[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmWGEaxETYPFiijGSbflEB0DmC5l5K5twyXKymMNyhPA":3,"$f5MvJefvSDptjsZkk9YRCJGUUDqltzNU-7vNZl8fmRZo":337,"$fvbPNqd30psj4VUQaUZzla-xGsorEPr2nFQvBiks-pGo":342},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":41,"analysis":140,"fingerprints":301},"sherky-simple-portfolio","Sherky Simple Portfolio","1.2","SherkSpear","https:\u002F\u002Fprofiles.wordpress.org\u002Fsherkspear\u002F","\u003Cp>Creates simple yet elegant responsive portfolio using shortcode into your page. Work samples are displayed using a fancy jquery plugin jportilio.\u003C\u002Fp>\n\u003Cp>Work samples are displayed beautifully and the template itself.\u003C\u002Fp>\n\u003Cp>This a simple plugin that showcases the projects you worked on and currently working on your personal website. Personal details are added on the portfolio page as your contact details.\u003C\u002Fp>\n\u003Cp>Adding projects is simple as ABC. It’s plain and simple.\u003C\u002Fp>\n\u003Cp>You can email me directly for any plugin request or personal modification such as styles and templates at \u003Ca href=\"mailto:contact@sherkspear.com\" rel=\"nofollow ugc\">contact@sherkspear.com\u003C\u002Fa> or contact me at \u003Ca href=\"http:\u002F\u002Fsherkspear.com\u002Fcontact\" rel=\"nofollow ugc\">http:\u002F\u002Fsherkspear.com\u002Fcontact\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin URL : \u003Ca href=\"http:\u002F\u002Fwww.sherkspear.com\u002Fportfolio-item\u002Fsimple-portfolio-plugin\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.sherkspear.com\u002Fportfolio-item\u002Fsimple-portfolio-plugin\u002F\u003C\u002Fa>\u003Cbr \u002F>\nDemo Page: \u003Ca href=\"http:\u002F\u002Fdemo.sherkspear.com\u002Fportfolio\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdemo.sherkspear.com\u002Fportfolio\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>More detailed instruction is at\u003C\u002Fh3>\n\u003Cp>*Dashboard -> Portfolio -> How To Use\u003Cbr \u002F>\n    \u002Fwp-admin\u002Fadmin.php?page=sherkportfolio_menu_page\u003C\u002Fp>\n","Creates simple yet elegant responsive portfolio using shortcode into your page. Work samples are displayed using a fancy jquery plugin jportilio.",10,2077,100,1,"2015-05-15T15:50:00.000Z","4.2.39","3.0.1","",[20,21,22,23,24],"add-portfolios","create-portfolios","portfolio","portfolios","skills","http:\u002F\u002Fwww.sherkspear.com\u002Fportfolio-item\u002Fsimple-portfolio-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsherky-simple-portfolio.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":37,"avg_patch_time_days":38,"trust_score":39,"computed_at":40},"sherkspear",6,60,88,30,86,"2026-05-20T09:29:42.757Z",[42,63,81,98,116],{"slug":43,"name":44,"version":45,"author":46,"author_profile":47,"description":48,"short_description":49,"active_installs":50,"downloaded":51,"rating":28,"num_ratings":28,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":61,"download_link":62,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cozy-essential-addons","Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons","1.3.4","CozyThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcozythemes\u002F","\u003Cp>Cozy Essentials Addons is the ultimate companion plugin for CozyThemes users, offering seamless one-click demo imports and a rich library of pre-designed block patterns to help you quickly build stunning websites. Designed to work perfectly with themes like FotaWP, ReviveNews, Storemate, and more, this lightweight plugin lets you instantly replicate professional starter sites, complete with layouts and content, while also enabling theme-specific enhancements for an optimized building experience. Whether you’re launching a blog, store, or business site, Cozy Essentials Addons makes website creation faster, easier, and more powerful.\u003C\u002Fp>\n\u003Ch4>Display shortcode of post type in site\u003C\u002Fh4>\n\u003Cp>To display post data in your site, please checkout [shortcodes][https:\u002F\u002Fcozythemes.com\u002Fcozy-essential-addons\u002F] in plugin details page.\u003C\u002Fp>\n","Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.",7000,199264,"2025-10-13T15:03:00.000Z","6.8.5","5.9","7.3.0",[57,58,23,59,60],"demo-importer","faqs","teams","testimonials","https:\u002F\u002Fcozythemes.com\u002Fcozy-essential-addons","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcozy-essential-addons.1.3.4.zip",{"slug":23,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":13,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":18,"requires_php":18,"tags":75,"homepage":18,"download_link":80,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"Portfolios","1.1.6","Jason","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeblvd\u002F","\u003Cp>This plugin adds a “Portfolio Item” custom post type with associated “Portfolio” and “Porfolio Tag” taxonomies.\u003C\u002Fp>\n\u003Cp>Any instances of \u003Ccode>the_tags()\u003C\u002Fcode> by your theme when on a portfolio item post are filtered to use Portfolio Tags.\u003C\u002Fp>\n\u003Ch4>Theme Blvd Integration\u003C\u002Fh4>\n\u003Cp>If you’re using a theme with \u003Ca href=\"http:\u002F\u002Fwww.themeblvd.com\" rel=\"nofollow ugc\">Theme Blvd\u003C\u002Fa> framework v2.3+, this plugin has some cool integration features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Breadcrumb integration for Portfolio Items and associated taxonomy archives.\u003C\u002Fli>\n\u003Cli>Portfolio and Portfolio Tag WordPress can display in grid mode.\u003C\u002Fli>\n\u003Cli>Post List and Post Grid page templates can accept “portfolio” and “portfolio_tag” custom fields to filter posts.\u003C\u002Fli>\n\u003Cli>Standard “Post Options” meta box is integrated into the portfolio item custom post type.\u003C\u002Fli>\n\u003Cli>With our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-blvd-layout-builder\" rel=\"ugc\">Layout Builder\u003C\u002Fa> plugin, options to pull posts by Portfolio or Portfolio Tag are added to verious elements.\u003C\u002Fli>\n\u003Cli>With our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-blvd-shortcodes\u002F\" rel=\"ugc\">Shortcodes\u003C\u002Fa> plugin, you can use “portfolio” and “portfolio_tag” parameters for \u003Ccode>[post_list]\u003C\u002Fcode> and \u003Ccode>[post_grid]\u003C\u002Fcode> shortcodes.\u003C\u002Fli>\n\u003Cli>With our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-blvd-sliders\u002F\" rel=\"ugc\">Sliders\u003C\u002Fa> plugin, you can use “portfolio” and “portfolio_tag” parameters with \u003Ccode>[post_slider]\u003C\u002Fcode> shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a \"Portfolio Item\" custom post type with associated \"Portfolio\" and \"Porfolio Tag\" taxonomies.",700,27343,2,"2019-01-20T22:26:00.000Z","5.0.25",[76,77,23,78,79],"bundle","jason-bobich","theme-blvd","themeblvd","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fportfolios.1.1.6.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":28,"num_ratings":28,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":96,"download_link":97,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gravitation-portfolios","Gravitation Portfolios","1.0.0","UlisesFreitas","https:\u002F\u002Fprofiles.wordpress.org\u002Fulisesfreitas\u002F","\u003Cp>Gravitation portfolios, is a plugin to display portfolios on your site, with a page template, or shortcodes is mainly for bootstrap ready templates.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Features ShortCodes:\u003C\u002Fp>\n\u003Col>\n\u003Cli>All portfolios [gravitation_portfolios]\u003C\u002Fli>\n\u003C\u002Fol>\n","A Plugin to integrate portfolios",1429,"2016-05-16T22:30:00.000Z","4.5.33","4.3.1",[23,94,95],"portfolios-on-widgets","portfolios-shortcodes","https:\u002F\u002Fgithub.com\u002FUlisesFreitas\u002Fgravitation-portfolios","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravitation-portfolios.1.0.0.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":28,"downloaded":106,"rating":13,"num_ratings":14,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":18,"download_link":115,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cb-portfolio-work","CB Portfolio Work For Elementor","1.1","Md Abul Bashar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhmbashar\u002F","\u003Cp>Show your works history as a portfolio on your website by using elementor widget or shortcode [cb-pwork-our-works]\u003C\u002Fp>\n","Show your works history as a portfolio on your website by using elementor widget or shortcode [cb-pwork-our-works]",1350,"2023-10-02T17:43:00.000Z","6.3.8","4.7","7.0",[112,22,113,114],"elementor-widget","portfolios-widget","work-works","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcb-portfolio-work.1.1.zip",{"slug":117,"name":118,"version":65,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":135,"download_link":136,"security_score":137,"vuln_count":138,"unpatched_count":28,"last_vuln_date":139,"fetched_at":30},"wp-show-posts","WP Show Posts","Tom","https:\u002F\u002Fprofiles.wordpress.org\u002Fedge22\u002F","\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>This plugin is only receiving security updates at this time. Check out our \u003Ca href=\"https:\u002F\u002Fgenerateblocks.com\u002F\" rel=\"nofollow ugc\">GenerateBlocks\u003C\u002Fa> plugin for a more modern solution.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"WP Show Posts\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F175638957?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Cp>WP Show Posts allows you to display posts anywhere on your website using an easy to use shortcode.\u003C\u002Fp>\n\u003Cp>You can pull posts from any post type like WooCommerce, Easy Digital Downloads etc..\u003C\u002Fp>\n\u003Cp>This plugin works with any theme.\u003C\u002Fp>\n\u003Cp>Here are the features in the free version:\u003C\u002Fp>\n\u003Ch4>Posts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Post type\u003C\u002Fli>\n\u003Cli>Taxonomy\u003C\u002Fli>\n\u003Cli>Terms\u003C\u002Fli>\n\u003Cli>Posts per page\u003C\u002Fli>\n\u003Cli>Pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Columns\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Columns\u003C\u002Fli>\n\u003Cli>Columns gutter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Images\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show images\u003C\u002Fli>\n\u003Cli>Image width\u003C\u002Fli>\n\u003Cli>Image height\u003C\u002Fli>\n\u003Cli>Image alignment\u003C\u002Fli>\n\u003Cli>Image location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Content\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Content type (excerpt or full post)\u003C\u002Fli>\n\u003Cli>Excerpt length\u003C\u002Fli>\n\u003Cli>Include title\u003C\u002Fli>\n\u003Cli>Read more text\u003C\u002Fli>\n\u003Cli>Read more button class\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Meta\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Include author\u003C\u002Fli>\n\u003Cli>Author location\u003C\u002Fli>\n\u003Cli>Include date\u003C\u002Fli>\n\u003Cli>Date location\u003C\u002Fli>\n\u003Cli>Include terms\u003C\u002Fli>\n\u003Cli>Terms location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Author ID\u003C\u002Fli>\n\u003Cli>Exclude current\u003C\u002Fli>\n\u003Cli>Post ID\u003C\u002Fli>\n\u003Cli>Exclude post ID\u003C\u002Fli>\n\u003Cli>Ignore sticky posts\u003C\u002Fli>\n\u003Cli>Offset\u003C\u002Fli>\n\u003Cli>Order\u003C\u002Fli>\n\u003Cli>Order by\u003C\u002Fli>\n\u003Cli>Status\u003C\u002Fli>\n\u003Cli>Meta key\u003C\u002Fli>\n\u003Cli>Meta value\u003C\u002Fli>\n\u003Cli>Tax operator\u003C\u002Fli>\n\u003Cli>No results message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Our *Pro* version has these features\u003C\u002Fh4>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"WP Show Posts Pro\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F175660953?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpshowposts.com\u002F\" title=\"Check out Pro\" rel=\"nofollow ugc\">Check out Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Posts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>AJAX pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Columns\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Masonry\u003C\u002Fli>\n\u003Cli>Featured post\u003C\u002Fli>\n\u003Cli>Background color\u003C\u002Fli>\n\u003Cli>Background color hover\u003C\u002Fli>\n\u003Cli>Border color\u003C\u002Fli>\n\u003Cli>Border color hover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Images\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Image overlay color\u003C\u002Fli>\n\u003Cli>Image overlay icon\u003C\u002Fli>\n\u003Cli>Image hover effect\u003C\u002Fli>\n\u003Cli>Image lightbox\u003C\u002Fli>\n\u003Cli>Image lightbox gallery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Content\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Read more style\u003C\u002Fli>\n\u003Cli>Read more color\u003C\u002Fli>\n\u003Cli>Content link color\u003C\u002Fli>\n\u003Cli>Content link color hover\u003C\u002Fli>\n\u003Cli>Content text color\u003C\u002Fli>\n\u003Cli>Title color\u003C\u002Fli>\n\u003Cli>Title color hover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Meta\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Meta color\u003C\u002Fli>\n\u003Cli>Meta color hover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Social\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Twitter color + hover\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Facebook color + hover\u003C\u002Fli>\n\u003Cli>Google+\u003C\u002Fli>\n\u003Cli>Google+ color + hover\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Pinterest color + hover\u003C\u002Fli>\n\u003Cli>Love it\u003C\u002Fli>\n\u003Cli>Alignment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out GeneratePress, our awesome WordPress theme! (https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgeneratepress)\u003C\u002Fp>\n","Add posts to your website from any post type using a simple shortcode.",70000,606130,94,80,"2024-04-16T19:12:00.000Z","6.1.10","4.5",[131,132,22,133,134],"display-posts-shortcode","gallery","post-columns","show-posts","https:\u002F\u002Fwpshowposts.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-show-posts.1.1.6.zip",84,3,"2024-04-16 00:00:00",{"attackSurface":141,"codeSignals":171,"taintFlows":242,"riskAssessment":283,"analyzedAt":300},{"hooks":142,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":170,"entryPointCount":14,"unprotectedCount":28},[143,149,154,159],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","setupMenu","SherkPortfolio.php",59,{"type":144,"name":150,"callback":151,"priority":152,"file":147,"line":153},"init","enable",1000,97,{"type":144,"name":155,"callback":156,"file":157,"line":158},"wp_enqueue_scripts","include_sherky_portfolio_css_js","classes\u002FSherkyPortfolioCssJsScripts.php",16,{"type":144,"name":160,"callback":161,"file":157,"line":162},"admin_enqueue_scripts","_edit_sherky_portfolio_js",18,[],[],[166],{"tag":167,"callback":168,"file":169,"line":35},"sherkyportfolio","sherkyportfolio_func","classes\u002FSherkyPortfolioShortcode.php",[],{"dangerousFunctions":172,"sqlUsage":178,"outputEscaping":189,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":241},[173],{"fn":174,"file":175,"line":176,"context":177},"move_uploaded_file","classes\u002FHelperFunctions.php",187,"if(move_uploaded_file ($_FILES['screenshot']['tmp_name'], $filename)){",{"prepared":179,"raw":138,"locations":180},4,[181,183,185],{"file":175,"line":158,"context":182},"$wpdb->get_results() with unsafe: $id",{"file":175,"line":184,"context":182},23,{"file":186,"line":187,"context":188},"forms\u002Fportfolioproject.php",21,"$wpdb->query() with unsafe: $edit_id",{"escaped":28,"rawEcho":190,"locations":191},29,[192,195,198,200,202,204,206,208,210,212,214,216,217,219,221,222,223,224,225,226,227,228,230,232,233,235,237,238,239],{"file":175,"line":193,"context":194},163,"raw output",{"file":196,"line":197,"context":194},"forms\u002Fcreateportfolio.php",27,{"file":196,"line":199,"context":194},31,{"file":196,"line":201,"context":194},35,{"file":196,"line":203,"context":194},38,{"file":196,"line":205,"context":194},41,{"file":196,"line":207,"context":194},44,{"file":196,"line":209,"context":194},48,{"file":196,"line":211,"context":194},51,{"file":196,"line":213,"context":194},54,{"file":196,"line":215,"context":194},57,{"file":196,"line":36,"context":194},{"file":196,"line":218,"context":194},63,{"file":196,"line":220,"context":194},67,{"file":186,"line":207,"context":194},{"file":186,"line":209,"context":194},{"file":186,"line":211,"context":194},{"file":186,"line":213,"context":194},{"file":186,"line":215,"context":194},{"file":186,"line":36,"context":194},{"file":186,"line":218,"context":194},{"file":186,"line":229,"context":194},95,{"file":186,"line":231,"context":194},96,{"file":186,"line":153,"context":194},{"file":186,"line":234,"context":194},98,{"file":186,"line":236,"context":194},99,{"file":186,"line":13,"context":194},{"file":186,"line":13,"context":194},{"file":240,"line":218,"context":194},"templates\u002Fsherkportfolio_dashboard.php",[],[243,262],{"entryPoint":244,"graph":245,"unsanitizedCount":260,"severity":261},"\u003Ccreateportfolio> (forms\u002Fcreateportfolio.php:0)",{"nodes":246,"edges":257},[247,252],{"id":248,"type":249,"label":250,"file":196,"line":251},"n0","source","$_POST (x12)",15,{"id":253,"type":254,"label":255,"file":196,"line":199,"wp_function":256},"n1","sink","echo() [XSS]","echo",[258],{"from":248,"to":253,"sanitized":259},false,12,"low",{"entryPoint":263,"graph":264,"unsanitizedCount":281,"severity":282},"\u003Cportfolioproject> (forms\u002Fportfolioproject.php:0)",{"nodes":265,"edges":278},[266,269,272,276],{"id":248,"type":249,"label":267,"file":186,"line":268},"$_GET",9,{"id":253,"type":254,"label":270,"file":186,"line":187,"wp_function":271},"query() [SQLi]","query",{"id":273,"type":249,"label":274,"file":186,"line":275},"n2","$_POST (x7)",28,{"id":277,"type":254,"label":255,"file":186,"line":207,"wp_function":256},"n3",[279,280],{"from":248,"to":253,"sanitized":259},{"from":273,"to":277,"sanitized":259},8,"high",{"summary":284,"deductions":285},"The sherky-simple-portfolio plugin v1.2 presents a mixed security posture. On the positive side, it has a very small attack surface with only one entry point (a shortcode) and no known historical vulnerabilities. This suggests a potentially well-maintained codebase. However, the static analysis reveals significant security concerns.  The complete lack of output escaping for all identified outputs is a critical flaw, making it highly susceptible to Cross-Site Scripting (XSS) attacks. Additionally, the presence of unsanitized paths in taint analysis, even if not classified as critical or high, indicates potential for file path manipulation vulnerabilities.\n\nWhile the plugin has no reported CVEs, this does not guarantee its security, especially given the identified code signals. The use of `move_uploaded_file` without associated capability checks or proper sanitization for the destination path is a significant risk. The absence of nonce checks, capability checks, and proper output escaping on the single entry point, the shortcode, creates a substantial risk profile. The plugin's strength lies in its limited attack surface and clean vulnerability history, but this is overshadowed by the critical lack of output escaping and potential path traversal issues.",[286,288,290,293,296,298],{"reason":287,"points":251},"0% output escaping",{"reason":289,"points":11},"Unsanitized paths in taint analysis",{"reason":291,"points":292},"Dangerous function move_uploaded_file",7,{"reason":294,"points":295},"No nonce checks",5,{"reason":297,"points":295},"No capability checks",{"reason":299,"points":281},"Taint flow high severity","2026-04-16T12:22:57.193Z",{"wat":302,"direct":325},{"assetPaths":303,"generatorPatterns":313,"scriptPaths":314,"versionParams":315},[304,305,306,307,308,309,310,311,312],"\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fdatetimepicker.js","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fjportilio.js","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fsherkportfolio.js","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fjportilio.css","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fsherkportfolio.css","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fsherkportfolio-edit.css","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fadmin-sherkportfolio.js",[],[304,305,306,307,312],[316,317,318,319,320,321,322,323,324],"\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fdatetimepicker.js?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fbootstrap.min.js?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fjportilio.js?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fsherkportfolio.js?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fbootstrap.min.css?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fjportilio.css?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fsherkportfolio.css?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fcss\u002Fsherkportfolio-edit.css?ver=","\u002Fwp-content\u002Fplugins\u002Fsherky-simple-portfolio\u002Fscripts\u002Fjs\u002Fadmin-sherkportfolio.js?ver=",{"cssClasses":326,"htmlComments":329,"htmlAttributes":330,"restEndpoints":332,"jsGlobals":333,"shortcodeOutput":335},[327,328],"container-fluid","sherky_portfolio_shortcode",[],[331],"id=\"sherky_portfolio_shortcode\"",[],[334],"WP_PLUGIN_URL",[336],"\u003Csection class=\"container-fluid\" id=\"sherky_portfolio_shortcode\">",{"error":338,"url":339,"statusCode":340,"statusMessage":341,"message":341},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsherky-simple-portfolio\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":28,"versions":343},[]]