[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwq-y96db86mSmMSYB3TnW-Kw-_ve0sfKN0_ZMVNUKwU":3,"$f8Xx3dwLwV-R6Z6-w0auy_-J68KagpWHrBz-7QX91UFU":206,"$fjuaEQrj7HOnFPBF8C79g6Ajb1VtMNhjPa7gz5yYSNFE":211},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":49,"crawl_stats":37,"alternatives":52,"analysis":157,"fingerprints":189},"simple-iframe","Simple Iframe","1.2.0","unapersona","https:\u002F\u002Fprofiles.wordpress.org\u002Funapersona\u002F","\u003Cp>Easily insert iframes inside the block editor.\u003C\u002Fp>\n\u003Cp>This plugin adds an \u003Cem>Iframe\u003C\u002Fem> block inside the \u003Cem>Embeds\u003C\u002Fem> category.\u003C\u002Fp>\n\u003Cp>Insert an external (or internal) URL by simple drag and dropping the Simple Iframe block.\u003C\u002Fp>\n","Easily insert iframes inside the block editor.",6000,103161,94,17,"2024-06-09T19:35:00.000Z","6.6.0","5.0.0","7.4.0",[20,21,22],"block","external","iframe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-iframe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-iframe.zip",92,1,0,"2023-06-19 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":27,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2023-2964","simple-iframe-authenticatedcontributor-stored-cross-site-scripting-via-block-attributes","Simple Iframe \u003C= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes","The Simple Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F810faad2-b63d-497c-af00-b57a07705608?source=api-prod",218,[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":46,"trust_score":50,"computed_at":51},73,"2026-05-20T04:11:33.907Z",[53,70,96,119,139],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":27,"num_ratings":27,"last_updated":63,"tested_up_to":64,"requires_at_least":17,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":25,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"dynamic-iframe-for-wp","Iframe for Gutenberg","1.1.0","adeleyeayodeji","https:\u002F\u002Fprofiles.wordpress.org\u002Fbiggidroid\u002F","\u003Cp>Enhance your content creation experience with our intuitive plugin that allows you to effortlessly integrate dynamic iframes within the block editor.\u003C\u002Fp>\n\u003Cp>Our innovative solution introduces a dedicated Iframe block, conveniently located within the comprehensive Embeds category. This specialized block empowers you to seamlessly embed external or internal URLs into your content. Gone are the days of complex coding or cumbersome manual insertion methods.\u003C\u002Fp>\n\u003Cp>With our plugin, adding an iframe is as easy as drag and drop. Simply select the desired Simple Iframe block, effortlessly position it within your content, and conveniently drop the URL into place. Enjoy the efficiency and simplicity of our user-friendly interface while creating captivating and interactive content.\u003C\u002Fp>\n","Easily insert dynamic iframes inside the block editor.",10,735,"2024-06-02T20:16:00.000Z","6.5.8",[20,66,21,67,22],"embed","google-maps","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdynamic-iframe-for-wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdynamic-iframe-for-wp.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":91,"download_link":92,"security_score":93,"vuln_count":94,"unpatched_count":27,"last_vuln_date":95,"fetched_at":29},"include-me","Include Me","1.3.7","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Include Me helps to include in posts or pages external files usually to be shared\u003Cbr \u002F>\nbetween different posts or pages or that contains PHP or other code that can be\u003Cbr \u002F>\ncompromised by the visual editor.\u003C\u002Fp>\n\u003Cp>The use is immediate: the shortcode [includeme] is all that you need (see the documentation\u003Cbr \u002F>\non \u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me official page\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>The best way to use it is to include functionalities\u003Cbr \u002F>\nwritten in external PHP that will be rendered in post body or to include pieces of\u003Cbr \u002F>\njavascript that will be hard to add with WordPress editor.\u003C\u002Fp>\n\u003Cp>Inclusions can be rendered with IFRAME if needed to create boxes that display\u003Cbr \u002F>\nexternal web pages.\u003C\u002Fp>\n\u003Cp>This plugin is made of few line of code, ultralite!\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>You can contribute to translate this plugin in your language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">WordPress Translate\u003C\u002Fa>\u003C\u002Fp>\n","Include Me helps to include any external file (textual, HTML or PHP) in posts or pages.",4000,91819,96,21,"2026-02-05T15:36:00.000Z","6.9.4","6.1","7.0",[87,22,88,89,90],"external-page","include","php","php-execute","https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finclude-me.1.3.7.zip",97,2,"2025-09-09 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":85,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":116,"download_link":117,"security_score":80,"vuln_count":107,"unpatched_count":27,"last_vuln_date":118,"fetched_at":29},"simple-blog-card","Simple Blog Card","2.38","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Ch4>Blog card\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Generated with shortcode\u003C\u002Fli>\n\u003Cli>Generated with block\u003C\u002Fli>\n\u003Cli>Can specify the number of characters displayed in the description.\u003C\u002Fli>\n\u003Cli>Displays an ogp image.\u003C\u002Fli>\n\u003Cli>Can specify the size of the displayed ogp image.\u003C\u002Fli>\n\u003Cli>Can change the title and description.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Warning\u003C\u002Fh4>\n\u003Cp>A redirect loop occurs when all three of the following factors are met:\u003Cbr \u002F>\n* When two sites with different domains embed “Simple Blog Card” for each other on their top pages.\u003Cbr \u002F>\n* When two sites with different domains are on the same server (same IP address).\u003Cbr \u002F>\n* When the ”Simple Blog Card” caches of two sites on different domains are empty.\u003C\u002Fp>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FxTicX7DiGjU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Customize\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Template files allow for flexible \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkatsushi-kawamori\u002FSimple-Blog-Card-Templates\" rel=\"nofollow ugc\">customization\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>The default template file is template\u002Fsimpleblogcard-template.php. Using this as a reference, you can specify a separate template file using the filters below.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for template file.\n *\n *\u002F\nadd_filter(\n 'simple_blog_card_generate_template_file',\n function () {\n $wp_uploads = wp_upload_dir();\n $upload_dir = wp_normalize_path( $wp_uploads['basedir'] );\n $upload_dir = untrailingslashit( $upload_dir );\n return $upload_dir . '\u002Ftmp\u002Fsimpleblogcard-template.php';\n },\n 10,\n 1\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>CSS files can be set separately. Please see the filters below.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for CSS file.\n *\n *\u002F\nadd_filter(\n 'simple_blog_card_css_url',\n function () {\n $wp_uploads = wp_upload_dir();\n $upload_url = $wp_uploads['baseurl'];\n if ( is_ssl() ) {\n $upload_url = str_replace( 'http:', 'https:', $upload_url );\n }\n $upload_url = untrailingslashit( $upload_url );\n return $upload_url . '\u002Ftmp\u002Fsimpleblogcard.css';\n },\n 10,\n 1\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Get OGP and display blog card.",3000,42287,100,3,"2026-03-29T21:54:00.000Z","6.6","8.0",[20,112,113,114,115],"blogcard","external-link","internal-link","linkcard","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-blog-card\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-blog-card.2.38.zip","2026-02-14 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":106,"num_ratings":26,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":135,"download_link":136,"security_score":137,"vuln_count":26,"unpatched_count":26,"last_vuln_date":138,"fetched_at":29},"iframe-block","iFrame Block","0.1.1","Vikas Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fvikas4travel\u002F","\u003Cp>iFrame Block lets you insert iframes in the block editor.\u003Cbr \u002F>\n* Easily place iframes into your posts and pages.\u003Cbr \u002F>\n* Option to choose between responsive and fixed width\u002Fheight.\u003Cbr \u002F>\n* Lightweight plugin.\u003C\u002Fp>\n","iFrame Block lets you insert iframes in the block editor.",800,9039,"2025-09-01T14:05:00.000Z","6.8.5","5.2","5.6",[120,134],"insert-iframe","https:\u002F\u002Fwww.vikas4travel.com\u002Fiframe-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiframe-block.0.1.2.zip",78,"2025-08-19 00:00:00",{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":147,"downloaded":148,"rating":106,"num_ratings":26,"last_updated":149,"tested_up_to":130,"requires_at_least":150,"requires_php":151,"tags":152,"homepage":155,"download_link":156,"security_score":106,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"taro-taxonomy-blocks","Taro Taxonomy Blocks","1.2.2","TAROSKY INC.","https:\u002F\u002Fprofiles.wordpress.org\u002Ftarosky\u002F","\u003Cp>This plugin supports 3 term blocks.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Terms Block\u003C\u002Fstrong> – Display all terms in the specified taxonomy. Usefull to display terms list like glossary.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post’s Terms Block\u003C\u002Fstrong> – Display terms assigned to the post in the specified taxonomy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post’s Terms Query Block\u003C\u002Fstrong> – Display post list with same terms with the post.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cp>All blocks are customizable on the PHP layer.\u003C\u002Fp>\n\u003Cp>Template Structure\u003C\u002Fp>\n\u003Cp>To override look and feel, put template files in your theme’s directory.\u003C\u002Fp>\n\u003Cpre>\nyour-theme-dir\n- template-parts\n - taxonomy-blocks\n - posts-list.php \u002F\u002F List of post in post's terms query blocks. \n - post-loop.php \u002F\u002F Post link in post's terms query blocks. \n - term-item.php \u002F\u002F Term link.\n - term-list.php \u002F\u002F Flat term list.\n - term-list-hierarchical.php \u002F\u002F Hierarchical terms list.\n\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>taro_taxonomy_blocks_template filter hook is also available.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will override the template file path.\u003C\u002Fp>\n\u003Cp>Styles\u003C\u002Fp>\n\u003Cp>To override styles, regsiter styels named \u003Ccode>taro-terms-block\u003C\u002Fcode>.\u003Cbr \u002F>\nThe plugin registers style at priority 20 of \u003Ccode>init\u003C\u002Fcode> hook, so registering style at priority 10 or earlier.\u003C\u002Fp>\n\u003Cpre>add_action( 'init', function() {\n \u002F\u002F Your own CSS.\n wp_register_style( 'taro-terms-block', $your_block_css_url, $deps, $version );\n} );\u003C\u002Fpre>\n\u003Cp>Now your blocks will be styled by your CSS.\u003C\u002Fp>\n","Add term-related blocks. Suitable for classic or hybrid themes.",40,7810,"2025-05-21T02:57:00.000Z","5.9","7.2",[153,154,22],"block-editor","gutenberg","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftaro-taxonomy-blocks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaro-taxonomy-blocks.1.2.2.zip",{"attackSurface":158,"codeSignals":170,"taintFlows":177,"riskAssessment":178,"analyzedAt":188},{"hooks":159,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":27,"unprotectedCount":27},[160],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","init","closure","simple-iframe.php",14,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":174,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":176},[],{"prepared":27,"raw":27,"locations":173},[],{"escaped":27,"rawEcho":27,"locations":175},[],[],[],{"summary":179,"deductions":180},"The static analysis of simple-iframe v1.2.0 reveals a seemingly secure codebase with no identified dangerous functions, raw SQL queries, unescaped output, file operations, or external HTTP requests. The absence of any reported taint flows also suggests robust input sanitization and handling. Furthermore, the plugin has no unprotected entry points like AJAX handlers, REST API routes, shortcodes, or cron events without proper authentication or capability checks. This indicates good development practices regarding secure coding principles and attack surface minimization.\n\nHowever, the plugin's vulnerability history presents a significant concern. It has a known CVE from 2023-06-19, specifically a medium-severity Cross-site Scripting (XSS) vulnerability. Although this vulnerability is marked as patched, the existence of a past XSS issue, especially one that was medium severity, warrants careful consideration. It suggests that while the current version might be clean, there's a historical tendency for input sanitization or output escaping to be insufficient in certain scenarios. This pattern implies a need for ongoing vigilance and potentially more thorough code reviews for future updates.\n\nIn conclusion, simple-iframe v1.2.0 demonstrates strong static security hygiene in its current iteration, with no immediate code-level risks apparent. The absence of a large attack surface and the use of prepared statements are positive signs. Nevertheless, the past XSS vulnerability indicates a potential blind spot in the development process that could re-emerge. Therefore, while the current version appears safe based on the static analysis, the historical context adds a layer of caution, emphasizing the importance of the latest version being the one installed and regularly checking for new vulnerabilities.",[181,183,186],{"reason":182,"points":61},"Medium severity XSS vulnerability in history",{"reason":184,"points":185},"No capability checks found",5,{"reason":187,"points":185},"No nonce checks found","2026-03-16T18:01:35.710Z",{"wat":190,"direct":199},{"assetPaths":191,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[192,193],"\u002Fwp-content\u002Fplugins\u002Fsimple-iframe\u002Fbuild\u002Findex.js","\u002Fwp-content\u002Fplugins\u002Fsimple-iframe\u002Fbuild\u002Fstyle-index.css",[],[192],[197,198],"simple-iframe\u002Fbuild\u002Findex.js?ver=","simple-iframe\u002Fbuild\u002Fstyle-index.css?ver=",{"cssClasses":200,"htmlComments":201,"htmlAttributes":202,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":205},[],[],[],[],[],[],{"error":207,"url":208,"statusCode":209,"statusMessage":210,"message":210},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsimple-iframe\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":212},[]]