[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgmNvvJIIhcHBUgw4IvVvhCeNKQ3OlLGooI6hovcOWqw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":74,"crawl_stats":34,"alternatives":82,"analysis":182,"fingerprints":252},"simple-spoiler","Simple Spoiler","1.5","Webliberty","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebliberty\u002F","\u003Cp>Use spoilers to hide some content on the page using shortcode. On the settings page, you can specify the color of the spoiler.\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Cp>Example: \u003Ccode>[spoiler]Spoiler content[\u002Fspoiler]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Example: \u003Ccode>[spoiler title=\"Show spoiler\"]Spoiler content[\u002Fspoiler]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>You can translate Simple Spoiler on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsimple-spoiler\" rel=\"nofollow ugc\">\u003Cstrong>translate.wordpress.org\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n","The plugin allows to create simple spoilers with shortcode.",2000,18215,90,6,"2025-06-19T10:28:00.000Z","6.8.5","4.6","7.0",[20],"spoiler","https:\u002F\u002Fwebliberty.ru\u002Fsimple-spoiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-spoiler.1.5.zip",96,3,0,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[29,44,60],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":6,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":43},"CVE-2025-31020","simple-spoiler-authenticated-contributor-stored-cross-site-scripting","Simple Spoiler \u003C= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Simple Spoiler plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.4","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-25 13:38:03",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F43841cbd-e78a-4b67-a495-208146cfe108?source=api-prod",78,{"id":45,"url_slug":46,"title":47,"description":48,"plugin_slug":4,"theme_slug":34,"affected_versions":49,"patched_in_version":50,"severity":51,"cvss_score":52,"cvss_vector":53,"vuln_type":54,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2024-8479","simple-spoiler-unauthenticated-arbitrary-shortcode-execution","Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution","The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.",">=1.2 \u003C=1.3","1.4","high",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Improper Control of Generation of Code ('Code Injection')","2024-09-13 00:00:00","2024-09-14 03:29:29",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8ffc76d8-b841-4c26-bbc6-1f96664efe36?source=api-prod",1,{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":34,"affected_versions":65,"patched_in_version":66,"severity":36,"cvss_score":67,"cvss_vector":68,"vuln_type":39,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2024-35639","simple-spoiler-authenticated-admin-stored-cross-site-scripting","Simple Spoiler \u003C= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting","The Simple Spoiler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.2","1.3",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-05-30 00:00:00","2024-09-13 13:18:04",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6fc15a59-e555-450b-836e-5c3d52451b12?source=api-prod",107,{"slug":75,"display_name":7,"profile_url":8,"plugin_count":76,"total_installs":77,"avg_security_score":78,"avg_patch_time_days":79,"trust_score":80,"computed_at":81},"webliberty",2,2500,98,62,87,"2026-04-04T14:11:46.919Z",[83,106,126,146,166],{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":104,"download_link":105,"security_score":93,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"inline-spoilers","Inline Spoilers","2.1.0","Sergey Kuzmich","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeykuzmich\u002F","\u003Cp>The plugin allows to create content spoilers with Guttenberg block or simple shortcode.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[spoiler title=\"Expand Me\"]Spoiler content[\u002Fspoiler]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","The plugin allows to create content spoilers with Guttenberg block or simple shortcode.",1000,76476,92,14,"2025-02-17T18:15:00.000Z","6.7.5","6.6","7.2",[100,101,102,103,20],"bbcode","block","guttenberg","shortcode","https:\u002F\u002Fgithub.com\u002Fsergeykuzmich\u002Finline-spoilers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finline-spoilers.2.1.0.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":59,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":123,"download_link":124,"security_score":125,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"advanced-spoiler","Advanced Spoiler","2.02","Cheon, YoungMin","https:\u002F\u002Fprofiles.wordpress.org\u002F082net\u002F","\u003Cp>New version of \u003Ca href=\"http:\u002F\u002F082net.com\u002Ftag\u002Faj-spoiler\u002F\" rel=\"nofollow ugc\">Ajax Spoiler\u003C\u002Fa> plugin renamed to ‘Advanced Spoiler’.\u003C\u002Fp>\n\u003Cp>Show or hide contents(text, image etc.) with animated effects wrapped by spoiler markup tag([spoiler][\u002Fspoiler]).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Animate effects: appear, blind, slide, apblind(appear + blind), phase, simple(no animate)\u003C\u002Fli>\n\u003Cli>Supports TinyMCE button and quicktags button\u003C\u002Fli>\n\u003Cli>Provides option page for default effect, show text, hide text, animate speed, nested spoilers.\u003C\u002Fli>\n\u003Cli>Supports ‘Simple Mode’: no aniated effects and just simple javascript.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Included Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Korean translation by me 😉\u003C\u002Fli>\n\u003Cli>Russian translation by \u003Ca href=\"http:\u002F\u002Fwww.fatcow.com\" rel=\"nofollow ugc\">FatCow\u003C\u002Fa> – Thanks!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Enclose any paragraphs or passages with \u003Ccode>[spoiler]\u003C\u002Fcode> and \u003Ccode>[\u002Fspoiler]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>e.g.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>simple: \u003Ccode>[spoiler] spoiler content... [\u002Fspoiler]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>options: \u003Ccode>[spoiler effect=\"blind\" show=\"Show me\" hide=\"Hide me\"] spoiler content... [\u002Fspoiler]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n","Show or hide contents(text, image etc.) with animated effects wrapped by spoiler markup tag([spoiler][\u002Fspoiler]).",600,51239,100,"2017-11-28T21:11:00.000Z","2.8.6","2.7","",[107,122,20],"jquery","http:\u002F\u002F082net.com\u002Ftag\u002Fadvanced-spoiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-spoiler.2.02.zip",85,{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":114,"downloaded":134,"rating":116,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":120,"download_link":145,"security_score":125,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"otfm-gutenberg-spoiler","OtFm Gutenberg Spoiler – (or FAQ) collapse block","1.5.4","Vova Druzhaev","https:\u002F\u002Fprofiles.wordpress.org\u002Fotshelnik-fm\u002F","\u003Cp>WordPress 5.0 introduces a block-based editor (codename “Gutenberg”) that offers a streamlined editing experience.\u003Cbr \u002F>\nThe plugin provides in the block editor 2 types of spoilers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Little Spoiler\u003C\u002Fli>\n\u003Cli>Box spoiler\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Little Spoiler – small spoiler for plain text.\u003C\u002Fp>\n\u003Cp>Box spoiler – consists of 2 blocks:\u003Cbr \u002F>\nOpening spoiler (Box Spoiler Start) and closing spoiler (Box Spoiler End)\u003Cbr \u002F>\nBetween them, you insert any block (or several block’s) with content that you want to hide.\u003C\u002Fp>\n\u003Cp>In the frontend, the spoiler (accordion) opens with animation.\u003Cbr \u002F>\nIn the editor you can choose the color design of the spoiler.\u003C\u002Fp>\n\u003Cp>Ability to add new colors or replace a set of colors. See FAQ\u003C\u002Fp>\n\u003Cp>Want to hide part of the publication? or make up the FAQ? – plugin is perfect for this\u003C\u002Fp>\n\u003Cp>Check out all beauty and power of the plugin by watching this video:\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIrC1yVttMho?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>PHP 7.4, 8.0+ recommended for better performance, WordPress 6.1\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>Available in English, Russian, Ukrainian, Spanish, German, Swedish, Dutch, Japanese, French, Italian, Norwegian, Portuguese, Chinese and more other languages in becoming.\u003C\u002Fp>\n\u003Ch4>Acknowledgements\u003C\u002Fh4>\n\u003Cp>Thanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnilovelez\u002F\" rel=\"nofollow ugc\">Nilo Velez\u003C\u002Fa> for Spanish (Spain) translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fyordansoares\u002F\" rel=\"nofollow ugc\">Yordan Soares\u003C\u002Fa> for Spanish (Venezuela) translation.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Ftobifjellner\u002F\" rel=\"nofollow ugc\">Tor-Bjorn Fjellner\u003C\u002Fa> for Swedish translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fpsmits1567\u002F\" rel=\"nofollow ugc\">Peter Smits\u003C\u002Fa> for Dutch translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmiccweb\u002F\" rel=\"nofollow ugc\">miccweb\u003C\u002Fa> for Japanese translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Ffxbenard\u002F\" rel=\"nofollow ugc\">FX Bénard\u003C\u002Fa> for French (France) translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fdarkavenger\u002F\" rel=\"nofollow ugc\">Luisa Ravelli\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Faliceorru\u002F\" rel=\"nofollow ugc\">aliceorru\u003C\u002Fa> for Italian translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmeinmycell\u002F\" rel=\"nofollow ugc\">Eivind\u003C\u002Fa> for Norwegian (Nynorsk) translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fpedromendonca\u002F\" rel=\"nofollow ugc\">Pedro Mendonça\u003C\u002Fa> for Portuguese (Portugal) translation approval.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeykovalets\u002F\" rel=\"nofollow ugc\">Sergey Kovalets\u003C\u002Fa> for Ukrainian translation.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fjensratzel\u002F\" rel=\"nofollow ugc\">Jens Ratzel\u003C\u002Fa> for German translation.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Falexclassroom\u002F\" rel=\"nofollow ugc\">Alex Lion\u003C\u002Fa> for Chinese (Taiwan) translation.\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojonez\u002F\" rel=\"nofollow ugc\">Pieterjan Deneys\u003C\u002Fa> for Dutch (Belgium) translation.\u003C\u002Fp>\n","The plugin provides in the block editor 2 types of spoilers. Need FAQ or Spoiler?",9837,5,"2023-01-15T17:25:00.000Z","6.1.10","6.1.0","8.0",[141,142,143,144,20],"blocks","frequently-asked-questions","gutenberg","gutenberg-blocks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fotfm-gutenberg-spoiler.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":156,"num_ratings":59,"last_updated":157,"tested_up_to":158,"requires_at_least":159,"requires_php":120,"tags":160,"homepage":164,"download_link":165,"security_score":125,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"wpspoiler","wpSpoiler","1.2","Felix Triller","https:\u002F\u002Fprofiles.wordpress.org\u002Fflix\u002F","\u003Cp>wpSpoiler is a plugin for WordPress, designed to protect the reader against spoilers, for example in book or filmreviews.\u003Cbr \u002F>\nThe spoiler text is hidden by default and shows up if wished.\u003C\u002Fp>\n\u003Cp>To mark a text as spoiler, enclose the passage with [spoiler] and [\u002Fspoiler].\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Very fast, less code\u003C\u002Fli>\n\u003Cli>Customizeable with CSS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A german version of this page can be found \u003Ca href=\"http:\u002F\u002Ffelixtriller.de\u002Fprojekte\u002Fwpspoiler\u002F\" title=\"felixtriller.de\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003Cbr \u002F>\nEine deutsche Version dieser Seite ist \u003Ca href=\"http:\u002F\u002Ffelixtriller.de\u002Fprojekte\u002Fwpspoiler\u002F\" title=\"felixtriller.de\" rel=\"nofollow ugc\">hier\u003C\u002Fa> zu finden.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>To mark a text as spoiler, enclose the passage with [spoiler] and [\u002Fspoiler].\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    Spoiler: [spoiler]Bruce Willis is a ghost![\u002Fspoiler]\u003C\u002Fp>\n\u003Cp>The result is shown in the screenshot section.\u003C\u002Fp>\n\u003Ch3>Customize\u003C\u002Fh3>\n\u003Cp>The language of the link text has to be changed in the pluginfile itself: \u003Cstrong>wpSpoiler.php\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>CSS can be used to style the spoiler box and the links. The spoiler-div is identified by the classname \u003Ccode>spoiler_div\u003C\u002Fcode>.\u003Cbr \u002F>\nThe link’s class is \u003Ccode>spoiler_link_show\u003C\u002Fcode> or \u003Ccode>spoiler_link_hide\u003C\u002Fcode>, depending on the current state.\u003C\u002Fp>\n\u003Cp>An example stylesheet code snippet:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F* wpSpoiler *\u002F\na.spoiler_link_show,\na.spoiler_link_hide {\n    background-repeat:      no-repeat;\n    background-position:    left center;\n    padding-left:           18px;\n}\na.spoiler_link_show {\n    background-image:       url(images\u002Fadd.png);\n}\na.spoiler_link_hide {\n    background-image:       url(images\u002Fdelete.png);\n}\ndiv.spoiler_div {\n    background-color:       #ddd;\n    margin-top:             -10px;\n    padding:                2px;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A plugin designed to protect the reader against spoilers.",400,18129,80,"2008-05-31T15:46:00.000Z","2.5.1","2.0",[161,162,163,20],"hide","post","show","http:\u002F\u002Ffelixtriller.de\u002Fprojekte\u002Fwpspoiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpspoiler.1.2.zip",{"slug":167,"name":168,"version":169,"author":170,"author_profile":171,"description":172,"short_description":173,"active_installs":116,"downloaded":174,"rating":116,"num_ratings":59,"last_updated":175,"tested_up_to":16,"requires_at_least":176,"requires_php":177,"tags":178,"homepage":180,"download_link":181,"security_score":116,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"simple-accessible-spoilers","Simple Accessible Spoilers","1.0.13","seshelby","https:\u002F\u002Fprofiles.wordpress.org\u002Fseshelby\u002F","\u003Cp>Create fully accessible content spoilers or accordions with a shortcode.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Fully accessible to screen reader users\u003C\u002Fli>\n\u003Cli>Creates a flexible spoiler shortcode\u003C\u002Fli>\n\u003Cli>Define groups of accordions to close open accordions when another in the same group is opened.\u003C\u002Fli>\n\u003Cli>Override design in theme CSS files\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Sample Code\u003C\u002Fh3>\n\u003Cp>\u003Ccode>[spoiler title=\"Sample Code\" initial_state=\"expanded\" tag=\"h2\" group=\"a\"]\u003Cbr \u002F>\nInclude content here\u003Cbr \u002F>\n[\u002Fspoiler]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Attributes\u003C\u002Fh3>\n\u003Cp>title: should include the clickable text to be displayed in your accordion\u003Cbr \u002F>\ninitial_state: values include collapsed or expanded, default to “collapsed”\u003Cbr \u002F>\ngroup: any alphanumeric value. used to define a group of accordions. when one accordion is opened all other items in the group will be closed.\u003Cbr \u002F>\ntag: values include any typical html tag but a heading tag should be used for accessibility, defaults to H2\u003C\u002Fp>\n","Create fully accessible content spoilers or accordions with a shortcode.",5491,"2025-04-19T11:15:00.000Z","3.9.1","5.6",[179,103,20],"accordion","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-accessible-spoilers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-accessible-spoilers.1.0.13.zip",{"attackSurface":183,"codeSignals":220,"taintFlows":234,"riskAssessment":235,"analyzedAt":251},{"hooks":184,"ajaxHandlers":213,"restRoutes":214,"shortcodes":215,"cronEvents":219,"entryPointCount":59,"unprotectedCount":25},[185,191,195,199,205,209],{"type":186,"name":187,"callback":188,"file":189,"line":190},"action","admin_menu","simple_spoiler_add_admin_menu","simple-spoiler.php",18,{"type":186,"name":192,"callback":193,"file":189,"line":194},"admin_notices","simple_spoiler_admin_notice",46,{"type":186,"name":196,"callback":197,"file":189,"line":198},"admin_init","simple_spoiler_register_settings",53,{"type":200,"name":201,"callback":202,"priority":203,"file":189,"line":204},"filter","comment_text","simple_spoiler_enable_in_comments",11,118,{"type":186,"name":206,"callback":207,"file":189,"line":208},"wp_enqueue_scripts","simple_spoiler_enqueue_assets",129,{"type":186,"name":210,"callback":211,"file":189,"line":212},"wp_head","simple_spoiler_inline_css",147,[],[],[216],{"tag":20,"callback":217,"file":189,"line":218},"simple_spoiler_shortcode_render",99,[],{"dangerousFunctions":221,"sqlUsage":222,"outputEscaping":228,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":233},[],{"prepared":25,"raw":59,"locations":223},[224],{"file":225,"line":226,"context":227},"uninstall.php",25,"$wpdb->get_col() with variable interpolation",{"escaped":203,"rawEcho":59,"locations":229},[230],{"file":189,"line":231,"context":232},49,"raw output",[],[],{"summary":236,"deductions":237},"The simple-spoiler plugin exhibits a concerning security posture despite a low current attack surface and good output escaping practices. The absence of nonce checks and capability checks on its single shortcode entry point is a significant weakness.  Furthermore, the plugin's vulnerability history reveals a pattern of serious security flaws, including cross-site scripting and code injection, with a high-severity vulnerability last appearing in 2025. While the static analysis did not uncover any directly exploitable code execution or cross-site scripting in this specific version, the historical trend of these critical vulnerability types, coupled with the lack of basic security checks on its entry points, suggests a high risk of future exploitation if vulnerabilities are introduced or reintroduced. The presence of SQL queries without prepared statements also introduces a potential for SQL injection, albeit with a lower detected risk in this analysis.",[238,241,243,246,249],{"reason":239,"points":240},"No capability checks on shortcode",10,{"reason":242,"points":240},"No nonce checks on shortcode",{"reason":244,"points":245},"SQL queries not using prepared statements",8,{"reason":247,"points":248},"History of high severity vulnerabilities",15,{"reason":250,"points":248},"History of XSS and Code Injection vulnerabilities","2026-03-16T18:27:42.499Z",{"wat":253,"direct":262},{"assetPaths":254,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[255,256],"\u002Fwp-content\u002Fplugins\u002Fsimple-spoiler\u002Fcss\u002Fsimple-spoiler.min.css","\u002Fwp-content\u002Fplugins\u002Fsimple-spoiler\u002Fjs\u002Fsimple-spoiler.min.js",[],[256],[260,261],"simple-spoiler\u002Fcss\u002Fsimple-spoiler.min.css?ver=1.5","simple-spoiler\u002Fjs\u002Fsimple-spoiler.min.js?ver=1.5",{"cssClasses":263,"htmlComments":268,"htmlAttributes":269,"restEndpoints":271,"jsGlobals":272,"shortcodeOutput":273},[264,265,266,267],"spoiler-wrap","spoiler-head","spoiler-body","folded",[],[270],"data-settings-updated",[],[],[274,275],"\u003Cdiv class=\"spoiler-wrap\">\u003Cdiv class=\"spoiler-head folded\">","\u003C\u002Fdiv>\u003Cdiv class=\"spoiler-body\">"]