[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxYtgltoBAiGmGMrzeBcty5M7J33IJg9Mo9BxL_QLDCo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":54,"analysis":153,"fingerprints":375},"search-meter","Search Meter","2.14.1","bennettmcelwee","https:\u002F\u002Fprofiles.wordpress.org\u002Fbennettmcelwee\u002F","\u003Cp>If you have a Search box on your site, Search Meter automatically records what people are searching for — and whether they are finding what they are looking for. Search Meter’s admin interface shows you what people have been searching for in the last couple of days, and in the last week or month. It also shows you which searches have been unsuccessful. If people search your site and get no results, they’ll probably go elsewhere. With Search Meter, you’ll be able to find out what people are searching for, and give them what they want by creating new posts on those topics.\u003C\u002Fp>\n\u003Cp>You can also show your readers what the most popular searches are. Customize your theme and add the Popular Searches block, which displays a configurable list of recent popular successful search terms on your site, with each term hyperlinked to the actual search results. You can also add a Recent Searches block, which simply displays the most recent searches. Both blocks are also available as widgets for older WordPress installations. And if you want to edit your theme, both of these functions are also available as template tags.\u003C\u002Fp>\n\u003Cp>Search Meter installs easily and requires no configuration. Just install it, activate it, and it starts tracking your visitors’ searches.\u003C\u002Fp>\n\u003Ch4>View Statistics\u003C\u002Fh4>\n\u003Cp>To see your search statistics, Log in to WordPress Admin. On your dashboard you will see a Search Meter widget listing search statistics from the last seven days. For more details, go to the Dashboard menu on the left and click Search Meter. You’ll see the most popular searches in the last day, week and month. Click “Last 100 Searches” or “Last 500 Searches” to see lists of all recent searches. You can download the statistics as a file that you can open in Excel or a similar program.\u003C\u002Fp>\n\u003Ch4>Manage Statistics\u003C\u002Fh4>\n\u003Cp>There are a few options available if you go to the Settings section and click Search Meter. Use the radio buttons to determine who will be allowed to see the full search statistics. You can also type in a list of filter words; any search terms containing these words will not show up in the Recent Searches and Popular Searches blocks.\u003C\u002Fp>\n\u003Cp>\u003Cem>Advanced users\u003C\u002Fem>: You can check the “Ignore” box to tell Search Meter to ignore searches made by logged-in administrators, so you can test things without cluttering your search statistics. You can also check the “Keep detailed information” checkbox to make Search Meter save technical information about every search (the information is taken from the HTTP headers).\u003C\u002Fp>\n\u003Cp>Use the Reset Statistics button to clear all past search statistics; Search Meter will immediately start gathering fresh statistics.\u003C\u002Fp>\n","Search Meter tracks what your readers are searching for on your site. View full details of recent searches or stats for the last day, week or month.",20000,428174,86,29,"2025-12-03T00:06:00.000Z","6.9.4","3.2","",[20,21,4,22,23],"meter","search","statistics","widget","https:\u002F\u002Fthunderguy.com\u002Fsemicolon\u002Fwordpress\u002Fsearch-meter-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsearch-meter.2.14.2.zip",98,1,0,"2020-03-11 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2020-11548","search-meter-remote-code-execution","Search Meter \u003C= 2.13.2 - Remote Code Execution","The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin\u002Findex.php?page=search-meter Export is performed.",null,"\u003C2.13.3","2.13.3","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Generation of Code ('Code Injection')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8a1d90f6-40fc-40b5-a46c-9ba9ac2fc1b5?source=api-prod",1413,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},6,21510,90,72,"2026-04-04T06:05:13.007Z",[55,73,96,118,135],{"slug":56,"name":57,"version":58,"author":7,"author_profile":8,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":28,"num_ratings":28,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":18,"tags":66,"homepage":70,"download_link":71,"security_score":72,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"search-fixer","Search Fixer","2.0","\u003Cp>Search Fixer makes “pretty” search links work properly. A pretty search link usually looks like this:\u003Cbr \u002F>\nhttp:\u002F\u002Fexample.com\u002Fsearch\u002Fwaldo\u003Cbr \u002F>\nBecause of a bug in WordPress, pretty search links with spaces in them do not work. Search Fixer fixes that bug.\u003C\u002Fp>\n\u003Cp>If you use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsearch-meter\u002F\" rel=\"ugc\">Search Meter\u003C\u002Fa>‘s widgets, you should install Search Fixer too.\u003C\u002Fp>\n\u003Ch4>Technical details\u003C\u002Fh4>\n\u003Cp>The bug is \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F13961\" rel=\"nofollow ugc\">WordPress bug 13961\u003C\u002Fa>. This prevents “pretty” search URLs from working properly. For example, http:\u002F\u002Fexample.com\u002Fsearch\u002Fhello%20world should search the example.com blog for the words “hello” and “world”, but because of the bug it actually searches for “hello%20world” and fails to find anything.\u003C\u002Fp>\n\u003Cp>When the WordPress bug is fixed (probably sometime in 2011) Search Fixer will no longer be necessary. I will keep Search Fixer up to date so it won’t interfere when the WordPress bug gets fixed.\u003C\u002Fp>\n","Search Fixer makes \"pretty\" search links work properly. A pretty search link usually looks like this:",200,4116,"2011-06-16T05:02:00.000Z","3.1.4","3.0",[67,68,21,4,69],"permalink","pretty","space","http:\u002F\u002Fwww.thunderguy.com\u002Fsemicolon\u002F2011\u002F06\u002F08\u002Fsearch-fixer-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsearch-fixer.2.0.zip",85,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":16,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":94,"vuln_count":27,"unpatched_count":28,"last_vuln_date":95,"fetched_at":30},"statify-widget","Statify Widget","1.4.9","Finn Dohrn","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitnulleins\u002F","\u003Cp>The \u003Cem>Statify Widget\u003C\u002Fem> shows the most popular content from the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstatify\u002F\" rel=\"ugc\">Statify\u003C\u002Fa> plugin, which collects statistics in compliance with data protection regulations. Fast and clear!\u003C\u002Fp>\n\u003Ch4>What is Statify?\u003C\u002Fh4>\n\u003Cp>Statify is a plugin for visitor statistics with emphasis on privacy, transparency and clarity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: This widget only works with the main plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstatify\u002F\" rel=\"ugc\">Statify\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Popular Posts\u003C\u002Fstrong>: Sum up all view from Statify and put it together in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes\u003C\u002Fstrong>: The counter for each post\u002Fpage can be put everywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Types\u003C\u002Fstrong>: Statify Widget supports custom post types, that can be displayed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent summary\u003C\u002Fstrong>: Once there are different paths to a content, the widget adds them together \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Period Selectable\u003C\u002Fstrong>: It is possible to choose an individual daily period for the post popular content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Widget Template\u003C\u002Fstrong>: You can add individual post\u002Fpage paramater to widget template (see FAQ)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New: Customize cache time\u003C\u002Fstrong>: Change default 4 minutes cache time to another value! (see FAQ)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>The shortcode \u003Ccode>[statify-count]\u003C\u002Fcode> can be used to display calls to the current post or page. With the options “prefix” and “suffix” displayed texts can be checked before (prefix) and after (suffix) the calls:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[statify-count prefix=\"Total \" suffix=\" calls.\" days=\"8\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Parameter:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>prefix\u003C\u002Fcode> Sentence before views\u003C\u002Fli>\n\u003Cli>\u003Ccode>suffix\u003C\u002Fcode> Sentence after views\u003C\u002Fli>\n\u003Cli>\u003Ccode>days\u003C\u002Fcode> Inteval for view statistics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Result: A total of 243 views.\u003C\u002Fp>\n\u003Ch4>Widget Settings\u003C\u002Fh4>\n\u003Cp>The following settings can be made in the widget:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Content Type (Default: post )\u003C\u002Fli>\n\u003Cli>Category (when content type post is select)\u003C\u002Fli>\n\u003Cli>Amount of entries (default: 5)\u003C\u002Fli>\n\u003Cli>Show views (default: No)\u003C\u002Fli>\n\u003Cli>Custom text (Replace variable for views: %VIEWS%)\u003C\u002Fli>\n\u003Cli>Number of past days (0 days = all statistics)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Friendly questions about the widget I like to answer under \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstatify-widget\u002F\" rel=\"ugc\">Support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you like my work and want to support \u003Cem>me\u003C\u002Fem>, feel free to \u003Ca href=\"https:\u002F\u002Fde.wordpress.org\u002Fplugins\u002Fstatify-widget\u002F#reviews\" rel=\"nofollow ugc\">rate\u003C\u002Fa> this plugin!\u003C\u002Fp>\n\u003Ch4>Author\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Finn Dohrn\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.bit01.de\" rel=\"nofollow ugc\">Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Data privacy conform widget for list popular content (pages, posts, custom post types) – based on Statify plugin.",4000,77143,100,5,"2026-01-25T09:39:00.000Z","4.6","5.2.4",[89,90,91,22,23],"analytics","popular-posts","privacy","http:\u002F\u002Fwww.bit01.de\u002Fblog\u002Fstatify-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatify-widget.zip",99,"2025-08-22 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":83,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":28,"last_vuln_date":117,"fetched_at":30},"search-analytics","Search Analytics for WP","1.4.16","Cornel Raiu","https:\u002F\u002Fprofiles.wordpress.org\u002Fcornelraiu-1\u002F","\u003Cp>Search Analytics for WP will keep history of the search terms used by your users and group them in a set of statistics including the number of posts resulted from that search term.\u003C\u002Fp>\n\u003Cp>It can easily aid you in finding what your users are really searching for on your website and make sure you provide exactly what they need.\u003C\u002Fp>\n\u003Cp>Help and\u002For ideas are greatly appreciated! You can contribute to the GitHub repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FcornelRaiu\u002Fsearch-analytics\" rel=\"nofollow ugc\">Search Analytics for WP\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE: Search Analytics for WP stores all the statistics in your WordPress database. No info is sent to third-party services!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Record all the search queries made using the \u003Cstrong>standard WordPress search form\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Exclude searches made by \u003Cstrong>users with certain user roles\u003C\u002Fstrong> or \u003Cstrong>with certain IP addresses\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Exclude duplicate searches made \u003Cstrong>in certain conditions\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Choose which user roles are allowed to see the statistics\u003C\u002Fli>\n\u003Cli>Filter statistics by \u003Cstrong>time periods, with\u002Fwithout results, strings\u002Fsubstrings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>View each term \u003Cstrong>individual statistics\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export data\u003C\u002Fstrong> in the current view to CSV\u003C\u002Fli>\n\u003Cli>Easily \u003Cstrong>delete certain search terms\u003C\u002Fstrong> from history\u003C\u002Fli>\n\u003Cli>Easily \u003Cstrong>erase all history from the database\u003C\u002Fstrong> in case a reset is needed\u003C\u002Fli>\n\u003Cli>Easily \u003Cstrong>erase history older than\u003C\u002Fstrong> in case a general cleanup is needed\u003C\u002Fli>\n\u003Cli>Dashboard widget for a quick glance over your last week’s search stats\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite compatible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Country Geolocation\u003C\u002Fli>\n\u003Cli>Display search statistics on the front of your website using shortcodes\u003C\u002Fli>\n\u003C\u002Ful>\n","Search Analytics for WP will store and display the search terms used on your website. No third-party service is used!",3000,40678,30,"2025-09-17T09:22:00.000Z","6.8.5","4.4.0","5.6",[89,112,21,22],"history","https:\u002F\u002Fwww.cornelraiu.com\u002Fwordpress-plugins\u002Fmwt-search-analytics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsearch-analytics.1.4.16.zip",97,4,"2024-09-30 19:40:09",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":104,"downloaded":126,"rating":51,"num_ratings":127,"last_updated":128,"tested_up_to":108,"requires_at_least":110,"requires_php":110,"tags":129,"homepage":133,"download_link":134,"security_score":83,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"search-console","Search Console","3.1.3","tropicalista","https:\u002F\u002Fprofiles.wordpress.org\u002Ftropicalista\u002F","\u003Cp>This plugin display your Search Console analytics data in the WordPress dashboard and adds the verification code of \u003Cstrong>Google Search Console\u003C\u002Fstrong>, to your site. You can see \u003Cstrong>Clicks\u003C\u002Fstrong>, \u003Cstrong>Posistions\u003C\u002Fstrong>, \u003Cstrong>CTR\u003C\u002Fstrong> and \u003Cstrong>Impressions\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>A nice full-width dashboard is provided out of the box.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fr-BxQ_82sdM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easily insert \u003Cstrong>Google Search Console metatag\u003C\u002Fstrong> to verify site ownership\u003C\u002Fli>\n\u003Cli>WordPress widget chart (\u003Cstrong>position|clicks|impressions|CTR\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Filter date (14|30|60 days and custom dates)\u003C\u002Fli>\n\u003Cli>Beautiful full width chart on admin page (\u003Cstrong>position|clicks|impressions|CTR\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Table with all your keywords (\u003Cstrong>position|clicks|impressions|CTR\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Add metabox on pages\u002Fposts to show performance\u003C\u002Fli>\n\u003Cli>Full report with all data\u003C\u002Fli>\n\u003Cli>Filter by page\u003C\u002Fli>\n\u003Cli>Filter by query\u003C\u002Fli>\n\u003Cli>Filter by country\u003C\u002Fli>\n\u003Cli>Filter by device\u003C\u002Fli>\n\u003Cli>Full report with all sitemap\u003C\u002Fli>\n\u003Cli>Full report with all site errors\u003C\u002Fli>\n\u003Cli>Superfast\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>CONTRIBUTE\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Search Console is open source and you can \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTropicalista\u002Fsearch-console\" rel=\"nofollow ugc\">contribute here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Search Console uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>WHAT’S NEXT\u003C\u002Fh3>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformello\" rel=\"ugc\">Formello\u003C\u002Fa>: a form builder to collect leads, newsletter signup, contact form and more.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpopper\" rel=\"ugc\">Popper\u003C\u002Fa>: a popup builder to increase leads with exit intent.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmortgage\" rel=\"ugc\">Mortgage Calculator\u003C\u002Fa>: a mortgage calculator block for Gutenberg.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpdf-embed\" rel=\"ugc\">Pdf Embed\u003C\u002Fa>: a simple block for Gutenberg to embed a PDF using official Adobe Embed API.\u003C\u002Fli>\n\u003C\u002Ful>\n","View all your Search Console data inside WordPress dashboard.",192485,8,"2025-07-16T09:12:00.000Z",[130,119,131,132],"google-search-console","search-console-metatag","search-console-widget","https:\u002F\u002Fwww.francescopepe.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsearch-console.3.1.3.zip",{"slug":136,"name":137,"version":58,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":104,"downloaded":142,"rating":83,"num_ratings":27,"last_updated":143,"tested_up_to":108,"requires_at_least":144,"requires_php":18,"tags":145,"homepage":149,"download_link":150,"security_score":151,"vuln_count":49,"unpatched_count":27,"last_vuln_date":152,"fetched_at":30},"sitekit","Sitekit","webvitaly","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebvitaly\u002F","\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002Fsitekit\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">Sitekit\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fdonate\u002F\" title=\"Support the development\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebvitalii\u002Fsitekit\" title=\"Fork\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Google Analytics code\u003C\u002Fli>\n\u003Cli>Show\u002Fhide google analytics code if user is logged in\u003C\u002Fli>\n\u003Cli>Head code\u003C\u002Fli>\n\u003Cli>Footer code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Archives\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Search\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[sitekit_posts]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_categories]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_bloginfo]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_iframe]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Parameters for [sitekit_posts]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>post_type\u003C\u002Fstrong> – show posts associated with certain type: \u003Ccode>[sitekit_posts post_type=\"page\"]\u003C\u002Fcode>; by default posts are shown: \u003Ccode>[sitekit_posts post_type=\"post\"]\u003C\u002Fcode>; Possible params: post | page | revision | attachment | nav_menu_item | any | your_custom_post_type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>orderby\u003C\u002Fstrong> – the column to use for ordering posts list: \u003Ccode>[sitekit_posts orderby=\"id\"]\u003C\u002Fcode>; by default list is sorted by date: \u003Ccode>[sitekit_posts orderby=\"date\"]\u003C\u002Fcode>; Possible params: modified | title | name | ID | rand\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> – how to sort posts list: \u003Ccode>[sitekit_posts order=\"DESC\"]\u003C\u002Fcode>; by default list is sorted by ascending order (A-Z): \u003Ccode>[sitekit_posts order=\"ASC\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>posts_per_page\u003C\u002Fstrong> – how many posts to show in the list: \u003Ccode>[sitekit_posts posts_per_page=\"50\"]\u003C\u002Fcode>; by default: \u003Ccode>[sitekit_posts posts_per_page=\"100\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_posts] is based on \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002FWP_Query\" rel=\"nofollow ugc\">WP_Query class\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_archives]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[sitekit_archives]\u003C\u002Fcode> – list of monthly archives links sorted by date;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"yearly\"]\u003C\u002Fcode> – list of yearly archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"monthly\"]\u003C\u002Fcode> – list of monthly archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"weekly\"]\u003C\u002Fcode> – list of weekly archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"daily\"]\u003C\u002Fcode> – list of daily archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"postbypost\"]\u003C\u002Fcode> – list of all posts links sorted by date;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"alpha\"]\u003C\u002Fcode> –  list of all posts links sorted by title;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>limit\u003C\u002Fstrong> – how many links to be included in the list: \u003Ccode>[sitekit_archives limit=\"10\"]\u003C\u002Fcode>; by default all links are shown: \u003Ccode>[sitekit_archives limit=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>format\u003C\u002Fstrong> – format for the archive: \u003Ccode>[sitekit_archives format=\"option\"]\u003C\u002Fcode> – show as a dropdown; by default unordered list is shown: \u003Ccode>[sitekit_archives format=\"html\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_post_count\u003C\u002Fstrong> – display counter of posts in the archive: \u003Ccode>[sitekit_archives show_post_count=\"1\"]\u003C\u002Fcode>; by default counter is not shown: \u003Ccode>[sitekit_archives show_post_count=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> – how to sort archives links: \u003Ccode>[sitekit_archives order=\"ASC\"]\u003C\u002Fcode>; by default links are sorted by descending order (Z-A): \u003Ccode>[sitekit_archives order=\"DESC\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_archives] is based on \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_get_archives\" rel=\"nofollow ugc\">wp_get_archives function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_categories]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>orderby\u003C\u002Fstrong> – the column to use for ordering categories list: \u003Ccode>[sitekit_categories orderby=\"id\"]\u003C\u002Fcode>; by default list is sorted by title: \u003Ccode>[sitekit_categories orderby=\"name\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> – how to sort categories list: \u003Ccode>[sitekit_categories order=\"DESC\"]\u003C\u002Fcode>; by default list is sorted by ascending order (A-Z): \u003Ccode>[sitekit_categories order=\"ASC\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_count\u003C\u002Fstrong> – display counter of posts in the categories list: \u003Ccode>[sitekit_categories show_count=\"1\"]\u003C\u002Fcode>; by default counter is not shown: \u003Ccode>[sitekit_categories show_count=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>hide_empty\u003C\u002Fstrong> – the column to use for ordering categories list: \u003Ccode>[sitekit_categories hide_empty=\"0\"]\u003C\u002Fcode>; by default empty categories are hidden: \u003Ccode>[sitekit_categories hide_empty=\"1\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>hierarchical\u003C\u002Fstrong> – show tree-like categories list: \u003Ccode>[sitekit_categories hierarchical=\"0\"]\u003C\u002Fcode>; by default the list is hierarchical: \u003Ccode>[sitekit_categories hierarchical=\"1\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>depth\u003C\u002Fstrong> – how many levels to include in categories list: \u003Ccode>[sitekit_categories depth=\"5\"]\u003C\u002Fcode>; by default depth is unlimited: \u003Ccode>[sitekit_categories depth=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>taxonomy\u003C\u002Fstrong> – which taxonomy to show in the list: \u003Ccode>[sitekit_categories taxonomy=\"post_tag\"]\u003C\u002Fcode>; by default categories are shown: \u003Ccode>[sitekit_categories taxonomy=\"category\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>child_of\u003C\u002Fstrong> – term ID to retrieve child terms of: \u003Ccode>[sitekit_categories child_of=\"77\"]\u003C\u002Fcode>; by default all categories are shown: \u003Ccode>[sitekit_categories child_of=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>exclude\u003C\u002Fstrong> – comma\u002Fspace-separated string of term IDs to exclude: \u003Ccode>[sitekit_categories exclude=\"77\"]\u003C\u002Fcode>; by default all categories are shown: \u003Ccode>[sitekit_categories exclude=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>exclude_tree\u003C\u002Fstrong> – comma\u002Fspace-separated string of term IDs to exclude, along with their descendants: \u003Ccode>[sitekit_categories exclude_tree=\"77\"]\u003C\u002Fcode>; by default all categories are shown: \u003Ccode>[sitekit_categories exclude_tree=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_categories] is based on \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_list_categories\u002F\" rel=\"nofollow ugc\">wp_list_categories function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_bloginfo]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[sitekit_bloginfo show=\"name\"]\u003C\u002Fcode> – \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fbloginfo\u002F\" rel=\"nofollow ugc\">sitekit_bloginfo params\u003C\u002Fa>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_bloginfo] is based on \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fbloginfo\u002F\" rel=\"nofollow ugc\">bloginfo function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_iframe]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>src\u003C\u002Fstrong> – source of the iframe: \u003Ccode>[sitekit_iframe src=\"http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F4qsGTXLnmKs\"]\u003C\u002Fcode>; by default src=”http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F4qsGTXLnmKs”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>width\u003C\u002Fstrong> – width in pixels or in percents: \u003Ccode>[sitekit_iframe width=\"100%\"]\u003C\u002Fcode> or \u003Ccode>[sitekit_iframe width=\"600\"]\u003C\u002Fcode>; by default width=”100%”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>height\u003C\u002Fstrong> – height in pixels: \u003Ccode>[sitekit_iframe height=\"500\"]\u003C\u002Fcode>; by default height=”500″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>scrolling\u003C\u002Fstrong> – with or without the scrollbar: \u003Ccode>[sitekit_iframe scrolling=\"no\"]\u003C\u002Fcode>; by default scrolling=”yes”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>frameborder\u003C\u002Fstrong> – with or without the frame border: \u003Ccode>[sitekit_iframe frameborder=\"0\"]\u003C\u002Fcode>; by default frameborder=”0″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>marginheight\u003C\u002Fstrong> – height of the margin: \u003Ccode>[sitekit_iframe marginheight=\"0\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>marginwidth\u003C\u002Fstrong> – width of the margin: \u003Ccode>[sitekit_iframe marginwidth=\"0\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>allowtransparency\u003C\u002Fstrong> – allows to set transparency of the iframe: \u003Ccode>[sitekit_iframe allowtransparency=\"true\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>id\u003C\u002Fstrong> – allows to add the id of the iframe: \u003Ccode>[sitekit_iframe id=\"custom_id\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>class\u003C\u002Fstrong> – allows to add the class of the iframe: \u003Ccode>[sitekit_iframe class=\"custom_class\"]\u003C\u002Fcode>; by default class=”iframe-class”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>style\u003C\u002Fstrong> – allows to add the css styles of the iframe: \u003Ccode>[sitekit_iframe style=\"margin-left:-30px;\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>any_other_param\u003C\u002Fstrong> – allows to add new parameter of the iframe \u003Ccode>[sitekit_iframe any_other_param=\"any_value\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>any_other_empty_param\u003C\u002Fstrong> – allows to add new empty parameter of the iframe (like “allowfullscreen” on youtube) \u003Ccode>[sitekit_iframe any_other_empty_param=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Parameters for [sitekit_menu]:\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>[sitekit_menu]\u003C\u002Fcode> shortcode allows you to display a custom menu. It supports all the parameters of the WordPress \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_nav_menu\u002F\" rel=\"nofollow ugc\">wp_nav_menu()\u003C\u002Fa> function.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>menu\u003C\u002Fstrong> – The menu that should be displayed. Accepts (matching in order) id, slug, name. Default: empty. Example: \u003Ccode>[sitekit_menu menu=\"main-menu\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>container\u003C\u002Fstrong> – Whether to wrap the ul, and what to wrap it with. Default ‘div’. Example without a container: \u003Ccode>[sitekit_menu menu=\"main-menu\" container=\"\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>container_class\u003C\u002Fstrong> – The class that is applied to the container. Default ‘menu-{menu slug}-container’. Example: \u003Ccode>[sitekit_menu menu=\"main-menu\" container_class=\"custom-container\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>container_id\u003C\u002Fstrong> – The ID that is applied to the container. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>menu_class\u003C\u002Fstrong> – CSS class to use for the ul element which forms the menu. Default ‘menu’.  Example: \u003Ccode>[sitekit_menu menu=\"main-menu\" menu_class=\"custom-menu\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>menu_id\u003C\u002Fstrong> – The ID that is applied to the ul element. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>echo\u003C\u002Fstrong> – Whether to echo the menu or return it. Default false.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>fallback_cb\u003C\u002Fstrong> – If the menu doesn’t exist, a callback function will fire. Default ‘wp_page_menu’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>before\u003C\u002Fstrong> – Text before the link markup. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>after\u003C\u002Fstrong> – Text after the link markup. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>link_before\u003C\u002Fstrong> – Text before the link text. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>link_after\u003C\u002Fstrong> – Text after the link text. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>items_wrap\u003C\u002Fstrong> – How the list items should be wrapped. Default \u003Ccode>\u003Cul id=\"%1$s\" class=\"%2$s\">%3$s\u003C\u002Ful>\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>depth\u003C\u002Fstrong> – How many levels of the hierarchy are to be included. 0 means all. Default 0. Example: \u003Ccode>[sitekit_menu menu=\"primary-menu\" depth=\"2\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>walker\u003C\u002Fstrong> – Custom walker object to use. Default empty.\u003C\u002Fli>\n\u003C\u002Ful>\n","Widgets: search, archives and categories. Shortcodes: archives, bloginfo, iframe and categories.",54509,"2025-06-15T23:28:00.000Z","4.0",[146,147,21,23,148],"archive","archives","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsitekit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsitekit.2.0.zip",74,"2025-09-22 00:00:00",{"attackSurface":154,"codeSignals":196,"taintFlows":305,"riskAssessment":361,"analyzedAt":374},{"hooks":155,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":28,"unprotectedCount":28},[156,162,167,171,175,180,185,188],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","admin_head","tguy_sm_stats_css","admin.php",21,{"type":157,"name":163,"callback":164,"priority":165,"file":160,"line":166},"init","tguy_sm_download",10,24,{"type":157,"name":168,"callback":169,"file":160,"line":170},"wp_dashboard_setup","smcln_sm_dashboard",164,{"type":157,"name":172,"callback":173,"file":160,"line":174},"admin_menu","tguy_sm_add_admin_pages",194,{"type":157,"name":176,"callback":177,"file":178,"line":179},"plugins_loaded","tguy_sm_load_plugin_textdomain","search-meter.php",40,{"type":181,"name":182,"callback":183,"priority":184,"file":178,"line":170},"filter","the_posts","tguy_sm_save_search",20,{"type":157,"name":163,"callback":186,"file":178,"line":187},"tguy_sm_register_blocks",172,{"type":157,"name":189,"callback":190,"file":178,"line":191},"widgets_init","tguy_sm_register_widgets",183,[],[],[],[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":231,"fileOperations":27,"externalRequests":28,"nonceChecks":116,"capabilityChecks":49,"bundledLibraries":304},[],{"prepared":127,"raw":199,"locations":200},13,[201,204,206,209,212,214,216,218,220,222,224,226,229],{"file":160,"line":202,"context":203},117,"$wpdb->get_var() with variable interpolation",{"file":160,"line":205,"context":203},136,{"file":160,"line":207,"context":208},224,"$wpdb->query() with variable interpolation",{"file":160,"line":210,"context":211},328,"$wpdb->get_results() with variable interpolation",{"file":160,"line":213,"context":208},634,{"file":160,"line":215,"context":208},635,{"file":160,"line":217,"context":211},660,{"file":160,"line":219,"context":211},674,{"file":178,"line":221,"context":211},70,{"file":178,"line":223,"context":211},108,{"file":178,"line":225,"context":203},333,{"file":227,"line":228,"context":208},"uninstall.php",18,{"file":227,"line":230,"context":208},19,{"escaped":49,"rawEcho":232,"locations":233},38,[234,237,238,240,242,244,246,248,249,251,253,255,257,259,261,263,265,267,268,270,272,274,276,277,278,280,282,283,285,287,289,290,292,294,296,298,300,302],{"file":160,"line":235,"context":236},181,"raw output",{"file":160,"line":191,"context":236},{"file":160,"line":239,"context":236},227,{"file":160,"line":241,"context":236},233,{"file":160,"line":243,"context":236},234,{"file":160,"line":245,"context":236},351,{"file":160,"line":247,"context":236},352,{"file":160,"line":247,"context":236},{"file":160,"line":250,"context":236},353,{"file":160,"line":252,"context":236},357,{"file":160,"line":254,"context":236},384,{"file":160,"line":256,"context":236},388,{"file":160,"line":258,"context":236},393,{"file":160,"line":260,"context":236},424,{"file":160,"line":262,"context":236},431,{"file":160,"line":264,"context":236},432,{"file":160,"line":266,"context":236},433,{"file":160,"line":266,"context":236},{"file":160,"line":269,"context":236},434,{"file":160,"line":271,"context":236},436,{"file":160,"line":273,"context":236},516,{"file":160,"line":275,"context":236},520,{"file":178,"line":94,"context":236},{"file":178,"line":202,"context":236},{"file":178,"line":279,"context":236},120,{"file":178,"line":281,"context":236},122,{"file":178,"line":61,"context":236},{"file":178,"line":284,"context":236},202,{"file":178,"line":286,"context":236},205,{"file":178,"line":288,"context":236},223,{"file":178,"line":207,"context":236},{"file":178,"line":291,"context":236},225,{"file":178,"line":293,"context":236},240,{"file":178,"line":295,"context":236},242,{"file":178,"line":297,"context":236},245,{"file":178,"line":299,"context":236},263,{"file":178,"line":301,"context":236},264,{"file":178,"line":303,"context":236},265,[],[306,329,339,353],{"entryPoint":307,"graph":308,"unsanitizedCount":27,"severity":328},"tguy_sm_stats_page (admin.php:207)",{"nodes":309,"edges":324},[310,315,319],{"id":311,"type":312,"label":313,"file":160,"line":314},"n0","source","$_GET",211,{"id":316,"type":317,"label":318,"file":160,"line":314},"n1","transform","→ tguy_sm_recent_page()",{"id":320,"type":321,"label":322,"file":160,"line":260,"wp_function":323},"n2","sink","echo() [XSS]","echo",[325,327],{"from":311,"to":316,"sanitized":326},false,{"from":316,"to":320,"sanitized":326},"low",{"entryPoint":330,"graph":331,"unsanitizedCount":27,"severity":328},"\u003Cadmin> (admin.php:0)",{"nodes":332,"edges":336},[333,334,335],{"id":311,"type":312,"label":313,"file":160,"line":314},{"id":316,"type":317,"label":318,"file":160,"line":314},{"id":320,"type":321,"label":322,"file":160,"line":260,"wp_function":323},[337,338],{"from":311,"to":316,"sanitized":326},{"from":316,"to":320,"sanitized":326},{"entryPoint":340,"graph":341,"unsanitizedCount":28,"severity":328},"tguy_sm_save_search (search-meter.php:277)",{"nodes":342,"edges":350},[343,346],{"id":311,"type":312,"label":344,"file":178,"line":345},"$_SERVER",318,{"id":316,"type":321,"label":347,"file":178,"line":348,"wp_function":349},"query() [SQLi]",323,"query",[351],{"from":311,"to":316,"sanitized":352},true,{"entryPoint":354,"graph":355,"unsanitizedCount":28,"severity":328},"\u003Csearch-meter> (search-meter.php:0)",{"nodes":356,"edges":359},[357,358],{"id":311,"type":312,"label":344,"file":178,"line":345},{"id":316,"type":321,"label":347,"file":178,"line":348,"wp_function":349},[360],{"from":311,"to":316,"sanitized":352},{"summary":362,"deductions":363},"The \"search-meter\" plugin v2.14.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed. Furthermore, there are no identified dangerous functions being used, and the plugin does implement nonce and capability checks, indicating some adherence to secure coding practices. However, significant concerns arise from the SQL query and output escaping practices. A substantial portion of SQL queries are not using prepared statements, which is a common vector for SQL injection vulnerabilities. Similarly, a very low percentage of output is properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while limited, did identify flows with unsanitized paths, which, if exploited, could lead to issues. The vulnerability history is also a significant red flag, with a past critical vulnerability related to code injection. Although this vulnerability is patched, its nature and the presence of unescaped output and non-prepared SQL statements suggest a potential for similar issues to arise.",[364,367,369,371],{"reason":365,"points":366},"Low percentage of properly escaped output",12,{"reason":368,"points":165},"High percentage of SQL queries without prepared statements",{"reason":370,"points":127},"Flows with unsanitized paths found in taint analysis",{"reason":372,"points":373},"History of critical code injection vulnerability",15,"2026-03-16T17:32:26.081Z",{"wat":376,"direct":389},{"assetPaths":377,"generatorPatterns":382,"scriptPaths":383,"versionParams":384},[378,379,380,381],"\u002Fwp-content\u002Fplugins\u002Fsearch-meter\u002Fcss\u002Fsearch-meter-admin.css","\u002Fwp-content\u002Fplugins\u002Fsearch-meter\u002Fcss\u002Fsearch-meter-frontend.css","\u002Fwp-content\u002Fplugins\u002Fsearch-meter\u002Fjs\u002Fsearch-meter-admin.js","\u002Fwp-content\u002Fplugins\u002Fsearch-meter\u002Fjs\u002Fsearch-meter-frontend.js",[],[],[385,386,387,388],"search-meter\u002Fcss\u002Fsearch-meter-admin.css?ver=","search-meter\u002Fcss\u002Fsearch-meter-frontend.css?ver=","search-meter\u002Fjs\u002Fsearch-meter-admin.js?ver=","search-meter\u002Fjs\u002Fsearch-meter-frontend.js?ver=",{"cssClasses":390,"htmlComments":393,"htmlAttributes":394,"restEndpoints":396,"jsGlobals":397,"shortcodeOutput":399},[391,392],"widget_search_meter","search-meter-widget",[],[395],"data-sm-id",[],[398],"sm_admin",[400,401],"[search_meter_popular_searches]","[search_meter_recent_searches]"]