styles created with this plugin will render even if the theme is changed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New in Version 4.0.7\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tested for compatibility with WP 6.7.2\u003C\u002Fli>\n\u003Cli>Tested for compatibility with PHP 8.4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AMP Support\u003C\u002Fli>\n\u003Cli>Customizer Control (live preview)\u003C\u002Fli>\n\u003Cli>Useful Code Syntax Highlighter\u003C\u002Fli>\n\u003Cli>Code linting (error checking)\u003C\u002Fli>\n\u003Cli>No configuration needed\u003C\u002Fli>\n\u003Cli>Simple interface built on native WordPress UI\u003C\u002Fli>\n\u003Cli>Virtually no impact on site performance\u003C\u002Fli>\n\u003Cli>No complicated database queries\u003C\u002Fli>\n\u003Cli>Thorough documentation\u003C\u002Fli>\n\u003Cli>Allows Administrator access on WP Networks (Multisite)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Navigate to Appearance > Custom CSS in the Admin Menu\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enter in valid CSS styles\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Click “Update Custom CSS”\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View your changes in the Front End of your website\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjohnregan3\u002Fsimple-custom-css\u002Fwiki\" title=\"Simple Custom CSS Wiki\" rel=\"nofollow ugc\">Simple Custom CSS Wiki\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-custom-css\" title=\"Support Forum\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n","Add Custom CSS to your WordPress site without any hassles.",100000,3068872,94,159,"2025-03-11T16:57:00.000Z",[21,22,23,123,124],"custom-css","styles","http:\u002F\u002Fjohnregan3.github.io\u002Fsimple-custom-css","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-custom-css.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":137,"num_ratings":138,"last_updated":139,"tested_up_to":65,"requires_at_least":140,"requires_php":66,"tags":141,"homepage":146,"download_link":147,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"admin-css-mu","Admin CSS MU","2.10","Arun Basil Lal","https:\u002F\u002Fprofiles.wordpress.org\u002Farunbasillal\u002F","\u003Cp>A simple plugin that lets you add your custom CSS to style the WordPress Admin. Works with WordPress single install and WordPress multisites.\u003C\u002Fp>\n\u003Cp>Version 2.0 is updated wtih an Admin interface and can be found in Appearance > Admin CSS MU\u003C\u002Fp>\n\u003Cp>Admin CSS MU uses CSSTidy to clean and optionally minify CSS. CSS is only minified while using it. The editor always shows un-minified CSS for easy editing.\u003C\u002Fp>\n\u003Cp>Note: If you want to easily add custom CSS on your Login and Front-end as well (along with WordPress Admin), use my \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-login-admin-front-end-css-with-multisite-support\u002F\" rel=\"ugc\">Custom Login Admin Front-end CSS\u003C\u002Fa> plugin instead.\u003C\u002Fp>\n","Add custom CSS to style the WordPress Admin. Works with Multisites.",10000,112500,90,26,"2024-12-09T05:54:00.000Z","3.0",[20,142,143,144,145],"admin-css","admin-interface","custom-admin-css","mu-plugin","http:\u002F\u002Fmillionclues.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-css-mu.zip",{"attackSurface":149,"codeSignals":357,"taintFlows":484,"riskAssessment":539,"analyzedAt":549},{"hooks":150,"ajaxHandlers":288,"restRoutes":341,"shortcodes":342,"cronEvents":355,"entryPointCount":326,"unprotectedCount":356},[151,157,160,163,166,172,177,181,184,189,192,195,199,203,207,209,212,216,218,221,225,228,232,236,239,243,247,251,255,258,261,265,268,271,274,278,281,284],{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","admin_menu","init","includes\\class-sns-admin.php",35,{"type":152,"name":153,"callback":158,"file":155,"line":159},"menu",39,{"type":152,"name":161,"callback":154,"file":155,"line":162},"admin_init",41,{"type":152,"name":161,"callback":164,"file":155,"line":165},"load_plugin_textdomain",42,{"type":167,"name":168,"callback":169,"file":170,"line":171},"filter","editable_extensions","extend","includes\\class-sns-ajax.php",59,{"type":167,"name":173,"callback":174,"priority":62,"file":175,"line":176},"sns_options_pre_update_option","enqueue_scripts","includes\\class-sns-global-page.php",175,{"type":167,"name":178,"callback":178,"file":179,"line":180},"parent_file","includes\\class-sns-hoops-page.php",32,{"type":167,"name":173,"callback":182,"file":179,"line":183},"new_hoops",57,{"type":152,"name":185,"callback":186,"file":187,"line":188},"current_screen","add_meta_boxes","includes\\class-sns-meta-box.php",23,{"type":152,"name":190,"callback":190,"file":187,"line":191},"save_post",24,{"type":167,"name":193,"callback":193,"file":187,"line":194},"default_hidden_meta_boxes",96,{"type":152,"name":196,"callback":197,"file":187,"line":198},"admin_print_styles","meta_box_styles",97,{"type":152,"name":200,"callback":201,"file":187,"line":202},"admin_print_scripts","meta_box_scripts",98,{"type":167,"name":204,"callback":205,"file":187,"line":206},"contextual_help","help",99,{"type":167,"name":208,"callback":208,"file":187,"line":83},"mce_buttons_2",{"type":167,"name":210,"callback":210,"file":187,"line":211},"tiny_mce_before_init",101,{"type":167,"name":213,"callback":214,"file":187,"line":215},"replace_editor","mce_css",102,{"type":167,"name":178,"callback":178,"file":217,"line":180},"includes\\class-sns-settings-page.php",{"type":167,"name":178,"callback":178,"file":219,"line":220},"includes\\class-sns-theme-page.php",37,{"type":167,"name":222,"callback":223,"file":219,"line":224},"sns_show_submit_button","__return_false",62,{"type":167,"name":178,"callback":178,"file":226,"line":227},"includes\\class-sns-usage-page.php",31,{"type":167,"name":229,"callback":230,"priority":62,"file":226,"line":231},"set-screen-option","set_screen_option",51,{"type":167,"name":233,"callback":234,"priority":62,"file":235,"line":206},"pre_update_option_SnS_options","closure","scripts-n-styles.php",{"type":167,"name":237,"callback":234,"priority":62,"file":235,"line":238},"update_post_metadata",107,{"type":152,"name":240,"callback":241,"file":235,"line":242},"plugins_loaded","upgrade_check",121,{"type":167,"name":244,"callback":245,"file":235,"line":246},"body_class","body_classes",123,{"type":167,"name":248,"callback":249,"file":235,"line":250},"post_class","post_classes",124,{"type":152,"name":252,"callback":124,"priority":253,"file":235,"line":254},"wp_head",11,126,{"type":152,"name":256,"callback":174,"priority":253,"file":235,"line":257},"wp_enqueue_scripts",127,{"type":152,"name":252,"callback":259,"priority":253,"file":235,"line":260},"scripts_in_head",128,{"type":152,"name":262,"callback":263,"priority":253,"file":235,"line":264},"wp_footer","scripts",129,{"type":152,"name":252,"callback":266,"priority":253,"file":235,"line":267},"html_in_head",130,{"type":152,"name":262,"callback":269,"priority":253,"file":235,"line":270},"html_in_footer",131,{"type":152,"name":240,"callback":272,"file":235,"line":273},"add_shortcodes",133,{"type":152,"name":275,"callback":276,"file":235,"line":277},"widgets_init","add_widget",134,{"type":152,"name":256,"callback":279,"file":235,"line":280},"register",136,{"type":152,"name":282,"callback":279,"file":235,"line":283},"admin_enqueue_scripts",137,{"type":152,"name":285,"callback":286,"file":235,"line":287},"wp_print_styles","theme_style",139,[289,295,299,301,305,308,311,315,319,323,327,331,335,339],{"action":290,"nopriv":291,"callback":292,"hasNonce":293,"hasCapCheck":291,"file":170,"line":294},"sns_update_tab",false,"update_tab",true,6,{"action":296,"nopriv":291,"callback":297,"hasNonce":291,"hasCapCheck":291,"file":170,"line":298},"sns_tinymce_styles","tinymce_styles",8,{"action":296,"nopriv":293,"callback":297,"hasNonce":291,"hasCapCheck":291,"file":170,"line":300},9,{"action":302,"nopriv":291,"callback":303,"hasNonce":293,"hasCapCheck":293,"file":170,"line":304},"sns_classes","classes",12,{"action":306,"nopriv":291,"callback":263,"hasNonce":293,"hasCapCheck":293,"file":170,"line":307},"sns_scripts",13,{"action":309,"nopriv":291,"callback":124,"hasNonce":293,"hasCapCheck":293,"file":170,"line":310},"sns_styles",14,{"action":312,"nopriv":291,"callback":313,"hasNonce":293,"hasCapCheck":293,"file":170,"line":314},"sns_html","html",15,{"action":316,"nopriv":291,"callback":317,"hasNonce":293,"hasCapCheck":293,"file":170,"line":318},"sns_dropdown","dropdown",16,{"action":320,"nopriv":291,"callback":321,"hasNonce":293,"hasCapCheck":293,"file":170,"line":322},"sns_delete_class","delete_class",17,{"action":324,"nopriv":291,"callback":325,"hasNonce":293,"hasCapCheck":293,"file":170,"line":326},"sns_shortcodes","shortcodes",18,{"action":328,"nopriv":291,"callback":329,"hasNonce":293,"hasCapCheck":291,"file":170,"line":330},"sns_open_theme_panels","open_theme_panels",19,{"action":332,"nopriv":291,"callback":333,"hasNonce":293,"hasCapCheck":293,"file":170,"line":334},"sns_plugin_editor","plugin_editor",20,{"action":336,"nopriv":291,"callback":337,"hasNonce":291,"hasCapCheck":291,"file":235,"line":338},"sns_theme_css","theme_css",140,{"action":336,"nopriv":293,"callback":337,"hasNonce":291,"hasCapCheck":291,"file":235,"line":340},141,[],[343,347,350,353],{"tag":344,"callback":345,"file":235,"line":346},"sns_shortcode","shortcode",170,{"tag":348,"callback":345,"file":235,"line":349},"hoops",171,{"tag":344,"callback":351,"file":235,"line":352},"hoops_widget",504,{"tag":348,"callback":351,"file":235,"line":354},505,[],4,{"dangerousFunctions":358,"sqlUsage":359,"outputEscaping":361,"fileOperations":28,"externalRequests":29,"nonceChecks":304,"capabilityChecks":138,"bundledLibraries":480},[],{"prepared":29,"raw":29,"locations":360},[],{"escaped":362,"rawEcho":363,"locations":364},60,66,[365,368,369,371,373,375,377,379,381,383,385,388,390,391,393,395,396,398,399,400,402,403,405,407,408,410,411,413,415,416,418,420,422,424,426,427,429,430,431,432,434,436,438,440,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,472,474,475,476,478,479],{"file":170,"line":366,"context":367},83,"raw output",{"file":170,"line":273,"context":367},{"file":170,"line":370,"context":367},135,{"file":170,"line":372,"context":367},165,{"file":170,"line":374,"context":367},196,{"file":170,"line":376,"context":367},227,{"file":170,"line":378,"context":367},257,{"file":170,"line":380,"context":367},292,{"file":170,"line":382,"context":367},326,{"file":170,"line":384,"context":367},419,{"file":386,"line":387,"context":367},"includes\\class-sns-form.php",34,{"file":386,"line":389,"context":367},61,{"file":386,"line":198,"context":367},{"file":179,"line":392,"context":367},157,{"file":179,"line":394,"context":367},158,{"file":179,"line":394,"context":367},{"file":179,"line":397,"context":367},162,{"file":179,"line":397,"context":367},{"file":179,"line":176,"context":367},{"file":179,"line":401,"context":367},176,{"file":179,"line":401,"context":367},{"file":187,"line":404,"context":367},258,{"file":187,"line":406,"context":367},259,{"file":187,"line":406,"context":367},{"file":187,"line":409,"context":367},260,{"file":187,"line":409,"context":367},{"file":187,"line":412,"context":367},268,{"file":187,"line":414,"context":367},269,{"file":187,"line":414,"context":367},{"file":187,"line":417,"context":367},298,{"file":187,"line":419,"context":367},299,{"file":187,"line":421,"context":367},306,{"file":187,"line":423,"context":367},310,{"file":219,"line":425,"context":367},122,{"file":219,"line":250,"context":367},{"file":219,"line":428,"context":367},125,{"file":219,"line":254,"context":367},{"file":219,"line":254,"context":367},{"file":219,"line":260,"context":367},{"file":219,"line":433,"context":367},150,{"file":235,"line":435,"context":367},161,{"file":235,"line":437,"context":367},283,{"file":235,"line":439,"context":367},288,{"file":235,"line":419,"context":367},{"file":235,"line":442,"context":367},313,{"file":235,"line":444,"context":367},318,{"file":235,"line":446,"context":367},329,{"file":235,"line":448,"context":367},343,{"file":235,"line":450,"context":367},354,{"file":235,"line":452,"context":367},367,{"file":235,"line":454,"context":367},376,{"file":235,"line":456,"context":367},388,{"file":235,"line":458,"context":367},397,{"file":235,"line":460,"context":367},495,{"file":235,"line":462,"context":367},497,{"file":235,"line":464,"context":367},511,{"file":235,"line":466,"context":367},513,{"file":235,"line":468,"context":367},532,{"file":235,"line":470,"context":367},533,{"file":235,"line":470,"context":367},{"file":235,"line":473,"context":367},535,{"file":235,"line":473,"context":367},{"file":235,"line":473,"context":367},{"file":235,"line":477,"context":367},537,{"file":235,"line":477,"context":367},{"file":235,"line":477,"context":367},[481],{"name":482,"version":38,"knownCves":483},"jQuery",[],[485,502,510,528],{"entryPoint":486,"graph":487,"unsanitizedCount":29,"severity":501},"shortcodes (includes\\class-sns-ajax.php:332)",{"nodes":488,"edges":499},[489,493],{"id":490,"type":491,"label":492,"file":170,"line":450},"n0","source","$_REQUEST (x4)",{"id":494,"type":495,"label":496,"file":170,"line":497,"wp_function":498},"n1","sink","echo() [XSS]",427,"echo",[500],{"from":490,"to":494,"sanitized":293},"low",{"entryPoint":503,"graph":504,"unsanitizedCount":29,"severity":501},"\u003Cclass-sns-ajax> (includes\\class-sns-ajax.php:0)",{"nodes":505,"edges":508},[506,507],{"id":490,"type":491,"label":492,"file":170,"line":450},{"id":494,"type":495,"label":496,"file":170,"line":497,"wp_function":498},[509],{"from":490,"to":494,"sanitized":293},{"entryPoint":511,"graph":512,"unsanitizedCount":29,"severity":501},"take_action (includes\\class-sns-form.php:104)",{"nodes":513,"edges":525},[514,516,519,521],{"id":490,"type":491,"label":515,"file":386,"line":267},"$_POST",{"id":494,"type":495,"label":517,"file":386,"line":287,"wp_function":518},"update_option() [Settings Manipulation]","update_option",{"id":520,"type":491,"label":515,"file":386,"line":267},"n2",{"id":522,"type":495,"label":523,"file":386,"line":397,"wp_function":524},"n3","wp_redirect() [Open Redirect]","wp_redirect",[526,527],{"from":490,"to":494,"sanitized":293},{"from":520,"to":522,"sanitized":293},{"entryPoint":529,"graph":530,"unsanitizedCount":29,"severity":501},"\u003Cclass-sns-form> (includes\\class-sns-form.php:0)",{"nodes":531,"edges":536},[532,533,534,535],{"id":490,"type":491,"label":515,"file":386,"line":267},{"id":494,"type":495,"label":517,"file":386,"line":287,"wp_function":518},{"id":520,"type":491,"label":515,"file":386,"line":267},{"id":522,"type":495,"label":523,"file":386,"line":397,"wp_function":524},[537,538],{"from":490,"to":494,"sanitized":293},{"from":520,"to":522,"sanitized":293},{"summary":540,"deductions":541},"The 'scripts-n-styles' plugin v3.5.8 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and a significant number of nonce and capability checks. There are no critical or high-severity vulnerabilities identified in past CVEs, and no critical or high-severity taint flows were found in the static analysis. The absence of external HTTP requests and dangerous functions further bolsters its security.\n\nHowever, several areas raise concerns. The plugin has a substantial attack surface with 18 entry points, and critically, 4 of these (AJAX handlers) lack authentication checks. While the number of unescaped outputs is moderate (48% properly escaped), this still represents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially considering the plugin's past vulnerability history which includes an XSS issue. The presence of a past medium-severity CVE indicates that the plugin has had exploitable flaws, and the fact that it was addressed suggests a willingness to fix issues, but the initial occurrence is a warning sign.\n\nIn conclusion, while the plugin has strengths in its handling of database interactions and input validation via nonces and capabilities, the unprotected AJAX endpoints and the potential for XSS due to incomplete output escaping present the most immediate and concerning risks. The historical medium-severity XSS vulnerability underscores the need for vigilance regarding output sanitization.",[542,544,546],{"reason":543,"points":62},"Unprotected AJAX handlers",{"reason":545,"points":294},"Moderate percentage of unescaped output",{"reason":547,"points":548},"Past medium severity CVE",5,"2026-03-16T17:25:26.062Z",{"wat":551,"direct":560},{"assetPaths":552,"generatorPatterns":555,"scriptPaths":556,"versionParams":557},[553,554],"\u002Fwp-content\u002Fplugins\u002Fscripts-n-styles\u002Fsns-core\u002Fsns-core.js","\u002Fwp-content\u002Fplugins\u002Fscripts-n-styles\u002Fsns-core\u002Fsns-core.css",[],[553],[558,559],"scripts-n-styles\u002Fsns-core\u002Fsns-core.js?ver=","scripts-n-styles\u002Fsns-core\u002Fsns-core.css?ver=",{"cssClasses":561,"htmlComments":562,"htmlAttributes":563,"restEndpoints":565,"jsGlobals":566,"shortcodeOutput":568},[],[],[564],"data-sns-id",[],[567],"SnS_Settings",[569,570],"[sns_shortcode]","[hoops]"]