[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDxEnZEHrQwQBAP6noW9pZkRY4YSDal67hSYaJ-DwyoE":3,"$fU1vXA3ie7-mLEmdel4GAfo2scHB5gXRYGm1STT4Ais0":394,"$fkRdATSJ_2y7AeXwbQj8Zg9wL89U_ewSm_5eN9MoDM6Q":399},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":49,"crawl_stats":37,"alternatives":52,"analysis":165,"fingerprints":362},"simple-presenter","Simple Presenter","1.5.2","sylviavanos","https:\u002F\u002Fprofiles.wordpress.org\u002Fsylviavanos\u002F","\u003Cp>Simple Presenter was born out of a request within one of the companies I was assigned to to replace the current digital signage solution. Due to the fact that WordPress was used by everyone who had to manage it, and the lack of finding any solution that really worked for us without a huge investment of time, it was decided to code up our own WordPress plugin. This is that plugin.\u003C\u002Fp>\n\u003Cp>Simple Presenter allows you to:\u003Cbr \u002F>\n– Define an infinite number of screens\u003Cbr \u002F>\n– Set a logo image, background color and text color for each screen\u003Cbr \u002F>\n– Show events from an infinite number of calendars (only Tribe via the JSON API is currently supported, max 5 events per calendar are shown)\u003Cbr \u002F>\n– An infinite number of extra slides of practically any content (image, html, shortcodes, embeds, etc.)\u003Cbr \u002F>\n– Choose exactly what to display on which screen\u003Cbr \u002F>\n– Control who can manage Simple Presenter using the manage_simplepresenter capability (may require third-party plugins)\u003C\u002Fp>\n\u003Cp>Simple Presenter is meant to be simple above powerful and is written for the purposes of a single company. However, it was decided the plugin is useful and generic enough to publish it for broader use.\u003C\u002Fp>\n","A simple way to create presentations that can be viewed in a web browser, meant for usage in a company by displaying it on Raspberry Pi's.",10,2288,0,"2024-11-06T17:53:00.000Z","6.6.5","4.9.4","5.4.16",[19,20,21,22,23],"digital-signage","monitor","pi","presentation","raspberry","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.5.2.zip",91,1,"2024-12-11 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2024-54340","simple-presenter-reflected-cross-site-scripting","Simple Presenter \u003C= 1.5.1 - Reflected Cross-Site Scripting","The Simple Presenter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.5.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-19 15:09:32",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faae9018c-eef9-4d1b-b510-446db1644e78?source=api-prod",9,[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":50,"computed_at":51},88,"2026-05-20T03:55:36.973Z",[53,76,94,113,130],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":24,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"health-endpoint","Health Endpoint","1.0.2","Jon Otaegi","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonotaegi\u002F","\u003Cp>This simple plugin creates a \u003Ccode>\u002Fhealth\u003C\u002Fcode> endpoint to let you monitor the status of your WordPress website. The endpoint tests the status of your database connection and returns a \u003Ccode>200 OK\u003C\u002Fcode> HTTP status code while your page is healthy. You can read more on HTTP status codes at the \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FList_of_HTTP_status_codes\" rel=\"nofollow ugc\">Wikipedia article\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>External tools such as website monitoring services can access the exposed endpoint at regular intervals. This can help you verify that your WordPress website is performing correctly.\u003C\u002Fp>\n\u003Cp>You can find more information about the \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fen-us\u002Fazure\u002Farchitecture\u002Fpatterns\u002Fhealth-endpoint-monitoring\" rel=\"nofollow ugc\">Health Endpoint Monitoring Pattern\u003C\u002Fa> at the \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fen-us\u002Fazure\u002Farchitecture\u002Fpatterns\u002F\" rel=\"nofollow ugc\">Microsoft Azure Documentation\u003C\u002Fa> website.\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>This plugin is being developed on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjonotaegi\u002Fwordpress-health-endpoint\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. If you want to collaborate, feel free to submit pull requests or report bugs on the issue tracker.\u003C\u002Fp>\n","Creates a \u002Fhealth endpoint that returns a 200 OK HTTP status code while WordPress is performing correctly.",3000,34563,100,2,"2025-03-09T15:40:00.000Z","6.7.5","3.5",[69,70,71,20,72],"api","endpoint","health-check","uptime","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fhealth-endpoint\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhealth-endpoint.1.0.2.zip",92,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":92,"download_link":93,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"relay","Relay","1.5.1","Verdant Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fverdantstudio\u002F","\u003Cp>This general-purpose plugin provides safe, structured access to internal data, making it compatible with \u003Ca href=\"https:\u002F\u002Fwww.verdant.studio\u002Fapplications\u002Fhub\u002F\" rel=\"nofollow ugc\">Hub\u003C\u002Fa> and other monitoring solutions.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Site name\u003C\u002Fli>\n\u003Cli>Site URL\u003C\u002Fli>\n\u003Cli>WordPress version\u003C\u002Fli>\n\u003Cli>Health rating\u003C\u002Fli>\n\u003Cli>Updates available\u003C\u002Fli>\n\u003Cli>Directory sizes\u003C\u002Fli>\n\u003Cli>Multisite and subsite information\u003C\u002Fli>\n\u003Cli>WP-CLI support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>You can find the \u003Ca href=\"https:\u002F\u002Fwww.verdant.studio\u002Fplugins\u002Frelay\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> on our site.\u003C\u002Fp>\n","A bridge between your WordPress site’s internals and your monitoring tools.",80,2454,"2025-09-18T17:53:00.000Z","6.8.5","6.6","7.4",[69,20,91],"monitoring","https:\u002F\u002Fwww.verdant.studio\u002Fplugins\u002Frelay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frelay.1.5.1.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":13,"num_ratings":13,"last_updated":104,"tested_up_to":87,"requires_at_least":105,"requires_php":89,"tags":106,"homepage":24,"download_link":111,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":112},"synapse","Synapse – Data Bridge for Automation","1.0.0","DVYZR","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvyzr\u002F","\u003Cp>Tired of logging into countless WordPress sites for routine checks? Synapse transforms your website into a powerful \u003Cstrong>“WordPress Data Bridge”\u003C\u002Fstrong>, giving you programmatic access to the data you need. Connect your site to automation platforms like \u003Cstrong>n8n, Zapier, Make\u003C\u002Fstrong>, or your own custom applications.\u003C\u002Fp>\n\u003Cp>Synapse is the essential tool for developers, agencies, and security-conscious site owners who want to build efficient workflows, monitor sites remotely, and manage WordPress like a pro.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>A POWERFUL LOCAL DASHBOARD & ROBUST API IN ONE\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Even as a standalone tool, Synapse provides a valuable local dashboard in your WordPress admin area. Get an instant overview of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Available Updates\u003C\u002Fstrong>: All pending updates for core, plugins, and themes at a glance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website Health Status\u003C\u002Fstrong>: Proactively monitor your site’s health and security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Moderation Queue\u003C\u002Fstrong>: See how many comments or posts are awaiting your approval.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>But the true power lies in its API. See the full \u003Ca href=\"https:\u002F\u002Fdvyzr.com\u002Fsynapse-documentation\u002F\" rel=\"nofollow ugc\">User Documentation\u003C\u002Fa> to get started.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>KEY API FEATURES (FREE VERSION)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The free version provides the endpoints you need for essential monitoring and maintenance:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Monitor Available Updates (\u003Ccode>\u002Fupdates\u003C\u002Fcode>)\u003C\u002Fstrong>: Get a detailed JSON list of all pending WordPress core, plugin, and theme updates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Check Site Health (\u003Ccode>\u002Fsite-health\u003C\u002Fcode>)\u003C\u002Fstrong>: Receive a comprehensive, machine-readable status report on your site’s performance and security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View Moderation Queue (\u003Ccode>\u002Fmoderation\u003C\u002Fcode>)\u003C\u002Fstrong>: Check the number of pending comments and posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Execute Remote Updates (\u003Ccode>\u002Fupdates\u002F...\u003C\u002Fcode>)\u003C\u002Fstrong>: Trigger plugin, theme, or core updates securely and remotely—perfect for automated maintenance scripts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore the full \u003Ca href=\"https:\u002F\u002Fwp-api.dvyzr.com\u002Fdocumentation.html\" rel=\"nofollow ugc\">Synapse REST API Documentation\u003C\u002Fa> to see all possibilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WHAT CAN YOU BUILD WITH SYNAPSE? (AUTOMATION USE CASES)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Synapse is designed to be the central hub for your WordPress automation workflows. Here are just a few examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Proactive Security Monitoring\u003C\u002Fstrong>: Build a daily workflow in n8n that checks for security updates and sends a notification to your Slack or Discord channel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Issue Alerts\u003C\u002Fstrong>: Set up an automation that sends a push notification to your phone the moment your site’s health status becomes “critical”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Efficient Content Management\u003C\u002Fstrong>: Automatically create a new task in Trello or Asana whenever a new post is submitted for moderation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automated Maintenance Workflows\u003C\u002Fstrong>: Create a script that automatically creates a backup of your site and then triggers all pending plugin and theme updates via the Synapse API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>FROM A SINGLE SITE TO AN ENTIRE NETWORK\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This free plugin is the perfect “Connector” to monitor and manage a single WordPress site.\u003C\u002Fp>\n\u003Cp>Looking to manage multiple client sites from a single, central dashboard? The \u003Cstrong>Synapse PRO\u003C\u002Fstrong> version allows you to connect all your websites and manage them from one central location, run selective updates without logging in, and much more. The upcoming \u003Cstrong>Synapse ULTIMATE\u003C\u002Fstrong> will provide advanced API endpoints for user and content management, making it the ultimate tool for agencies and power users.\u003C\u002Fp>\n","The data bridge for WordPress. A powerful REST API to monitor sites and automate workflows with n8n, Zapier, Make, and your own scripts.",20,258,"2025-10-23T11:19:00.000Z","5.8",[107,108,91,109,110],"automation","make","n8n","rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsynapse.1.0.0.zip","2026-04-06T09:54:40.288Z",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":13,"num_ratings":13,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":24,"tags":125,"homepage":127,"download_link":128,"security_score":129,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":112},"seraphconsulting-monitor","SeraphConsulting monitor","1.0.4","smilight","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmilight\u002F","\u003Cp>Simple plugin to show wp and installed plugins info by url http:\u002F\u002FYOUR_WEBSITE\u002Fseraph-monitor\u002Fv1\u002Finfo\u002F\u003Cbr \u002F>\nWill be useful for external WP dashboards and wp monitoring services.\u003C\u002Fp>\n\u003Cp>Plugin will show:\u003Cbr \u002F>\n* all installed plugins on your site with short info\u003Cbr \u002F>\n* outdated plugins and boolean near plugin that needs update\u003Cbr \u002F>\n* wordpress version and boolean if wp needs update\u003Cbr \u002F>\n* all installed themes with short info\u003Cbr \u002F>\n* outdated themes and boolean near theme that needs update\u003Cbr \u002F>\n* php version installed on server\u003Cbr \u002F>\n* mysql version installed on server\u003C\u002Fp>\n","Simple plugin to show wp and installed plugins info",1064,"2020-12-28T08:55:00.000Z","5.6.17","5.6",[69,126,20],"info","https:\u002F\u002Fseraphconsulting.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseraphconsulting-monitor.1.0.4.zip",85,{"slug":131,"name":132,"version":133,"author":131,"author_profile":134,"description":135,"short_description":136,"active_installs":11,"downloaded":137,"rating":63,"num_ratings":64,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":24,"tags":141,"homepage":163,"download_link":164,"security_score":129,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":112},"visitlead","VISITLEAD Live Chat and Realtime Monitoring","1.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fvisitlead\u002F","\u003Cp>VISITLEAD is not only live chat – it´s a complete and awesome selling process for B2B websites. We connect your website with your business and enable you to interact and communicate with your online prospects in realtime.\u003C\u002Fp>\n\u003Cp>Improve the success of your email marketing campaigns, get more out of your AdWords investments and your SEO activities. We convert your online leads to clients.\u003C\u002Fp>\n\u003Cp>Never miss promising opportunities on your site. And therefore … Don´t let your Homepage alone. \u003Ca href=\"https:\u002F\u002Fvisitlead.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002FVISITLEAD.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features List (based on our Entry Plan)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Smart Routing, Monitoring, Text Live Chat, Voice LiveChat, Video LiveChat, Screensharing(!), Trigger, Text\u002FVoice\u002FVideo Team LiveChat and of course all common features like typing preview, canned responses, voice dictation, offline modes, chat rating, pre-chat forms, forwarding, confidential chat, greeter, document exchange, geo location …\u003C\u002Fp>\n\u003Cp>Visitlead is built with latest technology with a zero waiting interface and less server load. Designed to optimise your sales and service.\u003C\u002Fp>\n","Enterprise Live Chat and realtime monitoring for business websites. We convert your visitors to clients. Live Chat is only one piece of our success.",2217,"2016-04-29T10:49:00.000Z","4.1.42","3.3",[142,143,144,145,146,147,148,149,150,151,91,152,153,154,155,156,157,158,159,160,161,162],"chat-plugin","co-browsing","cobrowsing","live-chat","live-chat-plugin","live-chat-software","live-chat-support","live-chat-tool","live-chat-widget","livechat","provide-support","pure-live-chat","screensharing","supervisor","team-chat","video-chat","voice-chat","website-leads","wordpress-live-chat","wp-live-chat","zopim-live-chat","http:\u002F\u002Fvisitlead.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisitlead.zip",{"attackSurface":166,"codeSignals":206,"taintFlows":320,"riskAssessment":346,"analyzedAt":361},{"hooks":167,"ajaxHandlers":202,"restRoutes":203,"shortcodes":204,"cronEvents":205,"entryPointCount":13,"unprotectedCount":13},[168,174,178,182,186,191,194,197],{"type":169,"name":170,"callback":171,"file":172,"line":173},"action","admin_menu","simplepresenter_add_menu_page","simple-presenter.php",29,{"type":169,"name":175,"callback":176,"file":172,"line":177},"admin_init","simplepresenter_admin_init",30,{"type":169,"name":179,"callback":180,"file":172,"line":181},"admin_enqueue_scripts","simplepresenter_enqueue_media_uploader",31,{"type":169,"name":183,"callback":184,"file":172,"line":185},"parse_request","simplepresenter_admin_parse_request",33,{"type":187,"name":188,"callback":189,"file":172,"line":190},"filter","query_vars","simplepresenter_admin_query_vars",495,{"type":169,"name":183,"callback":192,"file":172,"line":193},"simplepresenter_public_parse_request",785,{"type":187,"name":188,"callback":195,"file":172,"line":196},"simplepresenter_public_query_vars",791,{"type":169,"name":198,"callback":199,"priority":200,"file":172,"line":201},"init","simplepresenter_add_cap",11,798,[],[],[],[],{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":210,"fileOperations":27,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":319},[],{"prepared":13,"raw":13,"locations":209},[],{"escaped":13,"rawEcho":211,"locations":212},53,[213,216,218,220,222,224,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317],{"file":172,"line":214,"context":215},50,"raw output",{"file":172,"line":217,"context":215},136,{"file":172,"line":219,"context":215},140,{"file":172,"line":221,"context":215},142,{"file":172,"line":223,"context":215},144,{"file":172,"line":223,"context":215},{"file":172,"line":226,"context":215},154,{"file":172,"line":228,"context":215},158,{"file":172,"line":230,"context":215},165,{"file":172,"line":232,"context":215},169,{"file":172,"line":234,"context":215},173,{"file":172,"line":236,"context":215},175,{"file":172,"line":238,"context":215},190,{"file":172,"line":240,"context":215},194,{"file":172,"line":242,"context":215},195,{"file":172,"line":244,"context":215},196,{"file":172,"line":246,"context":215},197,{"file":172,"line":248,"context":215},207,{"file":172,"line":250,"context":215},209,{"file":172,"line":252,"context":215},210,{"file":172,"line":254,"context":215},213,{"file":172,"line":256,"context":215},230,{"file":172,"line":258,"context":215},231,{"file":172,"line":260,"context":215},243,{"file":172,"line":262,"context":215},244,{"file":172,"line":264,"context":215},247,{"file":172,"line":266,"context":215},251,{"file":172,"line":268,"context":215},252,{"file":172,"line":270,"context":215},253,{"file":172,"line":272,"context":215},255,{"file":172,"line":274,"context":215},256,{"file":172,"line":276,"context":215},278,{"file":172,"line":278,"context":215},307,{"file":172,"line":280,"context":215},309,{"file":172,"line":282,"context":215},318,{"file":172,"line":284,"context":215},426,{"file":172,"line":286,"context":215},429,{"file":172,"line":288,"context":215},432,{"file":172,"line":290,"context":215},435,{"file":172,"line":292,"context":215},438,{"file":172,"line":294,"context":215},446,{"file":172,"line":296,"context":215},449,{"file":172,"line":298,"context":215},452,{"file":172,"line":300,"context":215},455,{"file":172,"line":302,"context":215},458,{"file":172,"line":304,"context":215},466,{"file":172,"line":306,"context":215},469,{"file":172,"line":308,"context":215},472,{"file":172,"line":310,"context":215},475,{"file":172,"line":312,"context":215},622,{"file":172,"line":314,"context":215},632,{"file":172,"line":316,"context":215},633,{"file":172,"line":318,"context":215},637,[],[321,337],{"entryPoint":322,"graph":323,"unsanitizedCount":27,"severity":39},"simplepresenter_options_page (simple-presenter.php:35)",{"nodes":324,"edges":335},[325,330],{"id":326,"type":327,"label":328,"file":172,"line":329},"n0","source","$_GET",41,{"id":331,"type":332,"label":333,"file":172,"line":214,"wp_function":334},"n1","sink","echo() [XSS]","echo",[336],{"from":326,"to":331,"sanitized":48},{"entryPoint":338,"graph":339,"unsanitizedCount":27,"severity":345},"\u003Csimple-presenter> (simple-presenter.php:0)",{"nodes":340,"edges":343},[341,342],{"id":326,"type":327,"label":328,"file":172,"line":329},{"id":331,"type":332,"label":333,"file":172,"line":214,"wp_function":334},[344],{"from":326,"to":331,"sanitized":48},"low",{"summary":347,"deductions":348},"The 'simple-presenter' plugin v1.5.2 exhibits a mixed security posture. On the positive side, there are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface, which is excellent for limiting entry points. Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests or dangerous functions identified. However, significant concerns arise from the code analysis. Notably, 100% of output escaping is missing, meaning virtually all dynamic content output by the plugin is vulnerable to Cross-Site Scripting (XSS) attacks.  The presence of two flows with unsanitized paths in the taint analysis, while not flagged as critical or high severity, still indicates potential vulnerabilities related to file operations or input handling. The plugin has a history of vulnerabilities, specifically XSS, with a recent CVE in late 2024. Although currently unpatched CVEs are zero, the pattern of past XSS vulnerabilities, coupled with the complete lack of output escaping in the current version, suggests a persistent weakness in input sanitization and output encoding.\n\nIn conclusion, while the plugin's limited attack surface and proper SQL usage are strengths, the complete absence of output escaping and the history of XSS vulnerabilities present substantial risks. The identified unsanitized paths further amplify these concerns. Users should exercise caution and consider the significant XSS risk introduced by the lack of proper output encoding.",[349,351,354,356,359],{"reason":350,"points":102},"All outputs are unescaped",{"reason":352,"points":353},"Two flows with unsanitized paths",15,{"reason":355,"points":11},"History of Cross-Site Scripting (XSS) vulnerabilities",{"reason":357,"points":358},"No nonce checks detected",5,{"reason":360,"points":358},"No capability checks detected","2026-03-16T23:14:32.907Z",{"wat":363,"direct":372},{"assetPaths":364,"generatorPatterns":367,"scriptPaths":368,"versionParams":369},[365,366],"\u002Fwp-content\u002Fplugins\u002Fsimple-presenter\u002Fsimple-presenter.css","\u002Fwp-content\u002Fplugins\u002Fsimple-presenter\u002Fsimple-presenter.js",[],[366],[370,371],"simple-presenter\u002Fsimple-presenter.css?ver=","simple-presenter\u002Fsimple-presenter.js?ver=",{"cssClasses":373,"htmlComments":375,"htmlAttributes":376,"restEndpoints":383,"jsGlobals":384,"shortcodeOutput":386},[374],"simple-presenter-screen-container",[],[377,378,379,380,381,382],"data-simple-presenter-screen-id","data-simple-presenter-screen-url","data-simple-presenter-image-url","data-simple-presenter-text-scale","data-simple-presenter-background-color","data-simple-presenter-text-color",[],[385],"simplepresenter",[387,388,389,390,391,392,393],"\u003Cdiv class=\"simple-presenter-screen-container\" data-simple-presenter-screen-id=\"","\" data-simple-presenter-screen-url=\"","\" data-simple-presenter-image-url=\"","\" data-simple-presenter-text-scale=\"","\" data-simple-presenter-background-color=\"","\" data-simple-presenter-text-color=\"","\">\u003C\u002Fdiv>",{"error":395,"url":396,"statusCode":397,"statusMessage":398,"message":398},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsimple-presenter\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":200,"versions":400},[401,406,413,421,429,437,445,453,461,469,477],{"version":6,"download_url":25,"svn_tag_url":402,"released_at":37,"has_diff":48,"diff_files_changed":403,"diff_lines":37,"trac_diff_url":404,"vulnerabilities":405,"is_current":395},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.5.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.5.1&new_path=%2Fsimple-presenter%2Ftags%2F1.5.2",[],{"version":79,"download_url":407,"svn_tag_url":408,"released_at":37,"has_diff":48,"diff_files_changed":409,"diff_lines":37,"trac_diff_url":410,"vulnerabilities":411,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.5&new_path=%2Fsimple-presenter%2Ftags%2F1.5.1",[412],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":414,"download_url":415,"svn_tag_url":416,"released_at":37,"has_diff":48,"diff_files_changed":417,"diff_lines":37,"trac_diff_url":418,"vulnerabilities":419,"is_current":48},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.4.2&new_path=%2Fsimple-presenter%2Ftags%2F1.5",[420],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":422,"download_url":423,"svn_tag_url":424,"released_at":37,"has_diff":48,"diff_files_changed":425,"diff_lines":37,"trac_diff_url":426,"vulnerabilities":427,"is_current":48},"1.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.4.1&new_path=%2Fsimple-presenter%2Ftags%2F1.4.2",[428],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":430,"download_url":431,"svn_tag_url":432,"released_at":37,"has_diff":48,"diff_files_changed":433,"diff_lines":37,"trac_diff_url":434,"vulnerabilities":435,"is_current":48},"1.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.4&new_path=%2Fsimple-presenter%2Ftags%2F1.4.1",[436],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":438,"download_url":439,"svn_tag_url":440,"released_at":37,"has_diff":48,"diff_files_changed":441,"diff_lines":37,"trac_diff_url":442,"vulnerabilities":443,"is_current":48},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.3.1&new_path=%2Fsimple-presenter%2Ftags%2F1.4",[444],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":446,"download_url":447,"svn_tag_url":448,"released_at":37,"has_diff":48,"diff_files_changed":449,"diff_lines":37,"trac_diff_url":450,"vulnerabilities":451,"is_current":48},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.3&new_path=%2Fsimple-presenter%2Ftags%2F1.3.1",[452],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":454,"download_url":455,"svn_tag_url":456,"released_at":37,"has_diff":48,"diff_files_changed":457,"diff_lines":37,"trac_diff_url":458,"vulnerabilities":459,"is_current":48},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.2&new_path=%2Fsimple-presenter%2Ftags%2F1.3",[460],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":462,"download_url":463,"svn_tag_url":464,"released_at":37,"has_diff":48,"diff_files_changed":465,"diff_lines":37,"trac_diff_url":466,"vulnerabilities":467,"is_current":48},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.1&new_path=%2Fsimple-presenter%2Ftags%2F1.2",[468],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":470,"download_url":471,"svn_tag_url":472,"released_at":37,"has_diff":48,"diff_files_changed":473,"diff_lines":37,"trac_diff_url":474,"vulnerabilities":475,"is_current":48},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimple-presenter%2Ftags%2F1.0&new_path=%2Fsimple-presenter%2Ftags%2F1.1",[476],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":133,"download_url":478,"svn_tag_url":479,"released_at":37,"has_diff":48,"diff_files_changed":480,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":481,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-presenter.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-presenter\u002Ftags\u002F1.0\u002F",[],[482],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6}]