[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZQ7v3xsf-unKeqnTA5Qyyz8KV8jXMn8J1-HOPR97hnU":3,"$fAw3PmxQ0xCnkJ2P32acYr5ZscUYawIKfWts8fzpNJco":337,"$fokcRQMs5WMcGP8tCxZBRqJzVTL-bUgaBKDiiLkpuVv4":341},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":68,"crawl_stats":39,"alternatives":73,"analysis":164,"fingerprints":316},"smart-app-banner","Smart App Banner","1.1.6","stephend","https:\u002F\u002Fprofiles.wordpress.org\u002Fstephend\u002F","\u003Cp>This is a WordPress plugin that allows you to use the Smart App Banners with your\u003Cbr \u002F>\nWordPress blog.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.apple.com\u002Flibrary\u002Fios\u002F#documentation\u002FAppleApplications\u002FReference\u002FSafariWebContent\u002FPromotingAppswithAppBanners\u002FPromotingAppswithAppBanners.html#\u002F\u002Fapple_ref\u002Fdoc\u002Fuid\u002FTP40002051-CH6-SW1\" rel=\"nofollow ugc\">According to Apple\u003C\u002Fa>, Smart App Banners:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>vastly improve users’ browsing experience compared to other promotional methods.\u003Cbr \u002F>\n  As banners are implemented in iOS 6, they will provide a consistent look and\u003Cbr \u002F>\n  feel across the web that users will come to recognize. Users will trust that tapping the\u003Cbr \u002F>\n  banner will take them to the App Store and not a third-party advertisement. They will\u003Cbr \u002F>\n  appreciate that banners are presented unobtrusively at the top of a webpage, instead of\u003Cbr \u002F>\n  as a full-screen ad interrupting the web content. And with a large and prominent\u003Cbr \u002F>\n  close button, a banner is easy for users to dismiss.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>It’s really simple to use. In short, you download and activate the plugin. On pages and posts you should find a “Smart App Banner” settings box. If you want the Smart App Banner to appear on this page then enter the App ID of your application here. You can also enter affiliate data and an app argument here.\u003C\u002Fp>\n\u003Cp>If you want to display a banner on the home page there’s a setting screen (Settings -> Smart App Banner) where you can enter the App ID.\u003C\u002Fp>\n\u003Cp>You can find the App ID in iTunes Connect, using the\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fitunes.apple.com\u002Flinkmaker\u002F\" rel=\"nofollow ugc\">iTunes Link Maker\u003C\u002Fa> or if the iTunes URL for your\u003Cbr \u002F>\napp looks like this:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fitunes.apple.com\u002Fus\u002Fapp\u002Frootn-tootn-baby-feed-timer\u002Fid530589336?ls=1&mt=8\u003C\u002Fp>\n\u003Cp>Then your ID is “530589336”.\u003C\u002Fp>\n\u003Cp>The other two fields are optional.\u003C\u002Fp>\n\u003Cp>The affiliate data field varies depending on the affiliate. The most common is PHG, where the value looks like “at=AFFILIATE_TOKEN” or “at=AFFILIATE_TOKEN&ct=CAMPAIGN” (without the quotes). You can find the token when you sign into the PHG website. The campaign is just some text you use to identify a particular marketing campaign.\u003C\u002Fp>\n\u003Cp>So I might have “at=11lmMT&ct=wordpress” on the product pages of my website. Check the documentation to find your affiliate token and confirm the format.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.apple.com\u002Flibrary\u002Fios\u002Fdocumentation\u002FAppleApplications\u002FReference\u002FSafariWebContent\u002FPromotingAppswithAppBanners\u002FPromotingAppswithAppBanners.html\" rel=\"nofollow ugc\">According to the documentation\u003C\u002Fa>, the app argument value is:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>A URL that provides context to your native app. If you include this, and the user has your\u003Cbr \u002F>\n  app installed, she can jump from your website to the corresponding position in your iOS app.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin does not restrict or validate what you put here.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>You can format it however you’d like, as long as it is a valid URL.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","This is a WordPress plugin that allows you to use Smart App Banners, introduced in iOS 6, with your WordPress blog.",600,25107,94,3,"2024-03-23T20:35:00.000Z","6.4.8","4.6","",[20,21,22,23,24],"apple","banner","ios","ipad","iphone","https:\u002F\u002Fwww.zx81.org.uk\u002Fsoftware\u002Fwordpress-smart-app-banner-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.6.zip",84,2,0,"2023-10-18 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,52],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-46200","smart-app-banner-authenticated-administrator-stored-cross-site-scripting","Smart App Banner \u003C= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Smart App Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.1.3","1.1.4","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-03-11 08:21:12",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0c7497fc-e42c-49a6-99ee-6ec774cc4617?source=api-prod",145,[],false,{"id":53,"url_slug":54,"title":55,"description":56,"plugin_slug":4,"theme_slug":39,"affected_versions":57,"patched_in_version":58,"severity":42,"cvss_score":59,"cvss_vector":60,"vuln_type":61,"published_date":62,"updated_date":63,"references":64,"days_to_patch":66,"patch_diff_files":67,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-33315","smart-app-banner-cross-site-request-forgery-via-wslsmartappbanneroptions","Smart App Banner \u003C= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options","The Smart App Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wsl_smart_app_banner_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C1.1.3","1.1.3",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Cross-Site Request Forgery (CSRF)","2023-05-21 00:00:00","2024-01-22 19:56:02",[65],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff71453d9-8bbf-4546-b69f-e86cc41da9bd?source=api-prod",247,[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":69,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":70,"trust_score":71,"computed_at":72},1,196,68,"2026-05-19T22:28:40.741Z",[74,93,111,129,148],{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":69,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":90,"download_link":91,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"ios-smart-app-banner-for-safari","iOS Smart App Banner For Safari","1.0","carpemobile","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarpemobile\u002F","\u003Cp>This WordPress plugin gives you an easy way to add a Smart App Banner for your app (or any iOS app) to any of your pages. What sets this plugin above the others out there is that it makes it easy to add your app, affiliate identifier, affiliate campaign name and deep link app arguments. You can change any of these parameters for each page on your WordPress site.e\u003C\u002Fp>\n\u003Cp>It is really easy to get up and running! Just download and install the plugin, then edit any page that you would like to have a Smart App Banner displayed for and enter the App Store ID for the app.\u003C\u002Fp>\n","iOS Smart App Banner For Safari plugin quickly and easily displays app banners for your web users who are using mobile Safari on iOS.",20,2138,100,"2016-01-22T18:15:00.000Z","4.4.34","3.0.1",[22,23,24,89,4],"smart","http:\u002F\u002Fcarpemobile.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fios-smart-app-banner-for-safari.1.0.zip",85,{"slug":94,"name":95,"version":58,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":29,"num_ratings":29,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":108,"download_link":109,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":110},"wp-smartappbanner","WP-SmartAppBanner","christianoliff","https:\u002F\u002Fprofiles.wordpress.org\u002Flovememore\u002F","\u003Cp>This will allow you to quickly and easily add an iOS smart app banner to your WordPress theme. Once set it will automatically appear on every page. iOS 6 or later required to see the Smart App Banner.\u003C\u002Fp>\n","This will allow you to quickly and easily add an iOS Smart App Banner to your WordPress theme.",10,1705,"2014-04-17T07:44:00.000Z","3.9.40","3.4",[106,22,23,24,107],"app","smartappbanner","http:\u002F\u002Fchristianoliff.com\u002Fwp-plugins\u002Fwp-smartappbanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smartappbanner.zip","2026-04-06T09:54:40.288Z",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":84,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":87,"requires_php":18,"tags":124,"homepage":127,"download_link":128,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"retina-2x","Retina @2x","1.6","Wouter Postma","https:\u002F\u002Fprofiles.wordpress.org\u002Fwouterpostmanl\u002F","\u003Cp>This plugin adds a simple Javascript to your WordPress website that will check for each image if there is a retina version available. This will make sure that your images (logo’s, buttons, images with text) look sharp on Apple devices with retina displays.\u003C\u002Fp>\n\u003Cp>When you have for example a logo of 200 by 200 pixels called “Logo.png”, you will need to upload a second image of 400 by 400 pixels called “Logo@2x.png” in the exact same directory.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fimulus.github.io\u002Fretinajs\u002F\" rel=\"nofollow ugc\">Retina.js by imulus\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwouterpostmanl#content-plugins\" rel=\"nofollow ugc\">View my other plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that looks for retina images automatically based on the @2x naming convention.",800,11070,6,"2017-05-13T15:50:00.000Z","4.8.28",[125,22,23,24,126],"images","retina","https:\u002F\u002Fwouterpostma.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fretina-2x.1.6.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":84,"num_ratings":28,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":142,"tags":143,"homepage":146,"download_link":147,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"promote-mobile-app-on-website","Promote mobile app on website","1.0.0","omnishop","https:\u002F\u002Fprofiles.wordpress.org\u002Fomnishop\u002F","\u003Cp>With our seamless integration, your website becomes an invaluable platform to promote your mobile app like never before.\u003Cbr \u002F>\nImagine having a direct channel to engage with your website visitors and effortlessly convert them into loyal app users.\u003Cbr \u002F>\nIt’s time to tap into the immense potential of your existing web traffic and turn it into a powerful source of app growth.\u003C\u002Fp>\n\u003Cp>Promoting Apps with Smart App Banners is something both Apple iOS and Android systems support and by using our plugin, we allow you to access that functionality with ease.\u003C\u002Fp>\n\u003Cp>For iOS:\u003Cbr \u002F>\n* Simply input the application ID\u003C\u002Fp>\n\u003Cp>For Android:\u003Cbr \u002F>\n* Several options to set how you want your app banner to look\u003C\u002Fp>\n","Promote your mobile app on website. Use a mobile banner to offer users to install your app. Easy and free.",40,1160,"2023-09-22T14:58:00.000Z","6.2.9","5.7","7.2",[106,144,22,24,145],"appbanner","promotion","https:\u002F\u002Fomnishopapp.com\u002Fwp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpromote-mobile-app-on-website.1.0.0.zip",{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":100,"downloaded":156,"rating":84,"num_ratings":28,"last_updated":157,"tested_up_to":158,"requires_at_least":18,"requires_php":18,"tags":159,"homepage":162,"download_link":163,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"app-reviews-lite","App Reviews LITE","1.4","admapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fadmapps\u002F","\u003Cp>App Reviews Plugin, \u003Ca href=\"http:\u002F\u002Fappreviewsplugin.com\u002F\" title=\"the best way to highlight your iOS app reviews within WordPress\" rel=\"friend nofollow ugc\">the best way to highlight your iOS app reviews within WordPress, is now available in its Lite form!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you are an iOS app developer with a WordPress marketing site for your mobile app, you’ve experienced the hassle of copying\u002Fpasting reviews from the iOS App Store onto your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Ratings and reviews give your app the social proof that it needs to convince others to download it\u003C\u002Fstrong>, so it’s critical to show them on your marketing web site as well. Stop the madness of finding, copying, and pasting reviews from the App Store onto your site – let the App Reviews plugin automatically display the latest reviews for you. \u003Cstrong>5 minute setup, no maintenance required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The App Reviews plugin gives you a shortcode to put to use on your WordPress marketing site. All you have to do is put in the app id from the iOS App Store, and the plugin will do the rest. A flexible, responsive carousel will display on your site and show off your app’s ratings and reviews to everyone who comes to your site.\u003C\u002Fp>\n\u003Cp>\u003Cem>Never copy and paste reviews from the App Store again with the App Reviews plugin!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: This is the lite version of the App Reviews Plugin. Want even more features and customization? \u003Ca href=\"http:\u002F\u002Fappreviewsplugin.com\u002Fpricing\u002F\" title=\"Click here to purchase the best plugin to highlight your iOS app reviews within WordPress!\" rel=\"friend nofollow ugc\">Click here to purchase the best plugin to highlight your iOS app reviews within WordPress!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Carousel to display iOS app ratings & reviews right from the App Store in real time on your Wordpress site. No maintenance required.",2559,"2020-07-11T14:55:00.000Z","5.4.19",[22,23,24,160,161],"itunes","marketing","http:\u002F\u002Fappreviewsplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapp-reviews-lite.zip",{"attackSurface":165,"codeSignals":189,"taintFlows":265,"riskAssessment":304,"analyzedAt":315},{"hooks":166,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":29,"unprotectedCount":29},[167,173,177,181],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","wp_head","wsl_output_safari_app_banner","wsl-smart-app-banner.php",110,{"type":168,"name":174,"callback":175,"file":171,"line":176},"admin_menu","wsl_smart_app_banner_admin_menu",406,{"type":168,"name":178,"callback":179,"file":171,"line":180},"add_meta_boxes","wsl_smart_app_banner_post_options",409,{"type":168,"name":182,"callback":183,"file":171,"line":184},"save_post","wsl_smart_app_banner_app_save",529,[],[],[],[],{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":193,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":69,"bundledLibraries":264},[],{"prepared":29,"raw":29,"locations":192},[],{"escaped":14,"rawEcho":194,"locations":195},36,[196,199,201,203,205,207,209,211,212,214,215,217,218,220,221,223,225,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262],{"file":171,"line":197,"context":198},93,"raw output",{"file":171,"line":200,"context":198},99,{"file":171,"line":202,"context":198},102,{"file":171,"line":204,"context":198},255,{"file":171,"line":206,"context":198},295,{"file":171,"line":208,"context":198},302,{"file":171,"line":210,"context":198},311,{"file":171,"line":210,"context":198},{"file":171,"line":213,"context":198},316,{"file":171,"line":213,"context":198},{"file":171,"line":216,"context":198},321,{"file":171,"line":216,"context":198},{"file":171,"line":219,"context":198},326,{"file":171,"line":219,"context":198},{"file":171,"line":222,"context":198},331,{"file":171,"line":224,"context":198},366,{"file":171,"line":224,"context":198},{"file":171,"line":227,"context":198},367,{"file":171,"line":229,"context":198},368,{"file":171,"line":231,"context":198},369,{"file":171,"line":233,"context":198},370,{"file":171,"line":235,"context":198},371,{"file":171,"line":237,"context":198},382,{"file":171,"line":239,"context":198},383,{"file":171,"line":241,"context":198},384,{"file":171,"line":243,"context":198},385,{"file":171,"line":245,"context":198},386,{"file":171,"line":247,"context":198},470,{"file":171,"line":249,"context":198},476,{"file":171,"line":251,"context":198},482,{"file":171,"line":253,"context":198},488,{"file":171,"line":255,"context":198},500,{"file":171,"line":257,"context":198},510,{"file":171,"line":259,"context":198},514,{"file":171,"line":261,"context":198},518,{"file":171,"line":263,"context":198},522,[],[266,293],{"entryPoint":267,"graph":268,"unsanitizedCount":29,"severity":292},"wsl_smart_app_banner_options (wsl-smart-app-banner.php:175)",{"nodes":269,"edges":288},[270,275,280,283],{"id":271,"type":272,"label":273,"file":171,"line":274},"n0","source","$_POST (x5)",244,{"id":276,"type":277,"label":278,"file":171,"line":204,"wp_function":279},"n1","sink","echo() [XSS]","echo",{"id":281,"type":272,"label":282,"file":171,"line":274},"n2","$_POST (x4)",{"id":284,"type":277,"label":285,"file":171,"line":286,"wp_function":287},"n3","update_option() [Settings Manipulation]",259,"update_option",[289,291],{"from":271,"to":276,"sanitized":290},true,{"from":281,"to":284,"sanitized":290},"low",{"entryPoint":294,"graph":295,"unsanitizedCount":29,"severity":292},"\u003Cwsl-smart-app-banner> (wsl-smart-app-banner.php:0)",{"nodes":296,"edges":301},[297,298,299,300],{"id":271,"type":272,"label":273,"file":171,"line":274},{"id":276,"type":277,"label":278,"file":171,"line":204,"wp_function":279},{"id":281,"type":272,"label":282,"file":171,"line":274},{"id":284,"type":277,"label":285,"file":171,"line":286,"wp_function":287},[302,303],{"from":271,"to":276,"sanitized":290},{"from":281,"to":284,"sanitized":290},{"summary":305,"deductions":306},"The \"smart-app-banner\" plugin version 1.1.6 presents a mixed security posture. On the positive side, the static analysis reveals a lack of direct attack surface vectors like AJAX handlers, REST API routes, or shortcodes that lack authentication.  Furthermore, the plugin uses prepared statements for all SQL queries and includes nonce and capability checks, indicating some good security practices in place. However, a significant concern is the low rate of proper output escaping, with only 8% of identified outputs being correctly handled. This could leave the plugin vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not sufficiently sanitized before being displayed.\n\nThe vulnerability history for this plugin is a key area of concern, with two known medium-severity CVEs recorded. While none are currently unpatched, the types of past vulnerabilities, including Cross-Site Scripting and Cross-Site Request Forgery, align with potential weaknesses suggested by the poor output escaping. The recurring nature of these vulnerability types in the past suggests a pattern of insecure coding practices related to handling user input and rendering output, despite the presence of some security checks.  Therefore, while the immediate attack surface appears minimal in this version, the historical context and the output escaping issues indicate a risk that should not be overlooked, especially if future updates do not address these historical patterns.",[307,310,312],{"reason":308,"points":309},"Low output escaping rate",7,{"reason":311,"points":100},"Past medium severity CVEs",{"reason":313,"points":314},"Historical XSS and CSRF vulnerabilities",5,"2026-03-16T19:27:42.569Z",{"wat":317,"direct":326},{"assetPaths":318,"generatorPatterns":321,"scriptPaths":322,"versionParams":323},[319,320],"\u002Fwp-content\u002Fplugins\u002Fsmart-app-banner\u002Fcss\u002Fsmart-app-banner.css","\u002Fwp-content\u002Fplugins\u002Fsmart-app-banner\u002Fjs\u002Fsmart-app-banner.js",[],[320],[324,325],"smart-app-banner\u002Fcss\u002Fsmart-app-banner.css?ver=","smart-app-banner\u002Fjs\u002Fsmart-app-banner.js?ver=",{"cssClasses":327,"htmlComments":328,"htmlAttributes":330,"restEndpoints":332,"jsGlobals":333,"shortcodeOutput":336},[],[329],"\u003C!--\nif (navigator.userAgent.match(\u002FiPad\u002Fi) !== null) {\ndocument.write(\"\u003Cmeta name=\\\"apple-itunes-app\\\" content=\\\"app-id=\u003C?php echo \"$app_id_ipad$options\"; ?>\\\"\u002F>\\n\");\n}\nelse {\ndocument.write(\"\u003Cmeta name=\\\"apple-itunes-app\\\" content=\\\"app-id=\u003C?php echo \"$app_id$options\"; ?>\\\"\u002F>\");\n}\n\u002F\u002F -->",[331],"name=\"apple-itunes-app\"",[],[334,335],"navigator.userAgent","document.write",[],{"error":290,"url":338,"statusCode":339,"statusMessage":340,"message":340},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsmart-app-banner\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":342,"versions":343},15,[344,349,356,362,369,378,387,396,404,413,422,431,440,449,458],{"version":6,"download_url":26,"svn_tag_url":345,"released_at":39,"has_diff":51,"diff_files_changed":346,"diff_lines":39,"trac_diff_url":347,"vulnerabilities":348,"is_current":290},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.1.5&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.6",[],{"version":350,"download_url":351,"svn_tag_url":352,"released_at":39,"has_diff":51,"diff_files_changed":353,"diff_lines":39,"trac_diff_url":354,"vulnerabilities":355,"is_current":51},"1.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.1.4&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.5",[],{"version":41,"download_url":357,"svn_tag_url":358,"released_at":39,"has_diff":51,"diff_files_changed":359,"diff_lines":39,"trac_diff_url":360,"vulnerabilities":361,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.1.3&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.4",[],{"version":58,"download_url":363,"svn_tag_url":364,"released_at":39,"has_diff":51,"diff_files_changed":365,"diff_lines":39,"trac_diff_url":366,"vulnerabilities":367,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.1.2&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.3",[368],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":370,"download_url":371,"svn_tag_url":372,"released_at":39,"has_diff":51,"diff_files_changed":373,"diff_lines":39,"trac_diff_url":374,"vulnerabilities":375,"is_current":51},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.1.1&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.2",[376,377],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":379,"download_url":380,"svn_tag_url":381,"released_at":39,"has_diff":51,"diff_files_changed":382,"diff_lines":39,"trac_diff_url":383,"vulnerabilities":384,"is_current":51},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.1.0&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.1",[385,386],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":388,"download_url":389,"svn_tag_url":390,"released_at":39,"has_diff":51,"diff_files_changed":391,"diff_lines":39,"trac_diff_url":392,"vulnerabilities":393,"is_current":51},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F1.0.0&new_path=%2Fsmart-app-banner%2Ftags%2F1.1.0",[394,395],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":132,"download_url":397,"svn_tag_url":398,"released_at":39,"has_diff":51,"diff_files_changed":399,"diff_lines":39,"trac_diff_url":400,"vulnerabilities":401,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F1.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.4.2&new_path=%2Fsmart-app-banner%2Ftags%2F1.0.0",[402,403],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":405,"download_url":406,"svn_tag_url":407,"released_at":39,"has_diff":51,"diff_files_changed":408,"diff_lines":39,"trac_diff_url":409,"vulnerabilities":410,"is_current":51},"0.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.4.1&new_path=%2Fsmart-app-banner%2Ftags%2F0.4.2",[411,412],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":414,"download_url":415,"svn_tag_url":416,"released_at":39,"has_diff":51,"diff_files_changed":417,"diff_lines":39,"trac_diff_url":418,"vulnerabilities":419,"is_current":51},"0.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.4&new_path=%2Fsmart-app-banner%2Ftags%2F0.4.1",[420,421],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":423,"download_url":424,"svn_tag_url":425,"released_at":39,"has_diff":51,"diff_files_changed":426,"diff_lines":39,"trac_diff_url":427,"vulnerabilities":428,"is_current":51},"0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.3&new_path=%2Fsmart-app-banner%2Ftags%2F0.4",[429,430],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":432,"download_url":433,"svn_tag_url":434,"released_at":39,"has_diff":51,"diff_files_changed":435,"diff_lines":39,"trac_diff_url":436,"vulnerabilities":437,"is_current":51},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.2.1&new_path=%2Fsmart-app-banner%2Ftags%2F0.3",[438,439],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":441,"download_url":442,"svn_tag_url":443,"released_at":39,"has_diff":51,"diff_files_changed":444,"diff_lines":39,"trac_diff_url":445,"vulnerabilities":446,"is_current":51},"0.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.2&new_path=%2Fsmart-app-banner%2Ftags%2F0.2.1",[447,448],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":450,"download_url":451,"svn_tag_url":452,"released_at":39,"has_diff":51,"diff_files_changed":453,"diff_lines":39,"trac_diff_url":454,"vulnerabilities":455,"is_current":51},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsmart-app-banner%2Ftags%2F0.1&new_path=%2Fsmart-app-banner%2Ftags%2F0.2",[456,457],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"version":459,"download_url":460,"svn_tag_url":461,"released_at":39,"has_diff":51,"diff_files_changed":462,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":463,"is_current":51},"0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsmart-app-banner\u002Ftags\u002F0.1\u002F",[],[464,465],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58}]