[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8yCIVsxXr1yNEcXxSHKS2UIfoyB_vpGMGVDJx8E8rSU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":52,"analysis":166,"fingerprints":316},"sloth-logo-customizer","Sloth Logo Customizer","2.0.2","ammar.shahraki","https:\u002F\u002Fprofiles.wordpress.org\u002Fammarshahraki\u002F","\u003Cp>Sloth Logo customizer changes the wordpress logo on the login page and enable you to change the support string and url on the blog info widget.\u003C\u002Fp>\n\u003Cp>Major features of Blog Post filter include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support Multisite: It supports single or multisite installation of wordpress. In multisite installation site admin could allow blogs to change logo and signature or not.\u003C\u002Fli>\n\u003Cli>Simplicity: In contrast with similar plugin this plugin is very simple and easy to use.\u003C\u002Fli>\n\u003Cli>Efficiency: The plugin has a minimum processing overhead on the site.\u003C\u002Fli>\n\u003Cli>Multilingual: Supports Persian and English admin page translation.\u003C\u002Fli>\n\u003C\u002Ful>\n","Sloth Logo customizer changes the wordpress logo on the login page and enable you to change the support string and url on the blog info widget.",0,1319,"2020-04-02T12:26:00.000Z","5.4.19","4.2.4","",[18,19,20,21,22],"login","login-page","logo","support-url","suppot","http:\u002F\u002Flogo-customizer.sloth.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsloth-logo-customizer.zip",64,1,"2023-04-17 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2023-0603","sloth-logo-customizer-cross-site-request-forgery-to-stored-cross-site-scripting","Sloth Logo Customizer \u003C= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Sloth Logo Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the setting() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.0.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F974f14e8-1a59-4ba5-8806-b4d8b135315e?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"ammarshahraki",2,300,75,30,77,"2026-04-05T09:46:05.091Z",[53,77,98,124,142],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":35,"fetched_at":28},"bm-custom-login","WP Custom Login","3.0.0","Teydea Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fteydeastudio\u002F","\u003Cp>\u003Cstrong>WP Custom Login lets you fully customize the WordPress login page to match your brand identity.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Whether you run a single site or a multisite network, this plugin gives you control over every visual element of the login screen — from the logo and background to form fields, buttons, links, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key benefits:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adjust colors, fonts, spacing, and layout of every login page element without writing CSS.\u003C\u002Fli>\n\u003Cli>Add your logo, social media links, and custom footer to create a branded login experience.\u003C\u002Fli>\n\u003Cli>Support for multilingual sites with per-language text customization for labels, buttons, and notices.\u003C\u002Fli>\n\u003Cli>Works with WordPress multisite networks for consistent branding across all sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP Custom Login is a good fit for freelancers, agencies, and organizations that want a professional, branded login page. It includes a live preview in the admin settings, so you can see your changes before they go live.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwpcustomlogin.com\u002F?utm_source=WP+Custom+Login\" rel=\"nofollow ugc\">wpcustomlogin.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Body background color\u003C\u002Fstrong> — Set a custom background color for the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom logo\u003C\u002Fstrong> — Replace the WordPress logo with your site icon or a custom image, and configure its link URL and alignment.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form container styling\u003C\u002Fstrong> — Customize the form background color, border radius, padding, box shadow, and alignment.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Label styling\u003C\u002Fstrong> — Adjust font size, weight, letter case, spacing, text color, and toggle label visibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Input field styling\u003C\u002Fstrong> — Set background colors, borders, padding, font, shadow, and placeholder text for normal, hover, and focus states.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checkbox styling\u003C\u002Fstrong> — Apply custom colors to the login form checkboxes and checkmark icon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Primary button styling\u003C\u002Fstrong> — Customize colors, font, size, width, alignment, shadow, and per-language button labels.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secondary button styling\u003C\u002Fstrong> — Configure colors, font, border, and per-language labels for secondary buttons.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notice and error styling\u003C\u002Fstrong> — Set colors for error, notice, and success messages, and add a custom persistent notice with per-language text.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Under-form links\u003C\u002Fstrong> — Customize link colors, separator, disable the “Back to” link, or add custom links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social media icons\u003C\u002Fstrong> — Display up to 23 social media icon links (Facebook, X, Instagram, LinkedIn, YouTube, GitHub, and more), placed before the form, after the form, or in the footer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy link\u003C\u002Fstrong> — Show or hide the privacy policy link and set its color.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Language switcher\u003C\u002Fstrong> — Show or hide the WordPress language switcher and adjust its icon color and spacing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom footer\u003C\u002Fstrong> — Add a footer with configurable text, font, color, and alignment.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom CSS\u003C\u002Fstrong> — Add your own CSS for additional styling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live preview\u003C\u002Fstrong> — See your changes in real time within the admin settings page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable autofocus\u003C\u002Fstrong> — Turn off the default autofocus behavior on the login form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable error shake\u003C\u002Fstrong> — Turn off the shake animation on failed login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable autocomplete\u003C\u002Fstrong> — Prevent browsers from auto-filling the login form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-language text\u003C\u002Fstrong> — Customize labels, placeholders, button text, and notices for each language on multilingual sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Remember Me” customization\u003C\u002Fstrong> — Show or hide the “Remember Me” checkbox and set custom label text per language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpcustomlogin.com\u002F?utm_source=WP+Custom+Login\" rel=\"nofollow ugc\">Pre-designed templates\u003C\u002Fa>\u003C\u002Fstrong> — Choose from 20+ ready-made login page designs and apply them with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpcustomlogin.com\u002F?utm_source=WP+Custom+Login\" rel=\"nofollow ugc\">Advanced backgrounds\u003C\u002Fa>\u003C\u002Fstrong> — Use animated gradients, image slideshows, or split-screen layouts as your login page background.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpcustomlogin.com\u002F?utm_source=WP+Custom+Login\" rel=\"nofollow ugc\">Post-login redirects\u003C\u002Fa>\u003C\u002Fstrong> — Redirect users to specific pages after login based on their roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpcustomlogin.com\u002F?utm_source=WP+Custom+Login\" rel=\"nofollow ugc\">Premium support\u003C\u002Fa>\u003C\u002Fstrong> — Get direct support from the development team.\u003C\u002Fli>\n\u003C\u002Ful>\n","Customize the WordPress login screen with your own colors, logo, backgrounds, and form styles.",10000,512272,96,14,"2026-03-03T23:25:00.000Z","6.9.4","6.6","7.4",[70,71,72,73,19],"branding","custom-login","login-customizer","login-logo","https:\u002F\u002Fwpcustomlogin.com\u002F?utm_source=WP+Custom+Login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbm-custom-login.3.0.0.zip",100,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":61,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":66,"requires_at_least":89,"requires_php":16,"tags":90,"homepage":96,"download_link":97,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":35,"fetched_at":28},"my-wp-login-logo","My WordPress Login Logo","2.5.2","afsalrahim","https:\u002F\u002Fprofiles.wordpress.org\u002Fafsalrahim\u002F","\u003Cp>\u003Cstrong>My WordPress Login Logo\u003C\u002Fstrong> lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.\u003C\u002Fp>\n\u003Cp>It also allows you to specify the height and width of the logo. Apart from that you can also customize the login form by adding a custom message below login form and also provide some cool fade in effects for the login form. By adding your custom logo in your login page, you can make your website more professional and also impress the guest bloggers and other users who view these pages.\u003C\u002Fp>\n","My WordPress Login Logo lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.",182940,98,12,"2026-02-17T12:28:00.000Z","3.0.1",[91,92,93,94,95],"change-login-page-logo","custom-logo","login-page-logo","logo-changer","wordpress-login-logo","https:\u002F\u002Fafsal.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp-login-logo.2.5.2.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":11,"last_vuln_date":123,"fetched_at":28},"login-page-styler","Login Page Styler – Custom WordPress Login Page Customizer & Security","7.1.2","Zia Imtiaz","https:\u002F\u002Fprofiles.wordpress.org\u002Fzia-imtiaz\u002F","\u003Cp>\u003Cstrong>Login Page Styler\u003C\u002Fstrong> is a powerful WordPress plugin that allows you to completely customize and secure your WordPress login page.\u003C\u002Fp>\n\u003Cp>Create a professional branded login experience while improving login security and protecting your website from unauthorized access.\u003C\u002Fp>\n\u003Cp>Whether you want to change your login logo, background, login URL, or add reCAPTCHA protection, Login Page Styler makes it simple with an easy-to-use interface.\u003C\u002Fp>\n\u003Cp>Perfect for website owners, developers, agencies, and businesses that want a professional login page without coding.\u003C\u002Fp>\n\u003Cp>🔥 \u003Cstrong>Login Page Customization Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>• Custom WordPress login page design\u003Cbr \u002F>\n• Upload your own login logo\u003Cbr \u002F>\n• Custom login backgrounds (images, videos, gradients)\u003Cbr \u002F>\n• Pre-designed login page templates\u003Cbr \u002F>\n• Custom CSS and JavaScript support\u003Cbr \u002F>\n• Google Fonts support\u003Cbr \u002F>\n• Fully responsive login page design\u003C\u002Fp>\n\u003Cp>🔐 \u003Cstrong>Login Security Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>• Custom WordPress login URL\u003Cbr \u002F>\n• Google reCAPTCHA protection\u003Cbr \u002F>\n• Limit login attempts\u003Cbr \u002F>\n• IP address blocking\u003Cbr \u002F>\n• Region blocking\u003Cbr \u002F>\n• Login activity logs\u003Cbr \u002F>\n• Brute force attack protection\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Login Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Track login activity with detailed logs including:\u003C\u002Fp>\n\u003Cp>• User login time\u003Cbr \u002F>\n• User roles\u003Cbr \u002F>\n• IP address\u003Cbr \u002F>\n• Location data\u003Cbr \u002F>\n• Failed login attempts\u003C\u002Fp>\n\u003Cp>This helps administrators monitor suspicious login behavior.\u003C\u002Fp>\n\u003Cp>⚡ \u003Cstrong>Performance & Ease of Use\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>• Lightweight plugin\u003Cbr \u002F>\n• No coding required\u003Cbr \u002F>\n• Fast loading login pages\u003Cbr \u002F>\n• Beginner-friendly settings panel\u003Cbr \u002F>\n• Compatible with most WordPress themes\u003C\u002Fp>\n\u003Cp>🚀 \u003Cstrong>Why Use Login Page Styler\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A default WordPress login page looks generic and provides limited security options.\u003C\u002Fp>\n\u003Cp>Login Page Styler helps you:\u003C\u002Fp>\n\u003Cp>• Build trust with branded login pages\u003Cbr \u002F>\n• Improve website security\u003Cbr \u002F>\n• Prevent brute-force attacks\u003Cbr \u002F>\n• Monitor login activity\u003Cbr \u002F>\n• Customize login design easily\u003C\u002Fp>\n\u003Ch3>Upgrade to Pro\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Cstrong>Login Page Styler Pro\u003C\u002Fstrong> to unlock advanced features:\u003C\u002Fp>\n\u003Cp>• Premium login templates\u003Cbr \u002F>\n• Social login integration\u003Cbr \u002F>\n• Two-factor authentication\u003Cbr \u002F>\n• Advanced login security\u003Cbr \u002F>\n• Priority support\u003C\u002Fp>\n\u003Cp>👉 https:\u002F\u002Fpluginnestwp.website\u002F\u003C\u002Fp>\n","Customize and secure your WordPress login page with logo, backgrounds, templates, custom login URL, reCAPTCHA protection, and login activity logs — no &hellip;",3000,237870,86,174,"2026-03-08T15:20:00.000Z","6.7.5","4.0","5.3",[115,116,73,117,118],"custom-login-page","custom-login-url","login-page-customizer","wordpress-login-page","https:\u002F\u002Fpluginnestwp.website\u002Fcustom-login-page-styler\u002F\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-page-styler.7.1.2.zip",97,3,"2025-01-30 00:00:00",{"slug":91,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":76,"num_ratings":26,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":139,"download_link":140,"security_score":141,"vuln_count":11,"unpatched_count":11,"last_vuln_date":35,"fetched_at":28},"Change Login Page Logo","1.0.3","Subodh Ghulaxe","https:\u002F\u002Fprofiles.wordpress.org\u002Fsubodhghulaxe\u002F","\u003Cp>\u003Cstrong>Change Login Page Logo\u003C\u002Fstrong> lets you change the default WordPress login page logo image. It also allows you to change logo width, logo height, bottom margin of logo and logo URL.\u003C\u002Fp>\n\u003Cp>By default WordPress add its own logo to the login page. If you are sharing the login URL with users, subscribers or even your own team members, it makes sense to have your own branding and change default login logo.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Change Login Logo Image.\u003C\u002Fstrong> Select image from WordPress media or use external image\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize Logo Image Width.\u003C\u002Fstrong> Logo width in pixel\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize Logo Image Height.\u003C\u002Fstrong> Logo height in pixel\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize Logo Bottom Margin.\u003C\u002Fstrong> Adjust the spacing between logo and login form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change Logo Link.\u003C\u002Fstrong> This link will open on the click of logo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Translations\u002FLanguages:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin is translation ready and is available in the following languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and easy way to change WordPress login logo, using Change Login Page Logo plugin you can change logo image, logo width, height and logo URL.",1000,6109,"2024-06-23T12:26:00.000Z","6.5.8","2.7","5.2.4",[91,92,73,95,138],"wp-admin-logo","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fchange-login-page-logo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-login-page-logo.1.0.3.zip",92,{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":16,"tags":157,"homepage":163,"download_link":164,"security_score":165,"vuln_count":11,"unpatched_count":11,"last_vuln_date":35,"fetched_at":28},"eazy-login-logo","Eazy Login Logo","1.0.0","Rob Scott","https:\u002F\u002Fprofiles.wordpress.org\u002Fr0bsc0tt\u002F","\u003Cp>Eazy Login Logo is a WordPress plugin that changes the default logo on the login screen.\u003C\u002Fp>\n\u003Cp>This plugin provides a custom login experience for users, allowing you to show your logo or your clients logo on the login screen.\u003C\u002Fp>\n","Eazy Login Logo changes the default logo on the login screen.",400,11261,84,5,"2018-01-02T20:16:00.000Z","4.9.29","4.2",[158,159,160,161,162],"active","add-client-logo-to-login-page","admin-custom-login","admin-login","admin-login-form","http:\u002F\u002Frobjscott.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feazy-login-logo.zip",85,{"attackSurface":167,"codeSignals":195,"taintFlows":229,"riskAssessment":299,"analyzedAt":315},{"hooks":168,"ajaxHandlers":191,"restRoutes":192,"shortcodes":193,"cronEvents":194,"entryPointCount":11,"unprotectedCount":11},[169,174,178,182,186],{"type":170,"name":171,"callback":172,"file":173,"line":49},"action","admin_menu","blogAdminPage","sloth-logo-customizer.php",{"type":170,"name":175,"callback":176,"file":173,"line":177},"network_admin_menu","networkAdminPage",31,{"type":170,"name":179,"callback":180,"file":173,"line":181},"login_head","changeLogo",32,{"type":170,"name":183,"callback":184,"file":173,"line":185},"plugins_loaded","loadTextDomain",33,{"type":187,"name":188,"callback":189,"file":173,"line":190},"filter","widget_meta_poweredby","changeSignature",36,[],[],[],[],{"dangerousFunctions":196,"sqlUsage":197,"outputEscaping":199,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":228},[],{"prepared":11,"raw":11,"locations":198},[],{"escaped":11,"rawEcho":200,"locations":201},16,[202,205,206,208,209,210,212,213,215,217,219,220,221,223,224,226],{"file":203,"line":153,"context":204},"network-setting.php","raw output",{"file":203,"line":25,"context":204},{"file":203,"line":207,"context":204},67,{"file":203,"line":48,"context":204},{"file":203,"line":48,"context":204},{"file":203,"line":211,"context":204},79,{"file":203,"line":211,"context":204},{"file":214,"line":153,"context":204},"setting.php",{"file":214,"line":216,"context":204},73,{"file":214,"line":218,"context":204},76,{"file":214,"line":152,"context":204},{"file":214,"line":152,"context":204},{"file":214,"line":222,"context":204},88,{"file":214,"line":222,"context":204},{"file":173,"line":225,"context":204},133,{"file":173,"line":227,"context":204},151,[],[230,279],{"entryPoint":231,"graph":232,"unsanitizedCount":122,"severity":278},"setting (sloth-logo-customizer.php:98)",{"nodes":233,"edges":270},[234,239,243,250,254,257,260,264,267],{"id":235,"type":236,"label":237,"file":173,"line":238},"n0","source","$_POST['imageAttachmentId']",101,{"id":240,"type":241,"label":242,"file":173,"line":238},"n1","transform","→ setBlogLogo()",{"id":244,"type":245,"label":246,"file":247,"line":248,"wp_function":249},"n2","sink","update_option() [Settings Manipulation]","sloth-options.php",216,"update_option",{"id":251,"type":236,"label":252,"file":173,"line":253},"n3","$_POST['title']",107,{"id":255,"type":241,"label":256,"file":173,"line":253},"n4","→ setBlogSignatureTitle()",{"id":258,"type":245,"label":246,"file":247,"line":259,"wp_function":249},"n5",203,{"id":261,"type":236,"label":262,"file":173,"line":263},"n6","$_POST['url']",108,{"id":265,"type":241,"label":266,"file":173,"line":263},"n7","→ setBlogSignatureUrl()",{"id":268,"type":245,"label":246,"file":247,"line":269,"wp_function":249},"n8",208,[271,273,274,275,276,277],{"from":235,"to":240,"sanitized":272},false,{"from":240,"to":244,"sanitized":272},{"from":251,"to":255,"sanitized":272},{"from":255,"to":258,"sanitized":272},{"from":261,"to":265,"sanitized":272},{"from":265,"to":268,"sanitized":272},"low",{"entryPoint":280,"graph":281,"unsanitizedCount":122,"severity":278},"\u003Csloth-logo-customizer> (sloth-logo-customizer.php:0)",{"nodes":282,"edges":292},[283,284,285,286,287,288,289,290,291],{"id":235,"type":236,"label":237,"file":173,"line":238},{"id":240,"type":241,"label":242,"file":173,"line":238},{"id":244,"type":245,"label":246,"file":247,"line":248,"wp_function":249},{"id":251,"type":236,"label":252,"file":173,"line":253},{"id":255,"type":241,"label":256,"file":173,"line":253},{"id":258,"type":245,"label":246,"file":247,"line":259,"wp_function":249},{"id":261,"type":236,"label":262,"file":173,"line":263},{"id":265,"type":241,"label":266,"file":173,"line":263},{"id":268,"type":245,"label":246,"file":247,"line":269,"wp_function":249},[293,294,295,296,297,298],{"from":235,"to":240,"sanitized":272},{"from":240,"to":244,"sanitized":272},{"from":251,"to":255,"sanitized":272},{"from":255,"to":258,"sanitized":272},{"from":261,"to":265,"sanitized":272},{"from":265,"to":268,"sanitized":272},{"summary":300,"deductions":301},"The \"sloth-logo-customizer\" plugin v2.0.2 presents a mixed security posture.  While the static analysis indicates a small attack surface with no apparent direct entry points like AJAX handlers, REST API routes, shortcodes, or cron events without authentication, significant concerns arise from the code signals. Notably, 100% of output is not properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially since there are 16 total outputs. The taint analysis also reveals two flows with unsanitized paths, though these are not classified as critical or high severity, they still indicate potential for issues if user input is not handled carefully.\n\nThe vulnerability history further compounds these concerns, with one known medium severity CVE that remains unpatched. The fact that the last vulnerability was a CSRF type in April 2023, and the currently unpatched one is also implied to be CSRF by the common vulnerability type, suggests a pattern of insufficient input validation or protection against state-changing actions. While the plugin has a small attack surface and uses prepared statements for SQL, the lack of output escaping and the unpatched CVE are significant weaknesses that warrant attention.",[302,305,308,311,313],{"reason":303,"points":304},"Unpatched CVE (medium severity)",15,{"reason":306,"points":307},"All outputs unescaped",20,{"reason":309,"points":310},"Taint flows with unsanitized paths",8,{"reason":312,"points":153},"No capability checks",{"reason":314,"points":153},"No nonce checks","2026-03-17T07:06:55.205Z",{"wat":317,"direct":322},{"assetPaths":318,"generatorPatterns":319,"scriptPaths":320,"versionParams":321},[],[],[],[],{"cssClasses":323,"htmlComments":324,"htmlAttributes":325,"restEndpoints":326,"jsGlobals":327,"shortcodeOutput":328},[],[],[],[],[],[]]