[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMgb85f0yhp9Qg0kOKfHn6wwlV1qOlf1HEsHScTlbRII":3,"$f6nEh9q0juLNi5WHDGzbw7LJIdTIlJdZCtBLj4boqjW0":352,"$fh40oOLpgLJnB96GdtedkQ73bffhVMfcFmIwfMQkEgVY":357},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":87,"crawl_stats":39,"alternatives":95,"analysis":212,"fingerprints":318},"simple-draft-list","Draft List","2.6.3","David Artiss","https:\u002F\u002Fprofiles.wordpress.org\u002Fdartiss\u002F","\u003Cp>\u003Cstrong>If you’re upgrading from a previous release of Draft List (i.e. pre version 2.5) please check out the FAQ – a number of changes have been made in this release that you need to be aware of\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Draft List allows you to both manage your draft and scheduled posts more easily but also to promote them by showing them on your site via shortcode or widget – use it to show your visitors what’s “coming soon” or as a great SEO tool.\u003C\u002Fp>\n\u003Cp>How easy is it display a list of draft posts? Here’s an example of how you could use it in a post or page…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[drafts limit=5 type=post order=ma scheduled=no template='{{ul}}{{draft}} {{icon}}']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would display a list of up to 5 draft posts in ascending modified date sequence, with an icon displayed to the right of each if the draft is scheduled.\u003C\u002Fp>\n\u003Cp>Key features include…\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Both widgets and shortcodes are available for you to show off your up-coming content\u003C\u002Fli>\n\u003Cli>Output is highly configurable – create your own look by using a template, identify scheduled posts with an icon, sequence the results in various ways and even narrow down the results to a specific timeframe\u003C\u002Fli>\n\u003Cli>Click on any of the drafts posts listed to edit them\u003C\u002Fli>\n\u003Cli>A meta box in the editor screen allows you to omit individual posts from any list outputs\u003C\u002Fli>\n\u003Cli>Tested up to PHP 8.2\u003C\u002Fli>\n\u003Cli>Fully complies with WordPress coding standards\u003C\u002Fli>\n\u003Cli>Compliant with the stronger \u003Ca href=\"https:\u002F\u002Fwpvip.com\u002F\" rel=\"nofollow ugc\">WordPress VIP\u003C\u002Fa> coding standards, as well as compatibility with their platform\u003C\u002Fli>\n\u003Cli>Community plugin – visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdartiss\u002Fdraft-list\" title=\"Github\" rel=\"nofollow ugc\">Github page\u003C\u002Fa> to get involved with the latest code development, request enhancements and report issues\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Iconography is courtesy of the very talented \u003Ca href=\"https:\u002F\u002Fwww.fiverr.com\u002Fjankirathore\" rel=\"nofollow ugc\">Janki Rathod\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Shortcode Parameters\u003C\u002Fh3>\n\u003Cp>The following shortcode parameters are valid…\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>cache=\u003C\u002Fstrong> : How long to cache the output for, in hours. Defaults to half an hour. Set to \u003Ccode>No\u003C\u002Fcode> to not cache at all. Whenever you save a post any cache will be cleared to ensure that any lists are updated.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>date=\u003C\u002Fstrong> : The format of any dates output. This uses the PHP date formatting system – \u003Ca href=\"http:\u002F\u002Fuk3.php.net\u002Fmanual\u002Fen\u002Ffunction.date.php\" title=\"date\" rel=\"nofollow ugc\">read here\u003C\u002Fa> for the formatting codes. Defaults to \u003Ccode>F j, Y, g:i a\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>folder=\u003C\u002Fstrong> : The scheduled icon will be, by default, the one in the plugin folder named \u003Ccode>scheduled.png\u003C\u002Fcode>. However, use this parameter to specify a folder within your theme that you’d prefer the icon to be fetched from.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>limit=\u003C\u002Fstrong> : The maximum number of draft items to display. The default is 0, which is unlimited.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order=\u003C\u002Fstrong> : This is the sequence that you’d like to order the results in. It consists of 2 codes – the first is either \u003Ccode>t\u003C\u002Fcode>, \u003Ccode>m\u003C\u002Fcode> or \u003Ccode>c\u003C\u002Fcode> to represent the title, modified date or created date and the second is \u003Ccode>a\u003C\u002Fcode> or \u003Ccode>d\u003C\u002Fcode> for ascending or descending. Therefore \u003Ccode>order=td\u003C\u002Fcode> will display the results in descending title sequence. The default is descending modified date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>pending=\u003C\u002Fstrong> : True or false, where to include pending posts in the result. By default, pending posts will not be included.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>scheduled=\u003C\u002Fstrong> : True or false, where to include scheduled posts in the result. By default, scheduled posts will be included.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>template=\u003C\u002Fstrong> : This is the template which formats the output. See the section below on * *Templates** for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>type=\u003C\u002Fstrong> : This allows you to limit the results to either \u003Ccode>post\u003C\u002Fcode> or \u003Ccode>page\u003C\u002Fcode>. The default is both.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>words=\u003C\u002Fstrong> : The minimum number of words that must be present in the draft for it to be included. Defaults to 0.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To restrict the posts to a particular timeframe you can use the following 2 parameters. You simply state, in words, how long ago the posts must be dated for e.g. “2 days”, “3 months”, etc.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>created=\u003C\u002Fstrong> : his reflects how long ago the post\u002Fpage must have been created for it to be listed. For example \u003Ccode>6 months\u003C\u002Fcode> would only list drafts that were created in the last 6 months.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>modified=\u003C\u002Fstrong> : This reflects how long ago the post\u002Fpage must have been modified last for it to be listed. For example \u003Ccode>6 months\u003C\u002Fcode> would only list drafts that have been modified in the last 6 months.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Templates\u003C\u002Fh3>\n\u003Cp>The template parameter allows you to format the output by allowing you to specify how each line of output will display. A number of tags can be added, and you can mix these with HTML. The available tags are as follows…\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>{{ul}}\u003C\u002Fstrong> – Specifies this is an un-ordered list (i.e. bullet point output). This MUST be specified at the beginning of the template if it is to be used.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{ol}}\u003C\u002Fstrong> – Specifies this is an ordered list (i.e. number output). This MUST be specified at the beginning of the template if it is to be used.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{icon}}\u003C\u002Fstrong> – This is the icon that indicates a scheduled post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{draft}}\u003C\u002Fstrong> – This is the post detail and is the only \u003Cstrong>REQUIRED\u003C\u002Fstrong> tag.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{author}}\u003C\u002Fstrong> – This is the name of the post author.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{author+link}}\u003C\u002Fstrong> – This is the name of the post author with, where available, a link to their URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{words}}\u003C\u002Fstrong> – The number of words in the draft post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{chars}}\u003C\u002Fstrong> – The number of characters (exc. spaces) in the post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{chars+space}}\u003C\u002Fstrong> – The number of characters (inc. spaces) in the post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{created}}\u003C\u002Fstrong> – The date\u002Ftime the post was created.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{modified}}\u003C\u002Fstrong> – The date\u002Ftime the post was last modified.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{category}}\u003C\u002Fstrong> – Shows the first category assigned to the post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>{{categories}}\u003C\u002Fstrong> – Shows all categories assigned to the post, comma separated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If {{ul}} or {{ol}} are specified then all the appropriate list tags will be added to the output. If neither are used then it’s assumed that line output will be controlled by yourself.\u003C\u002Fp>\n\u003Ch3>Omitting Posts\u002FPages from Results\u003C\u002Fh3>\n\u003Cp>If you wish to omit a page or post from the list then you can do this in 3 ways…\u003C\u002Fp>\n\u003Col>\n\u003Cli>By giving the post a title beginning with an exclamation mark. You can then remove this before publishing the post.\u003C\u002Fli>\n\u003Cli>The post and page editor has a meta box, where you can select to hide the page\u002Fpost.\u003C\u002Fli>\n\u003Cli>You can add a custom field to a page\u002Fpost with a name of ‘draft_hide’ and a value of ‘Yes’\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Edit Link\u003C\u002Fh3>\n\u003Cp>If the current user can edit the draft item being listed then it will be linked to the appropriate edit page. The user then simply needs to click on the draft item to edit it.\u003C\u002Fp>\n\u003Cp>There are separate permissions for post and page editing, so an editor with just one permission may find that they can only edit some of the draft items.\u003C\u002Fp>\n\u003Cp>Drafts that don’t have a title will not be shown on the list UNLESS the current user has edit privileges for the draft – in this case a title of [No Title] will be shown.\u003C\u002Fp>\n\u003Ch3>Using a Widget\u003C\u002Fh3>\n\u003Cp>Sidebar widgets can be easily added. In Administration simply click on the \u003Ccode>Widgets\u003C\u002Fcode> option under the \u003Ccode>Appearance\u003C\u002Fcode> menu. \u003Ccode>Draft Posts\u003C\u002Fcode> will be one of the listed widgets. Drag it to the appropriate sidebar on the right hand side and then choose your options.\u003C\u002Fp>\n\u003Cp>Save the result and that’s it! You can use unlimited widgets, so you can add different lists to different sidebars.\u003C\u002Fp>\n","WordPress plugin to manage and promote your unpublished content.",70,10752,92,5,"2026-03-15T08:02:00.000Z","6.9.4","4.6","7.4",[20,21,22,23,24],"draft","list","scheduled","seo","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-draft-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.6.3.zip",96,3,0,"2026-03-18 18:13:45","2026-04-16T10:56:18.058Z","no_bundle",[34,63,75],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":53,"research_verified":54,"research_rounds_completed":28,"research_plan":55,"research_summary":56,"research_vulnerable_code":57,"research_fix_diff":58,"research_exploit_outline":59,"research_model_used":60,"research_started_at":61,"research_completed_at":62,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":54,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-4006","draft-list-authenticated-contributor-stored-cross-site-scripting-via-displayname-parameter","Draft List \u003C= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter","The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'display_name' post meta (Custom Field) in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is present. The plugin accesses `$draft_data->display_name` which, because `display_name` is not a native WP_Post property, triggers WP_Post::__get() and resolves to `get_post_meta($post_id, 'display_name', true)`. When the `user_url` meta field is empty, the `$author` value is assigned to `$author_link` on line 383 without any escaping (unlike line 378 which uses `esc_html()` for the `{{author}}` tag, and line 381 which uses `esc_html()` when a URL is present). This unescaped value is then inserted into the shortcode output via `str_replace()`. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses a page containing the `[drafts]` shortcode with the `{{author+link}}` template tag.",null,"\u003C=2.6.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-19 06:46:15",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb5f0dc1a-6b6a-4370-a368-3687cffb43fc?source=api-prod",1,[50,51,52],"inc\u002Fcreate-lists.php","readme.txt","simple-draft-list.php","researched",false,"# Research Plan: CVE-2026-4006 - Stored XSS via `display_name` Post Meta\n\n## 1. Vulnerability Summary\nThe **Draft List** plugin (\u003C= 2.6.2) is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient output escaping in its shortcode rendering logic. Specifically, the plugin attempts to display an author's name using the `{{author+link}}` template tag. When processing this tag, the plugin accesses a property `$draft_data->display_name`. Because `WP_Post` objects do not natively have a `display_name` property, WordPress's magic `__get()` method fetches the value from the post meta table (`get_post_meta($post_id, 'display_name', true)`). \n\nAn authenticated attacker with Contributor-level permissions can create a draft and set a custom field named `display_name` containing a malicious script. When a user (including an Administrator) views a page containing the `[drafts]` shortcode with the `{{author+link}}` template tag, the script executes because the plugin fails to escape the meta-sourced value when no author URL is associated with it.\n\n## 2. Attack Vector Analysis\n- **Endpoint**: `wp-admin\u002Fpost.php` (to store the payload) and any frontend page containing the `[drafts]` shortcode (to trigger the payload).\n- **Vulnerable Parameter**: `meta_input[display_name]` (Custom Field\u002FPost Meta).\n- **Authentication Level**: Authenticated Contributor or higher. Contributors can create posts and manage their own post meta.\n- **Preconditions**: \n    1. The attacker must be able to create or edit a post (Contributor role).\n    2. A page or widget must exist that uses the `[drafts]` shortcode.\n    3. The shortcode must use a template containing the `{{author+link}}` tag.\n\n## 3. Code Flow\n1. **Entry Point**: A user views a page with the shortcode `[drafts]`.\n2. **Shortcode Handling**: `draft_list_shortcode()` in `inc\u002Fcreate-lists.php` is called.\n3. **List Generation**: `draft_list_shortcode()` calls `draft_list_generate_code()`.\n4. **Data Retrieval**: `draft_list_generate_code()` fetches draft posts. Each post is returned as a `WP_Post` object (stored in `$draft_data`).\n5. **Template Processing**: The code iterates through the template strings.\n6. **Property Access**: The code accesses `$draft_data->display_name`.\n7. **Magic Getter**: `WP_Post::__get('display_name')` executes `get_post_meta($post_id, 'display_name', true)`.\n8. **The Sink**: In `inc\u002Fcreate-lists.php` (around line 383), if the author's URL is empty, the variable `$author_link` is assigned the value of `$author` (which holds the meta value) without passing through `esc_html()` or `esc_attr()`.\n9. **Rendering**: The unescaped `$author_link` is inserted into the final HTML output via `str_replace()` and returned to the browser.\n\n## 4. Nonce Acquisition Strategy\n### Storing the Payload (Post Meta)\nTo store the malicious payload as a Contributor, the attacker needs to update a post's meta. This is typically done via the `wp-admin\u002Fpost.php` endpoint.\n1. **Action**: `editpost`\n2. **Nonce**: The `_wpnonce` is required for authorized post updates.\n3. **Acquisition**:\n    - Use `browser_navigate` to go to `wp-admin\u002Fpost-new.php`.\n    - Use `browser_eval` to extract the nonce from the document: \n      `browser_eval(\"document.querySelector('#_wpnonce').value\")`.\n\n### Triggering the Payload (Frontend)\nNo nonce is required to view the frontend output of a shortcode.\n\n## 5. Exploitation Strategy\n### Step 1: Create a Draft Post and Inject Payload\n1. Log in as a **Contributor**.\n2. Navigate to `wp-admin\u002Fpost-new.php`.\n3. Extract the `_wpnonce` and the newly generated `post_ID`.\n4. Send a POST request to `wp-admin\u002Fpost.php` to save the malicious meta:\n    - **URL**: `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fpost.php`\n    - **Method**: `POST`\n    - **Headers**: `Content-Type: application\u002Fx-www-form-urlencoded`\n    - **Body**:\n      ```text\n      action=editpost\n      post_ID=[ID]\n      _wpnonce=[NONCE]\n      post_title=XSS-Draft\n      post_type=post\n      post_status=draft\n      meta_input[display_name]=\u003Cimg src=x onerror=alert(\"CVE-2026-4006\")>\n      ```\n\n### Step 2: Setup the Trigger Page\n1. Log in as an **Administrator**.\n2. Create a public page that renders the draft list with the vulnerable template tag.\n    - **Action**: `wp post create --post_type=page --post_title=\"Draft List Test\" --post_status=publish --post_content='[drafts template=\"{{author+link}}{{draft}}\"]'`\n\n### Step 3: Trigger Execution\n1. Navigate to the newly created \"Draft List Test\" page.\n2. The browser will render the list of drafts.\n3. When it reaches the attacker's draft, it will fetch the `display_name` meta and inject the `\u003Cimg ...>` tag into the DOM.\n\n## 6. Test Data Setup\n- **Users**: \n    - `contributor_user`: Role `contributor`\n    - `admin_user`: Role `administrator`\n- **Posts**:\n    - One draft post created by `contributor_user` with meta key `display_name` set to `\u003Cimg src=x onerror=alert(document.domain)>`.\n- **Shortcode Page**:\n    - A page containing `[drafts template=\"{{author+link}}{{draft}}\"]`.\n\n## 7. Expected Results\n- The HTTP response from the frontend page will contain the literal, unescaped string: `\u003Cimg src=x onerror=alert(\"CVE-2026-4006\")>`.\n- In a browser context, the JavaScript `alert` will execute.\n\n## 8. Verification Steps\n1. **Verify Meta Storage**:\n   `wp post meta get [POST_ID] display_name`\n   - Should return the XSS payload.\n2. **Verify Unescaped Output**:\n   Use `http_request` to fetch the frontend page and grep for the payload.\n   ```bash\n   grep '\u003Cimg src=x onerror=alert(\"CVE-2026-4006\")>' \n   ```\n3. **Verify Context**:\n   Confirm that the `{{author+link}}` tag was replaced by the payload without any HTML entity encoding (e.g., no `<`).\n\n## 9. Alternative Approaches\n- **Template Parameter Abuse**: If the attacker cannot edit a page to add the shortcode, they can attempt to find a widget or an existing page that uses `[drafts]` and rely on the fact that any post they create (as a draft) will be pulled into that list automatically if it meets the shortcode's criteria (like `limit` or `type`).\n- **Shortcode Injection**: If the site allows Contributors to use `unfiltered_html` (rare) or if there is another way to place shortcodes, the attacker can provide the `template` attribute directly in the shortcode: `[drafts template=\"{{author+link}}\"]`.\n- **Author URL bypass**: If the vulnerability logic requires the `user_url` to be empty, ensure that the Contributor user profile has an empty Website field in their WordPress profile, OR verify that the plugin is looking for a `user_url` post meta (which will be empty by default for a new post). The vulnerability description specifically mentions `$author_link` is assigned `$author` on line 383 when the URL is empty.","The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'display_name' post meta in versions up to 2.6.2. Authenticated contributors can inject malicious scripts into the 'display_name' custom field, which are then executed when a user views a page containing the [drafts] shortcode with the {{author+link}} template tag because the plugin fails to escape the meta-derived value when no author URL is present.","\u002F\u002F inc\u002Fcreate-lists.php line 380\n\n\t\t\t\t\tif ( '' !== $author_url ) {\n\t\t\t\t\t\t$author_link = '\u003Ca href=\"' . esc_url( $author_url ) . '\">' . esc_html( $author ) . '\u003C\u002Fa>';\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$author_link = $author;\n\t\t\t\t\t}\n\t\t\t\t\t$this_line = str_replace( '{{author+link}}', $author_link, $this_line );","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fsimple-draft-list\u002F2.6.2\u002Finc\u002Fcreate-lists.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fsimple-draft-list\u002F2.6.3\u002Finc\u002Fcreate-lists.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fsimple-draft-list\u002F2.6.2\u002Finc\u002Fcreate-lists.php\t2025-10-10 16:00:22.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fsimple-draft-list\u002F2.6.3\u002Finc\u002Fcreate-lists.php\t2026-03-15 08:00:42.000000000 +0000\n@@ -380,7 +380,7 @@\n \t\t\t\t\tif ( '' !== $author_url ) {\n \t\t\t\t\t\t$author_link = '\u003Ca href=\"' . esc_url( $author_url ) . '\">' . esc_html( $author ) . '\u003C\u002Fa>';\n \t\t\t\t\t} else {\n-\t\t\t\t\t\t$author_link = $author;\n+\t\t\t\t\t\t$author_link = esc_html( $author );\n \t\t\t\t\t}\n \t\t\t\t\t$this_line = str_replace( '{{author+link}}', $author_link, $this_line );","1. Log in as a Contributor or higher level user.\n2. Create or edit a draft post.\n3. Add a Post Meta (Custom Field) entry with the key 'display_name' and a value containing a malicious script, such as: \u003Cimg src=x onerror=alert(document.domain)>.\n4. Ensure the current user's WordPress profile has an empty 'Website' (user_url) field, or that no user_url meta exists for the post.\n5. Navigate to or create a page that includes the plugin's shortcode with a template tag referencing the author link, e.g., [drafts template=\"{{author+link}}{{draft}}\"].\n6. When any user (including an administrator) visits the page, the plugin retrieves the 'display_name' meta via magic getter, fails to escape it in the 'else' block of the link generation logic, and outputs the raw script into the page HTML.","gemini-3-flash-preview","2026-04-18 02:24:45","2026-04-18 02:25:06",{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":39,"affected_versions":68,"patched_in_version":69,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":70,"updated_date":71,"references":72,"days_to_patch":48,"patch_diff_files":74,"patch_trac_url":39,"research_status":39,"research_verified":54,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":54,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-11197","draft-list-authenticated-contributor-stored-cross-site-scripting-2","Draft List \u003C= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.6.1","2.6.2","2025-10-10 19:04:54","2025-10-11 07:25:56",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4711e3d5-b70c-413e-97e7-6d2e93e8217e?source=api-prod",[],{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":39,"affected_versions":80,"patched_in_version":81,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":82,"updated_date":83,"references":84,"days_to_patch":48,"patch_diff_files":86,"patch_trac_url":39,"research_status":39,"research_verified":54,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":54,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-10181","draft-list-authenticated-contributor-stored-cross-site-scripting","Draft List \u003C= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.6","2.6.1","2025-09-19 00:00:00","2025-09-20 04:27:55",[85],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F12a750c6-85b6-48fc-b006-adf0121610dc?source=api-prod",[],{"slug":88,"display_name":7,"profile_url":8,"plugin_count":89,"total_installs":90,"avg_security_score":91,"avg_patch_time_days":92,"trust_score":93,"computed_at":94},"dartiss",10,11180,99,8,93,"2026-05-20T01:10:21.241Z",[96,120,145,167,192],{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":16,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":117,"download_link":118,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":119,"fetched_at":31},"astra-widgets","Astra Widgets","1.2.17","Brainstorm Force","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainstormforce\u002F","\u003Ch4>The fastest way to add more widgets into your WordPress website.\u003C\u002Fh4>\n\u003Cp>How easy can things get when you can add widgets for particular information and fetch them anywhere on your website? This goes with the most wanted information like the business address, social profile links and list icons.\u003C\u002Fp>\n\u003Cp>The Astra Widget plugin lets you create widgets to add an address, a social profile widget and list icons that you can add into your header, sidebar, footer etc. on your website.\u003C\u002Fp>\n\u003Ch4>How does this work?\u003C\u002Fh4>\n\u003Cp>The Astra Widgets plugin can be installed like any other WordPress plugin. Once installed, you will find the following widgets listed under Appearance -> Widgets\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Astra : Address\u003C\u002Fli>\n\u003Cli>Astra : List Icons\u003C\u002Fli>\n\u003Cli>Astra : Social Profiles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You simply need to select the place you wish to add the widget in and then add the information in the specific fields. Save this and you are done!\u003C\u002Fp>\n\u003Ch4>WHY PEOPLE LOVE THE ASTRA THEME?\u003C\u002Fh4>\n\u003Cp>Astra is currently powering over 1+ million websites. The performance and ease of use it offers has made it the go-to theme for beginners as well as experts.\u003C\u002Fp>\n\u003Ch4>Here are a few reasons why they love Astra –\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Faster Performance\u003C\u002Fstrong> – Astra follows the best coding standards and is built with speed and performance in mind. It is the best WordPress theme that lets you build faster lading and better performing websites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Customization\u003C\u002Fstrong> – With an aim to keep it simple and easy, Astra gives you lots of options to customize everything with just a few clicks. Everything can be managed through the customizer itself!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatibility with Page Builders\u003C\u002Fstrong> – Astra works seamlessly with all major page builders and therefore is opted as the best \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Ftheme-for-elementor\u002F?utm_source=wp-repo&utm_medium=astra_desc&utm_campaign=ast_widgets\" rel=\"nofollow ugc\">theme for Elementor\u003C\u002Fa>, Beaver Builder, Gutenberg, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pixel Perfect Design\u003C\u002Fstrong> – Astra offers pixel-perfect FREE ready-to-use website demos within a huge library of starter sites. These can simply be imported, tweaked and used to reduce your overall design time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Deeper Integrations\u003C\u002Fstrong> – Astra lets you create and beautify eCommerce websites and those that offer online courses in minutes. This is possible due to its in-depth integrations with all WooCommerce plugins, LifterLMS, LearnDash, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Ready-to-use complete website demos\u003C\u002Fstrong> – Astra offers ready-made starter templates built with Elementor, Beaver Builder, Brizy and Gutenberg. You can import them using the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fastra-sites\u002F\" rel=\"ugc\">Starter Templates\u003C\u002Fa> plugin, tweak and go live in minutes!\u003C\u002Fp>\n","Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.",200000,4562813,78,17,"2026-03-25T05:19:00.000Z","4.7","5.2",[112,113,114,115,116],"add-widget","address-widget","list-icon-widget","social-media","social-profile-widget","https:\u002F\u002Fwpastra.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fastra-widgets.1.2.17.zip","2025-12-28 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":142,"download_link":143,"security_score":144,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"ele-custom-skin","Elementor Custom Skin","3.1.9","dudaster","https:\u002F\u002Fprofiles.wordpress.org\u002Fdudaster\u002F","\u003Cp>This plugin adds new skin to Elementor Page Builder Posts and Posts Archive widget.\u003C\u002Fp>\n\u003Cp>You can design a loop item just like a single template and it would be used as a skin so you can be able to create a post grid the way you like.\u003C\u002Fp>\n\u003Cp>All you have to do is to create a Custom Grid Template and place the Post Item Widget (placeholder) in your template made with sections and columns, and why not other widgets.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FDwLFdaZ69KU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=94&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>For a quick tutorial see Frequently Asked Questions!\u003C\u002Fp>\n\u003Cp>For more details and demo check our official site https:\u002F\u002Fdudaster.com\u002F\u003C\u002Fp>\n\u003Cp>Note: This plugin is an addon of Elementor Page Builder (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F) and will only work with Elementor Page Builder installed.\u003C\u002Fp>\n\u003Cp>Also check \u003Ca href=\"https:\u002F\u002Fdudaster.com\u002Fecs-pro\u002F\" rel=\"nofollow ugc\">Elementor Custom Skin Pro\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>You can expand your freedom in more ways than you can imagine. Check it out at https:\u002F\u002Fdudaster.com\u002Fecs-pro\u002F !\u003C\u002Fp>\n","Create new skins for Elementor PRO 3.x page builder. Design your own skins for Post and Post Archive Widgets using Elementor Loop Templates.",100000,1493464,94,116,"2024-04-11T09:40:00.000Z","6.5.8","5.0","",[137,138,139,140,141],"archive-list","elementor","loop","page-builder","post-widget","https:\u002F\u002Fdudaster.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fele-custom-skin.zip",85,{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":155,"num_ratings":156,"last_updated":157,"tested_up_to":16,"requires_at_least":158,"requires_php":159,"tags":160,"homepage":135,"download_link":166,"security_score":155,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"iks-menu","Iks Menu – WordPress Category Accordion Menu & FAQs","1.12.7","Iks Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fiksstudio\u002F","\u003Cp>Iks Menu is a WordPress plugin that provides powerful customizable system and has loads of settings for creating WordPress accordion menus and FAQs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fiks-menu.com\u002Fpreviews\" rel=\"nofollow ugc\">Showcase: Skins & Animations\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fiks-menu.com\u002Ffaqs\" rel=\"nofollow ugc\">Showcase: FAQs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fiks-menu.com\u002Fproduct-category\u002Fcomputers\u002Flaptops\u002F\" rel=\"nofollow ugc\">Showcase: WooCommerce Categories Sidebar Menu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.iks-menu.com\u002F#\u002FREADME\" rel=\"nofollow ugc\">Documentation: User-friendly with screenshots\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Iks Menu is the best choice for sidebar menu and not only. This plugin allows you to select custom WordPress menus, any taxonomy (categories, post tags, WooCommerce product category, etc.) and automatically created FAQs post type as a source for accordion menus.\u003Cbr \u002F>\nIt also provides images support both for custom menus, taxonomies (also supports WooCommerce categories images) and FAQs.\u003Cbr \u002F>\nYou can show your menu using WordPress widgets, shortcode or PHP code.\u003C\u002Fp>\n\u003Cp>And you do not need to learn coding to use Iks Menu! Just set all the settings using a specially designed super-fast live editor with instant changes and no pages reloading! It will speed up your developing process.\u003Cbr \u002F>\nIks Menu has more than 15 starter skins (6 FREE) – so it’s super easy to use for beginners and very customizable for advanced users.\u003C\u002Fp>\n\u003Ch4>Plans\u003C\u002Fh4>\n\u003Cp>Iks Menu has 2 plans: FREE and PRO (\u003Ca href=\"https:\u002F\u002Fiks-menu.com\u002Fpricing\" rel=\"nofollow ugc\">Buy PRO plan here\u003C\u002Fa>).\u003C\u002Fp>\n\u003Ch4>FREE Version Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Supports Taxonomies (Categories, Tags, WooCommerce products, any other)\u003C\u002Fli>\n\u003Cli>Supports Custom WordPress Menus (created in “Appearance” > “Menus”)\u003C\u002Fli>\n\u003Cli>Supports FAQs with Groups (created in special custom FAQs post type)\u003C\u002Fli>\n\u003Cli>Supports images for all sources of menu\u003C\u002Fli>\n\u003Cli>Supports showing posts for a taxonomy source\u003C\u002Fli>\n\u003Cli>Fast and usable menu editor with instant preview!\u003C\u002Fli>\n\u003Cli>Customize appearance for any part of menu (colors, fonts, margins, paddings, heights and widths without any coding)\u003C\u002Fli>\n\u003Cli>Customize appearance for multiple states (like Hover, Current and Children)\u003C\u002Fli>\n\u003Cli>Supports exporting and importing settings to reuse it again (all settings or just for appearance)\u003C\u002Fli>\n\u003Cli>Provides various unique settings for your menus\u003C\u002Fli>\n\u003Cli>Provides 6 free awesome looking skins out of the box: start using skins with clean design right now with just one click.\u003C\u002Fli>\n\u003Cli>Supports keyboard accessibility: “Tab” & “Enter” navigation + “Focus” state for all elements in menu\u003C\u002Fli>\n\u003Cli>… Just take a look at screenshots to see all features!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Version Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All features from the FREE plan\u003C\u002Fli>\n\u003Cli>Settings “Initial Expansion” to expand some items, when page loads\u003C\u002Fli>\n\u003Cli>Expand and collapse animations for submenus\u003C\u002Fli>\n\u003Cli>Ability to display Posts count\u003C\u002Fli>\n\u003Cli>“Custom styles” setting\u003C\u002Fli>\n\u003Cli>Setting to use parent-elements as sub-menu toggles\u003C\u002Fli>\n\u003Cli>Toggle: 50+ icons and 5+ animations for expanding\u003C\u002Fli>\n\u003Cli>20+ skins\u003C\u002Fli>\n\u003Cli>… \u003Ca href=\"https:\u002F\u002Fiks-menu.com\u002Fpricing\" rel=\"nofollow ugc\">Take a look at pricing\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>Using taxonomy menu you can configure the next settings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide empty terms – Whether to hide terms not assigned to any posts.\u003C\u002Fli>\n\u003Cli>Order by – Field to order terms by.\u003C\u002Fli>\n\u003Cli>Order – Whether to order terms in ascending or descending order.\u003C\u002Fli>\n\u003Cli>Hierarchical – Whether to include terms that have non-empty descendants (even if ‘hide_empty’ is set to true)\u003C\u002Fli>\n\u003Cli>Include terms – Comma\u002Fspace-separated string of term ids to include.\u003C\u002Fli>\n\u003Cli>Exclude terms – Comma\u002Fspace-separated string of term ids to exclude.\u003C\u002Fli>\n\u003Cli>Search – Search criteria to match terms. Will be SQL-formatted with wildcards before and after.\u003C\u002Fli>\n\u003Cli>Child of – Term ID to retrieve child terms of.\u003C\u002Fli>\n\u003Cli>Parent – Parent term ID to retrieve direct-child terms of.\u003C\u002Fli>\n\u003Cli>Childless – True to limit results to terms that have no children. This parameter has no effect on non-hierarchical taxonomies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>3 variants of how to use Iks Menu (plugin includes user-friendly publishing guide inside the plugin)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widget – Use it directly in widget area\u003C\u002Fli>\n\u003Cli>Shortcode – Use it anywhere with shortcode\u003C\u002Fli>\n\u003Cli>PHP code injection – Use it anywhere in your theme with PHP code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Get help anytime 24\u002F7 – Ask your question and we will help you anyway\u003C\u002Fli>\n\u003Cli>See documentation for plugin – Super detailed docs for better understanding of how plugin works\u003C\u002Fli>\n\u003Cli>FAQ (Answers to popular questions) – \u003Ca href=\"https:\u002F\u002Fdocs.iks-menu.com\u002F#\u002Ffaq\" rel=\"nofollow ugc\">See special chapter in documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Does not suit for you? – Suggest a new features for plugin and we will provide it as soon as possible\u003C\u002Fli>\n\u003C\u002Ful>\n","Super customizable WordPress plugin for displaying custom menus, taxonomy\u002Fcategory terms and FAQs as accordion menu (with images support).",10000,133367,100,27,"2026-01-15T13:40:00.000Z","4.4.0","5.4",[161,162,163,164,165],"accordion-menu","category-widget","faqs-list","taxonomies-menu","woocommerce-menu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiks-menu.1.12.7.zip",{"slug":168,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":175,"downloaded":176,"rating":177,"num_ratings":178,"last_updated":179,"tested_up_to":180,"requires_at_least":181,"requires_php":18,"tags":182,"homepage":187,"download_link":188,"security_score":189,"vuln_count":190,"unpatched_count":29,"last_vuln_date":191,"fetched_at":31},"youtube-channel","My YouTube Channel","3.25.2","Aleksandar Urošević","https:\u002F\u002Fprofiles.wordpress.org\u002Furkekg\u002F","\u003Cp>Add \u003Cstrong>My YouTube Channel\u003C\u002Fstrong> widget to the widget area or shortcode to post\u002Fpage content, set \u003Cstrong>Channel ID\u003C\u002Fstrong> or \u003Cstrong>Playlist ID\u003C\u002Fstrong>, chose resource to use and keep defaults for all other options. And voila! You will get the latest video from chosen YouTube channel or playlist.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IMPORTANT\u003C\u002Fstrong> My YouTube Channel does not support \u003Cstrong>Live Streams\u003C\u002Fstrong> and does not have Gutenberg Block. Use \u003Cstrong>Shortcode Block\u003C\u002Fstrong> or \u003Cstrong>Classic Block\u003C\u002Fstrong> to insert shortcode to page\u002Fpost content.\u003C\u002Fp>\n\u003Cp>If you like our plugin and find it useful, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fyoutube-channel\" rel=\"ugc\">write a review and rate it\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For a manually picked set of videos from YouTube, check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-youtube-gallery\u002F\" rel=\"ugc\">Easy YouTube Gallery\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show latest videos from My YouTube Channel (ordered in reverse chronological order related to the creation date), or from Playlist\u003C\u002Fli>\n\u003Cli>Option to get a random video from any of two resources\u003C\u002Fli>\n\u003Cli>Responsive (one full-width video per row) or non-responsive\u003C\u002Fli>\n\u003Cli>Preferred aspect ratio relative to width (16:9 and 4:3)\u003C\u002Fli>\n\u003Cli>Custom width for video embeded object (default is 306px)\u003C\u002Fli>\n\u003Cli>Four modes to display video: \u003Cstrong>thumbnail\u003C\u002Fstrong> (\u003Ccode>default\u003C\u002Fcode>), \u003Cstrong>HTML5\u003C\u002Fstrong> (\u003Ccode>iframe\u003C\u002Fcode>), \u003Cstrong>HTML5 Asynchronous\u003C\u002Fstrong> (\u003Ccode>iframe2\u003C\u002Fcode>) abd \u003Cstrong>Playlist Embed\u003C\u002Fstrong> (\u003Ccode>playlist\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Thumbnail mode opens the video in lightbox\u003C\u002Fli>\n\u003Cli>[NEW] Optionally store thumbnail images locally for improved speed performance and cache policy\u003C\u002Fli>\n\u003Cli>Enhanced Privacy – please note that display mode \u003Cstrong>HTML5 (IFRAME) Asynchronous\u003C\u002Fstrong> (shortcode parameter \u003Ccode>iframe2\u003C\u002Fcode>) does not support Enhanced Privacy due to YouTube API limitations\u003C\u002Fli>\n\u003Cli>Hide or show video title above\u002Fbelow\u002Finside video wrapped to HTML tag by your choice (h3, h4, h5, span or div)\u003C\u002Fli>\n\u003Cli>Custom feed caching timeout\u003C\u002Fli>\n\u003Cli>Optional video autoplay with optional muted audio\u003C\u002Fli>\n\u003Cli>(Optional) \u003Cem>TinyMCE button\u003C\u002Fem> on post\u002Fpage edit (can be disabled on General plugin settings page), which open a shortcode GUI generator to help you build a shortcode\u003C\u002Fli>\n\u003Cli>Show link to channel\u002Fhandle below videos (vanity and legacy username are deprecated since v3.23.0)\u003C\u002Fli>\n\u003Cli>Final look is highly customisable thanks to classes for each element of YTC block!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>For a fully functional plugin, PHP 7.4 or newer has required! If you use older PHP, we highly recommend you request from your developer, server support or hosting company to update PHP to a secure version.\u003C\u002Fp>\n\u003Ch4>Styling\u003C\u002Fh4>\n\u003Cp>Use Customizer, \u003Ccode>style.css\u003C\u002Fcode> from the child theme or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhead-footer-code\u002F\" rel=\"ugc\">Head & Footer Code\u003C\u002Fa> plugin to custom style and tweak the look and feel of the My YouTube Channel blocks. You can utilise the following classes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>.widget_youtube-channel\u003C\u002Fcode> – class of whole widget (parent for widget title and YTC block)\u003C\u002Fli>\n\u003Cli>\u003Ccode>.youtube_channel\u003C\u002Fcode> – YTC block wrapper class. Additional classes are available:\n\u003Cul>\n\u003Cli>\u003Ccode>.default\u003C\u002Fcode> – for non-responsive block\u003C\u002Fli>\n\u003Cli>\u003Ccode>.responsive\u003C\u002Fcode> – when you have enabled responsive option\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_title\u003C\u002Fcode> – class for video title container above thumbnail\u002Fvideo object\n\u003Cul>\n\u003Cli>\u003Ccode>.ytc_title_above\u003C\u002Fcode> – additional class for video title above video\u002Fthumbnail\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_title_below\u003C\u002Fcode> – additional class for video title below video\u002Fthumbnail\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_title_inside\u003C\u002Fcode> – additional class for video title printed inside of the thumbnail\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_title_inside_bottom\u003C\u002Fcode> – additional class for bottom aligned video title printed inside of the thumbnail\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_video_container\u003C\u002Fcode> – class of container for single item, plus:\n\u003Cul>\n\u003Cli>\u003Ccode>.ytc_video_1\u003C\u002Fcode>, \u003Ccode>.ytc_video_2\u003C\u002Fcode>, … – class of container for single item with ordering number of item in widget\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_video_first\u003C\u002Fcode> – class of first container for single item\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_video_mid\u003C\u002Fcode> – class of all other containers for single item\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_video_last\u003C\u002Fcode> – class of last container for single item\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ar16_9\u003C\u002Fcode> – class for Aspect Ratio 16:9\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ar4_3\u003C\u002Fcode> – class for Aspect Ration 4:3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_thumb\u003C\u002Fcode> – class of anchor for Thumbnail mode\u003C\u002Fli>\n\u003Cli>\u003Ccode>.fluid-width-video-wrapper\u003C\u002Fcode> – class for parent element of IFRAME for enabled responsive\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_description\u003C\u002Fcode> – class for video description text below thumbnail\u002Fvideo object\u003C\u002Fli>\n\u003Cli>\u003Ccode>.ytc_link\u003C\u002Fcode> – class of container for link to channel\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Known Issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Video title and description for embedded playlist mode do not work.\u003C\u002Fli>\n\u003Cli>Removing the YouTube logo from the playback control bar does not work for all videos.\u003C\u002Fli>\n\u003Cli>Autoplay does not work always\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If WordFence or other malware scan tool detect My YouTube Channel file \u003Ccode>youtube-channel.php\u003C\u002Fcode> as a potential risk because \u003Ccode>base64_encode()\u003C\u002Fcode> and \u003Ccode>base64_decode()\u003C\u002Fcode> functions, remember that we use this two functions to store and restore JSON feeds to transient cache, so potential detection is false positive.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>For playing videos in lightbox we use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhenrygd\u002Fbigger-picture\" rel=\"nofollow ugc\">Bigger Picture\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Along with Widget, you can add My YouTube Channel block inline by using shortcode \u003Ccode>[youtube_channel]\u003C\u002Fcode>. Default plugin parameters will be used for shortcode, but you can customize all parameters per shortcode.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>General Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> (string) Set custom class if you wish to target special styling for specific YTC block\u003C\u002Fli>\n\u003Cli>\u003Ccode>channel\u003C\u002Fcode> (string) ID of preferred YouTube channel. Do not set full URL to channel, but just last part from URL – ID (name)\u003C\u002Fli>\n\u003Cli>\u003Ccode>handle\u003C\u002Fcode> (string) defined custom handle from \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fhandle\" rel=\"nofollow ugc\">YouTube handle\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ccode>vanity\u003C\u002Fcode> (string) \u003Cstrong>DEPRECATED\u003C\u002Fstrong> part after www.youtube.com\u002Fc\u002F from \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fyoutube\u002Fanswer\u002F2657968?hl=en\" rel=\"nofollow ugc\">Custom URL\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ccode>username\u003C\u002Fcode> (string) \u003Cstrong>DEPRECATED\u003C\u002Fstrong> Optional legacy YouTube username.\u003C\u002Fli>\n\u003Cli>\u003Ccode>playlist\u003C\u002Fcode> (string) ID of preferred YouTube playlist.\u003C\u002Fli>\n\u003Cli>\u003Ccode>resource\u003C\u002Fcode> (int) Resource to use for feed:\n\u003Cul>\n\u003Cli>\u003Ccode>0\u003C\u002Fcode> Channel (User uploads)\u003C\u002Fli>\n\u003Cli>\u003Ccode>1\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong> Favorites (for defined channel)\u003C\u002Fli>\n\u003Cli>\u003Ccode>2\u003C\u002Fcode> Playlist\u003C\u002Fli>\n\u003Cli>\u003Ccode>3\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong> Liked Videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>cache\u003C\u002Fcode> (int) Period in seconds for caching feed. You can disable caching by setting this option to 0, but if you have a lot of visits, consider at least short caching (couple minutes).\u003C\u002Fli>\n\u003Cli>\u003Ccode>fetch\u003C\u002Fcode> (int) Number of videos that will be used as stack for random pick (min 2, max 50)\u003C\u002Fli>\n\u003Cli>\u003Ccode>num\u003C\u002Fcode> (int) Number of videos to display per YTC block.\u003C\u002Fli>\n\u003Cli>\u003Ccode>random\u003C\u002Fcode> (bool) Option to randomize videos on every page load.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Video Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>ratio\u003C\u002Fcode> (int) Set preferred aspect ratio for thumbnail and video. You can use:\n\u003Cul>\n\u003Cli>\u003Ccode>3\u003C\u002Fcode> 16:9 (widescreen)\u003C\u002Fli>\n\u003Cli>\u003Ccode>1\u003C\u002Fcode> 4:3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>responsive\u003C\u002Fcode> (bool) Distribute one full width video per row.\u003C\u002Fli>\n\u003Cli>\u003Ccode>width\u003C\u002Fcode> (int) Width of thumbnail and video in pixels.\u003C\u002Fli>\n\u003Cli>\u003Ccode>display\u003C\u002Fcode> (string) Object that will be used to represent video. We have couple predefined options:\n\u003Cul>\n\u003Cli>\u003Ccode>thumbnail\u003C\u002Fcode> Thumbnail will be used and video will be loaded in lightbox. (default)\u003C\u002Fli>\n\u003Cli>\u003Ccode>iframe\u003C\u002Fcode> HTML5 (iframe)\u003C\u002Fli>\n\u003Cli>\u003Ccode>iframe2\u003C\u002Fcode> HTML5 (iframe) with asynchronous loading – recommended\u003C\u002Fli>\n\u003Cli>\u003Ccode>playlist\u003C\u002Fcode> Embedded playlist (same behaviour as old function \u003Ccode>only_pl\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumb_quality\u003C\u002Fcode> (string) Define image quality for thumbnail display mode. Default is \u003Ccode>hqdefault\u003C\u002Fcode>, available:\n\u003Cul>\n\u003Cli>\u003Ccode>default\u003C\u002Fcode> Default Quality (120x90px)\u003C\u002Fli>\n\u003Cli>\u003Ccode>mqdefault\u003C\u002Fcode> Medium Quality (320x180px)\u003C\u002Fli>\n\u003Cli>\u003Ccode>hqdefault\u003C\u002Fcode> High Quality (480x360px)\u003C\u002Fli>\n\u003Cli>\u003Ccode>sddefault\u003C\u002Fcode> Standard Definition (640x480px)\u003C\u002Fli>\n\u003Cli>\u003Ccode>maxresdefault\u003C\u002Fcode> Maximum Resolution (1280x720px)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>no_thumb_title\u003C\u002Fcode> (bool) By default YouTube thumbnail will have tooltip with info about video title and date of publishing. By setting this option to 1 or true you can hide tooltip\u003C\u002Fli>\n\u003Cli>\u003Ccode>themelight\u003C\u002Fcode> (bool) By default YouTube have dark play controls theme. By setting this option to 1 or true you can get light theme in player (HTML5 and Flash)\u003C\u002Fli>\n\u003Cli>\u003Ccode>controls\u003C\u002Fcode> (bool) Set this option to 1 or true to hide playback controls.\u003C\u002Fli>\n\u003Cli>\u003Ccode>autoplay\u003C\u002Fcode> (bool) Enable autoplay of first video in YTC video stack by setting this option to 1 or true\u003C\u002Fli>\n\u003Cli>\u003Ccode>mute\u003C\u002Fcode> (bool) Set this option to 1 or true to mute videos set to autoplay on load\u003C\u002Fli>\n\u003Cli>\u003Ccode>norel\u003C\u002Fcode> (bool) Set this option to 1 or true to hide related videos after finished playbak\u003C\u002Fli>\n\u003Cli>\u003Ccode>nobrand\u003C\u002Fcode> (bool) Set this option to 1 or true to hide YouTube logo from playback control bar\u003C\u002Fli>\n\u003Cli>\u003Ccode>nolightbox\u003C\u002Fcode> (bool) Set this option to 1 or true to prevent YTC block with thumbnail to open in lightbox. If you have other plugin that trigger youtube links for lightbox, that one will steal links from this YTC block.\u003C\u002Fli>\n\u003Cli>\u003Ccode>target\u003C\u002Fcode> (string) If you enable nolightbox for specific YTC block, you can force opening of thumbnail links in new tab\u002Fwindow if you set this shortcode option to \u003Ccode>_blank\u003C\u002Fcode> like \u003Ccode>target=\"_blank\"\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Content Layout\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>showtitle\u003C\u002Fcode> (string):\n\u003Cul>\n\u003Cli>\u003Ccode>none\u003C\u002Fcode> – Hide title\u003C\u002Fli>\n\u003Cli>\u003Ccode>above\u003C\u002Fcode> – Display title above video\u002Fthumbnail\u003C\u002Fli>\n\u003Cli>\u003Ccode>below\u003C\u002Fcode> – Display title below video\u002Fthumbnail\u003C\u002Fli>\n\u003Cli>\u003Ccode>inside\u003C\u002Fcode> – Display top aligned title inside thumbnail; if \u003Ccode>display\u003C\u002Fcode> is not \u003Ccode>thumbnail\u003C\u002Fcode> then treat as \u003Ccode>above\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>inside_b\u003C\u002Fcode> – Display bottom aligned title inside thumbnail; if \u003Ccode>display\u003C\u002Fcode> is not \u003Ccode>thumbnail\u003C\u002Fcode> then treat as \u003Ccode>below\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>titletag\u003C\u002Fcode> – Video title HTML tag to wrap title (H3, H4, H5, div, span, strong, etc)\u003C\u002Fli>\n\u003Cli>\u003Ccode>showdesc\u003C\u002Fcode> (bool) Set to 1 or true to show video description.\u003C\u002Fli>\n\u003Cli>\u003Ccode>desclen\u003C\u002Fcode> (int) Set number of characters to cut down length of video description. Set to 0 to use full length description.\u003C\u002Fli>\n\u003Cli>\u003Ccode>noinfo\u003C\u002Fcode> (bool) Set to 1 or true to hide overlay video infos (from embedded player)\u003C\u002Fli>\n\u003Cli>\u003Ccode>noanno\u003C\u002Fcode> (bool) Set to 1 or true to hide overlay video annotations (from embedded player)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Link to Channel\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>goto_txt\u003C\u002Fcode> (string)\u003C\u002Fli>\n\u003Cli>\u003Ccode>popup\u003C\u002Fcode> (int) Control where link to channel will be opened:\n\u003Cul>\n\u003Cli>\u003Ccode>0\u003C\u002Fcode> open link in same window\u003C\u002Fli>\n\u003Cli>\u003Ccode>1\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong> open link in new window with JavaScript\u003C\u002Fli>\n\u003Cli>\u003Ccode>2\u003C\u002Fcode> open link in new window with target=”_blank” anchor attribute\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>link_to\u003C\u002Fcode> (string) URL to link:\n\u003Cul>\n\u003Cli>\u003Ccode>none\u003C\u002Fcode> Hide link (defult)\u003C\u002Fli>\n\u003Cli>\u003Ccode>handle\u003C\u002Fcode> YouTube handle URL\u003C\u002Fli>\n\u003Cli>\u003Ccode>channel\u003C\u002Fcode> Channel page\u003C\u002Fli>\n\u003Cli>\u003Ccode>vanity\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong> Vanity custom URL\u003C\u002Fli>\n\u003Cli>\u003Ccode>legacy\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong> Legacy username page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Please note, to enhance plugin functionality, we can change or deprecate some shortcode parameters in future.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Filter hooks\u003C\u002Fh3>\n\u003Cp>You can modify final output of video block by hooking to filter \u003Ccode>ytc_print_video\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Four parameters are provided:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>video_content\u003C\u002Fcode> – HTML of original video block\u003C\u002Fli>\n\u003Cli>\u003Ccode>item\u003C\u002Fcode> – YouTube video object which contains:\n\u003Cul>\n\u003Cli>\u003Ccode>snippet->publishedAt\u003C\u002Fcode> – date of publishing YouTube video\u003C\u002Fli>\n\u003Cli>\u003Ccode>shippet->title\u003C\u002Fcode> – YouTube video title\u003C\u002Fli>\n\u003Cli>\u003Ccode>shippet->description\u003C\u002Fcode> – YouTube video description\u003C\u002Fli>\n\u003Cli>\u003Ccode>snippet->resourceId->videoId\u003C\u002Fcode> – YouTube video ID\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>instance\u003C\u002Fcode> – Current My YouTube Channel Block parameters, including global settings:\n\u003Cul>\n\u003Cli>\u003Ccode>handle\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>channel\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>vanity\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ccode>username\u003C\u002Fcode> \u003Cstrong>DEPRECATED\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ccode>playlist\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>resource\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>cache\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>fetch\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>num\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>skip\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>privacy\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>ratio\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>width\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>responsive\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>display\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>fullscreen\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>controls\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>autoplay\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>autoplay_mute\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>norel\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>playsinline\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>showtitle\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>titletag\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>showdesc\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>desclen\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>modestbranding\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>hideanno\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>goto_txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>popup_goto\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>link_to\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tinymce\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>nolightbox\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>apikey\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumb_quality\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>timeout\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>random\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>no_thumb_title\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>target\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>y\u003C\u002Fcode> – order number of video (\u003Ccode>1\u003C\u002Fcode> for first, \u003Ccode>2\u003C\u002Fcode> for second, etc)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'ytc_print_video', 'customized_ytc_print_video', 10, 4 );\nfunction customized_ytc_print_video( $video_block, $item, $instance, $y ) {\n    \u002F\u002F Do whatever you wish to do\n    \u002F\u002F ...\n    return $video_block;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Show video thumbnails or playable video block of recent YouTube Playlist, Channel (User Uploads) videos.",5000,476652,88,39,"2025-02-08T09:35:00.000Z","6.7.5","5.3",[183,184,185,24,186],"channel","playlist","video","youtube","https:\u002F\u002Furosevic.net\u002Fwordpress\u002Fplugins\u002Fyoutube-channel\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyoutube-channel.3.25.2.zip",91,4,"2023-02-23 00:00:00",{"slug":193,"name":194,"version":195,"author":196,"author_profile":197,"description":198,"short_description":199,"active_installs":200,"downloaded":201,"rating":27,"num_ratings":202,"last_updated":203,"tested_up_to":204,"requires_at_least":134,"requires_php":135,"tags":205,"homepage":210,"download_link":211,"security_score":144,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"display-categories-widget","Display Categories Widget","3.1","iteamweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fiteamweb\u002F","\u003Cp>Display Categories Widget will display Child categories on your sidebar. Can be placed on widget in sidebar.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Our development is being tracked on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiteamweb\u002FDisplay-Categories-Widget\" rel=\"nofollow ugc\">GitHub URL\u003C\u002Fa>. Please fork, code, raise pull request, suggest improvements on GitHub.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Limit number of categories that appears.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Exclude categories from display.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Restrict levels of categories that can be shown.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display categories as list or dropdown.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Hide categories that does not have any posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display\u002FHide number of posts available in categories.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display\u002FHide category description on hover in title attribute\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FhFwz-yDu710?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Ch4>How to contact plugin support?\u003C\u002Fh4>\n\u003Cp>We support through https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisplay-categories-widget and http:\u002F\u002Fwww.iteamweb.com\u002Fopen-source-softwares\u002Fwordpress\u002Fwordpress-plugins\u002Fdisplay-categories-widget\u002F\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Display Categories Widget will display Child categories on your sidebar. Can be placed on widget in sidebar.",4000,85347,25,"2019-11-03T07:24:00.000Z","5.2.24",[206,207,208,209,24],"categories","hide-categories","list-categories","select-categories","http:\u002F\u002Fwww.iteamweb.com\u002Fopen-source-softwares\u002Fwordpress\u002Fwordpress-plugins\u002Fdisplay-categories-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-categories-widget.zip",{"attackSurface":213,"codeSignals":250,"taintFlows":306,"riskAssessment":307,"analyzedAt":317},{"hooks":214,"ajaxHandlers":242,"restRoutes":243,"shortcodes":244,"cronEvents":249,"entryPointCount":48,"unprotectedCount":29},[215,221,225,231,234,238],{"type":216,"name":217,"callback":218,"priority":48,"file":219,"line":220},"action","admin_init","draft_list_add_custom_box","inc\\metabox.php",30,{"type":216,"name":222,"callback":223,"file":219,"line":224},"save_post","draft_list_save_postdata",101,{"type":226,"name":227,"callback":228,"priority":89,"file":229,"line":230},"filter","plugin_row_meta","draft_list_plugin_meta","inc\\shared.php",42,{"type":216,"name":217,"callback":232,"file":229,"line":233},"draft_list_fork_check",84,{"type":216,"name":235,"callback":236,"file":229,"line":237},"wp_enqueue_scripts","draft_list_load_dashicons_front_end",95,{"type":216,"name":239,"callback":240,"file":241,"line":202},"widgets_init","draft_list_register_widgets","inc\\widget.php",[],[],[245],{"tag":246,"callback":247,"file":248,"line":237},"drafts","draft_list_shortcode","inc\\create-lists.php",[],{"dangerousFunctions":251,"sqlUsage":252,"outputEscaping":254,"fileOperations":29,"externalRequests":29,"nonceChecks":48,"capabilityChecks":190,"bundledLibraries":305},[],{"prepared":29,"raw":29,"locations":253},[],{"escaped":177,"rawEcho":255,"locations":256},23,[257,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303],{"file":258,"line":259,"context":260},"inc\\class-draftlistwidget.php",167,"raw output",{"file":258,"line":262,"context":260},172,{"file":258,"line":264,"context":260},177,{"file":258,"line":266,"context":260},182,{"file":258,"line":268,"context":260},187,{"file":258,"line":270,"context":260},191,{"file":258,"line":272,"context":260},195,{"file":258,"line":274,"context":260},199,{"file":258,"line":276,"context":260},204,{"file":258,"line":278,"context":260},208,{"file":258,"line":280,"context":260},212,{"file":258,"line":282,"context":260},216,{"file":258,"line":284,"context":260},220,{"file":258,"line":286,"context":260},224,{"file":258,"line":288,"context":260},228,{"file":258,"line":290,"context":260},233,{"file":258,"line":292,"context":260},242,{"file":258,"line":294,"context":260},251,{"file":258,"line":296,"context":260},256,{"file":258,"line":298,"context":260},261,{"file":258,"line":300,"context":260},266,{"file":258,"line":302,"context":260},268,{"file":219,"line":304,"context":260},47,[],[],{"summary":308,"deductions":309},"The simple-draft-list v2.6.3 plugin exhibits a generally positive security posture based on the static analysis. The absence of AJAX handlers, REST API routes, cron events, and file operations, along with 100% of SQL queries using prepared statements, are strong indicators of secure development practices. The presence of nonce and capability checks further reinforces this. However, the static analysis does reveal a potential weakness in output escaping, with 21% of outputs not being properly escaped. While the taint analysis shows no flows with unsanitized paths, the lack of detailed taint analysis data (0 flows analyzed) limits the confidence in this aspect.\n\nThe vulnerability history indicates a concerning pattern, with two previously disclosed medium severity vulnerabilities, both related to Cross-Site Scripting (XSS). The fact that there are no currently unpatched vulnerabilities is a positive sign, suggesting the developers address issues promptly. However, the recurring nature of XSS vulnerabilities, even if patched, suggests a need for more robust input sanitization and output escaping mechanisms throughout the codebase to prevent such issues in the future.\n\nIn conclusion, the plugin has strong foundations in secure coding practices for critical areas like database interactions and entry point protection. The primary concern lies in the less than perfect output escaping and the history of XSS vulnerabilities, which, despite being patched, highlight a potential blind spot. While the current version appears secure from known exploits, continuous vigilance regarding output handling and code review is recommended.",[310,312,315],{"reason":311,"points":89},"21% of outputs not properly escaped",{"reason":313,"points":314},"History of 2 medium XSS vulnerabilities",12,{"reason":316,"points":28},"Limited taint analysis (0 flows analyzed)","2026-03-16T21:27:31.964Z",{"wat":319,"direct":328},{"assetPaths":320,"generatorPatterns":323,"scriptPaths":324,"versionParams":325},[321,322],"\u002Fwp-content\u002Fplugins\u002Fsimple-draft-list\u002Finc\u002Fmetabox.js","\u002Fwp-content\u002Fplugins\u002Fsimple-draft-list\u002Finc\u002Fwidget.js",[],[321,322],[326,327],"simple-draft-list\u002Finc\u002Fmetabox.js?ver=","simple-draft-list\u002Finc\u002Fwidget.js?ver=",{"cssClasses":329,"htmlComments":331,"htmlAttributes":332,"restEndpoints":347,"jsGlobals":348,"shortcodeOutput":350},[330],"draft-list-widget",[],[333,334,335,336,337,338,339,340,341,342,343,344,345,346],"data-draft-list-id","data-draft-list-limit","data-draft-list-type","data-draft-list-order","data-draft-list-scheduled","data-draft-list-icon","data-draft-list-folder","data-draft-list-author","data-draft-list-template","data-draft-list-date","data-draft-list-created","data-draft-list-modified","data-draft-list-words","data-draft-list-pending",[],[349],"draftListWidget",[351],"[drafts]",{"error":353,"url":354,"statusCode":355,"statusMessage":356,"message":356},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsimple-draft-list\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":107,"versions":358},[359,364,371,379,389,399,409,419,429,439,449,459,469,479,489,499,509],{"version":6,"download_url":26,"svn_tag_url":360,"released_at":39,"has_diff":54,"diff_files_changed":361,"diff_lines":39,"trac_diff_url":362,"vulnerabilities":363,"is_current":353},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.6.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.6.2&new_path=%2Fsimple-draft-list%2Ftags%2F2.6.3",[],{"version":69,"download_url":365,"svn_tag_url":366,"released_at":39,"has_diff":54,"diff_files_changed":367,"diff_lines":39,"trac_diff_url":368,"vulnerabilities":369,"is_current":54},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.6.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.6.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.6.1&new_path=%2Fsimple-draft-list%2Ftags%2F2.6.2",[370],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":81,"download_url":372,"svn_tag_url":373,"released_at":39,"has_diff":54,"diff_files_changed":374,"diff_lines":39,"trac_diff_url":375,"vulnerabilities":376,"is_current":54},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.6.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.6.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.6&new_path=%2Fsimple-draft-list%2Ftags%2F2.6.1",[377,378],{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":380,"download_url":381,"svn_tag_url":382,"released_at":39,"has_diff":54,"diff_files_changed":383,"diff_lines":39,"trac_diff_url":384,"vulnerabilities":385,"is_current":54},"2.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.5.2&new_path=%2Fsimple-draft-list%2Ftags%2F2.6",[386,387,388],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":390,"download_url":391,"svn_tag_url":392,"released_at":39,"has_diff":54,"diff_files_changed":393,"diff_lines":39,"trac_diff_url":394,"vulnerabilities":395,"is_current":54},"2.5.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.5.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.5.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.4&new_path=%2Fsimple-draft-list%2Ftags%2F2.5.2",[396,397,398],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":400,"download_url":401,"svn_tag_url":402,"released_at":39,"has_diff":54,"diff_files_changed":403,"diff_lines":39,"trac_diff_url":404,"vulnerabilities":405,"is_current":54},"2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.3.3&new_path=%2Fsimple-draft-list%2Ftags%2F2.4",[406,407,408],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":410,"download_url":411,"svn_tag_url":412,"released_at":39,"has_diff":54,"diff_files_changed":413,"diff_lines":39,"trac_diff_url":414,"vulnerabilities":415,"is_current":54},"2.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.2.6&new_path=%2Fsimple-draft-list%2Ftags%2F2.3.3",[416,417,418],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":420,"download_url":421,"svn_tag_url":422,"released_at":39,"has_diff":54,"diff_files_changed":423,"diff_lines":39,"trac_diff_url":424,"vulnerabilities":425,"is_current":54},"2.2.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.2.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.2.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.1&new_path=%2Fsimple-draft-list%2Ftags%2F2.2.6",[426,427,428],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":430,"download_url":431,"svn_tag_url":432,"released_at":39,"has_diff":54,"diff_files_changed":433,"diff_lines":39,"trac_diff_url":434,"vulnerabilities":435,"is_current":54},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F2.0.2&new_path=%2Fsimple-draft-list%2Ftags%2F2.1",[436,437,438],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":440,"download_url":441,"svn_tag_url":442,"released_at":39,"has_diff":54,"diff_files_changed":443,"diff_lines":39,"trac_diff_url":444,"vulnerabilities":445,"is_current":54},"2.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.2.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F2.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.6&new_path=%2Fsimple-draft-list%2Ftags%2F2.0.2",[446,447,448],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":450,"download_url":451,"svn_tag_url":452,"released_at":39,"has_diff":54,"diff_files_changed":453,"diff_lines":39,"trac_diff_url":454,"vulnerabilities":455,"is_current":54},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.5&new_path=%2Fsimple-draft-list%2Ftags%2F1.6",[456,457,458],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":460,"download_url":461,"svn_tag_url":462,"released_at":39,"has_diff":54,"diff_files_changed":463,"diff_lines":39,"trac_diff_url":464,"vulnerabilities":465,"is_current":54},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.4&new_path=%2Fsimple-draft-list%2Ftags%2F1.5",[466,467,468],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":470,"download_url":471,"svn_tag_url":472,"released_at":39,"has_diff":54,"diff_files_changed":473,"diff_lines":39,"trac_diff_url":474,"vulnerabilities":475,"is_current":54},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.3&new_path=%2Fsimple-draft-list%2Ftags%2F1.4",[476,477,478],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":480,"download_url":481,"svn_tag_url":482,"released_at":39,"has_diff":54,"diff_files_changed":483,"diff_lines":39,"trac_diff_url":484,"vulnerabilities":485,"is_current":54},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.2&new_path=%2Fsimple-draft-list%2Ftags%2F1.3",[486,487,488],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":490,"download_url":491,"svn_tag_url":492,"released_at":39,"has_diff":54,"diff_files_changed":493,"diff_lines":39,"trac_diff_url":494,"vulnerabilities":495,"is_current":54},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.1&new_path=%2Fsimple-draft-list%2Ftags%2F1.2",[496,497,498],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":500,"download_url":501,"svn_tag_url":502,"released_at":39,"has_diff":54,"diff_files_changed":503,"diff_lines":39,"trac_diff_url":504,"vulnerabilities":505,"is_current":54},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-draft-list%2Ftags%2F1.0&new_path=%2Fsimple-draft-list%2Ftags%2F1.1",[506,507,508],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":510,"download_url":511,"svn_tag_url":512,"released_at":39,"has_diff":54,"diff_files_changed":513,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":514,"is_current":54},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-draft-list.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-draft-list\u002Ftags\u002F1.0\u002F",[],[515,516,517],{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":81},{"id":64,"url_slug":65,"title":66,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":69},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]