[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP3kJ7zmJdfGPR3dG0LrOGRyqAW9JWlmpGm4-6o-qsBY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":48,"analysis":152,"fingerprints":306},"simple-link-list-widget","Simple Link List Widget","0.3.2","jimmywb","https:\u002F\u002Fprofiles.wordpress.org\u002Fjimmywb\u002F","\u003Cp>This plugin makes a widget available which allows you to add a simple link list (bulleted or numbered) to a sidebar.\u003C\u002Fp>\n","This plugin makes a widget available which allows you to add a simple link list (bulleted or numbered) to a sidebar.",2000,55594,92,9,"2018-11-09T22:36:00.000Z","4.9.29","2.8","",[20,21,22,23],"links","list","lists","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-link-list-widget.0.3.2.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-58810","simple-link-list-widget-authenticated-administrator-stored-cross-site-scripting","Simple Link List Widget \u003C= 0.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Simple Link List Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=0.3.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-10 20:40:57",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F261b21b7-6bed-4df9-bbb6-f395c0fd4f22?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":45,"trust_score":46,"computed_at":47},30,68,"2026-04-04T19:05:14.695Z",[49,73,92,111,133],{"slug":50,"name":51,"version":52,"author":53,"author_profile":54,"description":55,"short_description":56,"active_installs":57,"downloaded":58,"rating":59,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":18,"tags":64,"homepage":69,"download_link":70,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":35,"fetched_at":28},"lists-shortcode-and-widget","Lists Shortcode and Widget","1.8","OTWthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fotwthemes\u002F","\u003Cp>Easily create all different kinds of Ordered and Unordered Lists for your WordPress site. Insert Lists anywhere in your site – page\u002Fpost editor, sidebars, template files. No coding is required. It is all done in a nice and easy interface.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Upgrade to the \u003Cstrong>Pro version\u003C\u002Fstrong> of this plugin – the fastes way to build your WordPress based site including regular updates and premium support:\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002F1.envato.market\u002Fc\u002F1246358\u002F275988\u002F4415?subId1=cm&subId2=2020&subId3=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829&u=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829\" rel=\"nofollow ugc\">Content Manager\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fotwthemes.com\u002Fdemos\u002F1ts\u002F?item=Content%20Manager&utm_source=wp.org&utm_medium=page&utm_content=upgrade&utm_campaign=cml\" rel=\"nofollow ugc\">Demo site\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Lists Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Number of Items \u003C\u002Fli>\n\u003Cli>List Style\u003C\u002Fli>\n\u003Cli>Item 1,2,…10 title \u003C\u002Fli>\n\u003Cli>Custom CSS Class\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Insert Lists Anywhere in your site\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Basically Lists can be inserted anywhere in your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page\u002Fpost WYSIWYG editor by using the buttion in the editor\u003C\u002Fli>\n\u003Cli>In sidebars by using the OTW Shortcode Widget\u003C\u002Fli>\n\u003Cli>In template files by using the List’s shortcode and WordPress do_shortcode function\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom styling\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you need to further style a List here are your options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Each List shortcode has it’s unique CSS class that can be used to style all Lists.\u003C\u002Fli>\n\u003Cli>Create a new class for each instance of a List shortcode in its interface so you can style it individually.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Localization\u002FInternationalization\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin comes Localization\u002FInternationalization ready. It is following WordPress I18n standards.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full version of the plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upgrade to the full version of \u003Ca href=\"https:\u002F\u002F1.envato.market\u002Fc\u002F1246358\u002F275988\u002F4415?subId1=cm&subId2=2020&subId3=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829&u=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fcontent-manager-for-wordpress%2F7431829\" rel=\"nofollow ugc\">Content Manager\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fotwthemes.com\u002Fdemos\u002F1ts\u002F?item=Content%20Manager&utm_source=wp.org&utm_medium=page&utm_content=upgrade&utm_campaign=cml\" rel=\"nofollow ugc\">Demo site\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom Responsive Layouts – Build in Seconds\u003C\u002Fli>\n\u003Cli>Front-end Editor – Edit your layouts and content in the front-end of your site\u003C\u002Fli>\n\u003Cli>40+ Shortcodes with add\u002Fedit Interface, Custom and Imported Shortcodes\u003C\u002Fli>\n\u003Cli>Insert Shortcodes Anywhere – Layouts, Page Editor, Sidebars, Template files\u003C\u002Fli>\n\u003Cli>Insert Sidebars Anywhere – Layouts, Page Editor, Template files\u003C\u002Fli>\n\u003Cli>WordPress Widgets Anywhere – Layouts, Page Editor, Template files\u003C\u002Fli>\n\u003Cli>Content Sidebars\u003C\u002Fli>\n\u003Cli>Support and Updates\u003C\u002Fli>\n\u003Cli>Zero Coding Required\u003C\u002Fli>\n\u003C\u002Ful>\n","Create Lists. Nice and easy interface. Insert anywhere in your site - page\u002Fpost editor, sidebars, template files.",100,7045,60,2,"2022-03-04T04:22:00.000Z","5.9.13","3.6",[22,65,66,67,68],"ordered-list","shortcode","unordered-list","widgets","http:\u002F\u002FOTWthemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flists-shortcode-and-widget.zip",85,0,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":57,"downloaded":81,"rating":72,"num_ratings":72,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":18,"tags":85,"homepage":90,"download_link":91,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":35,"fetched_at":28},"twitter-goodies-widgets","Twitter Goodies Widgets","1.2","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>This plugin will allow you to create any one of the four Twitter widgets located at twitter’s website \u003Ca href=\"twitter.com\u002Fgoodies\u002Fwidgets\" rel=\"nofollow ugc\">twitter.com\u002Fgoodies\u002Fwidgets\u003C\u002Fa> with the friendly wordpress drag & drop convenience of widgets. Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Can create multiple twitter widget instnaces (uses the new WP widget API)\u003C\u002Fli>\n\u003Cli>Four for one! Four twitter widgets – twitter lists, faves, your twitter profile, or a search\u003C\u002Fli>\n\u003Cli>All the options available via the twitter widget page are available here too (as of Nov 05 2009).\u003C\u002Fli>\n\u003Cli>Save multiple themes for your twitter widget. Use one theme (or many) across multiple widgets, no need to retype settings like on the twitter site.\u003C\u002Fli>\n\u003Cli>Quickly and easly switch between the different twitter widget types.\u003C\u002Fli>\n\u003Cli>One widget makes for twitter widgets.\u003C\u002Fli>\n\u003Cli>Place widgets in your posts and pages too with shortcodes (see notes).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have any problems with the plugins, please visit our [http:\u002F\u002Fnetweblogic.com\u002Fforums\u002F](support forums) for further information and provide some feedback first, we may be able to help. It’s considered rude to just give low ratings and nothing reason for doing so.\u003C\u002Fp>\n\u003Cp>If you find this plugin useful and would like to say thanks, a link, digg, or some other form of recognition to the plugin page on our blog would be appreciated.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>To generate a twitter widget in your pages, here is a shortcode with all the attributes:\u003C\u002Fp>\n\u003Cp>[tgw title=”Title for twitter widget” subject=”Caption for twitter widget” username=”Twitter User Name” search=”Twitter search string” type=”Either (search|list|faves|profile)” list=”Twitter List Name”]\u003C\u002Fp>\n\u003Cp>Look at one of the twitter widget options in your admin panel, or also on the twitter site \u003Ca href=\"twitter.com\u002Fgoodies\u002Fwidgets\" rel=\"nofollow ugc\">twitter.com\u002Fgoodies\u002Fwidgets\u003C\u002Fa> to see what combination you need for which widget type.\u003C\u002Fp>\n","Uses the twitter goodies widgets API to create offical twitter widgets (profiles, lists, faves and search) straight from your control panel.",30033,"2011-01-02T15:27:00.000Z","3.0.5","2.7",[21,86,87,88,89],"tweet","twitter","twitter-lists","twitter-widget","http:\u002F\u002Fnetweblogic.com\u002Fwordpress\u002Ftwitter-goodies-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-goodies-widgets.1.2.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":72,"num_ratings":72,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":108,"download_link":109,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":35,"fetched_at":110},"limited-category-lists-widget","Limited Category Lists Widget","0.1","tomoya","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomoya\u002F","\u003Cp>This plugin widget is very simple.\u003Cbr \u002F>\nThe list of the entry can be displayed in the sidebar by specifying a favorite category when this plug-in is used.\u003C\u002Fp>\n","Limited Category Lists Widget is a wordPress widget, lists the limited category as shown in the name.",10,4337,"2008-05-07T20:10:00.000Z","2.5.1","2.0",[106,21,22,107,23],"category","sidebar","http:\u002F\u002Fwww.jaco-bass.com\u002Fblog\u002F2007\u002F09\u002Flimited-category-lists-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimited-category-lists-widget.0.1.zip","2026-03-15T14:54:45.397Z",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":100,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":129,"download_link":130,"security_score":131,"vuln_count":26,"unpatched_count":72,"last_vuln_date":132,"fetched_at":28},"mailgun-subscriptions","Mailgun Subscriptions","1.3.3","Jonathan Brinley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjbrinley\u002F","\u003Cp>Add a Mailgun subscription form to your WordPress site. Your visitors can use the form to subscribe to your lists using the Mailgun API.\u003C\u002Fp>\n","Add a Mailgun subscription form to your WordPress site. Your visitors can use the form to subscribe to your lists using the Mailgun API.",3040,70,4,"2025-12-07T18:54:00.000Z","6.9.4","3.9",[126,127,128,23],"email","mailing-lists","subscriptions","https:\u002F\u002Fgithub.com\u002Fflightless\u002Fmailgun-subscriptions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailgun-subscriptions.1.3.3.zip",99,"2025-12-11 18:35:18",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":100,"downloaded":141,"rating":72,"num_ratings":72,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":18,"tags":145,"homepage":150,"download_link":151,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":35,"fetched_at":28},"unlimited-lists-widget","Unlimited Lists Widget","0.1.2","Austin","https:\u002F\u002Fprofiles.wordpress.org\u002Faustyfrosty\u002F","\u003Cp>Activate the plugin then add it to any available sidebar in \u003Cstrong>Appearance&rarr;Widgets\u003C\u002Fstrong>..\u003C\u002Fp>\n\u003Cp>For question please visit my blog @ \u003Ca href=\"http:\u002F\u002Faustin.passy.co\u002Fwordpress-plugins\u002Funlimited-lists-widget\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Faustin.passy.co\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>And thanks for rating it! –>\u003C\u002Fp>\n","A widget to show HTML list elements.",2242,"2015-08-08T16:41:00.000Z","4.3.34","3.3",[146,147,148,23,149],"li","ul","unlimited-lists","widget-only","http:\u002F\u002Faustin.passy.co\u002Fwordpress-plugins\u002Funlimited-lists-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funlimited-lists-widget.zip",{"attackSurface":153,"codeSignals":169,"taintFlows":290,"riskAssessment":291,"analyzedAt":305},{"hooks":154,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":72,"unprotectedCount":72},[155,161],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","admin_enqueue_scripts","sllw_load_scripts","simple-link-list-widget.php",20,{"type":156,"name":162,"callback":163,"file":159,"line":164},"widgets_init","register_sllw",230,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":72,"externalRequests":72,"nonceChecks":72,"capabilityChecks":72,"bundledLibraries":289},[],{"prepared":72,"raw":72,"locations":172},[],{"escaped":174,"rawEcho":175,"locations":176},12,73,[177,180,182,184,186,188,189,191,193,195,196,198,200,202,204,206,208,210,212,214,215,217,218,220,221,222,224,225,227,228,229,231,232,234,235,236,238,239,240,241,243,244,246,247,249,250,252,254,256,258,260,261,262,263,265,266,268,269,270,272,273,274,276,277,278,279,281,282,283,284,286,287,288],{"file":159,"line":178,"context":179},43,"raw output",{"file":159,"line":181,"context":179},44,{"file":159,"line":183,"context":179},50,{"file":159,"line":185,"context":179},53,{"file":159,"line":187,"context":179},55,{"file":159,"line":25,"context":179},{"file":159,"line":190,"context":179},106,{"file":159,"line":192,"context":179},131,{"file":159,"line":194,"context":179},132,{"file":159,"line":194,"context":179},{"file":159,"line":197,"context":179},134,{"file":159,"line":199,"context":179},135,{"file":159,"line":201,"context":179},136,{"file":159,"line":203,"context":179},137,{"file":159,"line":205,"context":179},138,{"file":159,"line":207,"context":179},139,{"file":159,"line":209,"context":179},140,{"file":159,"line":211,"context":179},149,{"file":159,"line":213,"context":179},150,{"file":159,"line":213,"context":179},{"file":159,"line":216,"context":179},152,{"file":159,"line":216,"context":179},{"file":159,"line":219,"context":179},153,{"file":159,"line":219,"context":179},{"file":159,"line":219,"context":179},{"file":159,"line":223,"context":179},154,{"file":159,"line":223,"context":179},{"file":159,"line":226,"context":179},155,{"file":159,"line":226,"context":179},{"file":159,"line":226,"context":179},{"file":159,"line":230,"context":179},156,{"file":159,"line":230,"context":179},{"file":159,"line":233,"context":179},157,{"file":159,"line":233,"context":179},{"file":159,"line":233,"context":179},{"file":159,"line":237,"context":179},158,{"file":159,"line":237,"context":179},{"file":159,"line":237,"context":179},{"file":159,"line":237,"context":179},{"file":159,"line":242,"context":179},159,{"file":159,"line":242,"context":179},{"file":159,"line":245,"context":179},167,{"file":159,"line":245,"context":179},{"file":159,"line":248,"context":179},173,{"file":159,"line":248,"context":179},{"file":159,"line":251,"context":179},174,{"file":159,"line":253,"context":179},177,{"file":159,"line":255,"context":179},179,{"file":159,"line":257,"context":179},182,{"file":159,"line":259,"context":179},191,{"file":159,"line":259,"context":179},{"file":159,"line":259,"context":179},{"file":159,"line":259,"context":179},{"file":159,"line":264,"context":179},197,{"file":159,"line":264,"context":179},{"file":159,"line":267,"context":179},200,{"file":159,"line":267,"context":179},{"file":159,"line":267,"context":179},{"file":159,"line":271,"context":179},201,{"file":159,"line":271,"context":179},{"file":159,"line":271,"context":179},{"file":159,"line":275,"context":179},204,{"file":159,"line":275,"context":179},{"file":159,"line":275,"context":179},{"file":159,"line":275,"context":179},{"file":159,"line":280,"context":179},205,{"file":159,"line":280,"context":179},{"file":159,"line":280,"context":179},{"file":159,"line":280,"context":179},{"file":159,"line":285,"context":179},209,{"file":159,"line":285,"context":179},{"file":159,"line":285,"context":179},{"file":159,"line":285,"context":179},[],[],{"summary":292,"deductions":293},"The static analysis of simple-link-list-widget v0.3.2 reveals a seemingly low attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. The code also shows good practices by using prepared statements for all SQL queries and performing no file operations or external HTTP requests. However, a significant concern arises from the low percentage of properly escaped output, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. This is further supported by the vulnerability history, which shows one unpatched medium severity CVE directly related to XSS. The lack of nonce and capability checks on the identified entry points, though minimal, also contributes to a reduced security posture. While the absence of dangerous functions and critical taint flows is positive, the combination of prevalent unescaped output and a historical XSS vulnerability makes this plugin a notable risk.",[294,297,300,303],{"reason":295,"points":296},"Unpatched medium severity CVE",15,{"reason":298,"points":299},"Low percentage of properly escaped output",18,{"reason":301,"points":302},"No nonce checks on entry points",5,{"reason":304,"points":302},"No capability checks on entry points","2026-03-16T18:35:50.057Z",{"wat":307,"direct":317},{"assetPaths":308,"generatorPatterns":312,"scriptPaths":313,"versionParams":314},[309,310,311],"\u002Fwp-content\u002Fplugins\u002Fsimple-link-list-widget\u002Fsimple-link-list-widget.css","\u002Fwp-content\u002Fplugins\u002Fsimple-link-list-widget\u002Fsimple-link-list-widget.js","\u002Fwp-content\u002Fplugins\u002Fsimple-link-list-widget\u002Fimages\u002Fdelete.png",[],[310],[315,316],"simple-link-list-widget\u002Fsimple-link-list-widget.css?ver=","simple-link-list-widget\u002Fsimple-link-list-widget.js?ver=",{"cssClasses":318,"htmlComments":329,"htmlAttributes":331,"restEndpoints":333,"jsGlobals":334,"shortcodeOutput":336},[319,320,321,322,323,324,325,326,327,328],"widget_link_list","sllw-instructions","hide-if-no-js","hide-if-js","simple-link-list","list-item","moving-handle","sllw-edit-item","sllw-action","sllw-delete",[330],"\u003C!-- ... -->",[332],"data-widget-id",[],[335],"jQuery",[]]