[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbkUA5vNV1E2emuCBr3lOCsRYTl497mMhQjWQoMaXc1U":3,"$flZuw1YKp3kMl1GOPYaGPl0StXXcqd7hYv56_oxVPV5c":310,"$fz17tf2KWgpfsJZfPilTAsq7NrhrFNUweUZEj3Y0sOUg":314},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":56,"analysis":130,"fingerprints":274},"skysa-text-ticker-app","Skysa Text Ticker App","1.4","Skysa","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidskysa\u002F","\u003Cp>The Skysa Text Ticker App displays a Ticker (Scrolling Message) of any text you choose. In the App Settings you can set how wide the ticker displays on your Skysa bar and the speed you want it to scroll. When the ticker is hovered over the tool tip shows the full text. If a Link URL has been set, the user will be directed to it when they click the scrolling message.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Zj1uGXX2xrk&hd=1\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fskysa-apps\" rel=\"ugc\">More Skysa App plugins\u003C\u002Fa> -|||- \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-official\u002F\" rel=\"ugc\">Skysa App Bar Integration plugin\u003C\u002Fa>\u003C\u002Fp>\n","Displays a Ticker (Scrolling Message) at the bottom of your site using any text you choose. The message can be clickable, directing to a URL.",10,4401,0,"2014-09-08T20:47:00.000Z","4.0.38","2.7","",[19,20,21,22,23],"message-ticker","skysa","skysa-apps","text-ticker","ticker","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-text-ticker-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskysa-text-ticker-app.zip",63,1,"2026-05-11 19:04:42","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2026-6710","skysa-text-ticker-app-cross-site-request-forgery-to-settings-modification-via-save-settings-form","Skysa Text Ticker App \u003C= 1.4 - Cross-Site Request Forgery to Settings Modification via 'Save Settings' Form","The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaApps_Admin_AppPage function. This makes it possible for unauthenticated attackers to trick a site administrator into making a forged request to modify the plugin's settings, including the scrolling message text and URL, via a forged cross-site request via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-05-12 07:48:27",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbcd5b83a-7d51-455b-bb31-dd776264fc6b?source=api-prod",[],false,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"davidskysa",11,110,84,4439,68,"2026-05-20T08:07:07.779Z",[57,72,86,99,116],{"slug":58,"name":59,"version":60,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"skysa-announcements-app","Skysa Announcements App","1.10","\u003Cp>Alert your website visitors when you have an announcement for them. The Announcements app allows you to add announcement notices which can display automatically for people who have not yet viewed that announcement. Set how long you want each announcement you add to display and have multiple announcements active at a time.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Zj1uGXX2xrk&hd=1\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fskysa-apps\" rel=\"ugc\">More Skysa App plugins\u003C\u002Fa> -|||- \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-official\u002F\" rel=\"ugc\">Skysa App Bar Integration plugin\u003C\u002Fa>\u003C\u002Fp>\n","Post pop-up ajax announcements for your site visitors. Rich content, announcement experation date and many other announcement options.",8169,"2014-09-08T20:32:00.000Z",[66,67,68,20,21],"announcement","announcements","notice","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-announcements-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskysa-announcements-app.zip",85,{"slug":73,"name":74,"version":6,"author":7,"author_profile":8,"description":75,"short_description":76,"active_installs":11,"downloaded":77,"rating":78,"num_ratings":27,"last_updated":79,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":80,"homepage":84,"download_link":85,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"skysa-google-1-app","Skysa Google +1 App","\u003Cp>Let a visitor share your pages and content with friends on Google Plus with this Google Plus One button which floats at the bottom of your pages on the Skysa App Bar. Google Plus is a social network which connects all people who have a Google account. When a user clicks a Google Plus One button on your site, they will not only share the page with their friends on Google Plus, but it will also affect Google search results for the shared page.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Zj1uGXX2xrk&hd=1\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fskysa-apps\" rel=\"ugc\">More Skysa App plugins\u003C\u002Fa> -|||- \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-official\u002F\" rel=\"ugc\">Skysa App Bar Integration plugin\u003C\u002Fa>\u003C\u002Fp>\n","A Google +1 button which you can configure to share any page on your site.",3217,80,"2014-09-08T20:42:00.000Z",[81,82,83,20,21],"google","google-plus","plus","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-google-1-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskysa-google-1-app.zip",{"slug":87,"name":88,"version":6,"author":7,"author_profile":8,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":93,"homepage":97,"download_link":98,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"skysa-pinterest-pin-it-app","Skysa Pinterest “Pin It” App","\u003Cp>Pinterest is one of the hottest places for sharing images. The Skysa Pinterest Pin It App allows your site visitors to easily pin images from any page of your site by adding a customizable Pinterest Pin It button at the bottom of your site.\u003C\u002Fp>\n\u003Cp>The Pin It button is customizable allowing you to choose the Pin It button icon (this defaults to a simple Pinterest logo) and change the Pin It text.\u003C\u002Fp>\n\u003Cp>Images pinned from your website on Pinterest automatically link back to your site from Pinterest increasing your site traffic.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Zj1uGXX2xrk&hd=1\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fskysa-apps\" rel=\"ugc\">More Skysa App plugins\u003C\u002Fa> -|||- \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-official\u002F\" rel=\"ugc\">Skysa App Bar Integration plugin\u003C\u002Fa>\u003C\u002Fp>\n","Let people share (pin) images from any page of your site on Pinterest",5058,"2014-09-08T20:44:00.000Z",[94,95,96,20,21],"pin-it","pin-to-pinterest","pinterest","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-pinterest-pin-it-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskysa-pinterest-pin-it-app.zip",{"slug":100,"name":101,"version":102,"author":7,"author_profile":8,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":109,"homepage":113,"download_link":114,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":115},"skysa-polls-app","Skysa Polls App","1.8","\u003Cp>The Skysa Polls App allows your members to vote on hot topics which you create. Easily add and delete polls. Set the way the dynamic polls ajax window displays; set the polls window position, poll window size and poll window title.\u003C\u002Fp>\n\u003Ch4>Key features of the Skysa Polls App include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Have multiple polls running at the same time, the app pages to allow users to see previous polls\u003C\u002Fli>\n\u003Cli>Voting poll history, go back and view previous poll results\u003C\u002Fli>\n\u003Cli>Poll closing after a customizable expiration date\u003C\u002Fli>\n\u003Cli>Auto pop up for new polls for users who have not yet seen that poll\u003C\u002Fli>\n\u003Cli>Poll display and poll voting are both a compeletly smooth Ajax expirence\u003C\u002Fli>\n\u003Cli>Persistant location, accessible from a Skysa App Bar at the bottom of your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Zj1uGXX2xrk&hd=1\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fskysa-apps\" rel=\"ugc\">More Skysa App plugins\u003C\u002Fa> -|||- \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-official\u002F\" rel=\"ugc\">Skysa App Bar Integration plugin\u003C\u002Fa>\u003C\u002Fp>\n","Add multiple polls to your website. Automatically popup new polls in an ajax window if a user has not yet seen that poll.",8807,70,2,"2014-09-08T20:45:00.000Z",[110,111,20,21,112],"poll","polls","survey","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-polls-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskysa-polls-app.zip","2026-03-15T15:16:48.613Z",{"slug":117,"name":118,"version":6,"author":7,"author_profile":8,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":122,"num_ratings":107,"last_updated":123,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":124,"homepage":128,"download_link":129,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"skysa-rss-reader-app","Skysa RSS Reader App","\u003Cp>The Skysa RSS Reader is a simple RSS reader for your site. You can choose how many RSS feed items to display and how much text to show in the preview. You also have the option of linking to the RSS feed source articles or allowing the preview to be expanded right on your site.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Zj1uGXX2xrk&hd=1\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fskysa-apps\" rel=\"ugc\">More Skysa App plugins\u003C\u002Fa> -|||- \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-official\u002F\" rel=\"ugc\">Skysa App Bar Integration plugin\u003C\u002Fa>\u003C\u002Fp>\n","Display interactive summaries from an RSS (or Atom) feed in a dynamic ajax window on your site; customizable RSS feed app button.",7554,60,"2014-09-08T20:46:00.000Z",[125,126,127,20,21],"atom","rss","rss-reader","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-rss-reader-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskysa-rss-reader-app.zip",{"attackSurface":131,"codeSignals":157,"taintFlows":211,"riskAssessment":257,"analyzedAt":273},{"hooks":132,"ajaxHandlers":146,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":107,"unprotectedCount":107},[133,139,142],{"type":134,"name":135,"callback":136,"priority":50,"file":137,"line":138},"action","wp_print_footer_scripts","SkysaApps_Output","skysa-required\u002Findex.php",103,{"type":134,"name":140,"callback":136,"priority":50,"file":137,"line":141},"wp_footer",105,{"type":134,"name":143,"callback":144,"priority":50,"file":137,"line":145},"admin_menu","SkysaApps_Admin",109,[147,151],{"action":148,"nopriv":47,"callback":149,"hasNonce":47,"hasCapCheck":47,"file":137,"line":150},"skysa_appload","SkysaApps_Ajax",111,{"action":148,"nopriv":152,"callback":149,"hasNonce":47,"hasCapCheck":47,"file":137,"line":153},true,112,[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":162,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":210},[],{"prepared":160,"raw":13,"locations":161},4,[],{"escaped":27,"rawEcho":163,"locations":164},22,[165,169,171,173,175,177,178,180,182,184,185,187,189,191,193,195,197,199,200,202,204,207],{"file":166,"line":167,"context":168},"skysa-required\u002Fadmin.php",104,"raw output",{"file":166,"line":170,"context":168},181,{"file":166,"line":172,"context":168},190,{"file":166,"line":174,"context":168},239,{"file":166,"line":176,"context":168},307,{"file":166,"line":176,"context":168},{"file":166,"line":179,"context":168},313,{"file":166,"line":181,"context":168},361,{"file":166,"line":183,"context":168},455,{"file":166,"line":183,"context":168},{"file":166,"line":186,"context":168},462,{"file":166,"line":188,"context":168},487,{"file":166,"line":190,"context":168},542,{"file":166,"line":192,"context":168},543,{"file":166,"line":194,"context":168},545,{"file":166,"line":196,"context":168},551,{"file":166,"line":198,"context":168},619,{"file":166,"line":198,"context":168},{"file":166,"line":201,"context":168},624,{"file":166,"line":203,"context":168},650,{"file":205,"line":206,"context":168},"skysa-required\u002Fajax.php",179,{"file":208,"line":209,"context":168},"skysa-required\u002Foutput.php",160,[],[212,227,236,247],{"entryPoint":213,"graph":214,"unsanitizedCount":27,"severity":39},"SkysaApps_Admin_DrawTabs (skysa-required\u002Fadmin.php:168)",{"nodes":215,"edges":225},[216,220],{"id":217,"type":218,"label":219,"file":166,"line":172},"n0","source","$_GET['page']",{"id":221,"type":222,"label":223,"file":166,"line":172,"wp_function":224},"n1","sink","echo() [XSS]","echo",[226],{"from":217,"to":221,"sanitized":47},{"entryPoint":228,"graph":229,"unsanitizedCount":107,"severity":39},"SkysaApps_Admin_AppPage (skysa-required\u002Fadmin.php:197)",{"nodes":230,"edges":234},[231,233],{"id":217,"type":218,"label":232,"file":166,"line":181},"$_GET['page'] (x2)",{"id":221,"type":222,"label":223,"file":166,"line":181,"wp_function":224},[235],{"from":217,"to":221,"sanitized":47},{"entryPoint":237,"graph":238,"unsanitizedCount":245,"severity":246},"\u003Cadmin> (skysa-required\u002Fadmin.php:0)",{"nodes":239,"edges":243},[240,242],{"id":217,"type":218,"label":241,"file":166,"line":172},"$_GET['page'] (x3)",{"id":221,"type":222,"label":223,"file":166,"line":172,"wp_function":224},[244],{"from":217,"to":221,"sanitized":47},3,"low",{"entryPoint":248,"graph":249,"unsanitizedCount":27,"severity":246},"\u003Cajax> (skysa-required\u002Fajax.php:0)",{"nodes":250,"edges":255},[251,254],{"id":217,"type":218,"label":252,"file":205,"line":253},"$_GET",54,{"id":221,"type":222,"label":223,"file":205,"line":206,"wp_function":224},[256],{"from":217,"to":221,"sanitized":47},{"summary":258,"deductions":259},"The skysa-text-ticker-app plugin version 1.4 exhibits a concerning security posture primarily due to its unprotected entry points. While it shows strengths in SQL query handling and avoiding dangerous functions or external requests, the presence of two AJAX handlers without authentication checks represents a significant risk. This lack of authorization means that any unauthenticated user could potentially interact with these handlers, opening the door to various attacks depending on their functionality.\n\nThe taint analysis indicates that all analyzed flows involve unsanitized paths, which is a critical concern. Although no specific vulnerabilities were flagged as critical or high in the taint analysis, this finding suggests a high likelihood of potential vulnerabilities if these unsanitized paths are exposed to user input. The absence of known CVEs is positive, but it does not negate the inherent risks identified in the code analysis.\n\nIn conclusion, the plugin has some good security practices, such as using prepared statements for SQL. However, the critical weakness lies in the unprotected AJAX endpoints and the presence of unsanitized paths in taint flows. This combination presents a notable security risk that should be addressed by implementing proper authentication and sanitization mechanisms. The plugin's history of no known vulnerabilities might be due to its limited exposure or the fact that the identified weaknesses haven't been exploited yet.",[260,262,265,268,271],{"reason":261,"points":11},"Unprotected AJAX handlers",{"reason":263,"points":264},"Flows with unsanitized paths",15,{"reason":266,"points":267},"Low output escaping coverage",5,{"reason":269,"points":270},"Missing nonce checks on AJAX",7,{"reason":272,"points":267},"Missing capability checks","2026-04-16T12:24:06.929Z",{"wat":275,"direct":282},{"assetPaths":276,"generatorPatterns":279,"scriptPaths":280,"versionParams":281},[277,278],"\u002Fwp-content\u002Fplugins\u002Fskysa-text-ticker-app\u002Fjs\u002Fmodjs\u002Fticker.js","\u002Fwp-content\u002Fplugins\u002Fskysa-text-ticker-app\u002Fcss\u002Fapps\u002Fticker.css",[],[],[],{"cssClasses":283,"htmlComments":289,"htmlAttributes":296,"restEndpoints":304,"jsGlobals":305,"shortcodeOutput":308},[284,285,286,287,288],"bar-button","SKYUI-menuoff","SKYUI-Mod-Button-Ticker","label","label-inner",[290,291,292,293,294,295],"*************************************************************\n*                 This app was made using the:              *\n*                       Skysa App SDK                       *\n*    http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fskysa-app-sdk\u002F     *\n*************************************************************","This program is free software; you can redistribute it and\u002For\nmodify it under the terms of the GNU General Public License\nas published by the Free Software Foundation; either version 2\nof the License, or (at your option) any later version.","This program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.","You should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin Street, Fifth Floor, Boston,\nMA  02110-1301, USA.","Make sure we don't expose any info if called directly","Skysa App plugins require the skysa-req subdirectory,\nand the index file in that directory to be included.\nHere is where we make sure it is included in the project.",[297,298,299,300,301,302,303],"id=\"$button_id\"","class=\"bar-button SKYUI-menuoff SKYUI-Mod-Button-Ticker\"","speed=\"$app_option1\"","name=\"Text Ticker App (WordPress)\"","class=\"label\"","style=\"width: $app_option2; display: block; overflow: hidden;\"","class=\"label-inner\"",[],[306,307],"var clickURL","S.on('click',function(){if(clickURL.search(window.location.host) != -1){window.location.href = clickURL;}else{window.open(clickURL);}});",[309],"\u003Cdiv id=\"$button_id\" class=\"bar-button SKYUI-menuoff SKYUI-Mod-Button-Ticker\" speed=\"$app_option1\" name=\"Text Ticker App (WordPress)\">\u003Cspan class=\"label\" style=\"width: $app_option2; display: block; overflow: hidden;\">\u003Cspan class=\"label-inner\">$app_data\u003C\u002Fspan>\u003C\u002Fspan>\u003C\u002Fdiv>",{"error":152,"url":311,"statusCode":312,"statusMessage":313,"message":313},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fskysa-text-ticker-app\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":315},[]]