[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fo4AmU8WXkypHOqq5euiHzcW5isVpaYOSA7Clp8XzkuA":3,"$fKmi2aETvF5vEKo5dIAWAFZRMHNiWJ3On3B_gS3QzW7I":134,"$f5HcIipKApLDp2bLSbp3rjRT7sjn5IAx3L_9moGYMb5I":139},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":16,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":45,"crawl_stats":33,"alternatives":51,"analysis":72,"fingerprints":111},"slivery-extender","Slivery Extender","1.0.3","inpersttion","https:\u002F\u002Fprofiles.wordpress.org\u002Finpersttion\u002F","\u003Cp>For using this plugin you can use themes customizer quicker & more easily.\u003C\u002Fp>\n","For using this plugin you can use themes customizer quicker & more easily.",1000,20029,0,"2025-11-28T07:36:00.000Z","6.8.5","","5.6",[19,20],"kirki","silvery-extender","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslivery-extender.zip",99,1,"2024-02-26 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":6,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":24,"updated_date":39,"references":40,"days_to_patch":42,"patch_diff_files":43,"patch_trac_url":33,"research_status":33,"research_verified":44,"research_rounds_completed":13,"research_plan":33,"research_summary":33,"research_vulnerable_code":33,"research_fix_diff":33,"research_exploit_outline":33,"research_model_used":33,"research_started_at":33,"research_completed_at":33,"research_error":33,"poc_status":33,"poc_video_id":33,"poc_summary":33,"poc_steps":33,"poc_tested_at":33,"poc_wp_version":33,"poc_php_version":33,"poc_playwright_script":33,"poc_exploit_code":33,"poc_has_trace":44,"poc_model_used":33,"poc_verification_depth":33},"CVE-2024-27191","slivery-extender-authenticatedcontributor-remote-code-execution-via-shortcode","Slivery Extender \u003C= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode","The Slivery Extender plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the 'slider_theme_section' function. This is due to the use of call_user_func on one of the shortcode attributes. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.",null,"\u003C=1.0.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Generation of Code ('Code Injection')","2026-02-26 14:54:44",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fceb25a7b-da93-41eb-bae7-8bffa96f7a1c?source=api-prod",732,[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":42,"trust_score":49,"computed_at":50},17,1300,93,74,"2026-05-20T09:28:38.902Z",[52],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":13,"num_ratings":13,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":17,"tags":65,"homepage":16,"download_link":69,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":33,"fetched_at":71},"customize-kirki-variants","Customize Kirki Variants","1.0.2","Khoapq","https:\u002F\u002Fprofiles.wordpress.org\u002Fkhoapq\u002F","\u003Cp>Allow customize variants (font weights) for Kirki Typography field, Load All\u002FMultiple font style.\u003C\u002Fp>\n\u003Cp>This plugin is addon for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkirki\u002F\" rel=\"ugc\">\u003Cstrong>Kirki\u003C\u002Fstrong>\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Load All\u003C\u002Fstrong> – Load all variants\u002Ffont weights\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Variants\u003C\u002Fstrong> – Allow load any fonts & variants.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allow customize variants (font weights) for Kirki Typography field, Load All\u002FMultiple font style.",50,2673,"2019-05-18T10:22:00.000Z","5.2.24","4.8.2",[53,66,67,19,68],"font","font-weight","variants","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomize-kirki-variants.zip",85,"2026-04-06T09:54:40.288Z",{"attackSurface":73,"codeSignals":91,"taintFlows":98,"riskAssessment":99,"analyzedAt":110},{"hooks":74,"ajaxHandlers":82,"restRoutes":83,"shortcodes":84,"cronEvents":90,"entryPointCount":23,"unprotectedCount":13},[75],{"type":76,"name":77,"callback":78,"priority":79,"file":80,"line":81},"action","init","wpb_load_file",100,"inc\\customizer.php",3,[],[],[85],{"tag":86,"callback":87,"file":88,"line":89},"themesection","slider_theme_section","inc\\customize_option\\SFT_admin_side.php",39,[],{"dangerousFunctions":92,"sqlUsage":93,"outputEscaping":95,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":97},[],{"prepared":13,"raw":13,"locations":94},[],{"escaped":13,"rawEcho":13,"locations":96},[],[],[],{"summary":100,"deductions":101},"The slivery-extender v1.0.3 plugin presents a mixed security posture.  On one hand, the static analysis reveals excellent security practices within the analyzed code.  There are no identified dangerous functions, all SQL queries utilize prepared statements, and output escaping appears to be correctly implemented.  Furthermore, file operations and external HTTP requests are absent, minimizing common attack vectors.  However, a significant concern arises from the vulnerability history, which indicates a past critical vulnerability related to Code Injection.  While the plugin currently shows no unpatched CVEs, the existence of a past critical issue, especially one as severe as code injection, raises questions about the overall robustness of the security controls and the thoroughness of sanitization in previous versions or potentially in areas not covered by the static analysis. The limited attack surface, with only one shortcode and no unprotected AJAX or REST API endpoints, is a positive aspect.",[102,105,108],{"reason":103,"points":104},"Known past critical vulnerability",15,{"reason":106,"points":107},"Missing nonce checks",5,{"reason":109,"points":107},"Missing capability checks","2026-03-16T18:44:04.793Z",{"wat":112,"direct":117},{"assetPaths":113,"generatorPatterns":114,"scriptPaths":115,"versionParams":116},[],[],[],[],{"cssClasses":118,"htmlComments":119,"htmlAttributes":120,"restEndpoints":121,"jsGlobals":122,"shortcodeOutput":123},[],[],[],[],[],[124,125,126,127,128,129,130,131,132,133],"[themesection section=\"goldy_mex_featuredimage_slider\"]","[themesection section=\"goldy_mex_featured_section\"]","[themesection section=\"goldy_mex_our_portfolio_section\"]","[themesection section=\"goldy_mex_about_section\"]","[themesection section=\"goldy_mex_appointment_section\"]","[themesection section=\"goldy_mex_our_team_section\"]","[themesection section=\"goldy_mex_our_testimonial_section\"]","[themesection section=\"goldy_mex_cafe_pricing_plan_section\"]","[themesection section=\"goldy_mex_our_sponsors_section\"]","[themesection section=\"goldy_mex_services_section\"]",{"error":135,"url":136,"statusCode":137,"statusMessage":138,"message":138},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fslivery-extender\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":140},[]]