[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuykAV-NljS1UVYpvi4ojFfYZBvtd5y1_Re6yLkr58fw":3,"$fFyB8-Ufd-SRjugZaZTYlTgorxWaSzMUqg_CwHVP3Opg":340,"$fujbaeexxNp4INsKiq15P8LVi5YDAuF8y4GzPfUTs2Ts":344},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":74,"crawl_stats":37,"alternatives":80,"analysis":186,"fingerprints":303},"show-posts","Weaver Show Posts","2.0","wpweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpweaver\u002F","\u003Cp>This plugin provides a very flexible way to show posts anywhere on a site using a shortcode. It works with any theme. Weaver Show Posts is by far the most flexible with an easy to use interface to select which posts to show.\u003C\u002Fp>\n\u003Cp>Note: this plugin was formerly named ATW Show Posts. There is no difference in functionality between the versions.\u003C\u002Fp>\n\u003Ch4>Easy to select which posts to show\u003C\u002Fh4>\n\u003Cp>There are several WordPress plugins that allow you to display selected posts via shortcode on your pages, other posts, or in widgets.\u003C\u002Fp>\n\u003Cp>This plugin provides a powerful interactive admin page that allows you to specify exactly which posts you want displayed. The specifications are called a “filter”, and you can define as many filters as you need to display different posts via the shortcode. Includes support for custom post types and taxonomies.\u003C\u002Fp>\n\u003Ch4>Style of Displayed Posts\u003C\u002Fh4>\n\u003Cp>Weaver Show Posts will normally display posts using its own basic display functions. These can be easily styled to match the rest\u003Cbr \u002F>\nof your site by defining Custom CSS rules in the Custom CSS option.\u003C\u002Fp>\n\u003Cp>But Weaver Show Posts can go way beyond that. For many Themes, you can elect to use the native Theme Post formatting function.\u003Cbr \u002F>\nThe posts displayed by Show Posts will match other posts displayed by your theme. If you are using the Weaver Xtreme or Weaver II\u003Cbr \u002F>\nthemes, there is even more integrated display of posts.\u003C\u002Fp>\n\u003Ch4>Show Posts in a Text Widget\u003C\u002Fh4>\n\u003Cp>You can add [show_posts] to the standard Text Widget. If your theme or other plugin doesn’t add this capability, Weaver Show Posts\u003Cbr \u002F>\nincludes an option to allow the Text Widget to support shortcodes.\u003C\u002Fp>\n\u003Ch4>The Shortcode\u003C\u002Fh4>\n\u003Cp>The form of the shortcode is:\u003C\u002Fp>\n\u003Cp>[show_posts filter=filter-name]\u003C\u002Fp>\n","Show Posts in a Page via shortcode for any theme",5000,212320,100,7,"2026-04-10T23:04:00.000Z","7.0","6.6","7.2",[20,21,22],"shortcodes","weaver-xtreme-theme","widgets","http:\u002F\u002FWeaverTheme.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.2.0.zip",76,2,1,"2026-03-20 15:17:17","2026-04-16T10:56:18.058Z","no_bundle",[32,58],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":47,"research_verified":48,"research_rounds_completed":49,"research_plan":50,"research_summary":51,"research_vulnerable_code":52,"research_fix_diff":53,"research_exploit_outline":54,"research_model_used":55,"research_started_at":56,"research_completed_at":57,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2026-2121","weaver-show-posts-authenticated-administrator-stored-cross-site-scripting-via-additional-classes-to-wrap-posts-widget-se","Weaver Show Posts \u003C= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting","The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_class' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multisite installations where Administrators do not have the unfiltered_html capability.",null,"\u003C=1.8.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-05-14 05:30:31",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe0d525ab-a86d-4750-9d16-731cbc0a626e?source=api-prod",[],"researched",false,3,"This research plan outlines the technical steps to exploit **CVE-2026-2121**, a stored cross-site scripting (XSS) vulnerability in the **Weaver Show Posts** plugin.\n\n### 1. Vulnerability Summary\nThe Weaver Show Posts plugin (up to version 1.8.1) fails to properly sanitize and escape the `add_class` parameter, which corresponds to the \"Additional Classes to Wrap Posts\" setting. This setting allows users to add custom CSS classes to the container surrounding the posts generated by the plugin. Because the input is rendered directly into an HTML `class` attribute without sufficient escaping (e.g., using `esc_attr()`), an administrator can inject a payload that breaks out of the attribute and executes arbitrary JavaScript.\n\n### 2. Attack Vector Analysis\n*   **Vulnerable Endpoint**: `wp-admin\u002Fpost.php` (for \"Show Posts Filters\") or the Widgets API.\n*   **Vulnerable Parameter**: `add_class` (or the corresponding meta field in the POST request).\n*   **Authentication Level**: Administrator (specifically targeting environments like WordPress Multisite where `unfiltered_html` is disabled for site admins).\n*   **Preconditions**: The plugin must be active, and a \"Show Posts Filter\" or Widget must be created and rendered on a public-facing page or post.\n\n### 3. Code Flow (Inferred)\n1.  **Input**: The administrator submits a \"Show Posts Filter\" configuration via the WordPress admin dashboard.\n2.  **Storage**: The plugin's save handler (likely hooked to `save_post` or a custom AJAX action) receives the `add_class` parameter and stores it in the `wp_postmeta` table (e.g., as `_atw_add_class` or similar) without sanitizing for HTML entities.\n3.  **Output (Sink)**: When a user visits a page containing the `[show_posts]` shortcode or the Weaver Show Posts widget:\n    *   The plugin retrieves the saved settings.\n    *   It generates a wrapper `\u003Cdiv>` or `\u003Cspan>`.\n    *   It echoes the `add_class` value directly inside the `class` attribute:\n        `echo '\u003Cdiv class=\"atw-show-posts ' . $add_class . '\">';`\n4.  **Execution**: If `$add_class` contains `\">\u003Cscript>alert(1)\u003C\u002Fscript>`, the resulting HTML becomes:\n    `\u003Cdiv class=\"atw-show-posts \">\u003Cscript>alert(1)\u003C\u002Fscript>\">`\n\n### 4. Nonce Acquisition Strategy\nSince this is an **Authenticated (Administrator+)** vulnerability, the exploit requires a valid session. The automated agent should:\n1.  Login as an Administrator using `wp_cli` or `browser_navigate`.\n2.  Navigate to the \"Show Posts\" -> \"Add New Filter\" page (`\u002Fwp-admin\u002Fpost-new.php?post_type=atw_show_posts`).\n3.  Use `browser_eval` to extract the required nonces:\n    *   For standard post saving: `document.querySelector('#_wpnonce').value`.\n    *   If using the Widget interface: `window.wpWidgets?.nonces?.save_widget`.\n\n### 5. Exploitation Strategy\nThe goal is to inject a payload into a \"Show Posts Filter\" and then trigger its rendering.\n\n**Step 1: Create a malicious Filter**\n*   **Method**: POST request to `wp-admin\u002Fpost.php`.\n*   **URL**: `https:\u002F\u002F[target]\u002Fwp-admin\u002Fpost.php`\n*   **Payload**:\n    ```http\n    Content-Type: application\u002Fx-www-form-urlencoded\n\n    action=editpost\n    &post_type=atw_show_posts\n    &post_ID=[NEW_POST_ID]\n    &post_title=XSS_Filter\n    &atw_add_class=\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>\n    &_wpnonce=[NONCE]\n    ```\n    *(Note: `atw_add_class` is the inferred parameter name based on the plugin's prefix `atw_` for \"A Weaver\").*\n\n**Step 2: Embed the Filter**\nCreate a public post containing the shortcode for the malicious filter.\n*   **Shortcode**: `[show_posts filter=\"[POST_ID]\"]`\n\n**Step 3: Trigger the XSS**\nNavigate to the newly created public post. The browser will render the injected script.\n\n### 6. Test Data Setup\n1.  **Plugin Installation**: Install and activate `show-posts` version 1.8.1.\n2.  **User Creation**: Ensure a user with the `administrator` role exists.\n3.  **Disable unfiltered_html**: (Crucial for testing the security boundary) If testing on a single-site install, use a plugin or `wp-config.php` to define `DISALLOW_UNFILTERED_HTML`, as real-world impact is highest in Multisite.\n    ```php\n    define( 'DISALLOW_UNFILTERED_HTML', true );\n    ```\n4.  **Identify Meta Keys**: Run `wp post-type list` to confirm the post type name. Use `wp post create --post_type=atw_show_posts --post_title=\"Probe\"` to find the specific meta key used for \"Additional Classes\" by inspecting the database.\n\n### 7. Expected Results\n*   Upon saving the Filter, the database should contain the literal string `\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>` in the `wp_postmeta` table for that post.\n*   Upon viewing the page with the shortcode, the HTML source should show the `class` attribute of the container element closed prematurely, followed by the `\u003Cscript>` tag.\n*   A JavaScript alert showing the document domain should appear.\n\n### 8. Verification Steps\n1.  **Database Check**:\n    ```bash\n    wp db query \"SELECT meta_value FROM wp_postmeta WHERE meta_key LIKE '%add_class%' AND post_id = [ID]\"\n    ```\n2.  **HTML Inspection**:\n    Use `http_request` to fetch the frontend page and grep for the breakout:\n    ```bash\n    grep -P 'class=\"atw-show-posts \">\u003Cscript>' response_body.html\n    ```\n\n### 9. Alternative Approaches\n*   **Widget Injection**: If the \"Filter\" CPT is not the entry point, target the WordPress Widget dashboard (`wp-admin\u002Fwidgets.php`). Update a \"Weaver Show Posts\" widget instance via the AJAX `save-widget` action.\n*   **Attribute-Based Payloads**: If `\u003Cscript>` tags are stripped by a global WAF but the plugin still fails to escape the attribute, use event handlers:\n    `add_class = 'x\" onmouseover=\"alert(1)\" style=\"display:block;width:1000px;height:1000px;\"'`\n*   **Shortcode Attribute**: Check if the shortcode itself accepts the `add_class` parameter:\n    `[show_posts add_class='\">\u003Cscript>alert(1)\u003C\u002Fscript>']`\n    If the shortcode handler uses the same unescaped logic, this provides a simpler path for users with `edit_posts` capability.","The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Additional Classes to Wrap Posts' setting in versions up to 1.8.1. This occurs because the plugin fails to properly escape user-supplied custom CSS classes before rendering them in an HTML attribute, allowing authenticated administrators to execute arbitrary JavaScript on pages where the posts are displayed.","\u002F* Inferred from display logic in Weaver Show Posts handler *\u002F\n$add_class = get_post_meta($post_id, 'atw_add_class', true);\necho '\u003Cdiv class=\"atw-show-posts ' . $add_class . '\">';","--- a\u002Fatw-show-posts.php\n+++ b\u002Fatw-show-posts.php\n@@ -100,1 +100,1 @@\n-    echo '\u003Cdiv class=\"atw-show-posts ' . $add_class . '\">';\n+    echo '\u003Cdiv class=\"atw-show-posts ' . esc_attr($add_class) . '\">';","1. Login to the WordPress admin panel as an Administrator.\n2. Navigate to the 'Show Posts' section and either create a new filter or edit an existing one.\n3. In the setting field labeled 'Additional Classes to Wrap Posts' (internally associated with the `add_class` or `atw_add_class` parameter), input an XSS payload designed to break out of a double-quoted HTML attribute, such as: \">\u003Cscript>alert(document.domain)\u003C\u002Fscript>.\n4. Save the filter.\n5. Embed the malicious filter into a public page using the [show_posts] shortcode (e.g., [show_posts filter=\"123\"]).\n6. Access the public page. The plugin will render the injected string directly into the class attribute of a div wrapper, causing the script to execute.","gemini-3-flash-preview","2026-04-18 00:46:27","2026-04-18 00:46:45",{"id":59,"url_slug":60,"title":61,"description":62,"plugin_slug":4,"theme_slug":37,"affected_versions":63,"patched_in_version":64,"severity":39,"cvss_score":65,"cvss_vector":66,"vuln_type":42,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71,"patch_diff_files":72,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":73,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2023-1404","weaver-show-posts-authenticatedcontributor-stored-cross-site-scripting-via-display-name","Weaver Show Posts \u003C= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name","The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.6","1.7",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-04-01 00:00:00","2024-01-22 19:56:02",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc8647c44-4879-4895-bd07-19f7d62a7326?source=api-prod",297,[],0,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":75,"avg_security_score":76,"avg_patch_time_days":77,"trust_score":78,"computed_at":79},24650,86,178,69,"2026-05-20T02:03:00.303Z",[81,98,120,142,163],{"slug":82,"name":83,"version":84,"author":7,"author_profile":8,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":13,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":94,"download_link":95,"security_score":96,"vuln_count":49,"unpatched_count":73,"last_vuln_date":97,"fetched_at":29},"weaverx-theme-support","Weaver Xtreme Theme Support","6.5.1","\u003Cp>This is the theme support for the Weaver Xtreme Theme. This plugin provides a collection of useful shortcodes and widgets designed to complement the Weaver Xtreme theme. These shortcodes have been selected and developed based on requests and feedback from thousands of users of the Weaver Xtreme and previous versions of Weaver.\u003C\u002Fp>\n\u003Cp>This plugin also provides the Legacy Weaver Xtreme Admin Dashboard interface. The Legacy Admin is an old style interface alternative to the Customizer interface. The Legacy Interface has been updated for compatibility with Weaver Xtreme Version 5, and will automatically update and convert .wxt settings files from Weaver Xtreme 4.\u003C\u002Fp>\n\u003Cp>Includes complete documentation help file. Instructions for using the shortcodes and widgets are in the help file.\u003C\u002Fp>\n\u003Ch4>Shortcodes included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>[tab_group]\u003C\u002Fstrong> – Display content in a tabbed box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!--YouTube Error: bad URL entered-->\u003C\u002Fstrong> – Show your YouTube videos responsively, and with the capability to use any of the YouTube custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!-- vimeo error: not a vimeo video -->\u003C\u002Fstrong> –  Show your Vimeo videos responsively, and with the capability to use any of the Vimeo custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[iframe]\u003C\u002Fstrong> – Quick and easy display of content in an iframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[div]\u003C\u002Fstrong>, \u003Cstrong>[span]\u003C\u002Fstrong>, \u003Cstrong>[html]\u003C\u002Fstrong> – Add div, span, and other html to pages\u002Fposts without the need to switch to Text view.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[hide\u002Fshow_if]\u003C\u002Fstrong> – Show or hide content depending upon options: device, page ID, user capability, logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[bloginfo]\u003C\u002Fstrong> – Display any information available from WordPress bloginfo function.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[user_can]\u003C\u002Fstrong> – Display content base on logged-in user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_title]\u003C\u002Fstrong> – Display Site title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_tagline]\u003C\u002Fstrong> – Display Site tag line.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Weaver 2 Column Text Widget\u003C\u002Fstrong> – Add text into two columns in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Per Page Text Widget\u003C\u002Fstrong> – Add a text widget on a per-page basis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Login\u003C\u002Fstrong> – Simplified login widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Licenses\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Weaver Xtreme Theme Support plugin is licensed under the terms of the GNU GENERAL PUBLIC LICENSE, Version 2,\u003Cbr \u002F>\nJune 1991. (GPL) The full text of the license is in the license.txt file.\u003C\u002Fli>\n\u003Cli>All images included with this plugin are either original works of the author which\u003Cbr \u002F>\nhave been placed into the public domain, or have been derived from other public domain sources,\u003Cbr \u002F>\nand thus need no license. (This does not include the images provided with any of the\u003Cbr \u002F>\nbelow listed scripts and libraries. Those images are covered by their respective licenses.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin also includes several scripts and libraries that are covered under the terms\u003Cbr \u002F>\nof their own licenses in the listed files in the plugin distribution:\u003C\u002Fp>\n","A useful shortcode and widget collection for Weaver Xtreme",9000,383370,4,"2024-05-31T18:31:00.000Z","6.5.8","6.0",[20,21,22],"http:\u002F\u002Fweavertheme.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweaverx-theme-support.6.5.1.zip",89,"2024-06-04 19:18:53",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":13,"num_ratings":27,"last_updated":108,"tested_up_to":91,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":73,"last_vuln_date":119,"fetched_at":29},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,536744,"2025-12-04T08:12:00.000Z","4.7","5.4.0",[112,113,20,114],"custom-post-types","elementor-widgets","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,"2026-02-18 15:32:44",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":13,"num_ratings":27,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":138,"download_link":139,"security_score":140,"vuln_count":49,"unpatched_count":27,"last_vuln_date":141,"fetched_at":29},"popularis-extra","Popularis Extra","1.2.10","Themes4WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemes4wp\u002F","\u003Cp>Popularis Extra gives you access to demo import for free PopularisWP themes, extra features like widgets, shortcodes or additional Elementor widgets.\u003C\u002Fp>\n\u003Cp>This plugin requires PopularisWP theme to be installed.\u003C\u002Fp>\n\u003Ch3>Supported Themes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis\u002F\" rel=\"ugc\">Popularis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-ecommerce\u002F\" rel=\"nofollow ugc\">Popularis eCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-verse\u002F\" rel=\"ugc\">Popularis Verse\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-hub\u002F\" rel=\"ugc\">Popularis Hub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-star\u002F\" rel=\"ugc\">Popularis Star\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-writer\u002F\" rel=\"ugc\">Popularis Writer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-press\u002F\" rel=\"ugc\">Popularis Press\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-fashion\u002F\" rel=\"nofollow ugc\">Popularis Fashion\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-business\u002F\" rel=\"nofollow ugc\">Popularis Business\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Popularis Extra add extra features to Popularis theme like demo import, widgets, shortcodes or Elementor widgets.",8000,226297,"2025-12-03T07:12:00.000Z","6.9.4","4.4","5.6",[135,136,137,20,22],"demo","elementor","import","https:\u002F\u002Fpopulariswp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpopularis-extra.1.2.10.zip",74,"2026-01-28 00:00:00",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":159,"download_link":160,"security_score":161,"vuln_count":27,"unpatched_count":27,"last_vuln_date":162,"fetched_at":29},"series","Series","2.0.1","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>Series is a plugin created to allow users to easily link posts together by using a WordPress taxonomy (like tags or categories) called “series”.  It can be particularly useful if you write several posts spanning the same topic and want them tied together in some way that tags or categories doesn’t cover.\u003C\u002Fp>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cp>If you need professional plugin support from me, the plugin author, you can access the support forums at \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fsupport\" rel=\"nofollow ugc\">Theme Hybrid\u003C\u002Fa>, which is a professional WordPress help\u002Fsupport site where I handle support for all my plugins and themes for a community of 75,000+ users (and growing).\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustintadlock\u002Fseries\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Yes, I do accept donations.  If you want to donate, you can do so from my \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fdonate\" rel=\"nofollow ugc\">donations page\u003C\u002Fa> or grab me something from my \u003Ca href=\"http:\u002F\u002Fa.co\u002FflUb0ns\" rel=\"nofollow ugc\">Amazon Wish List\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>I appreciate all donations, no matter the size.  Further development of this plugin is not contingent on donations, but they are always a nice incentive.\u003C\u002Fp>\n","Plugin that allows you to collect posts in a series.",2000,46414,84,5,"2018-12-17T20:52:00.000Z","5.0.25","4.8","5.3",[143,20,22],"https:\u002F\u002Fthemehybrid.com\u002Fplugins\u002Fseries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseries.2.0.1.zip",63,"2025-12-31 00:00:00",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":171,"downloaded":172,"rating":173,"num_ratings":174,"last_updated":175,"tested_up_to":176,"requires_at_least":177,"requires_php":178,"tags":179,"homepage":183,"download_link":184,"security_score":161,"vuln_count":27,"unpatched_count":27,"last_vuln_date":185,"fetched_at":29},"wp-widgets-shortcode","WordPress Widgets Shortcode","1.0.3","Brajesh Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbrajesh\u002F","\u003Cp>The plugin allows you to embed any WordPress Widget area\u002FDynamic Sidebar to your WordPress posts\u003C\u002Fp>\n\u003Cp>What you can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the shortcode to embed widget areas in posts\u003C\u002Fli>\n\u003Cli>Use the shortcode to embed Widget areas in Pages\u003C\u002Fli>\n\u003Cli>The widgets can be embedded anywhere, at the begining of content, middle, bottom or where ever you want. Just put the shortcode there.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please leave a comment here at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fwordpress\u002Fembed-wordpress-widget-areasdynamic-sidebars-in-posts-or-pages-using-simple-shortcodes\u002F\" title=\"Post about this plugin\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Others\u003C\u002Fh3>\n\u003Cp>For more info, please visit us at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002F\" title=\"The best place for all BuddyPress based plugins, themes tutorials\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n","Embed any widget area\u002Fdynamic sidebar to your pages\u002Fposts using the shortcode [dynamic-sidebar id='Your Widget Area\u002FSidebar name']",500,17258,90,8,"2016-05-14T08:01:00.000Z","4.7.33","3.5","",[180,181,182,20,22],"dynamic-sidebar","embed","embed-widgets","http:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fwp-widgets-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widgets-shortcode.1.0.3.zip","2025-09-22 00:00:00",{"attackSurface":187,"codeSignals":249,"taintFlows":271,"riskAssessment":291,"analyzedAt":302},{"hooks":188,"ajaxHandlers":241,"restRoutes":242,"shortcodes":243,"cronEvents":248,"entryPointCount":27,"unprotectedCount":73},[189,195,200,204,208,212,216,220,223,227,232,237],{"type":190,"name":191,"callback":192,"file":193,"line":194},"action","plugins_loaded","atw_posts_plugins_loaded","atw-show-posts.php",40,{"type":190,"name":196,"callback":197,"priority":198,"file":193,"line":199},"media_buttons","atw_posts_add_form_buttons",20,48,{"type":190,"name":201,"callback":202,"file":193,"line":203},"admin_menu","atw_posts_admin_menu",49,{"type":190,"name":205,"callback":206,"file":193,"line":207},"wp_enqueue_scripts","atw_posts_enqueue_scripts",50,{"type":190,"name":209,"callback":210,"file":193,"line":211},"template_redirect","atw_posts_emit_css",51,{"type":190,"name":213,"callback":214,"file":193,"line":215},"init","atw_posts_setup_shortcodes",52,{"type":190,"name":217,"callback":218,"file":193,"line":219},"admin_footer","atw_posts_select_posts_form",67,{"type":190,"name":217,"callback":221,"file":193,"line":222},"atw_posts_select_slider_form",72,{"type":190,"name":224,"callback":225,"priority":198,"file":193,"line":226},"wp_head","atw_posts_wp_head",235,{"type":228,"name":229,"callback":230,"file":193,"line":231},"filter","widget_text","atw_post_text_widget_shortcode",262,{"type":228,"name":233,"callback":234,"priority":198,"file":235,"line":236},"excerpt_length","atw_posts_excerpt_length_filter","includes\u002Fatw-showposts-sc.php",165,{"type":190,"name":238,"callback":239,"file":240,"line":117},"widgets_init","wvrx_sp_load_widgets","includes\u002Fposts-widgets.php",[],[],[244],{"tag":245,"callback":246,"file":193,"line":247},"show_posts","atw_show_posts_sc",259,[],{"dangerousFunctions":250,"sqlUsage":256,"outputEscaping":258,"fileOperations":27,"externalRequests":73,"nonceChecks":26,"capabilityChecks":174,"bundledLibraries":270},[251],{"fn":252,"file":253,"line":254,"context":255},"unserialize","includes\u002Fatw-admin-lib.php",120,"$restore = unserialize($contents);",{"prepared":27,"raw":73,"locations":257},[],{"escaped":259,"rawEcho":49,"locations":260},280,[261,265,267],{"file":262,"line":263,"context":264},"includes\u002Fatw-posts-template.php",246,"raw output",{"file":235,"line":266,"context":264},383,{"file":268,"line":269,"context":264},"includes\u002Fdownloader.php",87,[],[272],{"entryPoint":273,"graph":274,"unsanitizedCount":73,"severity":290},"\u003Cdownloader> (includes\u002Fdownloader.php:0)",{"nodes":275,"edges":287},[276,281],{"id":277,"type":278,"label":279,"file":268,"line":280},"n0","source","$_GET",31,{"id":282,"type":283,"label":284,"file":268,"line":285,"wp_function":286},"n1","sink","header() [Header Injection]",79,"header",[288],{"from":277,"to":282,"sanitized":289},true,"low",{"summary":292,"deductions":293},"The \"show-posts\" v2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices in several areas. Notably, 100% of its SQL queries are prepared, output escaping is nearly perfect at 99%, and it implements a good number of nonce and capability checks. The attack surface appears minimal with no unprotected entry points identified in the static analysis.\n\nHowever, significant concerns arise from the presence of the `unserialize` function, a known vector for critical vulnerabilities if not handled with extreme care and proper input sanitization. While taint analysis did not reveal immediate unsanitized paths for this function, its mere existence is a red flag. Furthermore, the plugin has a history of two known CVEs, with one remaining unpatched. The common vulnerability type being Cross-site Scripting indicates a recurring pattern that, coupled with the `unserialize` function, suggests potential weaknesses in input validation or handling of serialized data.\n\nIn conclusion, while the plugin has strengths in areas like SQL and output escaping, the presence of `unserialize` and its past vulnerability history, particularly the unpatched medium severity CVE, introduce a notable risk. Developers should prioritize auditing the usage of `unserialize` and addressing the outstanding vulnerability.",[294,297,300],{"reason":295,"points":296},"Unpatched CVE detected",17,{"reason":298,"points":299},"Presence of dangerous unserialize function",10,{"reason":301,"points":153},"History of XSS vulnerabilities","2026-04-16T10:59:52.045Z",{"wat":304,"direct":317},{"assetPaths":305,"generatorPatterns":310,"scriptPaths":311,"versionParams":312},[306,307,308,309],"\u002Fwp-content\u002Fplugins\u002Fshow-posts\u002Fcss\u002Fatw-posts-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fshow-posts\u002Fjs\u002Fyetii\u002Fyetii.js","\u002Fwp-content\u002Fplugins\u002Fshow-posts\u002Fjs\u002Fatw-posts-admin.js","\u002Fwp-content\u002Fplugins\u002Fshow-posts\u002Fjs\u002Fatw-posts-editor-buttons.js",[],[307,308,309],[313,314,315,316],"show-posts\u002Fcss\u002Fatw-posts-admin-style.css?ver=","show-posts\u002Fjs\u002Fyetii\u002Fyetii.js?ver=","show-posts\u002Fjs\u002Fatw-posts-admin.js?ver=","show-posts\u002Fjs\u002Fatw-posts-editor-buttons.js?ver=",{"cssClasses":318,"htmlComments":321,"htmlAttributes":322,"restEndpoints":331,"jsGlobals":332,"shortcodeOutput":337},[319,320],"dashicons-admin-post","dashicons-images-alt",[],[323,324,325,326,327,328,329,330],"id=\"add_atw_posts_posts\"","id=\"add_atw_slider_slidrs\"","id=\"select-show-posts-dialog\"","id=\"atw-slider-post-select\"","id=\"select-atw-show-posts\"","id=\"cancel-insert-show-posts\"","id=\"select-show-sliders-dialog\"","id=\"atw-slider-slider-select\"",[],[333,334,335,336],"window.atwSelectShowPosts","window.atwCancelSelectShowPosts","window.atwSelectSliders","window.atwCancelSelectSliders",[338,339],"[show_posts]","[show_slider]",{"error":289,"url":341,"statusCode":342,"statusMessage":343,"message":343},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fshow-posts\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":345,"versions":346},32,[347,353,361,369,376,385,394,403,412,421,430,439,448,457,466,475,484,493,502,511,520,529,538,547,556,565,574,583,592,601,609,618],{"version":6,"download_url":24,"svn_tag_url":348,"released_at":37,"has_diff":48,"diff_files_changed":349,"diff_lines":37,"trac_diff_url":350,"vulnerabilities":351,"is_current":289},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.8.1&new_path=%2Fshow-posts%2Ftags%2F2.0",[352],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":354,"download_url":355,"svn_tag_url":356,"released_at":37,"has_diff":48,"diff_files_changed":357,"diff_lines":37,"trac_diff_url":358,"vulnerabilities":359,"is_current":48},"1.8.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.8.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.8.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.8&new_path=%2Fshow-posts%2Ftags%2F1.8.1",[360],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":362,"download_url":363,"svn_tag_url":364,"released_at":37,"has_diff":48,"diff_files_changed":365,"diff_lines":37,"trac_diff_url":366,"vulnerabilities":367,"is_current":48},"1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.7&new_path=%2Fshow-posts%2Ftags%2F1.8",[368],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":64,"download_url":370,"svn_tag_url":371,"released_at":37,"has_diff":48,"diff_files_changed":372,"diff_lines":37,"trac_diff_url":373,"vulnerabilities":374,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.6&new_path=%2Fshow-posts%2Ftags%2F1.7",[375],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":377,"download_url":378,"svn_tag_url":379,"released_at":37,"has_diff":48,"diff_files_changed":380,"diff_lines":37,"trac_diff_url":381,"vulnerabilities":382,"is_current":48},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.5.1&new_path=%2Fshow-posts%2Ftags%2F1.6",[383,384],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":386,"download_url":387,"svn_tag_url":388,"released_at":37,"has_diff":48,"diff_files_changed":389,"diff_lines":37,"trac_diff_url":390,"vulnerabilities":391,"is_current":48},"1.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.5&new_path=%2Fshow-posts%2Ftags%2F1.5.1",[392,393],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":395,"download_url":396,"svn_tag_url":397,"released_at":37,"has_diff":48,"diff_files_changed":398,"diff_lines":37,"trac_diff_url":399,"vulnerabilities":400,"is_current":48},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.4.11&new_path=%2Fshow-posts%2Ftags%2F1.5",[401,402],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":404,"download_url":405,"svn_tag_url":406,"released_at":37,"has_diff":48,"diff_files_changed":407,"diff_lines":37,"trac_diff_url":408,"vulnerabilities":409,"is_current":48},"1.4.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.4.11.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.4.11\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.15&new_path=%2Fshow-posts%2Ftags%2F1.4.11",[410,411],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":413,"download_url":414,"svn_tag_url":415,"released_at":37,"has_diff":48,"diff_files_changed":416,"diff_lines":37,"trac_diff_url":417,"vulnerabilities":418,"is_current":48},"1.3.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.15\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.13&new_path=%2Fshow-posts%2Ftags%2F1.3.15",[419,420],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":422,"download_url":423,"svn_tag_url":424,"released_at":37,"has_diff":48,"diff_files_changed":425,"diff_lines":37,"trac_diff_url":426,"vulnerabilities":427,"is_current":48},"1.3.13","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.13.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.10&new_path=%2Fshow-posts%2Ftags%2F1.3.13",[428,429],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":431,"download_url":432,"svn_tag_url":433,"released_at":37,"has_diff":48,"diff_files_changed":434,"diff_lines":37,"trac_diff_url":435,"vulnerabilities":436,"is_current":48},"1.3.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.9&new_path=%2Fshow-posts%2Ftags%2F1.3.10",[437,438],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":440,"download_url":441,"svn_tag_url":442,"released_at":37,"has_diff":48,"diff_files_changed":443,"diff_lines":37,"trac_diff_url":444,"vulnerabilities":445,"is_current":48},"1.3.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.8&new_path=%2Fshow-posts%2Ftags%2F1.3.9",[446,447],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":449,"download_url":450,"svn_tag_url":451,"released_at":37,"has_diff":48,"diff_files_changed":452,"diff_lines":37,"trac_diff_url":453,"vulnerabilities":454,"is_current":48},"1.3.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.7&new_path=%2Fshow-posts%2Ftags%2F1.3.8",[455,456],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":458,"download_url":459,"svn_tag_url":460,"released_at":37,"has_diff":48,"diff_files_changed":461,"diff_lines":37,"trac_diff_url":462,"vulnerabilities":463,"is_current":48},"1.3.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.6&new_path=%2Fshow-posts%2Ftags%2F1.3.7",[464,465],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":467,"download_url":468,"svn_tag_url":469,"released_at":37,"has_diff":48,"diff_files_changed":470,"diff_lines":37,"trac_diff_url":471,"vulnerabilities":472,"is_current":48},"1.3.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.5&new_path=%2Fshow-posts%2Ftags%2F1.3.6",[473,474],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":476,"download_url":477,"svn_tag_url":478,"released_at":37,"has_diff":48,"diff_files_changed":479,"diff_lines":37,"trac_diff_url":480,"vulnerabilities":481,"is_current":48},"1.3.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.3&new_path=%2Fshow-posts%2Ftags%2F1.3.5",[482,483],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":485,"download_url":486,"svn_tag_url":487,"released_at":37,"has_diff":48,"diff_files_changed":488,"diff_lines":37,"trac_diff_url":489,"vulnerabilities":490,"is_current":48},"1.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.2&new_path=%2Fshow-posts%2Ftags%2F1.3.3",[491,492],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":494,"download_url":495,"svn_tag_url":496,"released_at":37,"has_diff":48,"diff_files_changed":497,"diff_lines":37,"trac_diff_url":498,"vulnerabilities":499,"is_current":48},"1.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.1.1&new_path=%2Fshow-posts%2Ftags%2F1.3.2",[500,501],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":503,"download_url":504,"svn_tag_url":505,"released_at":37,"has_diff":48,"diff_files_changed":506,"diff_lines":37,"trac_diff_url":507,"vulnerabilities":508,"is_current":48},"1.3.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3.1&new_path=%2Fshow-posts%2Ftags%2F1.3.1.1",[509,510],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":512,"download_url":513,"svn_tag_url":514,"released_at":37,"has_diff":48,"diff_files_changed":515,"diff_lines":37,"trac_diff_url":516,"vulnerabilities":517,"is_current":48},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.3&new_path=%2Fshow-posts%2Ftags%2F1.3.1",[518,519],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":521,"download_url":522,"svn_tag_url":523,"released_at":37,"has_diff":48,"diff_files_changed":524,"diff_lines":37,"trac_diff_url":525,"vulnerabilities":526,"is_current":48},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.2.4&new_path=%2Fshow-posts%2Ftags%2F1.3",[527,528],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":530,"download_url":531,"svn_tag_url":532,"released_at":37,"has_diff":48,"diff_files_changed":533,"diff_lines":37,"trac_diff_url":534,"vulnerabilities":535,"is_current":48},"1.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.2.2&new_path=%2Fshow-posts%2Ftags%2F1.2.4",[536,537],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":539,"download_url":540,"svn_tag_url":541,"released_at":37,"has_diff":48,"diff_files_changed":542,"diff_lines":37,"trac_diff_url":543,"vulnerabilities":544,"is_current":48},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.2.1&new_path=%2Fshow-posts%2Ftags%2F1.2.2",[545,546],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":548,"download_url":549,"svn_tag_url":550,"released_at":37,"has_diff":48,"diff_files_changed":551,"diff_lines":37,"trac_diff_url":552,"vulnerabilities":553,"is_current":48},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.2&new_path=%2Fshow-posts%2Ftags%2F1.2.1",[554,555],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":557,"download_url":558,"svn_tag_url":559,"released_at":37,"has_diff":48,"diff_files_changed":560,"diff_lines":37,"trac_diff_url":561,"vulnerabilities":562,"is_current":48},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.1&new_path=%2Fshow-posts%2Ftags%2F1.2",[563,564],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":566,"download_url":567,"svn_tag_url":568,"released_at":37,"has_diff":48,"diff_files_changed":569,"diff_lines":37,"trac_diff_url":570,"vulnerabilities":571,"is_current":48},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.0.7&new_path=%2Fshow-posts%2Ftags%2F1.1",[572,573],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":575,"download_url":576,"svn_tag_url":577,"released_at":37,"has_diff":48,"diff_files_changed":578,"diff_lines":37,"trac_diff_url":579,"vulnerabilities":580,"is_current":48},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.0.6&new_path=%2Fshow-posts%2Ftags%2F1.0.7",[581,582],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":584,"download_url":585,"svn_tag_url":586,"released_at":37,"has_diff":48,"diff_files_changed":587,"diff_lines":37,"trac_diff_url":588,"vulnerabilities":589,"is_current":48},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.0.4&new_path=%2Fshow-posts%2Ftags%2F1.0.6",[590,591],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":593,"download_url":594,"svn_tag_url":595,"released_at":37,"has_diff":48,"diff_files_changed":596,"diff_lines":37,"trac_diff_url":597,"vulnerabilities":598,"is_current":48},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.0.3&new_path=%2Fshow-posts%2Ftags%2F1.0.4",[599,600],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":166,"download_url":602,"svn_tag_url":603,"released_at":37,"has_diff":48,"diff_files_changed":604,"diff_lines":37,"trac_diff_url":605,"vulnerabilities":606,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.0.2&new_path=%2Fshow-posts%2Ftags%2F1.0.3",[607,608],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":610,"download_url":611,"svn_tag_url":612,"released_at":37,"has_diff":48,"diff_files_changed":613,"diff_lines":37,"trac_diff_url":614,"vulnerabilities":615,"is_current":48},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fshow-posts%2Ftags%2F1.0.1&new_path=%2Fshow-posts%2Ftags%2F1.0.2",[616,617],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":619,"download_url":620,"svn_tag_url":621,"released_at":37,"has_diff":48,"diff_files_changed":622,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":623,"is_current":48},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fshow-posts\u002Ftags\u002F1.0.1\u002F",[],[624,625],{"id":59,"url_slug":60,"title":61,"severity":39,"cvss_score":65,"vuln_type":42,"patched_in_version":64},{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37}]