[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLsrym3yPfJemhS9Xcw42Gb2n-Y1nH1OlnTngfE8xbyk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":59,"crawl_stats":37,"alternatives":67,"analysis":158,"fingerprints":321},"snow-storm","Snow Storm","1.4.7","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>Display falling snow flakes on the front of your WordPress website for a festive presentation.\u003C\u002Fp>\n\u003Cp>Useful Links:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fwordpress-snow-storm-plugin\u002F7799\u002F\" rel=\"nofollow ugc\">Online Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.net\u002Fsnowstorm\u002F\" rel=\"nofollow ugc\">Live Demonstration of Snow Storm plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Get Support for Snow Storm plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Snow Storm plugin was developed by \u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Tribulant Software\u003C\u002Fa> so that WordPress website owners can display falling snow during the festive season eg. Christmas to decorate their website.\u003C\u002Fp>\n","Display falling snow flakes on the front of your WordPress website for a festive presentation.",500,113021,92,49,"2025-03-14T19:25:00.000Z","6.7.5","3.0","",[20,21,22,23,4],"christmas","falling-snow","festive","snow-flakes","https:\u002F\u002Ftribulant.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnow-storm.1.4.7.zip",91,2,0,"2025-04-02 00:00:00","2026-03-15T15:16:48.613Z",[32,47],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-30858","snow-storm-reflected-cross-site-scripting","Snow Storm \u003C= 1.4.6 - Reflected Cross-Site Scripting","The Snow Storm plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.4.6","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-09 14:22:43",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc2bc94a7-5a03-48be-be77-b05681033ba3?source=api-prod",8,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":52,"cvss_vector":53,"vuln_type":42,"published_date":54,"updated_date":55,"references":56,"days_to_patch":58},"WF-f5b21bbe-32d9-4054-99ff-8f272556eda9-snow-storm","snow-storm-authenticated-administrator-stored-cross-site-scripting","Snow Storm \u003C= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Snow Storm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-03-18 00:00:00","2025-03-18 18:13:50",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5b21bbe-32d9-4054-99ff-8f272556eda9?source=api-prod",1,{"slug":60,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},"contrid",7,18830,89,803,71,"2026-04-04T05:26:19.191Z",[68,88,109,128,141],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":16,"requires_at_least":81,"requires_php":18,"tags":82,"homepage":85,"download_link":86,"security_score":26,"vuln_count":58,"unpatched_count":28,"last_vuln_date":87,"fetched_at":30},"christmasify","Christmasify!","1.5.7","Cyber Fox","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberfoxdigital\u002F","\u003Cp>Christmasify is an easy-to-use Christmas plugin that can add snow, santa, decorations, music and a lovely Christmas font to your WordPress website. All the effects are togglable so you can choose the ones you want.\u003C\u002Fp>\n\u003Cp>In order to keep the plugin light weight and high performance, unfortunately IE8 or lower is not supported. The snow uses CSS3 animation and as such is not compatible with IE9. Unfortunately this plugin requires \u003Cem>PHP 5.4 or greater\u003C\u002Fem>. If you would still like to use the plugin please get in touch and we can provide you with a JavaScript snippet to use.\u003C\u002Fp>\n\u003Cp>To read more about this plugin please visit \u003Ca href=\"https:\u002F\u002Fcyberfoxdigital.co.uk\u002Fchristmasify\u002F\" rel=\"nofollow ugc\">the Christmasify! website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you like this plugin, we’d very much appreciate you \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcyberfoxdigital\u002F\" rel=\"nofollow ugc\">liking us on Facebook\u003C\u002Fa> or leaving a nice review 🙂\u003C\u002Fp>\n\u003Cp>We are unable to provide individual support for this plugin and you install at your own risk.\u003C\u002Fp>\n\u003Cp>Credits\u003C\u002Fp>\n\u003Col>\n\u003Cli>Santa gif is from: http:\u002F\u002Fwww.fg-a.com\u002Fchristmas2.htm,\u003C\u002Fli>\n\u003Cli>Christmas font is: https:\u002F\u002Ffonts.google.com\u002Fspecimen\u002FMountains+of+Christmas\u003C\u002Fli>\n\u003C\u002Fol>\n","Christmasify is an easy-to-use Christmas plugin that can add snow, santa, decorations, music and a lovely Christmas font to your WordPress website.",3000,82578,96,29,"2024-11-27T14:44:00.000Z","4.3",[20,83,69,22,84],"christmasification","snow","https:\u002F\u002Fcyberfoxdigital.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchristmasify.zip","2024-08-09 00:00:00",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":98,"num_ratings":99,"last_updated":100,"tested_up_to":16,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":107,"download_link":108,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"rs-christmas-trees","Rs Christmas Trees","1.0.1","RS Software","https:\u002F\u002Fprofiles.wordpress.org\u002Ftherssoftware\u002F","\u003Cp>Add nice looking animation effect of falling snow to your WordPress site and enjoy winter and Christmas.\u003C\u002Fp>\n\u003Cp>Simulate snow storm by adjusting the snow falling speed.\u003C\u002Fp>\n\u003Cp>This snow falling WP plugin uses jSnow JQuery plugin and no images.\u003C\u002Fp>\n\u003Cp>christmas is an easy-to-use Christmas plugin that can add snow, top and bottom Christmas banner to your WordPress website. All the effects are togglable so you can choose the ones you want.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fchristmas.therssoftware.com\u002F\" title=\"Rs Christmas Ultimate Pro Version\" rel=\"nofollow ugc\">Upgrade to the Rs Christmas Ultimate Pro Version Now! &raquo;\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>For more information take a look at the \u003Ca href=\"http:\u002F\u002Fchristmas.therssoftware.com\u002F#video\" title=\"Rs Christmas Ultimate Video Preview\" rel=\"nofollow ugc\">video preview\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fchristmas.therssoftware.com\u002Fdoc\u002Frs-christmas-trees.html\" title=\"Click Here\" rel=\"nofollow ugc\">Full Documentation for the plugin is available  &raquo;\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong> Christmas plugin feature:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Header and footer by gorgeous event images\u003C\u002Fli>\n\u003Cli>Header and footer spacific one\u003C\u002Fli>\n\u003Cli>Show image at top and bottom\u003C\u002Fli>\n\u003Cli>Click To hide image\u003C\u002Fli>\n\u003Cli>Decorate your website by using snow fall\u003C\u002Fli>\n\u003Cli>Snow Effect on specific pages\u003C\u002Fli>\n\u003Cli>Easy to install and configure\u003C\u002Fli>\n\u003Cli>Customize the falling speed for the snow flakes\u003C\u002Fli>\n\u003Cli>Define number of snowflakes\u003C\u002Fli>\n\u003Cli>Define maximal and minimal size of snowflake\u003C\u002Fli>\n\u003Cli>Define maximal and minimal size of fall speed\u003C\u002Fli>\n\u003Cli>Define flake color\u003C\u002Fli>\n\u003Cli>Configurable Snow Z-Index\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n","Add nice looking animation effect of falling snow  and header and footer trees banner to your Wordpress site and enjoy winter with RS Christmas.",100,3612,84,5,"2024-12-05T05:45:00.000Z","5.7","7.0",[20,104,105,21,106],"christmas-snow","christmas-trees","snow-effects","https:\u002F\u002Ftherssoftware.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frs-christmas-trees.1.0.1.zip",{"slug":110,"name":111,"version":91,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":96,"downloaded":116,"rating":96,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":126,"download_link":127,"security_score":96,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"snow-fall","Snow Fall","Felix Arntz","https:\u002F\u002Fprofiles.wordpress.org\u002Fflixos90\u002F","\u003Cp>This plugin adds a subtle snow fall effect to your website, using the lightweight \u003Ccode>\u003Csnow-fall>\u003C\u002Fcode> JavaScript web component by \u003Ca href=\"https:\u002F\u002Fwww.zachleat.com\" rel=\"nofollow ugc\">Zach Leatherman\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.zachleat.com\u002Fweb\u002Fsnow-fall\" rel=\"nofollow ugc\">Learn more about the \u003Ccode>\u003Csnow-fall>\u003C\u002Fcode> component\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzachleat.github.io\u002Fsnow-fall\u002Fdemo.html\" rel=\"nofollow ugc\">Demo of the \u003Ccode>\u003Csnow-fall>\u003C\u002Fcode> component\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin takes a no-frills, zero-config approach – you simply activate the plugin, and it just works – thanks to the excellent underlying web component implementation. There should be no notable adverse effects on performance, also given the plugin uses the \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2024\u002F03\u002F04\u002Fscript-modules-in-6-5\u002F\" rel=\"nofollow ugc\">WordPress Script Modules API\u003C\u002Fa> that was introduced in WordPress 6.5.\u003C\u002Fp>\n\u003Cp>The plugin respects user preferences for reduced motion, as a best practice for accessibility.\u003C\u002Fp>\n\u003Cp>Additional credit: \u003Ca href=\"https:\u002F\u002Funsplash.com\u002Fphotos\u002Fsnow-field-and-green-pine-trees-during-daytime-IWenq-4JHqo\" rel=\"nofollow ugc\">Banner image by Adam Chang\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>The Snow Fall plugin is \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">licensed under the GPLv2 (or later)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The \u003Ccode>\u003Csnow-fall>\u003C\u002Fcode> and \u003Ccode>\u003Cis-land>\u003C\u002Fcode> web components are \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicense\u002Fmit\" rel=\"nofollow ugc\">licensed under the MIT license\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>See their source code on GitHub:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fzachleat\u002Fsnow-fall\" rel=\"nofollow ugc\">\u003Ccode>zachleat\u002Fsnow-fall\u003C\u002Fcode>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002F11ty\u002Fis-land\" rel=\"nofollow ugc\">\u003Ccode>11ty\u002Fis-land\u003C\u002Fcode>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a subtle snow fall effect to your website, using a lightweight web component.",3323,3,"2025-11-24T23:39:00.000Z","6.9.4","6.5","7.2",[20,21,123,124,125],"holiday","lightweight","winter","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsnow-fall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnow-fall.1.0.1.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":136,"num_ratings":27,"last_updated":138,"tested_up_to":119,"requires_at_least":18,"requires_php":18,"tags":139,"homepage":18,"download_link":140,"security_score":96,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"snow-effect","Festival Snow Effect","1.0","theme funda","https:\u002F\u002Fprofiles.wordpress.org\u002Fgravitymaster97\u002F","\u003Cp>\u003Cstrong>Snow Effect\u003C\u002Fstrong> using to setup snow effect with different icon base on festival snow. Very Good looking \u003Cstrong>Falling Snow Effect\u003C\u002Fstrong> in Festival Like \u003Cstrong>Christmas, Winter, Autumn, Spring, Summer, Rain, Halloween, Thanks Giving Day, Valentine and New Year\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodesmade.com\u002Fdemo\u002Fedd\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.codesmade.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.codesmade.com\u002Fstore\u002Ffestival-snow-effect\u002F\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customize Flakes Number\u003C\u002Fli>\n\u003Cli>Flakes Minimum Size and Maximum Size\u003C\u002Fli>\n\u003Cli>Customize Flake Type\u003C\u002Fli>\n\u003Cli>Customize Color\u003C\u002Fli>\n\u003Cli>Flakes Minimum Speed and Maximum Speed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FEATURES OF THE PRO VERSION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Custom Image Upload\u003C\u002Fli>\n\u003Cli>Multiple Custom Image Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Snow effect\u003C\u002Fstrong> Provide good animation with lot of icon type in flakes. there is heart, round much kind of falling snow available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Falling Snow\u003C\u002Fstrong> in all page you can be setup in your website \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FWordPress\u002F\" rel=\"nofollow ugc\">wordpress\u003C\u002Fa> there is much kind of option available in this plugin \u003Cstrong>Snowfall\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Our More Plugins\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-field-for-wp-job-manager\u002F\" rel=\"ugc\">Custom Field For WP Job Manager\u003C\u002Fa> This plugin allows you to tailor job submission forms, capturing additional information specific to your needs.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-location-for-wp-job-manager\u002F\" rel=\"ugc\">Auto Location for WP Job Manager\u003C\u002Fa> Enhance user experience by simplifying the job search process and enabling location-based filtering.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsetup-default-feature-image\u002F\" rel=\"ugc\">Setup Default Featured Image\u003C\u002Fa> If no specific image is selected, the default will be displayed, ensuring a consistent look throughout your site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-to-pdf\u002F\" rel=\"ugc\">Post to Pdf\u003C\u002Fa> Convert your WordPress posts into PDF documents effortlessly with this plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsnow-effect\u002F\" rel=\"ugc\">Festival Snow Effect\u003C\u002Fa> Add a beautiful snow animation to your site, creating a festive atmosphere for holidays and special occasions.\u003C\u002Fp>\n","Snow Effect using to setup snow effect with different icon base on festival snow. Very Good looking Falling Snow Effect in Festival Like Christmas, Wi &hellip;",80,4585,"2025-12-29T08:27:00.000Z",[20,104,21,84,129],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnow-effect.zip",{"slug":142,"name":143,"version":131,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":96,"num_ratings":27,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":18,"tags":153,"homepage":155,"download_link":156,"security_score":157,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"christmas-snow-fall","Christmas Snow Fall","Md. Shiddikur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fmd-shiddikur-rahman\u002F","\u003Cp>This is an awesome free Christmas snow falling wordpress plugin . You can add falling snow flakes to your website and customize these snow flakes using various configuration options in your WordPress Dashboard Setting christmas snow fall option.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>you Can saw anywher your website just use shortcode [snow_fall] \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin demo link \u003Ca href=\"http:\u002F\u002Fwebeeoo.com\u002Fwp_plugin\u002Fchristmas-snow-fall-plugin-test\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwebeeoo.com\u002Fwp_plugin\u002Fchristmas-snow-fall-plugin-test\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","This is an awesome free Christmas snow falling wordpress plugin . You can add falling snow flakes to your website and customize these snow flakes usin &hellip;",10,5251,"2015-12-04T04:58:00.000Z","4.3.34","4.3.1",[20,104,21,123,154],"holiday-snow","http:\u002F\u002Fwebeeoo.com\u002Fwp_plugin\u002Fchristmas-snow-fall-plugin-test\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchristmas-snow-fall.zip",85,{"attackSurface":159,"codeSignals":219,"taintFlows":257,"riskAssessment":309,"analyzedAt":320},{"hooks":160,"ajaxHandlers":195,"restRoutes":210,"shortcodes":211,"cronEvents":212,"entryPointCount":117,"unprotectedCount":27},[161,167,171,176,180,184,187,191],{"type":162,"name":163,"callback":164,"priority":148,"file":165,"line":166},"action","plugins_loaded","snow_storm_textdomain","snow-storm.php",291,{"type":162,"name":168,"callback":169,"priority":148,"file":165,"line":170},"init","snow_storm",293,{"type":162,"name":172,"callback":173,"priority":174,"file":165,"line":175},"wp_head","snow_storm_head",11,294,{"type":162,"name":177,"callback":178,"priority":148,"file":165,"line":179},"admin_menu","snow_storm_menu",295,{"type":162,"name":181,"callback":182,"priority":148,"file":165,"line":183},"wp_enqueue_scripts","snow_storm_enqueue_scripts",296,{"type":162,"name":185,"callback":182,"priority":148,"file":165,"line":186},"admin_print_scripts",297,{"type":162,"name":188,"callback":189,"priority":148,"file":165,"line":190},"admin_notices","snowstorm_admin_notices",298,{"type":162,"name":192,"callback":193,"priority":148,"file":165,"line":194},"snowstorm_ratereviewhook","snowstorm_ratereview_hook",299,[196,201,206],{"action":197,"nopriv":198,"callback":199,"hasNonce":198,"hasCapCheck":198,"file":165,"line":200},"snowstorm_searchpp",false,"snow_storm_searchpp",57,{"action":202,"nopriv":198,"callback":203,"hasNonce":204,"hasCapCheck":198,"file":165,"line":205},"snow_storm_dismiss_smart_rating","dismiss_snow_storm_smart_rating",true,148,{"action":207,"nopriv":198,"callback":208,"hasNonce":198,"hasCapCheck":198,"file":165,"line":209},"snowstorm_dismissed_notice","snowstorm_ajax_dismissed_notice",300,[],[],[213,215,217],{"hook":192,"callback":192,"file":165,"line":214},31,{"hook":192,"callback":192,"file":165,"line":216},32,{"hook":192,"callback":192,"file":165,"line":218},33,{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":223,"fileOperations":28,"externalRequests":28,"nonceChecks":27,"capabilityChecks":58,"bundledLibraries":256},[],{"prepared":28,"raw":28,"locations":222},[],{"escaped":224,"rawEcho":225,"locations":226},12,15,[227,230,232,233,235,238,240,242,244,246,249,250,252,253,255],{"file":165,"line":228,"context":229},83,"raw output",{"file":165,"line":231,"context":229},220,{"file":165,"line":231,"context":229},{"file":165,"line":234,"context":229},239,{"file":236,"line":237,"context":229},"views\\admin\\index.php",48,{"file":236,"line":239,"context":229},58,{"file":241,"line":99,"context":229},"views\\admin\\message.php",{"file":243,"line":148,"context":229},"views\\admin\\metaboxes\\plugins.php",{"file":243,"line":245,"context":229},18,{"file":247,"line":248,"context":229},"views\\admin\\metaboxes\\settings.php",20,{"file":247,"line":248,"context":229},{"file":251,"line":61,"context":229},"views\\default\\head.php",{"file":251,"line":46,"context":229},{"file":251,"line":254,"context":229},9,{"file":251,"line":224,"context":229},[],[258,300],{"entryPoint":259,"graph":260,"unsanitizedCount":58,"severity":39},"\u003Csnow-storm> (snow-storm.php:0)",{"nodes":261,"edges":294},[262,267,273,275,279,283,285,288,292],{"id":263,"type":264,"label":265,"file":165,"line":266},"n0","source","$_REQUEST",201,{"id":268,"type":269,"label":270,"file":165,"line":271,"wp_function":272},"n1","sink","update_option() [Settings Manipulation]",203,"update_option",{"id":274,"type":264,"label":265,"file":165,"line":266},"n2",{"id":276,"type":269,"label":277,"file":165,"line":231,"wp_function":278},"n3","echo() [XSS]","echo",{"id":280,"type":264,"label":281,"file":165,"line":282},"n4","$_POST",150,{"id":284,"type":269,"label":277,"file":165,"line":234,"wp_function":278},"n5",{"id":286,"type":264,"label":281,"file":165,"line":287},"n6",186,{"id":289,"type":290,"label":291,"file":165,"line":287},"n7","transform","→ snowstorm_render_message()",{"id":293,"type":269,"label":277,"file":165,"line":234,"wp_function":278},"n8",[295,296,297,298,299],{"from":263,"to":268,"sanitized":204},{"from":274,"to":276,"sanitized":204},{"from":280,"to":284,"sanitized":204},{"from":286,"to":289,"sanitized":198},{"from":289,"to":293,"sanitized":198},{"entryPoint":301,"graph":302,"unsanitizedCount":58,"severity":308},"snowstorm_ajax_dismissed_notice (snow-storm.php:190)",{"nodes":303,"edges":306},[304,305],{"id":263,"type":264,"label":265,"file":165,"line":266},{"id":268,"type":269,"label":270,"file":165,"line":271,"wp_function":272},[307],{"from":263,"to":268,"sanitized":198},"low",{"summary":310,"deductions":311},"The \"snow-storm\" plugin v1.4.7 presents a mixed security posture. While it demonstrates some good practices such as using prepared statements for all SQL queries and having no dangerous functions or file operations, significant concerns arise from its attack surface and output sanitization. Two out of three AJAX handlers lack authentication checks, creating direct entry points for unauthenticated attackers. Furthermore, only 44% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, which aligns with its vulnerability history. The plugin has a history of two medium-severity CVEs, both related to XSS, with the last one being recently disclosed. Although there are no currently unpatched CVEs, the past vulnerabilities and the static analysis findings suggest a pattern of insecure handling of user input, particularly in AJAX endpoints and output rendering.\n\nWhile the plugin's lack of bundled libraries, external requests, and reliance on prepared SQL statements are positive security indicators, the unprotected AJAX endpoints and inadequate output escaping are critical weaknesses. The presence of unsanitized paths in taint analysis further reinforces the XSS risk. The plugin's overall security could be significantly improved by implementing robust authentication and authorization checks on all AJAX handlers and ensuring comprehensive output escaping across all rendering functions. The consistent history of XSS vulnerabilities, coupled with the current analysis, warrants caution.",[312,314,316,318],{"reason":313,"points":148},"Unprotected AJAX handlers",{"reason":315,"points":46},"Low percentage of properly escaped output",{"reason":317,"points":99},"Flows with unsanitized paths in taint analysis",{"reason":319,"points":148},"Medium severity CVEs in vulnerability history","2026-03-16T19:40:10.457Z",{"wat":322,"direct":333},{"assetPaths":323,"generatorPatterns":326,"scriptPaths":327,"versionParams":329},[324,325],"\u002Fwp-content\u002Fplugins\u002Fsnow-storm\u002Fcss\u002Fsnow-storm.css","\u002Fwp-content\u002Fplugins\u002Fsnow-storm\u002Fjs\u002Fsnow-storm.js",[],[328,325],"\u002Fwp-content\u002Fplugins\u002Fsnow-storm\u002Fjs\u002Fpostboxes.js",[330,331,332],"snow-storm\u002Fcss\u002Fsnow-storm.css?ver=","snow-storm\u002Fjs\u002Fpostboxes.js?ver=","snow-storm\u002Fjs\u002Fsnow-storm.js?ver=",{"cssClasses":334,"htmlComments":336,"htmlAttributes":337,"restEndpoints":339,"jsGlobals":340,"shortcodeOutput":342},[335],"snow-storm-settings",[],[338],"data-nonce",[],[341],"snowstorm",[]]