[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcaN6LE8c6zFZlvwTSfIgj25NW3YxDfdR_y44I_I-ftI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":52,"analysis":157,"fingerprints":367},"simple-contact-info-widget","Contact Info Widget","2.6.2","riotweb","https:\u002F\u002Fprofiles.wordpress.org\u002Friotweb\u002F","\u003Cp>\u003Cstrong>Contact Info\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin shows your contact info with icons. Add the widget to a widget position like the footer or sidebar, fill in the info,\u003Cbr \u002F>\nchoose an icon color and press save. Your contact info with icons is now being displayed on the front-end of your website!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows the user to add:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Company\u003C\u002Fli>\n\u003Cli>About\u003C\u002Fli>\n\u003Cli>Address\u003C\u002Fli>\n\u003Cli>City + Zip code\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Phone\u003C\u002Fli>\n\u003Cli>Mobile\u003C\u002Fli>\n\u003Cli>Fax\u003C\u002Fli>\n\u003Cli>Website\u003C\u002Fli>\n\u003Cli>27 Icon effects\u003C\u002Fli>\n\u003Cli>Icon color\u003C\u002Fli>\n\u003Cli>Font color\u003C\u002Fli>\n\u003Cli>Social Media \u002F Skype – Facebook – Twitter\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin shows a widget with contact info.",2000,49806,76,5,"2020-09-17T16:14:00.000Z","5.5.18","4.0","",[20,21,22,23,24],"contact","contact-info","info","widget","widgets","https:\u002F\u002Friotweb.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-contact-info-widget.zip",63,1,"2025-08-17 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-49891","contact-info-widget-authenticated-administrator-stored-cross-site-scripting","Contact Info Widget \u003C= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Contact Info Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.6.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-25 17:25:04",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F25cfa88b-5b13-43d9-823b-c5d2064f5888?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":49,"computed_at":51},4,2320,80,30,"2026-04-04T21:02:24.074Z",[53,76,98,115,141],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":72,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"contact-information-widget","Contact Information Widget","1.5.0","Shital Marakana","https:\u002F\u002Fprofiles.wordpress.org\u002Fshital-patel\u002F","\u003Cp>Easily add a Contact Information (Company Name, Address, Phone No, Email Id) to your sidebar,footer and page. With this plugin you can add Contact Information to page,sidebar,footer.\u003C\u002Fp>\n\u003Cp>Note : If you like the plugin please rate it.\u003C\u002Fp>\n","Easily add a Contact Information Widget to your widgetable sidebar. With this plugin you can add a contact information.",3000,42928,86,7,"2024-04-13T05:50:00.000Z","6.5.8","3.5.0",[54,69,70,71],"contact-me-widget","contact-us-widget","contact-us-widget-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-information-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-information-widget.zip",92,0,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":95,"download_link":96,"security_score":97,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"widget-contact-now","Widget Contact Now","1.0.1","longvietweb","https:\u002F\u002Fprofiles.wordpress.org\u002Flongvietweb\u002F","\u003Cp>\u003Cstrong>Contact Info\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Contact Now widget is a quick way to create contact information through the contact widget on wordpress admin, without touching a single line of code.\u003Cbr \u002F>\nThis plugin shows your contact info with icons. Add the widget to a widget position like the footer or sidebar, fill in the info,\u003Cbr \u002F>\nchoose an icon color and press save. Your contact info with icons is now being displayed on the front-end of your website!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add contact information quickly and easily with ready-made labels, unlimited color customization.\u003C\u002Fp>\n\u003Cp>Display gorgeous contact information on your website with simple, easy-to-use widgets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact Information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Display your contact information including company name, work address, telephone number, mobile number, email address, fax number, opening and closing hours, and calendar.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flongvietweb.com\u002Fplugins\u002Fwidget-contact\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Add contact information quickly and easily with ready-made labels. Display gorgeous contact information on your website with simple, easy-to-use widge &hellip;",600,6251,100,2,"2019-05-18T04:28:00.000Z","5.2.24","4.6","5.6",[20,93,54,94,77],"contact-information","widget-contact","https:\u002F\u002Flongvietweb.com\u002Fplugins\u002Fwidget-contact","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-contact-now.zip",85,{"slug":99,"name":55,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":67,"requires_php":111,"tags":112,"homepage":113,"download_link":114,"security_score":97,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"simple-contact-information-widget","1.0.3","jaydeepchauhan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaydeepchauhan\u002F","\u003Cp>Contact Information Plugin manage the contact related information like compnay name, description, address, email, fax, phone, website etc. in widget. You can show\u002Fhide label and icon. also you can embed the map with conformation.\u003C\u002Fp>\n","Contact Information Widget.",500,5919,94,3,"2022-04-05T09:55:00.000Z","5.9.13","5.2",[20,93,54,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-contact-information-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-contact-information-widget.1.0.3.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":136,"download_link":137,"security_score":138,"vuln_count":139,"unpatched_count":75,"last_vuln_date":140,"fetched_at":30},"so-widgets-bundle","SiteOrigin Widgets Bundle","1.71.0","Greg - SiteOrigin","https:\u002F\u002Fprofiles.wordpress.org\u002Fgpriday\u002F","\u003Cp>The SiteOrigin Widgets Bundle gives you all the elements you need to build modern, responsive, and engaging website pages. Using the Widgets Bundle, you can quickly and effortlessly add buttons, sliders, heroes, maps, images, carousels, features, icons, and so much more.\u003C\u002Fp>\n\u003Cp>SiteOrigin Widgets are ready to be used \u003Cstrong>anywhere\u003C\u002Fstrong>, in \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fpage-builder\u002F\" rel=\"nofollow ugc\">Page Builder by SiteOrigin\u003C\u002Fa>, in the Block Editor or your theme’s widget areas. The Widgets Bundle is even compatible with other popular page-building plugins.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F102103379\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Cp>Our collection is growing, and here are some of the powerful widgets included so far:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Accordion\u003C\u002Fstrong> Efficiently display content in expandable sections, maximizing space for improved organization.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anything Carousel\u003C\u002Fstrong> Display images, text, or any content in a highly customizable and responsive carousel slider.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author Box\u003C\u002Fstrong> Display author information, including avatar, name, bio, and post links in a customizable box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blog\u003C\u002Fstrong> Showcase blog content in personalized list or grid layouts with flexible design and display settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button\u003C\u002Fstrong> Create a custom button with flexible styling, icon support, and click tracking functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button Grid\u003C\u002Fstrong> Add multiple buttons in one go, customize individually, and present them in a neat grid layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Form\u003C\u002Fstrong> Add a contact form with custom fields, design options, spam protection, and email notifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Call To Action\u003C\u002Fstrong> Prompt visitors to take action with a customizable title, subtitle, button, and design settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor\u003C\u002Fstrong> Insert and customize content with a rich text editor offering extensive formatting options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Features\u003C\u002Fstrong> Showcase features with icons, titles, text, and links in a customizable grid layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Maps\u003C\u002Fstrong> Embed a customizable Google Map with markers, directions, styling options, and interactive elements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headline\u003C\u002Fstrong> Engage visitors with a prominent, stylish headline and optional divider and sub-headline to convey key messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hero Image\u003C\u002Fstrong> Build an impressive hero image section with custom content, buttons, background image, color, and video.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icon\u003C\u002Fstrong> Display a customizable icon with color, size, alignment, and optional link settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image\u003C\u002Fstrong> Add a responsive image with custom dimensions, positioning, caption, link, and styling options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Grid\u003C\u002Fstrong> Showcase images in a responsive grid layout with custom size, spacing, alignment, and captions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Slider\u003C\u002Fstrong> Create a responsive slider with customizable image and video frames, navigation, and appearance settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Layout Slider\u003C\u002Fstrong> Design responsive slider frames with unique layouts, backgrounds, and content built with Page Builder.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lottie Player\u003C\u002Fstrong> Bring your content to life using interactive Lottie animations with personalized settings and links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Carousel\u003C\u002Fstrong> Display blog posts or custom post types in a responsive, customizable carousel layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Price Table\u003C\u002Fstrong> Display pricing plans in a professional table format with custom columns, features, and design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent Posts\u003C\u002Fstrong> Drive traffic to your latest content with a visually appealing, fully customizable recent posts showcase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Masonry Layout\u003C\u002Fstrong> Display images in an attractive masonry grid with adjustable columns, gutters, and optional captions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Media Buttons\u003C\u002Fstrong> Add social media buttons to your site with personalized icons, colors, and design settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tabs\u003C\u002Fstrong> Create tabbed content panels with customizable titles, content, initial tab, and design settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomy\u003C\u002Fstrong> Automatically display the taxonomies of the current post with customizable labels, colors, and link settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Testimonials\u003C\u002Fstrong> Feature testimonials from satisfied customers with tailored layouts, images, text, colors, and mobile compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Video Player\u003C\u002Fstrong> Embed self-hosted or externally hosted videos with a customizable player, controls, and responsive sizing.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Ready to Be Used Anywhere\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Page Builder by SiteOrigin:\u003C\u002Fstrong> Insert widgets in Page Builder by SiteOrigin in either the Classic Editor or Page Builder Layout Block in the Block Editor.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block Editor:\u003C\u002Fstrong> The Widgets Bundle is 100% Block Editor compatible. Insert widgets using the SiteOrigin Widgets Block featuring a live widget search form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme and Plugin Widget Areas:\u003C\u002Fstrong> Insert widgets in any theme or plugin widget area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>In Other Popular Page Builder Plugins:\u003C\u002Fstrong> Insert widgets in Elementor or Beaver Builder.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Speed\u003C\u002Fh4>\n\u003Cp>We carefully built each widget for the best possible page size and load time. The Widgets Bundle is perfectly compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoptimize\u002F\" rel=\"ugc\">Autoptimize\u003C\u002Fa> and all other major performance plugins.\u003C\u002Fp>\n\u003Ch4>SEO Optimized\u003C\u002Fh4>\n\u003Cp>The Widgets Bundle uses modern SEO best practices and seamlessly integrates with all major SEO plugins.\u003C\u002Fp>\n\u003Ch4>Accessibility Ready\u003C\u002Fh4>\n\u003Cp>The Widgets Bundle is accessibility-ready. Tab through all form fields and settings, make changes without using a mouse.\u003C\u002Fp>\n\u003Ch4>Actively Developed\u003C\u002Fh4>\n\u003Cp>SiteOrigin has been creating magical tools for your WordPress website since 2011. We actively develop the Widgets Bundle with updates released several times a month, including new features and fixes as required. View our Widgets Bundle work on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsiteorigin\u002Fso-widgets-bundle\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Create Custom Widgets\u003C\u002Fh4>\n\u003Cp>Access a huge array of features and save time by developing custom widgets for your theme or plugin on the Widgets Bundle Framework. Read more in our extensive \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fdocs\u002Fwidgets-bundle\u002F\" rel=\"nofollow ugc\">developer documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fwidgets-bundle\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> is available on SiteOrigin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Free support is available on the \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fthread\u002F\" rel=\"nofollow ugc\">SiteOrigin support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>SiteOrigin Premium\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fdownloads\u002Fpremium\u002F\" rel=\"nofollow ugc\">SiteOrigin Premium\u003C\u002Fa> enhances the Widgets Bundle with a vast array of additional features and settings. Take your layouts to the next level with SiteOrigin Premium addons.\u003C\u002Fp>\n\u003Cp>SiteOrigin Premium includes access to our professional email support service, perfect for those times when you need fast and effective technical support. We’re standing by to assist you in any way we can.\u003C\u002Fp>\n","Essential elements for modern websites. Add buttons, sliders, heroes, maps, images, carousels, features, icons, more. Create dynamic pages easily.",400000,46570443,98,134,"2026-02-13T17:16:00.000Z","6.9.4","4.2","7.0.0",[132,133,134,135,24],"blocks","blog","contact-form","slider","https:\u002F\u002Fsiteorigin.com\u002Fwidgets-bundle\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fso-widgets-bundle.1.71.0.zip",95,11,"2026-02-17 20:23:18",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":11,"downloaded":149,"rating":86,"num_ratings":47,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":18,"tags":153,"homepage":155,"download_link":156,"security_score":97,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"contact-form-7-widget","Contact Form 7 Widget","1.0","Strategy11 Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fstrategy11team\u002F","\u003Cp>Use any of your Contact Form 7 Forms in your sidebars. You can even style it from the widget options. This will also work with any other shortcodes that only work in posts. Just insert the shortcode (ie [contact-form 1 “Contact form 1”]) in the ‘Contact Form 7 tag’ text field. Leave styling options blank in order to style from your theme’s css.\u003C\u002Fp>\n\u003Cp>note: rounded corners do not work in Internet Explorer… Surprise! Get a different browser!\u003Cbr \u002F>\nanother note: Use 6 digit hex colors for better results\u003C\u002Fp>\n","Use your Contact Form 7 forms and other shortcodes in your sidebars.",101445,"2017-11-28T12:25:00.000Z","2.8.4","2.8",[20,134,154,23,24],"sidebar","http:\u002F\u002Fblog.strategy11.com\u002Fcontact-form-7-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-widget.1.0.zip",{"attackSurface":158,"codeSignals":193,"taintFlows":351,"riskAssessment":352,"analyzedAt":366},{"hooks":159,"ajaxHandlers":189,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":75,"unprotectedCount":75},[160,166,169,174,177,181,185],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","admin_menu","ci_add_admin_menu","settings.php",6,{"type":161,"name":167,"callback":168,"file":164,"line":64},"admin_init","ci_settings_init",{"type":161,"name":170,"callback":171,"file":172,"line":173},"wp_enqueue_scripts","enqueue_fawidget_stylesheet","simple-contact-info-widget.php",23,{"type":161,"name":170,"callback":175,"file":172,"line":176},"enqueue_sciwidget_stylesheet",31,{"type":161,"name":178,"callback":179,"file":172,"line":180},"widgets_init","anonymous",253,{"type":161,"name":182,"callback":183,"file":172,"line":184},"admin_print_scripts-widgets.php","sample_load_color_picker_script",263,{"type":161,"name":186,"callback":187,"file":172,"line":188},"admin_print_styles-widgets.php","sample_load_color_picker_style",264,[],[],[],[],{"dangerousFunctions":194,"sqlUsage":198,"outputEscaping":200,"fileOperations":75,"externalRequests":75,"nonceChecks":75,"capabilityChecks":75,"bundledLibraries":350},[195],{"fn":196,"file":172,"line":180,"context":197},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"contact_widget\");'));",{"prepared":75,"raw":75,"locations":199},[],{"escaped":201,"rawEcho":74,"locations":202},18,[203,206,208,210,212,214,216,218,219,221,223,225,227,228,230,232,234,236,238,240,241,242,244,246,247,248,250,252,253,254,256,258,259,260,262,264,265,266,268,270,271,272,274,276,277,278,280,282,283,284,286,288,289,290,292,294,295,296,298,300,301,302,304,306,307,309,310,312,314,315,316,318,320,322,323,324,326,328,330,331,332,334,336,337,338,340,342,343,344,346,348,349],{"file":164,"line":204,"context":205},45,"raw output",{"file":164,"line":207,"context":205},47,{"file":172,"line":209,"context":205},69,{"file":172,"line":211,"context":205},71,{"file":172,"line":213,"context":205},79,{"file":172,"line":215,"context":205},81,{"file":172,"line":217,"context":205},83,{"file":172,"line":97,"context":205},{"file":172,"line":220,"context":205},87,{"file":172,"line":222,"context":205},89,{"file":172,"line":224,"context":205},91,{"file":172,"line":226,"context":205},93,{"file":172,"line":138,"context":205},{"file":172,"line":229,"context":205},97,{"file":172,"line":231,"context":205},99,{"file":172,"line":233,"context":205},101,{"file":172,"line":235,"context":205},106,{"file":172,"line":237,"context":205},162,{"file":172,"line":239,"context":205},163,{"file":172,"line":239,"context":205},{"file":172,"line":239,"context":205},{"file":172,"line":243,"context":205},166,{"file":172,"line":245,"context":205},167,{"file":172,"line":245,"context":205},{"file":172,"line":245,"context":205},{"file":172,"line":249,"context":205},170,{"file":172,"line":251,"context":205},171,{"file":172,"line":251,"context":205},{"file":172,"line":251,"context":205},{"file":172,"line":255,"context":205},174,{"file":172,"line":257,"context":205},175,{"file":172,"line":257,"context":205},{"file":172,"line":257,"context":205},{"file":172,"line":261,"context":205},178,{"file":172,"line":263,"context":205},179,{"file":172,"line":263,"context":205},{"file":172,"line":263,"context":205},{"file":172,"line":267,"context":205},182,{"file":172,"line":269,"context":205},183,{"file":172,"line":269,"context":205},{"file":172,"line":269,"context":205},{"file":172,"line":273,"context":205},186,{"file":172,"line":275,"context":205},187,{"file":172,"line":275,"context":205},{"file":172,"line":275,"context":205},{"file":172,"line":279,"context":205},190,{"file":172,"line":281,"context":205},191,{"file":172,"line":281,"context":205},{"file":172,"line":281,"context":205},{"file":172,"line":285,"context":205},194,{"file":172,"line":287,"context":205},195,{"file":172,"line":287,"context":205},{"file":172,"line":287,"context":205},{"file":172,"line":291,"context":205},198,{"file":172,"line":293,"context":205},199,{"file":172,"line":293,"context":205},{"file":172,"line":293,"context":205},{"file":172,"line":297,"context":205},202,{"file":172,"line":299,"context":205},203,{"file":172,"line":299,"context":205},{"file":172,"line":299,"context":205},{"file":172,"line":303,"context":205},206,{"file":172,"line":305,"context":205},207,{"file":172,"line":305,"context":205},{"file":172,"line":308,"context":205},214,{"file":172,"line":308,"context":205},{"file":172,"line":311,"context":205},218,{"file":172,"line":313,"context":205},219,{"file":172,"line":313,"context":205},{"file":172,"line":313,"context":205},{"file":172,"line":317,"context":205},220,{"file":172,"line":319,"context":205},223,{"file":172,"line":321,"context":205},224,{"file":172,"line":321,"context":205},{"file":172,"line":321,"context":205},{"file":172,"line":325,"context":205},225,{"file":172,"line":327,"context":205},231,{"file":172,"line":329,"context":205},232,{"file":172,"line":329,"context":205},{"file":172,"line":329,"context":205},{"file":172,"line":333,"context":205},235,{"file":172,"line":335,"context":205},236,{"file":172,"line":335,"context":205},{"file":172,"line":335,"context":205},{"file":172,"line":339,"context":205},239,{"file":172,"line":341,"context":205},240,{"file":172,"line":341,"context":205},{"file":172,"line":341,"context":205},{"file":172,"line":345,"context":205},243,{"file":172,"line":347,"context":205},244,{"file":172,"line":347,"context":205},{"file":172,"line":347,"context":205},[],[],{"summary":353,"deductions":354},"The \"simple-contact-info-widget\" plugin v2.6.2 presents a mixed security posture.  While the static analysis shows a zero attack surface with no direct entry points like AJAX handlers, REST API routes, or shortcodes without authentication, and all SQL queries utilize prepared statements, there are significant concerns.  The presence of the dangerous `create_function` and a very low percentage of properly escaped output (16%) are major red flags, indicating potential for cross-site scripting (XSS) vulnerabilities.  The absence of nonce checks and capability checks further exacerbates these risks, as it implies that even if data is processed, it might not be adequately protected against unauthorized or malicious manipulation.\n\nThe plugin's vulnerability history, specifically one known medium-severity CVE related to cross-site scripting, reinforces the concerns raised by the code analysis. The fact that this vulnerability is currently unpatched and the last reported vulnerability was in the future (2025-08-17, likely a typo in the provided data, but it still indicates a recent or ongoing issue) suggests a pattern of security weaknesses that may not be actively addressed. Despite the positive aspects of secure SQL handling and no file operations or external HTTP requests, the identified code signals and historical vulnerabilities point to a plugin that requires careful attention and remediation to mitigate risks to users.",[355,357,360,362,364],{"reason":356,"points":201},"Unpatched CVE present",{"reason":358,"points":359},"Low output escaping percentage",12,{"reason":361,"points":64},"Dangerous function 'create_function' used",{"reason":363,"points":14},"No nonce checks detected",{"reason":365,"points":14},"No capability checks detected","2026-03-16T18:43:20.968Z",{"wat":368,"direct":373},{"assetPaths":369,"generatorPatterns":370,"scriptPaths":371,"versionParams":372},[],[],[],[],{"cssClasses":374,"htmlComments":375,"htmlAttributes":376,"restEndpoints":377,"jsGlobals":378,"shortcodeOutput":379},[],[],[],[],[],[]]