[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOuB6GRXO0zsEuBD3KlZCoVQcsx5MbEL4tGoNN2VNjjQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":14,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":101,"crawl_stats":37,"alternatives":108,"analysis":211,"fingerprints":428},"sitekit","Sitekit","2.0","webvitaly","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebvitaly\u002F","\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002Fsitekit\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">Sitekit\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fdonate\u002F\" title=\"Support the development\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebvitalii\u002Fsitekit\" title=\"Fork\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Google Analytics code\u003C\u002Fli>\n\u003Cli>Show\u002Fhide google analytics code if user is logged in\u003C\u002Fli>\n\u003Cli>Head code\u003C\u002Fli>\n\u003Cli>Footer code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Archives\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Search\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[sitekit_posts]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_categories]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_bloginfo]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_iframe]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Parameters for [sitekit_posts]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>post_type\u003C\u002Fstrong> – show posts associated with certain type: \u003Ccode>[sitekit_posts post_type=\"page\"]\u003C\u002Fcode>; by default posts are shown: \u003Ccode>[sitekit_posts post_type=\"post\"]\u003C\u002Fcode>; Possible params: post | page | revision | attachment | nav_menu_item | any | your_custom_post_type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>orderby\u003C\u002Fstrong> – the column to use for ordering posts list: \u003Ccode>[sitekit_posts orderby=\"id\"]\u003C\u002Fcode>; by default list is sorted by date: \u003Ccode>[sitekit_posts orderby=\"date\"]\u003C\u002Fcode>; Possible params: modified | title | name | ID | rand\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> – how to sort posts list: \u003Ccode>[sitekit_posts order=\"DESC\"]\u003C\u002Fcode>; by default list is sorted by ascending order (A-Z): \u003Ccode>[sitekit_posts order=\"ASC\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>posts_per_page\u003C\u002Fstrong> – how many posts to show in the list: \u003Ccode>[sitekit_posts posts_per_page=\"50\"]\u003C\u002Fcode>; by default: \u003Ccode>[sitekit_posts posts_per_page=\"100\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_posts] is based on \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002FWP_Query\" rel=\"nofollow ugc\">WP_Query class\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_archives]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[sitekit_archives]\u003C\u002Fcode> – list of monthly archives links sorted by date;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"yearly\"]\u003C\u002Fcode> – list of yearly archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"monthly\"]\u003C\u002Fcode> – list of monthly archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"weekly\"]\u003C\u002Fcode> – list of weekly archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"daily\"]\u003C\u002Fcode> – list of daily archives links;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"postbypost\"]\u003C\u002Fcode> – list of all posts links sorted by date;\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sitekit_archives type=\"alpha\"]\u003C\u002Fcode> –  list of all posts links sorted by title;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>limit\u003C\u002Fstrong> – how many links to be included in the list: \u003Ccode>[sitekit_archives limit=\"10\"]\u003C\u002Fcode>; by default all links are shown: \u003Ccode>[sitekit_archives limit=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>format\u003C\u002Fstrong> – format for the archive: \u003Ccode>[sitekit_archives format=\"option\"]\u003C\u002Fcode> – show as a dropdown; by default unordered list is shown: \u003Ccode>[sitekit_archives format=\"html\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_post_count\u003C\u002Fstrong> – display counter of posts in the archive: \u003Ccode>[sitekit_archives show_post_count=\"1\"]\u003C\u002Fcode>; by default counter is not shown: \u003Ccode>[sitekit_archives show_post_count=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> – how to sort archives links: \u003Ccode>[sitekit_archives order=\"ASC\"]\u003C\u002Fcode>; by default links are sorted by descending order (Z-A): \u003Ccode>[sitekit_archives order=\"DESC\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_archives] is based on \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_get_archives\" rel=\"nofollow ugc\">wp_get_archives function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_categories]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>orderby\u003C\u002Fstrong> – the column to use for ordering categories list: \u003Ccode>[sitekit_categories orderby=\"id\"]\u003C\u002Fcode>; by default list is sorted by title: \u003Ccode>[sitekit_categories orderby=\"name\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> – how to sort categories list: \u003Ccode>[sitekit_categories order=\"DESC\"]\u003C\u002Fcode>; by default list is sorted by ascending order (A-Z): \u003Ccode>[sitekit_categories order=\"ASC\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_count\u003C\u002Fstrong> – display counter of posts in the categories list: \u003Ccode>[sitekit_categories show_count=\"1\"]\u003C\u002Fcode>; by default counter is not shown: \u003Ccode>[sitekit_categories show_count=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>hide_empty\u003C\u002Fstrong> – the column to use for ordering categories list: \u003Ccode>[sitekit_categories hide_empty=\"0\"]\u003C\u002Fcode>; by default empty categories are hidden: \u003Ccode>[sitekit_categories hide_empty=\"1\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>hierarchical\u003C\u002Fstrong> – show tree-like categories list: \u003Ccode>[sitekit_categories hierarchical=\"0\"]\u003C\u002Fcode>; by default the list is hierarchical: \u003Ccode>[sitekit_categories hierarchical=\"1\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>depth\u003C\u002Fstrong> – how many levels to include in categories list: \u003Ccode>[sitekit_categories depth=\"5\"]\u003C\u002Fcode>; by default depth is unlimited: \u003Ccode>[sitekit_categories depth=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>taxonomy\u003C\u002Fstrong> – which taxonomy to show in the list: \u003Ccode>[sitekit_categories taxonomy=\"post_tag\"]\u003C\u002Fcode>; by default categories are shown: \u003Ccode>[sitekit_categories taxonomy=\"category\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>child_of\u003C\u002Fstrong> – term ID to retrieve child terms of: \u003Ccode>[sitekit_categories child_of=\"77\"]\u003C\u002Fcode>; by default all categories are shown: \u003Ccode>[sitekit_categories child_of=\"0\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>exclude\u003C\u002Fstrong> – comma\u002Fspace-separated string of term IDs to exclude: \u003Ccode>[sitekit_categories exclude=\"77\"]\u003C\u002Fcode>; by default all categories are shown: \u003Ccode>[sitekit_categories exclude=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>exclude_tree\u003C\u002Fstrong> – comma\u002Fspace-separated string of term IDs to exclude, along with their descendants: \u003Ccode>[sitekit_categories exclude_tree=\"77\"]\u003C\u002Fcode>; by default all categories are shown: \u003Ccode>[sitekit_categories exclude_tree=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_categories] is based on \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_list_categories\u002F\" rel=\"nofollow ugc\">wp_list_categories function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_bloginfo]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[sitekit_bloginfo show=\"name\"]\u003C\u002Fcode> – \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fbloginfo\u002F\" rel=\"nofollow ugc\">sitekit_bloginfo params\u003C\u002Fa>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[sitekit_bloginfo] is based on \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fbloginfo\u002F\" rel=\"nofollow ugc\">bloginfo function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Parameters for [sitekit_iframe]:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>src\u003C\u002Fstrong> – source of the iframe: \u003Ccode>[sitekit_iframe src=\"http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F4qsGTXLnmKs\"]\u003C\u002Fcode>; by default src=”http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F4qsGTXLnmKs”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>width\u003C\u002Fstrong> – width in pixels or in percents: \u003Ccode>[sitekit_iframe width=\"100%\"]\u003C\u002Fcode> or \u003Ccode>[sitekit_iframe width=\"600\"]\u003C\u002Fcode>; by default width=”100%”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>height\u003C\u002Fstrong> – height in pixels: \u003Ccode>[sitekit_iframe height=\"500\"]\u003C\u002Fcode>; by default height=”500″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>scrolling\u003C\u002Fstrong> – with or without the scrollbar: \u003Ccode>[sitekit_iframe scrolling=\"no\"]\u003C\u002Fcode>; by default scrolling=”yes”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>frameborder\u003C\u002Fstrong> – with or without the frame border: \u003Ccode>[sitekit_iframe frameborder=\"0\"]\u003C\u002Fcode>; by default frameborder=”0″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>marginheight\u003C\u002Fstrong> – height of the margin: \u003Ccode>[sitekit_iframe marginheight=\"0\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>marginwidth\u003C\u002Fstrong> – width of the margin: \u003Ccode>[sitekit_iframe marginwidth=\"0\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>allowtransparency\u003C\u002Fstrong> – allows to set transparency of the iframe: \u003Ccode>[sitekit_iframe allowtransparency=\"true\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>id\u003C\u002Fstrong> – allows to add the id of the iframe: \u003Ccode>[sitekit_iframe id=\"custom_id\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>class\u003C\u002Fstrong> – allows to add the class of the iframe: \u003Ccode>[sitekit_iframe class=\"custom_class\"]\u003C\u002Fcode>; by default class=”iframe-class”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>style\u003C\u002Fstrong> – allows to add the css styles of the iframe: \u003Ccode>[sitekit_iframe style=\"margin-left:-30px;\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>any_other_param\u003C\u002Fstrong> – allows to add new parameter of the iframe \u003Ccode>[sitekit_iframe any_other_param=\"any_value\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>any_other_empty_param\u003C\u002Fstrong> – allows to add new empty parameter of the iframe (like “allowfullscreen” on youtube) \u003Ccode>[sitekit_iframe any_other_empty_param=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Parameters for [sitekit_menu]:\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>[sitekit_menu]\u003C\u002Fcode> shortcode allows you to display a custom menu. It supports all the parameters of the WordPress \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_nav_menu\u002F\" rel=\"nofollow ugc\">wp_nav_menu()\u003C\u002Fa> function.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>menu\u003C\u002Fstrong> – The menu that should be displayed. Accepts (matching in order) id, slug, name. Default: empty. Example: \u003Ccode>[sitekit_menu menu=\"main-menu\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>container\u003C\u002Fstrong> – Whether to wrap the ul, and what to wrap it with. Default ‘div’. Example without a container: \u003Ccode>[sitekit_menu menu=\"main-menu\" container=\"\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>container_class\u003C\u002Fstrong> – The class that is applied to the container. Default ‘menu-{menu slug}-container’. Example: \u003Ccode>[sitekit_menu menu=\"main-menu\" container_class=\"custom-container\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>container_id\u003C\u002Fstrong> – The ID that is applied to the container. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>menu_class\u003C\u002Fstrong> – CSS class to use for the ul element which forms the menu. Default ‘menu’.  Example: \u003Ccode>[sitekit_menu menu=\"main-menu\" menu_class=\"custom-menu\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>menu_id\u003C\u002Fstrong> – The ID that is applied to the ul element. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>echo\u003C\u002Fstrong> – Whether to echo the menu or return it. Default false.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>fallback_cb\u003C\u002Fstrong> – If the menu doesn’t exist, a callback function will fire. Default ‘wp_page_menu’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>before\u003C\u002Fstrong> – Text before the link markup. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>after\u003C\u002Fstrong> – Text after the link markup. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>link_before\u003C\u002Fstrong> – Text before the link text. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>link_after\u003C\u002Fstrong> – Text after the link text. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>items_wrap\u003C\u002Fstrong> – How the list items should be wrapped. Default \u003Ccode>\u003Cul id=\"%1$s\" class=\"%2$s\">%3$s\u003C\u002Ful>\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>depth\u003C\u002Fstrong> – How many levels of the hierarchy are to be included. 0 means all. Default 0. Example: \u003Ccode>[sitekit_menu menu=\"primary-menu\" depth=\"2\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>walker\u003C\u002Fstrong> – Custom walker object to use. Default empty.\u003C\u002Fli>\n\u003C\u002Ful>\n","Widgets: search, archives and categories. Shortcodes: archives, bloginfo, iframe and categories.",3000,54509,100,1,"2025-06-15T23:28:00.000Z","6.8.5","4.0","",[20,21,22,23,24],"archive","archives","search","widget","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsitekit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsitekit.2.0.zip",74,6,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32,46,57,68,80,92],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58229","sitekit-authenticated-contributor-stored-cross-site-scripting-3","Sitekit \u003C= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:35:06",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff1fd67c1-fbe8-4bad-a052-a73ad1c6e75d?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":51,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":52,"updated_date":53,"references":54,"days_to_patch":56},"CVE-2025-50047","sitekit-authenticated-contributor-stored-cross-site-scripting-2","Sitekit \u003C= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.9","2025-06-19 00:00:00","2025-06-25 17:53:11",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbd9b77fa-6de5-493e-978a-9957f44e32a1?source=api-prod",7,{"id":58,"url_slug":59,"title":60,"description":61,"plugin_slug":4,"theme_slug":37,"affected_versions":62,"patched_in_version":63,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":64,"updated_date":65,"references":66,"days_to_patch":56},"CVE-2025-30776","sitekit-authenticated-contributor-stored-cross-site-scripting","Sitekit \u003C= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.8","1.9","2025-03-27 00:00:00","2025-04-02 20:19:48",[67],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8bf73313-3612-400f-929e-958a06314a28?source=api-prod",{"id":69,"url_slug":70,"title":71,"description":72,"plugin_slug":4,"theme_slug":37,"affected_versions":73,"patched_in_version":74,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":75,"updated_date":76,"references":77,"days_to_patch":79},"CVE-2024-29111","sitekit-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Sitekit \u003C= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.6","1.7","2024-03-16 00:00:00","2024-03-20 20:46:24",[78],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F55797931-e2eb-4cd7-8de6-ded7e1a382a0?source=api-prod",5,{"id":81,"url_slug":82,"title":83,"description":84,"plugin_slug":4,"theme_slug":37,"affected_versions":85,"patched_in_version":86,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":87,"updated_date":88,"references":89,"days_to_patch":91},"CVE-2023-5071","sitekit-authenticated-contributor-stored-cross-site-scripting-via-sitekitiframe-shortcode","Sitekit \u003C= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe' shortcode","The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.4","1.5","2023-08-28 00:00:00","2024-01-22 19:56:02",[90],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F011c8a06-298e-4a53-9ef8-552585426d79?source=api-prod",148,{"id":93,"url_slug":94,"title":95,"description":96,"plugin_slug":4,"theme_slug":37,"affected_versions":97,"patched_in_version":98,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":87,"updated_date":88,"references":99,"days_to_patch":91},"CVE-2023-27628","sitekit-authenticated-contributor-stored-cross-site-scripting-via-sitekitiframe-shortcode-2","Sitekit \u003C= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe ' shortcode","The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sitekit_iframe' shortcode attributes in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.3","1.4",[100],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7f0be29a-7896-4166-a2a6-64f99d845236?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":102,"total_installs":103,"avg_security_score":104,"avg_patch_time_days":105,"trust_score":106,"computed_at":107},14,128040,81,396,66,"2026-04-03T19:58:09.592Z",[109,132,152,172,193],{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":11,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":14,"unpatched_count":130,"last_vuln_date":131,"fetched_at":30},"collapsing-archives","Collapsing Archives","3.0.8","robfelty","https:\u002F\u002Fprofiles.wordpress.org\u002Frobfelty\u002F","\u003Cp>Create collapsible archives by year or month. Features include: link to archive pages, display of individual posts and support for custom post-types.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>I use this plugin in my blog at http:\u002F\u002Fblog.robfelty.com\u003C\u002Fp>\n","This plugin uses Javascript to dynamically expand or collapse the set of months for each year and posts for each month in the archive listing of your  &hellip;",146200,82,21,"2026-02-12T03:41:00.000Z","6.9.4","2.8",[124,21,125,126,23],"accordion","collapse","sidebar","http:\u002F\u002Frobfelty.com\u002Fplugins\u002Fcollapsing-archives","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcollapsing-archives.3.0.8.zip",99,0,"2024-08-26 00:00:00",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":13,"num_ratings":142,"last_updated":143,"tested_up_to":121,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":149,"download_link":150,"security_score":151,"vuln_count":14,"unpatched_count":14,"last_vuln_date":29,"fetched_at":30},"compact-archives","Compact Archives","4.1.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The built-in WordPress archives widget is great for new blogs, but it doesn’t look as good for more established blogs like \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002F\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>. Compact Archives displays the monthly archive of posts in a more compact form rather than the usual long list. It can be shown as a compact block suitable for the body of an \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fwp-tutorials\u002Fhow-to-create-an-archives-page-in-wordpress\u002F\" rel=\"friend nofollow ugc\">archives page\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>2009: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec\n2008: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec\n2007: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>or in an even more compact form to fit a sidebar:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>2009: J F M A M J J A S O N D\n2008: J F M A M J J A S O N D\n2007: J F M A M J J A S O N D\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>or something in between:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>2009: 01 02 03 04 05 06 07 08 09 10 11 12\n2008: 01 02 03 04 05 06 07 08 09 10 11 12\n2007: 01 02 03 04 05 06 07 08 09 10 11 12\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Compact Archive plugin works seamlessly with \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fbeginners-guide\u002Fhow-to-use-the-new-wordpress-block-editor\u002F\" rel=\"friend nofollow ugc\">Gutenberg Block Editor\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-disable-gutenberg-and-keep-the-classic-editor-in-wordpress\u002F\" rel=\"friend nofollow ugc\">Classic Editor\u003C\u002Fa>, and WordPress widgets.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers with the most popular conversion optimization plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best Drag & Drop WordPress Form plugin (over 1 million active installs).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – See the Stats that Matter and Grow Your Business with Confidence. Best Google Analytics Plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Jumpstart your website with the #1 Coming Soon & Maintenance Mode Plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa> to learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress Tutorials\u003C\u002Fa> and find out about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Like all plugins, Compact Archives is only available for self-hosted WordPress sites. So YES you need to \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwp-tutorials\u002Fhow-to-properly-move-your-blog-from-wordpress-com-to-wordpress-org\u002F\" title=\"switch from WordPress.com to WordPress.org\" rel=\"nofollow ugc\">switch from WordPress.com to WordPress.org\u003C\u002Fa> in order to use this plugin on your WordPress site. For more details, see the infographic on \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fbeginners-guide\u002Fself-hosted-wordpress-org-vs-free-wordpress-com-infograph\u002F\" title=\"Self Hosted WordPress.org vs free WordPress.com\" rel=\"nofollow ugc\">Self hosted WordPress.org vs Free WordPress.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you like this plugin, then please leave a good rating. For support just ask the questions here in the support forum.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin was originally created by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Frobmarsh\u002F\" rel=\"nofollow ugc\">Rob Marsh\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Faldolat\u002F\" rel=\"nofollow ugc\">Aldolat\u003C\u002Fa> added a widget for it. WPBeginner adopted the plugin and took the responsibility of keeping it updated.\u003C\u002Fp>\n","Displays a smart monthly archive of posts in a more compact form rather than the default long archive widget.",2000,54159,9,"2026-02-16T19:51:00.000Z","4.8","5.6",[20,21,147,23,148],"monthly-archive","yearly-archive","http:\u002F\u002Fwww.wpbeginner.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcompact-archives.4.1.1.zip",78,{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":140,"downloaded":160,"rating":161,"num_ratings":28,"last_updated":162,"tested_up_to":163,"requires_at_least":164,"requires_php":165,"tags":166,"homepage":169,"download_link":170,"security_score":171,"vuln_count":130,"unpatched_count":130,"last_vuln_date":37,"fetched_at":30},"expanding-archives","Expanding Archives","2.1.0","Ashley","https:\u002F\u002Fprofiles.wordpress.org\u002Fnosegraze\u002F","\u003Cp>Expanding Archives adds a widget that shows your old posts in an expandable\u002Fcollapsible format. Each post is categorized under its year and month, so you can expand all the posts in a given month and year.\u003C\u002Fp>\n\u003Cp>This plugin comes with very minimal CSS styling so you can easily customize it to match your design.\u003C\u002Fp>\n\u003Cp>JavaScript is required. No IE support.\u003C\u002Fp>\n","This plugin adds a new widget where you can view your old posts by expanding certain years and months.",22798,94,"2024-03-23T14:55:00.000Z","6.4.8","3.0","7.4",[21,167,168,126,23],"navigation","posts","https:\u002F\u002Fshop.nosegraze.com\u002Fproduct\u002Fexpanding-archives\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpanding-archives.zip",85,{"slug":173,"name":174,"version":175,"author":176,"author_profile":177,"description":178,"short_description":179,"active_installs":180,"downloaded":181,"rating":13,"num_ratings":182,"last_updated":183,"tested_up_to":16,"requires_at_least":184,"requires_php":145,"tags":185,"homepage":191,"download_link":192,"security_score":13,"vuln_count":130,"unpatched_count":130,"last_vuln_date":37,"fetched_at":30},"elemendas-addons","Elemendas Addons","2.3.3.1","Santiago Becerra","https:\u002F\u002Fprofiles.wordpress.org\u002Fsanbec\u002F","\u003Cp>This plugin is an addon for Elementor.\u003C\u002Fp>\n\u003Cp>It adds the \u003Cstrong>\u003Cem>Search Results Title\u003C\u002Fem>\u003C\u002Fstrong> and the \u003Cstrong>\u003Cem>Search Results Highlight\u003C\u002Fem>\u003C\u002Fstrong> widget to the Search Results Archive. This widgets allows you to show the number of posts containing the search query, and to highlight the search query string within the results.\u003C\u002Fp>\n\u003Cp>You can customize the message according to the number of results obtained:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For no result,\u003C\u002Fli>\n\u003Cli>for a single result and\u003C\u002Fli>\n\u003Cli>for more than one result.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can choose many alternatives to highlight the search string:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Quotation marks\u003C\u002Fli>\n\u003Cli>Highlighter\u003C\u002Fli>\n\u003Cli>Underline\u003C\u002Fli>\n\u003Cli>and the typical color and typography controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: The Search Results widgets need Elementor Pro, as they act on a page of the theme builder-\u003C\u002Fp>\n\u003Cp>In addition to the above widgets, this plugin is constantly expanding, and now has these other widgets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Leaf List, a widget that transforms a simple list into a plant where each item is a leaf.\u003C\u002Fli>\n\u003Cli>3D Carousel, an image carousel that rotates in three dimensions, with lightbox and hover effects.\u003C\u002Fli>\n\u003Cli>Fancy Nav Menu: Modifies the Nav Menu from Elementor Pro to add custom icons and custom colors to each menu item individually.\u003C\u002Fli>\n\u003C\u002Ful>\n","This addon for Elementor allows you to display the number of results of the search query, as well as to highlight the searched string in the results.",60,2785,4,"2025-04-20T18:08:00.000Z","5.0",[186,187,188,189,190],"carousel","elementor","elementor-widgets","menu","search-results","https:\u002F\u002Felemendas.com\u002Felemendas-addons\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Felemendas-addons.2.3.3.1.zip",{"slug":194,"name":195,"version":196,"author":197,"author_profile":198,"description":199,"short_description":200,"active_installs":201,"downloaded":202,"rating":130,"num_ratings":130,"last_updated":203,"tested_up_to":204,"requires_at_least":6,"requires_php":18,"tags":205,"homepage":209,"download_link":210,"security_score":171,"vuln_count":130,"unpatched_count":130,"last_vuln_date":37,"fetched_at":30},"results-count","Results count","0.5","mat8iou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmat8iou\u002F","\u003Cp>Results-Count is a very simple plugin that does exactly what it says on the tin & will count the number of posts that result from operations in WordPress such as a search, viewing a category, or viewing a monthly archive etc.\u003Cbr \u002F>\nThe purpose of the plugin is to allow you to insert text at the top of your archive & search results pages saying something like: results: 1-10 of 43. It serves the dual purpose of showing the number of results, as well as showing what page you are currently on within those results.\u003C\u002Fp>\n\u003Cp>For an example of the plugin in use, look at the top of any of the archive or category pages at:\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.elginism.com\u002F e.g. http:\u002F\u002Fwww.elginism.com\u002Farchives\u002Facropolis\u002F\u003C\u002Fp>\n\u003Cp>If you have any queries or find bugs, could you please contact me via the contact form on http:\u002F\u002Fwww.elginism.com\u003C\u002Fp>\n\u003Ch4>Revision history\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Version 0.5\u003Cbr \u002F>\nFixes possible XSS vulnerability.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version 0.4.2\u003Cbr \u002F>\nAdds support for Author archives.\u003Cbr \u002F>\nFixes bug where output does not display correctly when there are over 999 results.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version 0.4.1\u003Cbr \u002F>\nFixes incorrect display for single day archive pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version 0.4\u003Cbr \u002F>\nAlters the text when there is only a single result on the page.\u003Cbr \u002F>\nCorrects bug so that the correct text displays when there is only a single page of results.\u003Cbr \u002F>\nDisplays correct text when a year archive is shown rather than a month.\u003Cbr \u002F>\nTidied up text to fix some grammatical errors.\u003Cbr \u002F>\nVarious non-critical bugs fixed & old code tidied up.\u003Cbr \u002F>\nComments added in the html output to help error tracing, identifying the code produced by the plugin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version 0.3\u003Cbr \u002F>\nAdds compatibility with tags (introduced in WordPress 2.3), so headers will now show up for tag archive results.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version 0.2\u003Cbr \u002F>\nUpdates the plugin to work with version 2.3 & higher of WordPress.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Version 0.1\u003Cbr \u002F>\nInitial public release of the code in plugin form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","When you search in Google, it tells you at the start how many results you have & what page you are on in the results. The Results Count plugin giv &hellip;",40,4693,"2010-08-14T15:54:00.000Z","3.0.5",[21,206,207,22,208],"count","results","tags","http:\u002F\u002Fwww.mtaylor.co.uk\u002Fdevelopment\u002Fresultscount","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresults-count.zip",{"attackSurface":212,"codeSignals":302,"taintFlows":412,"riskAssessment":413,"analyzedAt":427},{"hooks":213,"ajaxHandlers":270,"restRoutes":271,"shortcodes":272,"cronEvents":301,"entryPointCount":28,"unprotectedCount":130},[214,220,224,227,232,236,240,244,248,252,257,261,265],{"type":215,"name":216,"callback":217,"file":218,"line":219},"action","admin_menu","sitekit_menu","inc\\sitekit-settings.php",16,{"type":215,"name":221,"callback":222,"file":218,"line":223},"admin_init","sitekit_admin_init",31,{"type":215,"name":221,"callback":225,"file":218,"line":226},"sitekit_settings_init",39,{"type":215,"name":228,"callback":229,"file":230,"line":231},"widgets_init","sitekit_archives_register_widget","inc\\sitekit-widget-archives.php",213,{"type":215,"name":228,"callback":233,"file":234,"line":235},"sitekit_categories_register_widget","inc\\sitekit-widget-categories.php",212,{"type":215,"name":228,"callback":237,"file":238,"line":239},"sitekit_posts_register_widget","inc\\sitekit-widget-posts.php",271,{"type":215,"name":228,"callback":241,"file":242,"line":243},"sitekit_search_register_widget","inc\\sitekit-widget-search.php",115,{"type":215,"name":245,"callback":246,"file":247,"line":151},"wp_head","sitekit_wp_head","sitekit.php",{"type":215,"name":249,"callback":250,"file":247,"line":251},"wp_footer","sitekit_wp_footer",95,{"type":253,"name":254,"callback":255,"file":247,"line":256},"filter","mce_external_plugins","sitekit_add_tinymce_plugin",108,{"type":253,"name":258,"callback":259,"file":247,"line":260},"mce_buttons","sitekit_register_my_tc_button",109,{"type":215,"name":262,"callback":263,"file":247,"line":264},"admin_head","sitekit_add_tinymce_button",112,{"type":253,"name":266,"callback":267,"priority":268,"file":247,"line":269},"plugin_row_meta","sitekit_plugin_row_meta",10,137,[],[],[273,278,282,287,292,296],{"tag":274,"callback":275,"file":276,"line":277},"sitekit_archives","sitekit_shortcode_archives","inc\\sitekit-shortcode-archives.php",84,{"tag":279,"callback":280,"file":281,"line":142},"sitekit_bloginfo","sitekit_shortcode_bloginfo","inc\\sitekit-shortcode-bloginfo.php",{"tag":283,"callback":284,"file":285,"line":286},"sitekit_categories","sitekit_shortcode_categories","inc\\sitekit-shortcode-categories.php",29,{"tag":288,"callback":289,"file":290,"line":291},"sitekit_iframe","sitekit_shortcode_iframe","inc\\sitekit-shortcode-iframe.php",44,{"tag":217,"callback":293,"file":294,"line":295},"sitekit_shortcode_menu","inc\\sitekit-shortcode-menu.php",61,{"tag":297,"callback":298,"file":299,"line":300},"sitekit_posts","sitekit_shortcode_posts","inc\\sitekit-shortcode-posts.php",63,[],{"dangerousFunctions":303,"sqlUsage":304,"outputEscaping":306,"fileOperations":130,"externalRequests":130,"nonceChecks":130,"capabilityChecks":407,"bundledLibraries":408},[],{"prepared":130,"raw":130,"locations":305},[],{"escaped":151,"rawEcho":307,"locations":308},58,[309,312,313,315,317,318,319,321,322,324,326,327,329,331,333,335,337,339,341,343,345,346,347,349,351,352,354,356,358,359,361,363,365,367,369,370,371,372,373,374,376,378,380,382,384,386,388,390,392,394,396,397,398,399,401,403,405,406],{"file":218,"line":310,"context":311},62,"raw output",{"file":218,"line":300,"context":311},{"file":218,"line":314,"context":311},70,{"file":218,"line":316,"context":311},71,{"file":218,"line":151,"context":311},{"file":218,"line":171,"context":311},{"file":218,"line":320,"context":311},97,{"file":230,"line":286,"context":311},{"file":230,"line":323,"context":311},32,{"file":230,"line":325,"context":311},59,{"file":230,"line":180,"context":311},{"file":230,"line":328,"context":311},65,{"file":230,"line":330,"context":311},69,{"file":230,"line":332,"context":311},73,{"file":230,"line":334,"context":311},111,{"file":230,"line":336,"context":311},118,{"file":230,"line":338,"context":311},128,{"file":230,"line":340,"context":311},135,{"file":230,"line":342,"context":311},146,{"file":230,"line":344,"context":311},153,{"file":234,"line":286,"context":311},{"file":234,"line":323,"context":311},{"file":234,"line":348,"context":311},43,{"file":234,"line":350,"context":311},45,{"file":234,"line":332,"context":311},{"file":234,"line":353,"context":311},80,{"file":234,"line":355,"context":311},90,{"file":234,"line":357,"context":311},101,{"file":234,"line":260,"context":311},{"file":234,"line":360,"context":311},117,{"file":234,"line":362,"context":311},124,{"file":234,"line":364,"context":311},131,{"file":234,"line":366,"context":311},138,{"file":234,"line":368,"context":311},145,{"file":238,"line":286,"context":311},{"file":238,"line":323,"context":311},{"file":238,"line":320,"context":311},{"file":238,"line":129,"context":311},{"file":238,"line":340,"context":311},{"file":238,"line":375,"context":311},142,{"file":238,"line":377,"context":311},152,{"file":238,"line":379,"context":311},163,{"file":238,"line":381,"context":311},170,{"file":238,"line":383,"context":311},177,{"file":238,"line":385,"context":311},184,{"file":238,"line":387,"context":311},191,{"file":238,"line":389,"context":311},198,{"file":238,"line":391,"context":311},205,{"file":242,"line":393,"context":311},28,{"file":242,"line":395,"context":311},30,{"file":242,"line":226,"context":311},{"file":242,"line":291,"context":311},{"file":242,"line":295,"context":311},{"file":242,"line":400,"context":311},68,{"file":247,"line":402,"context":311},51,{"file":247,"line":404,"context":311},64,{"file":247,"line":314,"context":311},{"file":247,"line":355,"context":311},2,[409],{"name":410,"version":37,"knownCves":411},"TinyMCE",[],[],{"summary":414,"deductions":415},"The \"sitekit\" plugin v2.0 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, all SQL queries use prepared statements, and there are no file operations or external HTTP requests, which are excellent security practices.  However, a significant concern is the output escaping, with only 57% of outputs being properly escaped. This leaves a substantial portion of the output vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not sufficiently sanitized before rendering. The lack of taint analysis results is also a neutral factor, meaning potential data flow vulnerabilities were not detected or analyzed in this instance.\n\nThe plugin's vulnerability history is a major red flag. With a total of 6 known CVEs, and one currently unpatched, this indicates a recurring pattern of security weaknesses. The historical focus on 'Improper Neutralization of Input During Web Page Generation' (XSS) directly correlates with the static analysis finding of poor output escaping. The fact that the last vulnerability was very recent (2025-09-22) and is still unpatched highlights an immediate and pressing risk. While the unpatched CVE is currently categorized as medium severity, multiple medium vulnerabilities can collectively pose a significant threat. The presence of bundled libraries like TinyMCE, while not inherently a vulnerability, can introduce risks if not maintained and updated diligently by the plugin developer.\n\nIn conclusion, while \"sitekit\" v2.0 demonstrates good practices in areas like database interaction and avoiding risky functions, the high number of historical vulnerabilities, particularly XSS, and the current unpatched medium vulnerability, alongside a concerning rate of unescaped output, present a substantial risk. The plugin developer needs to address these recurring security flaws promptly and thoroughly, especially the output escaping issues and the unpatched CVE.",[416,419,422,424],{"reason":417,"points":418},"Unpatched CVE",15,{"reason":420,"points":421},"Low output escaping rate",8,{"reason":423,"points":79},"6 total known CVEs",{"reason":425,"points":426},"Bundled library (TinyMCE)",3,"2026-03-16T18:26:28.513Z",{"wat":429,"direct":438},{"assetPaths":430,"generatorPatterns":432,"scriptPaths":433,"versionParams":435},[431],"\u002Fwp-content\u002Fplugins\u002Fsitekit\u002Fcss\u002Fsitekit.css",[],[434],"\u002Fwp-content\u002Fplugins\u002Fsitekit\u002Fjs\u002Ftinymce.js",[436,437],"sitekit\u002Fstyle.css?ver=","sitekit.css?ver=",{"cssClasses":439,"htmlComments":441,"htmlAttributes":450,"restEndpoints":452,"jsGlobals":453,"shortcodeOutput":456},[440],"sitekit-archives",[442,443,444,445,446,447,448,449],"\u003C!-- Powered by Sitekit v.2.0 https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsitekit\u002F -->","\u003C!-- Sitekit head code -->","\u003C!-- End of Sitekit head code -->","\u003C!-- Sitekit Google Analytics code -->","\u003C!-- Google tag (gtag.js) -->","\u003C!-- End of Sitekit Google Analytics code -->","\u003C!-- Sitekit footer code -->","\u003C!-- End of Sitekit footer code -->",[451],"data-id",[],[454,455],"dataLayer","gtag",[457,458],"\u003Cp class=\"sitekit-archives\">\u003Cselect name=\"archive-dropdown\" onchange='document.location.href=this.options[this.selectedIndex].value;'>","\u003Coption value=\"\">"]