[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnbjMO2vrlzeH1hCEk6q_SS-O8AqvFpLq9El0FzehYJw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":124,"fingerprints":263},"shutter-reloaded-plus","Shutter Reloaded Plus","0.6","danaila_iulian","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanaila_iulian\u002F","\u003Cp>Shutter Reloaded Plus is an image viewer for your website that works similarly to Lightbox, Thickbox, etc. but is under 8KB in size and does not require any external libraries.\u003C\u002Fp>\n\u003Cp>It is fully responsive, cross-browser and mobile ready. Tested on Chrome, Safari, Firefox, Internet Explorer, Android phones and tablets, Windows Phone 8.\u003C\u002Fp>\n\u003Cp>It has many features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>keyboard navigation with arrow keys, left and right arrows, and close by pressing the Esc key\u003C\u002Fli>\n\u003Cli>resizing large images if the window is too small to display them with option to show the full size image\u003C\u002Fli>\n\u003Cli>combining images in sets\u003C\u002Fli>\n\u003Cli>redrawing the window after resizing, RESPONSIVE\u003C\u002Fli>\n\u003Cli>pre-loading of neighbour images for faster display and very good browser compatibility\u003C\u002Fli>\n\u003Cli>integrate with Google Analytics to count each image view as a page view\u003C\u002Fli>\n\u003Cli>option to overwrite NextGen Gallery’s effects (Lightbox, Fancybox)\u003C\u002Fli>\n\u003Cli>option to display a like button for the current page in the control bar\u003C\u002Fli>\n\u003Cli>click on the image goes to the next image\u003C\u002Fli>\n\u003Cli>click outsite de image to close de slideshow\u003C\u002Fli>\n\u003Cli>all images used for buttons are in a PNG sprite, so it only has 3 HTTP request (image, js and css)\u003C\u002Fli>\n\u003Cli>option to only load it on single pages and posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin offers customization of the colour and opacity settings for the background and colour for the caption text, buttons text and the menu background.\u003C\u002Fp>\n\u003Cp>There are options to enable it for all links pointing to an image on your site (with option to exclude some pages), or just on selected pages. It can be enabled only for image links with CSS class=”shutter” with option to create a single set or multiple sets for each page.\u003C\u002Fp>\n\u003Cp>The plugin can also “auto-make” image sets for each Post, so when several posts are displayed on the “Home” page, links to images on each post will be in a separate set. See the built-in help for more information.\u003C\u002Fp>\n","Darkens the current page and displays an image (like Lightbox, Thickbox, etc.), but is a lot smaller (8KB) and faster.",200,7620,100,2,"2013-12-13T09:37:00.000Z","3.7.41","3.5","",[20,21,22,23,24],"images","javascript","keyboard-navigation","lightbox","viewer","http:\u002F\u002Fwww.itinfo.ro\u002Fshutter-reloaded-plus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshutter-reloaded-plus.0.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T07:04:05.103Z",[38,56,77,90,106],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":54,"download_link":55,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"shutter-reloaded","Shutter Reloaded","2.5","Andrew Ozz","https:\u002F\u002Fprofiles.wordpress.org\u002Fazaozz\u002F","\u003Cp>Shutter Reloaded is an image viewer for your website that works similarly to Lightbox, Thickbox, etc. but is under 10KB in size and does not require any external libraries. It has many features: resizing large images if the window is too small to display them with option to show the full size image, combining images in sets, redrawing the window after resizing, pre-loading of neighbour images for faster display and very good browser compatibility.\u003C\u002Fp>\n\u003Cp>This plugin offers customization of the colour and opacity settings for the background and colour for the caption text, buttons text and the menu background.\u003C\u002Fp>\n\u003Cp>There are options to enable it for all links pointing to an image on your site (with option to exclude some pages), or just on selected pages. It can be enabled only for image links with CSS class=”shutter” with option to create a single set or multiple sets for each page.\u003C\u002Fp>\n\u003Cp>The plugin can also “auto-make” image sets for each Post, so when several posts are displayed on the “Home” page, links to images on each post will be in a separate set. See the built-in help for more information.\u003C\u002Fp>\n","Darkens the current page and displays an image (like Lightbox, Thickbox, etc.), but is a lot smaller (10KB) and faster.",1000,143835,86,6,"2017-11-28T20:22:00.000Z","3.4.2","3.0",[20,21,23,24],"http:\u002F\u002Fwww.laptoptips.ca\u002Fprojects\u002Fwp-shutter-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshutter-reloaded.2.5.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":73,"download_link":74,"security_score":75,"vuln_count":33,"unpatched_count":33,"last_vuln_date":76,"fetched_at":30},"fancy-box","FancyBox","1.1.0","Kevin Sylvestre","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinsylvestre\u002F","\u003Cp>This plugin uses the jquery implementation of fancybox and makes use of [attr] style selectors by adding a section to the wordpress header.\u003C\u002Fp>\n\u003Cp>For more information and examples of slimbox visit:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ffancy.klade.lv\u002F\" rel=\"nofollow ugc\">FancyBox\u003C\u002Fa>\u003C\u002Fp>\n","Enables fancybox on all image links including BMP, GIF, JPG, JPEG, and PNG links.",4000,286229,56,9,"2017-11-28T10:30:00.000Z","3.5.2","2.7",[72,20,21,23],"fancybox","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffancy-box\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffancy-box.zip",64,"2025-03-21 00:00:00",{"slug":78,"name":79,"version":80,"author":60,"author_profile":61,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":13,"num_ratings":33,"last_updated":85,"tested_up_to":86,"requires_at_least":70,"requires_php":18,"tags":87,"homepage":88,"download_link":89,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"slimbox","Slimbox","1.0.8","\u003Cp>This plugin uses the jquery implementation of slimbox and makes use of [attr] style selectors by adding a section to the wordpress header.\u003C\u002Fp>\n\u003Cp>For more information and examples of slimbox visit:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.digitalia.be\u002Fsoftware\u002Fslimbox2\" rel=\"nofollow ugc\">Slimbox\u003C\u002Fa>\u003C\u002Fp>\n","Enables slimbox 2.03 on all image links including BMP, GIF, JPG, JPEG, and PNG links.",700,56690,"2016-10-17T19:17:00.000Z","4.6.30",[20,21,23,78],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fslimbox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslimbox.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":33,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":18,"tags":103,"homepage":104,"download_link":105,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"slimbox-plugin","Slimbox Plugin","1.3","peppolone","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeppolone\u002F","\u003Cp>WordPress plugin used to overlay images on the current page into neat Javascript-powered overlay popups.\u003Cbr \u002F>\nThis plugin includes the new Slimbox 1.64 javascript written by Christophe Beils and got transformed into a WordPress Plugin by me.\u003Cbr \u002F>\nSlimbox is a 7kb visual clone of the popular Lightbox JS v2.4 by Lokesh Dhakar, written using the ultra compact mootools framework.\u003Cbr \u002F>\nIt was designed to be small, efficient, more convenient and 100% compatible with the original Lightbox v2.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.4mj.it\u002Fslimbox-wordpress-plugin\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Plugin used to overlay images on the current page into neat Javascript-powered overlay popups.",600,75882,"2008-08-22T09:35:00.000Z","2.6.1","1.5",[20,21,23,78],"http:\u002F\u002Fwww.4mj.it\u002Fslimbox-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslimbox-plugin.1.3.zip",{"slug":107,"name":108,"version":102,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":28,"num_ratings":28,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":122,"download_link":123,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"add-lightbox-title","Add LightBox & Title","ppalli","https:\u002F\u002Fprofiles.wordpress.org\u002Fppalli\u002F","\u003Cp>This plugin automatically add the rel=”lightbox[POST-ID]” to images linked in a post and in a comment, and recovers the image title.\u003Cbr \u002F>\nPOST-ID is unique per post so all images per post are grouped in one LightBox set.\u003Cbr \u002F>\nDoesn’t add the files required for LightBox, it’s add the “rel lightbox” tag.\u003Cbr \u002F>\nYou have to insert the required files yourself in your theme, you can use \u003Ca href=\"http:\u002F\u002Fwww.huddletogether.com\u002Fprojects\u002Flightbox2\u002F\" rel=\"nofollow ugc\">Lightbox 2\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.shadowbox-js.com\u002F\" rel=\"nofollow ugc\">Shadowbox.js\u003C\u002Fa> or an other script, or use a plugin like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fshadowbox-js\u002F\" rel=\"ugc\">Shadowbox JS\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin for WordPress automatically add the rel=\"lightbox[ID-OF-THE-POST]\" and recovers the image title.",300,33835,"2011-03-04T07:54:00.000Z","3.1.4","2.7.0",[119,20,120,23,121],"automatic","javascripts","shadowbox","http:\u002F\u002Fwww.linhost.org\u002Fadd-lightbox-title\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-lightbox-title.1.5.zip",{"attackSurface":125,"codeSignals":156,"taintFlows":236,"riskAssessment":256,"analyzedAt":262},{"hooks":126,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":28,"unprotectedCount":28},[127,134,138,144,148],{"type":128,"name":129,"callback":130,"priority":131,"file":132,"line":133},"action","get_footer","srel_addjs",99,"shutter-reloaded.php",94,{"type":128,"name":135,"callback":136,"file":132,"line":137},"wp_head","srel_makeshutter",96,{"type":139,"name":140,"callback":141,"priority":142,"file":132,"line":143},"filter","the_content","srel_auto_set",65,141,{"type":128,"name":145,"callback":146,"file":132,"line":147},"load-appearance_page_shutter-reloaded","my_admin_add_help_tab",178,{"type":128,"name":149,"callback":150,"file":132,"line":151},"admin_menu","srel_addmenu",202,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":28,"externalRequests":28,"nonceChecks":234,"capabilityChecks":33,"bundledLibraries":235},[],{"prepared":28,"raw":28,"locations":159},[],{"escaped":28,"rawEcho":161,"locations":162},37,[163,167,169,171,173,174,176,178,180,182,184,186,188,190,192,194,196,198,199,201,203,205,206,208,210,212,214,216,217,218,220,222,224,226,228,230,232],{"file":164,"line":165,"context":166},"admin-page.php",116,"raw output",{"file":164,"line":168,"context":166},135,{"file":164,"line":170,"context":166},137,{"file":164,"line":172,"context":166},138,{"file":164,"line":143,"context":166},{"file":164,"line":175,"context":166},143,{"file":164,"line":177,"context":166},144,{"file":164,"line":179,"context":166},147,{"file":164,"line":181,"context":166},149,{"file":164,"line":183,"context":166},150,{"file":164,"line":185,"context":166},153,{"file":164,"line":187,"context":166},155,{"file":164,"line":189,"context":166},156,{"file":164,"line":191,"context":166},159,{"file":164,"line":193,"context":166},161,{"file":164,"line":195,"context":166},162,{"file":164,"line":197,"context":166},187,{"file":164,"line":197,"context":166},{"file":164,"line":200,"context":166},197,{"file":164,"line":202,"context":166},199,{"file":164,"line":204,"context":166},236,{"file":164,"line":204,"context":166},{"file":164,"line":207,"context":166},245,{"file":164,"line":209,"context":166},247,{"file":164,"line":211,"context":166},310,{"file":164,"line":213,"context":166},317,{"file":164,"line":215,"context":166},318,{"file":164,"line":215,"context":166},{"file":164,"line":215,"context":166},{"file":164,"line":219,"context":166},325,{"file":164,"line":221,"context":166},332,{"file":164,"line":223,"context":166},346,{"file":164,"line":225,"context":166},360,{"file":132,"line":227,"context":166},72,{"file":132,"line":229,"context":166},88,{"file":132,"line":231,"context":166},124,{"file":132,"line":233,"context":166},126,7,[],[237],{"entryPoint":238,"graph":239,"unsanitizedCount":28,"severity":255},"\u003Cadmin-page> (admin-page.php:0)",{"nodes":240,"edges":252},[241,246],{"id":242,"type":243,"label":244,"file":164,"line":245},"n0","source","$_POST",24,{"id":247,"type":248,"label":249,"file":164,"line":250,"wp_function":251},"n1","sink","update_option() [Settings Manipulation]",27,"update_option",[253],{"from":242,"to":247,"sanitized":254},true,"low",{"summary":257,"deductions":258},"Based on the static analysis, the shutter-reloaded-plus plugin v0.6 exhibits a seemingly strong security posture regarding potential entry points and direct code vulnerabilities. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed to unauthenticated users. The absence of dangerous functions, raw SQL queries (all use prepared statements), file operations, and external HTTP requests further contributes to a positive initial assessment. The presence of nonce checks and capability checks also indicates an awareness of basic WordPress security practices.\n\nHowever, a significant concern arises from the output escaping. With 37 total outputs and 0% properly escaped, this plugin presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by the plugin without proper sanitization and escaping can be exploited by attackers to inject malicious scripts, leading to session hijacking, data theft, or defacement. The fact that the vulnerability history is clean is encouraging but does not mitigate the immediate risk posed by the unescaped output.\n\nIn conclusion, while the plugin appears to have a secure attack surface and avoids common pitfalls like raw SQL and dangerous functions, the complete lack of output escaping is a critical weakness. This single oversight can be a gateway for severe XSS attacks. The clean vulnerability history is a positive sign, suggesting the developers may be responsive to security issues if reported, but the current state demands immediate attention to the output sanitization.",[259],{"reason":260,"points":261},"0% output escaping",15,"2026-03-16T20:12:32.475Z",{"wat":264,"direct":272},{"assetPaths":265,"generatorPatterns":268,"scriptPaths":269,"versionParams":271},[266,267],"\u002Fwp-content\u002Fplugins\u002Fshutter-reloaded-plus\u002Fshutter-reloaded.css","\u002Fwp-content\u002Fplugins\u002Fshutter-reloaded-plus\u002Fshutter-reloaded.js",[],[270],"\u002F\u002Fconnect.facebook.net\u002Fen_US\u002Fall.js#xfbml=1&appId=490336411021291",[],{"cssClasses":273,"htmlComments":276,"htmlAttributes":277,"restEndpoints":279,"jsGlobals":280,"shortcodeOutput":283},[274,275],"shutterset_","shutterset",[],[278],"shutterSettings",[],[278,281,282],"shutterAddLoad","shutterReloaded",[]]