[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiPz_rtQuub6AOAYqlEGZkjuavhCB6rYE3K8JpyU_uRU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":140,"fingerprints":249},"shareadraft","Share a Draft","1.5","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>Drafts in WordPress are visible for the author and blog administrators. In many cases, however, you want\u003Cbr \u002F>\nto share a draft with your friends or colleagues for either review or approval.\u003C\u002Fp>\n\u003Cp>Share a Draft allows you to create a unique link to a draft for a limited time and send it to whoever you want.\u003C\u002Fp>\n","Share private preview links to your drafts",3000,64283,74,11,"2021-04-07T17:39:00.000Z","5.8.13","4.0","",[20,21,22,23],"draft","drafts","post","posts","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshareadraft\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshareadraft.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"automattic",213,19158100,92,1384,73,"2026-04-03T20:23:07.405Z",[40,63,81,101,120],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":60,"download_link":61,"security_score":62,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"public-post-preview","Public Post Preview","3.1.0","Dominik Schilling","https:\u002F\u002Fprofiles.wordpress.org\u002Focean90\u002F","\u003Cp>Share a link to anonymous users to preview a draft of a post (or any other public post type) before it is published.\u003C\u002Fp>\n\u003Cp>Have you ever been writing a post with the help of someone who does not have access to your site and needed to give them the ability to preview it before publishing? This plugin takes care of that by generating an URL with an expiring nonce that can be given out for public preview.\u003C\u002Fp>\n\u003Cp>\u003Cem>Previously this plugin was maintained by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsivel\u002F\" rel=\"nofollow ugc\">Matt Martz\u003C\u002Fa> and was an idea of \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fjdingman\u002F\" rel=\"nofollow ugc\">Jonathan Dingman\u003C\u002Fa>. Photo by \u003Ca href=\"https:\u002F\u002Funsplash.com\u002Fphotos\u002Fopened-book-on-grass-during-daytime-bhBONc07WsI\" rel=\"nofollow ugc\">Annelies Geneyn\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>To enable a public post preview check the box in the document settings. In the classic editor it’s in the “Publish” meta box.\u003C\u002Fli>\n\u003Cli>The link will be displayed if the checkbox is checked, you can copy and share the link with your friends.\u003C\u002Fli>\n\u003Cli>To disable a preview uncheck the box again.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allow anonymous users to preview a draft of a post before it is published.",100000,1584582,90,79,"2026-03-01T16:13:00.000Z","7.0","6.6","8.0",[57,21,23,58,59],"anonymous","preview","public","https:\u002F\u002Fgithub.com\u002Focean90\u002Fpublic-post-preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublic-post-preview.3.1.0.zip",100,{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":27,"num_ratings":27,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":18,"tags":76,"homepage":79,"download_link":80,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"auto-publish-drafts","Auto Publish Drafts","1.1","Wong Siong Kiat","https:\u002F\u002Fprofiles.wordpress.org\u002Fwongsiongkiat\u002F","\u003Cp>Auto Publish Drafts is a plugin that will automatically publish drafts every 5 minutes. It will be supported and maintained until at least 2022, or as long as is necessary.\u003C\u002Fp>\n\u003Cp>Once activated, it will work silently in the background. There is no other configuration, the auto publish drafts settings screens are enabled or disabled by either enabling or disabling this plugin. I recommend you deactivate this plugin when there are no drafts left.\u003C\u002Fp>\n","Automatically publish drafts every 5 minutes silently in the background.",200,2518,"2022-02-02T14:39:00.000Z","5.9.13","4.9",[77,64,21,23,78],"auto-publish","publish","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-publish-drafts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-publish-drafts.1.1.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":27,"num_ratings":27,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":99,"download_link":100,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"drafty-in-here","Drafty In Here","1.2.0","AronMS","https:\u002F\u002Fprofiles.wordpress.org\u002Faronms\u002F","\u003Cp>Get email notifications of draft posts sitting in your WordPress Blog waiting to be published.\u003C\u002Fp>\n\u003Cp>This plugin aims to help get your productivity back on track after you abandon writing your next amazing post, by sending you friendly motivational email reminders when you specify.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Schedule email reminders for unpublished draft posts\u003C\u002Fli>\n\u003Cli>Specify which email address reminders are sent to\u003C\u002Fli>\n\u003Cli>Send optional test emails when you save changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Trouble Shooting Guide\u003C\u002Fh3>\n\u003Cp>\u003Cem>Not receiving Drafty In Here emails?\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>1. Do you have any draft posts?\u003C\u002Fh4>\n\u003Cp>The email will never be sent automaticly if you do not have any draft posts. If you do not have draft posts but wish to send a test email check the box that says \u003Ccode>Send a test e-mail when you save changes\u003C\u002Fcode>, then save changes.\u003C\u002Fp>\n\u003Ch4>2. Have you scheduled your email?\u003C\u002Fh4>\n\u003Cp>You can check this in the plugin settings screen (see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdrafty-in-here\u002Fscreenshots\u002F\" rel=\"ugc\">screenshots\u003C\u002Fa>).\u003C\u002Fp>\n\u003Ch4>3. Is your email address correct?\u003C\u002Fh4>\n\u003Cp>You can check this in the plugin settings screen (see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdrafty-in-here\u002Fscreenshots\u002F\" rel=\"ugc\">screenshots\u003C\u002Fa>).\u003C\u002Fp>\n\u003Ch4>4. Have you checked your email spam folder?\u003C\u002Fh4>\n\u003Cp>Sometimes email may end up in your spam folder.\u003C\u002Fp>\n\u003Ch4>5. Are you receiving ANY WordPress emails from your site?\u003C\u002Fh4>\n\u003Cp>If you are not receiving emails for example when someone post a comment  or WordPress automatically updates, there may be something wrong with the way your WordPress site is set up to send email. For more help on this issue please check out this excellent guide: \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwp-tutorials\u002Fhow-to-fix-wordpress-not-sending-email-issue\u002F\" rel=\"nofollow ugc\">How to Fix WordPress Not Sending Email Issue\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>6. Is your blog receiving enough traffic?\u003C\u002Fh4>\n\u003Cp>Our plugin works off the ‘WordPress Cron’ mechanism which means your email can only be sent when someone lands on your site. This can be a problem if you do not have enough traffic. For more help on this issue please check out this guide from Host Gator: \u003Ca href=\"http:\u002F\u002Fsupport.hostgator.com\u002Farticles\u002Fspecialized-help\u002Ftechnical\u002Fwordpress\u002Fhow-to-replace-wordpress-cron-with-a-real-cron-job\" rel=\"nofollow ugc\">How to Replace WP-Cron With a Linux Cron Job\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Discussion \u002F Support\u003C\u002Fh3>\n\u003Cp>Have any questions, comments, or suggestions? Please provide them via the plugin’s WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdrafty-in-here\" rel=\"ugc\">support forum\u003C\u002Fa>. I’ll do my best to reply in a timely fashion and help as best I can.\u003C\u002Fp>\n\u003Cp>Unfortunately, I cannot provide guaranteed support, nor do I provide support via any other means.\u003C\u002Fp>\n\u003Cp>Was this plugin useful to you? Consider giving it a rating. If you’re inclined to give it a poor rating, please first post to the support forum to give me a chance to address or explain the situation.\u003C\u002Fp>\n","Get email notifications of draft posts sitting in your WordPress Blog waiting to be published.",10,1531,"2016-07-31T15:39:00.000Z","4.6.30","4.3",[95,21,96,97,98],"draft-posts","focus","motivation","productivity","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdrafty-in-here\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdrafty-in-here.1.2.0.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":27,"downloaded":109,"rating":27,"num_ratings":27,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":118,"download_link":119,"security_score":62,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"draft-concluder","Draft Concluder","1.1.3","David Artiss","https:\u002F\u002Fprofiles.wordpress.org\u002Fdartiss\u002F","\u003Cp>Based on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fjohnbillion\u002Fstatus\u002F1314494422529331203\" rel=\"nofollow ugc\">an idea by John Blackbourn\u003C\u002Fa>,  and mentioned by \u003Ca href=\"https:\u002F\u002Fpoststatus.com\u002F\" rel=\"nofollow ugc\">Post Status\u003C\u002Fa>, this plugin is designed to be a reminder to those who leave draft posts unloved. And, yes, all of John’s ideas are here, with more to boot.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send emails out on a daily or weekly schedule and at a time that you’d prefer\u003C\u002Fli>\n\u003Cli>Look for draft pages as well as posts, if you like. Or just pages, if that’s what you want. We won’t judge\u003C\u002Fli>\n\u003Cli>Target those drafts that were created more than a specific time period ago, or have not been updated for a while\u003C\u002Fli>\n\u003Cli>Each user, who has drafts that then reminding about, will receive an email. No, they can’t unsubscribe from them\u003C\u002Fli>\n\u003Cli>Each email will show the number of drafts, along with a reminder of each of them\u003C\u002Fli>\n\u003Cli>Optional ability to prevent the plugin from being deactivated (allow you to avoid the temptation to do so rather than, you know, deal with the drafts)\u003C\u002Fli>\n\u003Cli>Debug features to allow to verify what’s being sent\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Oh, and, naturally, the code passes \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress-Coding-Standards\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAutomattic\u002FVIP-Coding-Standards\" rel=\"nofollow ugc\">WordPress VIP\u003C\u002Fa> coding standards.\u003C\u002Fp>\n\u003Cp>I’d like to thank \u003Ca href=\"https:\u002F\u002Fcalebburks.com\u002F\" rel=\"nofollow ugc\">Caleb Burks\u003C\u002Fa> for the feedback he provided. Also, the iconography is courtesy of the very talented \u003Ca href=\"https:\u002F\u002Fwww.fiverr.com\u002Fjankirathore\" rel=\"nofollow ugc\">Janki Rathod\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdartiss\u002Fdraft-concluder\" title=\"Github\" rel=\"nofollow ugc\">Github page\u003C\u002Fa> for the latest code development, planned enhancements and known issues\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Mentions\u003C\u002Fh3>\n\u003Cp>Draft Concluder was mentioned in issue 421 of \u003Ca href=\"https:\u002F\u002Fpoststatus.com\u002Fnewsletter\u002F\" rel=\"nofollow ugc\">the Post Status newsletter\u003C\u002Fa> (published 16th November 2020).\u003C\u002Fp>\n\u003Cp>It was also mentioned in \u003Ca href=\"https:\u002F\u002Fthewpweekly.com\u002F21\u002F\" rel=\"nofollow ugc\">edition 21 of the WP Weekly newsletter\u003C\u002Fa> (published 23rd November 2020)\u003C\u002Fp>\n","Email users that have outstanding drafts.",1757,"2025-12-02T18:14:00.000Z","6.9.4","4.6","7.4",[21,115,116,23,117],"email","pages","reminder","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdraft-concluder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdraft-concluder.1.1.3.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":71,"downloaded":128,"rating":62,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":18,"tags":133,"homepage":138,"download_link":139,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"post-status-menu-items","Post Status Menu Items","1.5.0","mrwweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrwweb\u002F","\u003Cp>This plugin is useful for people who regularly use all or most of the post statuses with Posts, Pages, or Custom Post Types. Post Status Menu Items does the following:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Show each post status and number of posts with that status (e.g. “Drafts (7)”) in each post type’s admin menu.\u003C\u002Fli>\n\u003Cli>Show the number of Posts with each post status in the “Right Now” \u002F “At a Glance” admin Dashboard Widget.\u003C\u002Fli>\n\u003Cli>Show post status icons with each status at the top of admin post list pages.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Options give control over which post statuses are displayed and in which menus those statuses are displayed. Post statuses in the “Right Now” \u002F “At a Glance” admin Dashboard widget can also be turned off.\u003C\u002Fp>\n\u003Cp>Screenshots of all features and settings are available on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-status-menu-items\u002Fscreenshots\u002F\" rel=\"ugc\">the Screenshots page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugin settings available on \u003Cstrong>Settings > Writing\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Statuses with 0 posts are never displayed.\u003C\u002Fli>\n\u003Cli>Posts are the only post type for which the post status menu items are enabled by default.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin works with custom statuses created by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fedit-flow\u002F\" rel=\"ugc\">Edit Flow\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Farchived-post-status\u002F\" rel=\"ugc\">Archived Post Status\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.advancedcustomfields.com\u002Fresources\u002Fsynchronized-json\u002F\" rel=\"nofollow ugc\">Advanced Custom Field PRO “Sync Available” status\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-page-ordering\u002F\" rel=\"ugc\">Simple Page Ordering\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002Fregister_post_status\" rel=\"nofollow ugc\">\u003Ccode>register_post_status()\u003C\u002Fcode>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Other Plugins by MRWweb\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffeature-a-page-widget\u002F\" rel=\"ugc\">Feature a Page Widget\u003C\u002Fa> – Shows a summary of any Page in any sidebar.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmrw-web-design-simple-tinymce\u002F\" rel=\"ugc\">MRW Web Design Simple TinyMCE\u003C\u002Fa> – A compact page editor to encourage good formatting.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-type-archive-descriptions\u002F\" rel=\"ugc\">Post Type Archive Description\u003C\u002Fa> – Enables an editable description for a post type to display at the top of the post type archive page.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhawaiian-characters\u002F\" rel=\"ugc\">Hawaiian Characters\u003C\u002Fa> – Adds the correct characters with diacriticals to the WordPress editor Character Map for Hawaiian\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds post status links–e.g. \"Draft\" (7)–to post type admin menus and a few other nice goodies.",10990,6,"2018-12-05T16:47:00.000Z","5.0.25","3.8",[134,21,135,136,137],"admin-menu","post-status","post-statuses","wp-admin","https:\u002F\u002FMRWweb.com\u002Fwordpress-post-status-menu-item-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-status-menu-items.1.5.0.zip",{"attackSurface":141,"codeSignals":172,"taintFlows":215,"riskAssessment":242,"analyzedAt":248},{"hooks":142,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":27,"unprotectedCount":27},[143,148,152,157,161,165],{"type":144,"name":145,"callback":145,"file":146,"line":147},"action","init","shareadraft.php",19,{"type":144,"name":149,"callback":150,"file":146,"line":151},"admin_menu","add_admin_pages",24,{"type":153,"name":154,"callback":155,"file":146,"line":156},"filter","the_posts","the_posts_intercept",25,{"type":153,"name":158,"callback":159,"file":146,"line":160},"posts_results","posts_results_intercept",26,{"type":144,"name":162,"callback":163,"file":146,"line":164},"admin_head","print_admin_css",44,{"type":144,"name":162,"callback":166,"file":146,"line":167},"print_admin_js",45,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":27,"externalRequests":27,"nonceChecks":213,"capabilityChecks":213,"bundledLibraries":214},[],{"prepared":27,"raw":27,"locations":175},[],{"escaped":177,"rawEcho":178,"locations":179},9,17,[180,183,185,187,189,190,191,193,195,197,199,201,203,205,207,209,211],{"file":146,"line":181,"context":182},246,"raw output",{"file":146,"line":184,"context":182},269,{"file":146,"line":186,"context":182},270,{"file":146,"line":188,"context":182},273,{"file":146,"line":188,"context":182},{"file":146,"line":188,"context":182},{"file":146,"line":192,"context":182},275,{"file":146,"line":194,"context":182},276,{"file":146,"line":196,"context":182},279,{"file":146,"line":198,"context":182},282,{"file":146,"line":200,"context":182},284,{"file":146,"line":202,"context":182},286,{"file":146,"line":204,"context":182},288,{"file":146,"line":206,"context":182},324,{"file":146,"line":208,"context":182},331,{"file":146,"line":210,"context":182},341,{"file":146,"line":212,"context":182},343,3,[],[216,234],{"entryPoint":217,"graph":218,"unsanitizedCount":27,"severity":233},"output_existing_menu_sub_admin_page (shareadraft.php:229)",{"nodes":219,"edges":230},[220,225],{"id":221,"type":222,"label":223,"file":146,"line":224},"n0","source","$_GET",239,{"id":226,"type":227,"label":228,"file":146,"line":181,"wp_function":229},"n1","sink","echo() [XSS]","echo",[231],{"from":221,"to":226,"sanitized":232},true,"low",{"entryPoint":235,"graph":236,"unsanitizedCount":27,"severity":233},"\u003Cshareadraft> (shareadraft.php:0)",{"nodes":237,"edges":240},[238,239],{"id":221,"type":222,"label":223,"file":146,"line":224},{"id":226,"type":227,"label":228,"file":146,"line":181,"wp_function":229},[241],{"from":221,"to":226,"sanitized":232},{"summary":243,"deductions":244},"The 'shareadraft' plugin v1.5 exhibits a generally positive security posture based on the provided static analysis.  The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points suggests a minimal attack surface.  Furthermore, the analysis indicates no dangerous functions, no SQL queries that are not prepared, and no taint flows with unsanitized paths, all of which are strong indicators of secure coding practices. The presence of nonce and capability checks, though limited, is also a positive sign.  \n\nHowever, a significant concern arises from the output escaping. With 35% of outputs properly escaped, it means a substantial portion (65%) of outputs may be vulnerable to Cross-Site Scripting (XSS) attacks. This lack of consistent output sanitization is the most prominent risk identified in the code analysis and presents a clear avenue for attackers to inject malicious scripts. The plugin's vulnerability history is clean, with no recorded CVEs, which is excellent. This, combined with the lack of critical or high-severity taint flows, suggests that past security practices have been effective. Nevertheless, the identified XSS risk warrants attention.  \n\nIn conclusion, 'shareadraft' v1.5 benefits from a small attack surface and secure handling of database operations and sensitive code execution paths. Its clean vulnerability history is a testament to this. The primary weakness lies in the insufficient output escaping, which could lead to XSS vulnerabilities. While not currently exploited according to the history, this represents a tangible risk that should be addressed.",[245],{"reason":246,"points":247},"Insufficient output escaping",15,"2026-03-16T18:20:20.873Z",{"wat":250,"direct":257},{"assetPaths":251,"generatorPatterns":254,"scriptPaths":255,"versionParams":256},[252,253],"\u002Fwp-content\u002Fplugins\u002Fshareadraft\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fshareadraft\u002Fjs\u002Fadmin.js",[],[253],[],{"cssClasses":258,"htmlComments":260,"htmlAttributes":261,"restEndpoints":266,"jsGlobals":267,"shortcodeOutput":269},[259],"shareadraft-admin-page",[],[262,263,264,265],"data-post-id","data-share-key","data-extend-nonce","data-delete-nonce",[],[268],"shareadraft_admin_opts",[]]