[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzA7KM6csROUrObO2N_DY54qcxGAJ84nvYtFqcdQlat0":3,"$fXmdd_b-jjY1_1qdRgrlFDyDNNxZBIq2ddbpd7brEYPA":2436,"$fZYsvlcxsqypiLBvqC4z-GRzTXQNdhSrer75PW2JT-ak":2440},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":237,"crawl_stats":39,"alternatives":242,"analysis":354,"fingerprints":2402},"social-networks-auto-poster-facebook-twitter-g","NextScripts: Social Networks Auto-Poster","4.4.7","NextScripts","https:\u002F\u002Fprofiles.wordpress.org\u002Fnextscripts\u002F","\u003Cp>\u003Cstrong>This plugin automatically publishes posts from your blog to your Social Media accounts\u003C\u002Fstrong> such as Twitter, Blogger, Telegram, Tumblr, Flickr, LinkedIn, ok.ru, LiveJournal, DreamWidth, Flipboard, Google My Business, Line, Diigo, Instapaper, Pinterest, Plurk, VK.com (VKontakte), YouTube, Scoop.It, WordPress, XING etc. The whole process is completely automated. Just write a new post and either entire post or it’s nicely formatted announcement with backlink will be published to all your configured social networks. You can reach the most audience and tell all your friends, readers and followers about your new post. Plugin works with profiles, business pages, community pages, groups, etc. Messages are 100% customizable and adopted for each network requirements.\u003C\u002Fp>\n\u003Cp>[Great News – July 2022] After almost 2 years break, plugin is back to active development and support. Versions 4.5 and 5.0 are coming soon…\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Version 4.4\u003C\u002Fstrong> – fully compatible with WordPress 6 and Guttenberg Blocks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Networks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Blogger\u002FBlogspot\u003C\u002Fstrong> – Autopost to your blog. HTML is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deviantart.com\u003C\u002Fstrong> – Autopost to your blog. HTML is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Diigo\u003C\u002Fstrong> – Auto-submit bookmark to your account. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flickr\u003C\u002Fstrong> – Autopost images to your photostream and\u002For sets. Tags are supported. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flipboard\u003C\u002Fstrong> (\u003Cem>with third party API library\u003C\u002Fem>) – post to your magazines.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instapaper\u003C\u002Fstrong> – Auto-submit bookmark to your account. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google My Business\u003C\u002Fstrong> (\u003Cem>with third party API library\u003C\u002Fem>) – Autopost to your Google My Business listings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Line\u003C\u002Fstrong> – Autopost to your channel, group or room.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LinkedIn\u003C\u002Fstrong> – Autopost to your account. Ability to attach your blogpost to LinkedIn post. Autopost to LinkedIn Company pages and\u002For Groups (\u003Cem>with third party API library\u003C\u002Fem>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LiveJournal\u003C\u002Fstrong> – Auto-submit your blogpost to LiveJournal blog or community. “LiveJournal Engine” based website DreamWidth.org is also supported. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>MailChimp\u003C\u002Fstrong> – One of the most popular email marketing tools. You can send your blogs as email campaigns to specific subscribers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Medium\u003C\u002Fstrong> – Autopost to your profile or publications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ok.ru (Odnoklassniki)\u003C\u002Fstrong> Autopost to your group\u002Fpage. Ability to make text posts, image posts, share links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pinterest\u003C\u002Fstrong> (\u003Cem>with third party API library\u003C\u002Fem>) – Pin your blogpost’s featured image to your Pinterest board.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reddit\u003C\u002Fstrong> (\u003Cem>with third party API library\u003C\u002Fem>) – post to your subreddits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scoop.It\u003C\u002Fstrong> (\u003Cem>with third party API library\u003C\u002Fem>) – Autopost to your “Topics”. Ability to attach your blogpost to scoop. Ability to make “Image” posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SETT\u003C\u002Fstrong> – Auto-post to your Sett.com blog.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Telegram\u003C\u002Fstrong> – Autopost to your channel, group or chat.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tumblr\u003C\u002Fstrong> – Autopost to your account. Ability to attach your blogpost to Tumblr post. HTML is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Twitter\u003C\u002Fstrong> – Autopost to your account. Ability to attach Image to tweets.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plurk\u003C\u002Fstrong> – Autopost to your account. Ability to attach Image to messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>vBulletin\u003C\u002Fstrong> – Auto-submit your blogpost to vBulletin forums. Could create new threads or new posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>vk.com (vKontakte)\u003C\u002Fstrong> – Autopost to your profile or group page. Ability to attach your blogpost to vk.com post. Ability to make “Image” posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weibo\u003C\u002Fstrong> – Biggest Chinese Microblogging Service. You can post your messages and images.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong> – Auto-submit your blogpost to another blog based on WordPress. This options includes WordPress.com, Blog.com, etc..\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XING\u003C\u002Fstrong> – Post text messages or share links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YouTube\u003C\u002Fstrong> (\u003Cem>with third party API library\u003C\u002Fem>) – Post messages to your YouTube channel feed. If blogpost has youtube reference it will be attached.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Yo\u003C\u002Fstrong> – Send notifications to your subscribers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>500px\u003C\u002Fstrong> – Autopost images to your account.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>… more networks are coming soon …\u003C\u002Fp>\n\u003Cul>\n\u003Cli>(\u003Cem>with third party API library\u003C\u002Fem>) means that you need to eitgher provide your own API or have a \u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Fsnap-api-premium-for-wordpress\u002F\" rel=\"nofollow ugc\">SNAP Premium API Library Addon for WordPress\u003C\u002Fa>. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Plugin makes 100% White Labeled Posts\u003C\u002Fstrong> The main idea behind the plugin is to give you the ability to promote only yourself. Plugin uses your own apps and all posts to all networks come only from you. No “Shared via NextScripts.com” or “Posted by SNAP for WordPress” messages.\u003C\u002Fp>\n\u003Cp>Please see \u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Finstallation-of-social-networks-auto-poster-for-wordpress\u002F\" rel=\"nofollow ugc\">complete installation instructions with video and screenshots\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free and Pro Plugin Features\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Fsnap-features\u002F\" rel=\"nofollow ugc\">Please see more detailed features list\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Fsnap-features\u002Fmessage-formatting-tags\u002F\" rel=\"nofollow ugc\">Message Formatting Tags\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Fsnap-features\u002Ffilters\u002F\" rel=\"nofollow ugc\">Filters\u003C\u002Fa>. Filters allow you to post only specified categories, tags, post types, etc… to each Social Network account.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Fsnap-features\u002Freposter\u002F\" rel=\"nofollow ugc\">Re-Poster\u003C\u002Fa>. Automatically post your already existing posts to your social media accounts.\u003C\u002Fli>\n\u003Cli>Tags\u002FCategories could be posted as Hashtags\u003C\u002Fli>\n\u003Cli>Auto-import replies and mentions from and Twitter as WordPress Comments\u003C\u002Fli>\n\u003Cli>URL Shorteners: bit.ly, goo.gl, YOURLS and built in WordPress URL Shortener\u003C\u002Fli>\n\u003Cli>Additional URL Parameters \u003C\u002Fli>\n\u003Cli>Custom URLs for AutoPosts \u003C\u002Fli>\n\u003Cli>Export\u002FImport Plugin settings\u003C\u002Fli>\n\u003Cli>See direct links to the published posts from the “Edit” page\u003C\u002Fli>\n\u003Cli>“Image” posts for VK and Twitter\u003C\u002Fli>\n\u003Cli>Ability to “Spin” message post templates\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Ftutorials\u002Fhow-to-post-woocommerce-products\u002F\" rel=\"nofollow ugc\">Full compatibility with WooCommerce\u003C\u002Fa>. SNAP can autopost new or auto-repost existing products to all your social media accounts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Some additional features could be added via addons \u003Ca href=\"https:\u002F\u002Fwww.nextscripts.net\" rel=\"nofollow ugc\">addons\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited accounts. Add\u002Fconfigure unlimited number of accounts for each social network.\u003C\u002Fli>\n\u003Cli>Ability to make Scheduled and Delayed posts\u003C\u002Fli>\n\u003Cli>Advanced Filters. Filter by Custom Fields, Custom Taxonomies, and Searches\u003C\u002Fli>\n\u003Cli>Auto-repost existing posts randomly\u003C\u002Fli>\n\u003Cli>Limit auto-reposting to specific days and times.\u003C\u002Fli>\n\u003Cli>Import comments.\u003C\u002Fli>\n\u003Cli>Use Proxies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Requirements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WordPress 6.0+ (6.9+ is preferred)\u003Cbr \u002F>\nPHP 7.4+ (8.2+ is preferred)\u003Cbr \u002F>\ncURL\u003Cbr \u002F>\nCorrectly working WP cron is required for some functionality (Scheduled posts, Auto reposter, Comments Import, etc…)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.nextscripts.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Contact support\u002FOpen Support Ticket\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other\u002FCopyrights\u003C\u002Fh3>\n\u003Cp>Plugin Name: Next Scripts Social Networks Auto-Poster\u003C\u002Fp>\n\u003Cp>Plugin URI: https:\u002F\u002Fwww.nextscripts.com\u002Fsocial-networks-auto-poster-for-wordpress\u003C\u002Fp>\n\u003Cp>Description: This plugin automatically publishes posts from your blog to your Twitter, and Google+ profiles and\u002For pages.\u003C\u002Fp>\n\u003Cp>Author: NextScripts\u003C\u002Fp>\n\u003Cp>Author URL: https:\u002F\u002Fwww.nextscripts.com\u003C\u002Fp>\n\u003Cp>Copyright 2012-2026 NextScripts Corp\u003C\u002Fp>\n\u003Cp>PHP Twitter API: Copyright 2012 – themattharris – tmhOAuth\u003C\u002Fp>\n\u003Cp>NextScripts Corp\u003C\u002Fp>\n","Automatically publishes blogposts to profiles\u002Fpages\u002Fgroups on Twitter, Google+, Pinterest, LinkedIn, Blogger, Tumblr ... 22 more",30000,7434967,66,617,"2026-02-26T22:48:00.000Z","6.9.4","6.0","",[20,21,22,23,24],"autopost","repost","sharing","social-media","social-networks","https:\u002F\u002Fwww.nextscripts.com\u002Fsocial-networks-auto-poster-for-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.zip",40,14,2,"2026-03-09 21:33:10","2026-04-16T10:56:18.058Z","no_bundle",[34,61,83,96,111,124,134,147,159,171,183,195,211,223],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":53,"research_summary":54,"research_vulnerable_code":55,"research_fix_diff":56,"research_exploit_outline":57,"research_model_used":58,"research_started_at":59,"research_completed_at":60,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-3228","nextscripts-social-networks-auto-poster-authenticated-contributor-stored-cross-site-scripting-via-nxsfbembed-shortcode","NextScripts: Social Networks Auto-Poster \u003C= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the `snapFB` post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=4.4.6","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-10 09:59:00",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F923c51ba-0ec2-4e32-a86e-404f3fe2ac7c?source=api-prod",1,[],"researched",false,3,"# Research Plan: CVE-2026-3228 - Stored XSS via `[nxs_fbembed]` Shortcode\n\n## 1. Vulnerability Summary\nThe **NextScripts: Social Networks Auto-Poster (SNAP)** plugin (\u003C= 4.4.6) is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode. The vulnerability exists because the plugin fails to sanitize or escape the `snapFB` post meta value when it is rendered through the shortcode callback. Authenticated users with at least **Contributor** permissions can create posts, set this post meta, and use the shortcode to execute arbitrary JavaScript in the context of any user (including administrators) viewing the post.\n\n## 2. Attack Vector Analysis\n* **Vulnerable Shortcode:** `[nxs_fbembed]`\n* **Vulnerable Parameter (Meta Key):** `snapFB`\n* **Authentication Level:** Contributor or higher (any role capable of creating\u002Fediting posts and using shortcodes).\n* **Injection Point:** Post Metadata.\n* **Vector:** The attacker creates a post, injects a malicious payload into the `snapFB` meta field, and includes the `[nxs_fbembed]` shortcode in the post content. When the post is viewed, the payload is echoed without escaping.\n\n## 3. Code Flow (Inferred)\n1. **Registration:** The plugin registers the shortcode during the `init` hook:\n `add_shortcode('nxs_fbembed', 'nxs_fbembed_shortcode_func');` (inferred function name).\n2. **Meta Retrieval:** Inside the shortcode callback, the plugin retrieves post meta for the current post:\n `$fbID = get_post_meta($post->ID, 'snapFB', true);`\n3. **Vulnerable Sink:** The code returns or echoes an HTML string containing `$fbID` without using `esc_html()`, `esc_attr()`, or `wp_kses()`:\n `return '\u003Cdiv class=\"nxs_fb_embed\">... ' . $fbID . ' ...\u003C\u002Fdiv>';`\n4. **Execution:** When a user visits the post, WordPress processes the shortcode, and the unsanitized script is rendered in the HTML response.\n\n## 4. Nonce Acquisition Strategy\nWhile shortcode *rendering* does not require a nonce, *setting the post meta* typically does.\n* **Approach:** Contributors can set post meta via the standard WordPress post editor. If the plugin provides a specific meta box for SNAP settings, we will use that. If not, we will attempt to set the `snapFB` meta key directly via the `post.php` update flow.\n* **Manual Meta Injection:** In standard WordPress, if \"Custom Fields\" are enabled, meta can be added directly. However, SNAP usually has its own interface.\n* **JS Variable Discovery:** If the plugin uses a custom AJAX handler to save settings, we will:\n 1. Navigate to the post editor (`wp-admin\u002Fpost-new.php`).\n 2. Check for localizing scripts: `browser_eval(\"window.nxs_obj?.nonce\")` or similar (common pattern in this plugin).\n 3. If no custom nonce is found, we rely on the standard `_wpnonce` for the `editpost` action.\n\n## 5. Exploitation Strategy\n### Step 1: Login and Post Creation\nThe attacker logs in as a Contributor and starts a new post.\n\n### Step 2: Inject Malicious Meta\nWe need to set the `snapFB` meta key. Since we are a Contributor, we can use the `editpost` action to save meta data.\n\n* **HTTP Request:** `POST \u002Fwp-admin\u002Fpost.php`\n* **Content-Type:** `application\u002Fx-www-form-urlencoded`\n* **Payload (Simplified):**\n ```\n action=editpost\n post_ID=[POST_ID]\n _wpnonce=[NONCE]\n post_title=XSS Test\n content=[nxs_fbembed]\n meta_input[snapFB]=\u003Cscript>alert(document.domain)\u003C\u002Fscript>\n ```\n *Note: If the plugin uses a specific field name in its meta box (e.g., `nxs_fb_post_id`), we will identify that via `browser_navigate` and use it instead.*\n\n### Step 3: Trigger XSS\nView the published (or previewed) post.\n\n* **HTTP Request:** `GET \u002F?p=[POST_ID]`\n* **Expected Response:** The source code contains `\u003Cscript>alert(document.domain)\u003C\u002Fscript>` inside the HTML generated by the shortcode.\n\n## 6. Test Data Setup\n1. **Plugin Installation:** Ensure `social-networks-auto-poster-facebook-twitter-g` version 4.4.6 is installed.\n2. **User Creation:**\n * Create a user with the **Contributor** role.\n ```bash\n wp user create attacker attacker@example.com --role=contributor --user_pass=password123\n ```\n3. **Identify Meta Box Fields:**\n * Navigate to the post editor as the contributor to see if SNAP adds specific input fields for Facebook post IDs.\n * Common field IDs in this plugin often follow patterns like `nxs_...`.\n\n## 7. Expected Results\n* The `update_post_meta` call (or equivalent via `post.php`) should succeed in storing the script tag in the `snapFB` meta field.\n* The `[nxs_fbembed]` shortcode should render the contents of `snapFB` directly.\n* The HTTP response for the post should contain the executable script tag, confirming Stored XSS.\n\n## 8. Verification Steps\n1. **Database Check:** Verify the meta value is stored in the database.\n ```bash\n wp post meta get [POST_ID] snapFB\n ```\n2. **HTML Inspection:** Verify the payload exists in the frontend output.\n ```bash\n # Through the execution agent's tool\n http_request(url=\"http:\u002F\u002Flocalhost:8080\u002F?p=[POST_ID]\")\n # Then grep the response body for the payload\n ```\n\n## 9. Alternative Approaches\n* **Custom Field Bypass:** If the plugin's meta box sanitizes input, but the shortcode pulls from `snapFB` meta regardless, try adding the meta via the \"Custom Fields\" meta box in WordPress (if the admin has enabled it for contributors).\n* **Attribute Breakout:** If the payload is rendered inside an attribute (e.g., `\u003Cdiv data-fb=\"[META_VALUE]\">`), adjust the payload to: `\">\u003Cscript>alert(1)\u003C\u002Fscript>`.\n* **AJAX Save:** Check for `wp_ajax_nxs_save_settings` or similar hooks in the plugin source that might allow updating post meta with weaker security checks.","The NextScripts: Social Networks Auto-Poster plugin for WordPress (\u003C= 4.4.6) is vulnerable to Stored Cross-Site Scripting via the [nxs_fbembed] shortcode. This is caused by the plugin failing to sanitize or escape the 'snapFB' post meta value when it is rendered through the shortcode's callback function, allowing Contributor-level attackers to inject malicious scripts.","\u002F\u002F File: inc-core\u002Fnxs_functions_wp.php (inferred location based on plugin structure)\n\nfunction nxs_fbembed_shortcode_func($atts) {\n global $post;\n \u002F\u002F Retrieves the post meta value without prior sanitization\n $fbID = get_post_meta($post->ID, 'snapFB', true);\n if ($fbID != '') {\n \u002F\u002F Vulnerable sink: The value is concatenated into the HTML output without escaping\n return '\u003Cdiv class=\"nxs_fb_embed\">' . $fbID . '\u003C\u002Fdiv>';\n }\n}\nadd_shortcode('nxs_fbembed', 'nxs_fbembed_shortcode_func');","--- inc-core\u002Fnxs_functions_wp.php\n+++ inc-core\u002Fnxs_functions_wp.php\n@@ -10,7 +10,7 @@\n function nxs_fbembed_shortcode_func($atts) {\n global $post;\n $fbID = get_post_meta($post->ID, 'snapFB', true);\n if ($fbID != '') {\n- return '\u003Cdiv class=\"nxs_fb_embed\">' . $fbID . '\u003C\u002Fdiv>';\n+ return '\u003Cdiv class=\"nxs_fb_embed\">' . esc_html($fbID) . '\u003C\u002Fdiv>';\n }\n }","1. Login to the WordPress site with a Contributor-level account or higher.\n2. Start a new post and enable the 'Custom Fields' meta box if it is not already visible.\n3. Create a custom field with the name 'snapFB' and set its value to a JavaScript payload, such as: \u003Cscript>alert(document.domain)\u003C\u002Fscript>.\n4. In the post editor, insert the shortcode [nxs_fbembed] into the post body.\n5. Save the post as a draft or publish it.\n6. Navigate to the post's public URL. The shortcode callback will fetch the 'snapFB' meta value and output it directly into the page, triggering the script execution in the context of the user's browser session.","gemini-3-flash-preview","2026-04-18 05:10:40","2026-04-18 05:11:03",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":39,"affected_versions":66,"patched_in_version":39,"severity":67,"cvss_score":68,"cvss_vector":69,"vuln_type":70,"published_date":71,"updated_date":72,"references":73,"days_to_patch":39,"patch_diff_files":75,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":76,"research_summary":77,"research_vulnerable_code":78,"research_fix_diff":79,"research_exploit_outline":80,"research_model_used":58,"research_started_at":81,"research_completed_at":82,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-27379","nextscripts-social-networks-auto-poster-authenticated-contributor-php-object-injection","NextScripts: Social Networks Auto-Poster \u003C= 4.4.7 - Authenticated (Contributor+) PHP Object Injection","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.4.7 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","\u003C=4.4.7","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2026-02-24 00:00:00","2026-03-05 18:06:41",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9594b351-52ba-48a7-a875-a914b70ce7b8?source=api-prod",[],"# Research Plan: CVE-2026-27379 - NextScripts: Social Networks Auto-Poster (SNAP) PHP Object Injection\n\n## 1. Vulnerability Summary\nThe NextScripts: Social Networks Auto-Poster (SNAP) plugin for WordPress (versions \u003C= 4.4.7) is vulnerable to **PHP Object Injection** due to the insecure use of the `unserialize()` function on user-controllable input. Specifically, the plugin processes settings and post-related data via AJAX handlers that do not adequately verify the user's capabilities (allowing Contributor+ access) or sanitize the input before deserialization. An attacker can submit a base64-encoded, serialized PHP object to trigger the vulnerability. While no built-in POP (Property-Oriented Programming) chain is identified in the plugin itself, this vulnerability can be leveraged if other plugins or themes on the site provide a suitable chain for Remote Code Execution (RCE) or arbitrary file deletion.\n\n## 2. Attack Vector Analysis\n* **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n* **AJAX Action:** `nxs_snap_aj` (inferred from common SNAP AJAX routing)\n* **Vulnerable Parameter:** `nxs_mq_data` or `nxs_data` (inferred based on plugin history)\n* **Authentication:** Contributor-level session required.\n* **Preconditions:** \n 1. The plugin must be active.\n 2. A valid WordPress nonce for the SNAP AJAX action must be obtained.\n 3. The attacker must have a user account with at least `contributor` privileges.\n\n## 3. Code Flow (Inferred)\n1. **Entry Point:** The plugin registers a central AJAX handler: \n `add_action('wp_ajax_nxs_snap_aj', 'nxs_snap_aj_callback');` (or similar registration in `nxs-snap.php`).\n2. **Lack of Capability Check:** The callback function `nxs_snap_aj_callback` (located in `inc\u002Fnxs-functions.php` or `classes\u002Fclass-nxs-main.php`) checks for a valid nonce but fails to check for `manage_options` capability, allowing any logged-in user to reach the logic.\n3. **Data Retrieval:** The function retrieves a POST parameter (likely `nxs_mq_data` or `nxs_data`).\n4. **Decoding:** The input is often passed through `stripslashes()` and `base64_decode()`.\n5. **Vulnerable Sink:** The decoded string is passed directly to `unserialize()`.\n ```php\n \u002F\u002F Inferred vulnerable code pattern\n if (isset($_POST['nxs_data'])) {\n $raw_data = $_POST['nxs_data'];\n $decoded = base64_decode($raw_data);\n $data = unserialize($decoded); \u002F\u002F PHP Object Injection point\n }\n ```\n\n## 4. Nonce Acquisition Strategy\nThe SNAP plugin localizes its AJAX configuration, including the nonce, to the WordPress admin dashboard.\n\n1. **Identify Shortcode\u002FPage:** SNAP's scripts are typically enqueued on its settings pages, but basic AJAX vars are often available on the main Dashboard or Post Editor for authorized users.\n2. **Target Variable:** The plugin uses a localized JavaScript object, typically named `nxs_script_vars` or `nxs_snap_ajax`.\n3. **Action String:** The nonce is usually generated for the action `nxs_snap_aj`.\n4. **Strategy:**\n - Log in as a Contributor.\n - Navigate to `\u002Fwp-admin\u002Findex.php` (Dashboard).\n - Execute `browser_eval` to extract the nonce.\n - **JS Logic:** `window.nxs_script_vars?.nxs_snap_ajax_nonce` or `window.nxs_snap_ajax?.nonce`.\n\n## 5. Exploitation Strategy\n### Step 1: Authentication\nLog in to the WordPress target using Contributor credentials.\n\n### Step 2: Nonce Extraction\nUse the `browser_navigate` and `browser_eval` tools to grab the nonce.\n* **Navigate:** `https:\u002F\u002F\u003Ctarget>\u002Fwp-admin\u002Findex.php`\n* **Eval:** `nxs_script_vars.nxs_snap_ajax_nonce` (Verify the exact key in the page source).\n\n### Step 3: Payload Preparation\nCreate a serialized PHP object. Since no specific POP chain is known, we will use a simple \"dummy\" object to verify the injection point (e.g., a non-existent class which will trigger a PHP notice if logging is enabled).\n* **Object:** `O:20:\"NXS_Exploit_Verified\":0:{}`\n* **Base64 Payload:** `TzoyMDoiTlhTX0V4cGxvaXRfVmVyaWZpZWQiOjA6e30=`\n\n### Step 4: Execution\nSubmit the payload via `http_request`.\n\n* **URL:** `https:\u002F\u002F\u003Ctarget>\u002Fwp-admin\u002Fadmin-ajax.php`\n* **Method:** POST\n* **Headers:** `Content-Type: application\u002Fx-www-form-urlencoded`\n* **Body:**\n ```\n action=nxs_snap_aj&nxs_snap_ajax_nonce=[NONCE]&nxs_data=TzoyMDoiTlhTX0V4cGxvaXRfVmVyaWZpZWQiOjA6e30=\n ```\n\n## 6. Test Data Setup\n1. **User:** Create a user with the `contributor` role.\n2. **Plugin Settings:** Ensure SNAP is active. Default settings are sufficient.\n3. **Enable Logging:** To verify the injection, enable `WP_DEBUG` and `WP_DEBUG_LOG` in `wp-config.php`.\n\n## 7. Expected Results\n* The server should return a 200 OK response (unless the deserialization causes a fatal error).\n* If `WP_DEBUG_LOG` is enabled, look for an entry: `PHP Fatal error: unserialize(): Drawing of 'NXS_Exploit_Verified' failed` or `Class 'NXS_Exploit_Verified' not found`.\n* If using a known POP chain (e.g., from another plugin like Elementor or a core class like `WP_Theme` for older versions), the side effect of that chain (file write, etc.) should be observable.\n\n## 8. Verification Steps\nAfter sending the request, check the WordPress debug log:\n```bash\n# Check the debug log for evidence of deserialization attempt\ncat \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fdebug.log | grep \"NXS_Exploit_Verified\"\n```\n\nVerify that the `nxs_snap_aj` action is indeed reachable by a contributor:\n```bash\n# Check if the handler performs capability checks\ngrep -r \"function nxs_snap_aj_callback\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002F\n```\n\n## 9. Alternative Approaches\nIf `nxs_data` is not the correct parameter:\n1. Search the source for all occurrences of `unserialize(`:\n `grep -rn \"unserialize(\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002F`\n2. If the input is not Base64, try URL-encoded raw serialized data.\n3. Some SNAP versions use `maybe_unserialize()`. Check if parameters passed to `maybe_unserialize` originate from `$_POST`.\n4. Check for other AJAX actions: `nxs_repost_aj`, `nxs_testPost`, or `nxs_getLog`. These often share the same routing logic.","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to PHP Object Injection in versions up to 4.4.7. This occurs because the plugin's AJAX handlers process user-controllable input via the PHP unserialize() function without adequate capability checks or data sanitization. Authenticated attackers with Contributor-level access or higher can exploit this to inject PHP objects, potentially leading to remote code execution if a suitable POP chain is present in other installed plugins or themes.","\u002F\u002F Inferred from research plan in inc\u002Fnxs-functions.php or classes\u002Fclass-nxs-main.php\n\nfunction nxs_snap_aj_callback() {\n \u002F\u002F Nonce check is present, but capability check is missing\n check_ajax_referer('nxs_snap_aj', 'nxs_snap_ajax_nonce');\n \n if (isset($_POST['nxs_data'])) {\n $raw_data = $_POST['nxs_data'];\n $decoded = base64_decode($raw_data);\n \u002F\u002F Vulnerable Sink\n $data = unserialize($decoded);\n \u002F\u002F ... logic processing $data ...\n }\n}","--- a\u002Finc\u002Fnxs-functions.php\n+++ b\u002Finc\u002Fnxs-functions.php\n@@ -10,7 +10,11 @@\n function nxs_snap_aj_callback() {\n check_ajax_referer('nxs_snap_aj', 'nxs_snap_ajax_nonce');\n+\n+ if (!current_user_can('manage_options')) {\n+ wp_die(-1);\n+ }\n+\n if (isset($_POST['nxs_data'])) {\n- $data = unserialize(base64_decode($_POST['nxs_data']));\n+ $data = json_decode(base64_decode($_POST['nxs_data']), true);\n if (is_null($data)) {\n \u002F\u002F handle error\n }","The exploit targets the AJAX endpoint \u002Fwp-admin\u002Fadmin-ajax.php using the nxs_snap_aj action. \n\n1. Authentication: The attacker must log in with at least Contributor-level privileges to access the WordPress admin dashboard.\n2. Nonce Acquisition: The attacker extracts the AJAX nonce (likely named nxs_snap_ajax_nonce) from the localized JavaScript variables (nxs_script_vars) present in the dashboard's page source.\n3. Payload Construction: A serialized PHP object is created. If no POP chain is known in the plugin, a dummy object can be used to confirm the vulnerability via error logging or a known chain from WordPress core\u002Fother plugins for higher impact.\n4. Submission: The attacker sends a POST request to admin-ajax.php with the action parameter set to 'nxs_snap_aj', the retrieved nonce, and the 'nxs_data' parameter containing the base64-encoded serialized object. \n5. Execution: The server-side code decodes the base64 string and passes it to unserialize(), triggering the object injection.","2026-04-19 01:01:33","2026-04-19 01:01:58",{"id":84,"url_slug":85,"title":86,"description":87,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":39,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":90,"updated_date":91,"references":92,"days_to_patch":39,"patch_diff_files":94,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-37275","nextscripts-reflected-cross-site-scripting","NextScripts \u003C= 4.4.6 - Reflected Cross-Site Scripting","The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-06-27 00:00:00","2026-03-06 14:39:45",[93],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8ea59532-e1c2-4dad-b2a8-01f401c54181?source=api-prod",[],0,{"id":97,"url_slug":98,"title":99,"description":100,"plugin_slug":4,"theme_slug":39,"affected_versions":101,"patched_in_version":102,"severity":41,"cvss_score":103,"cvss_vector":104,"vuln_type":105,"published_date":106,"updated_date":107,"references":108,"days_to_patch":48,"patch_diff_files":110,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-1446","nextscripts-social-networks-auto-poster-cross-site-request-forgery-to-arbitrary-post-deletion","NextScripts: Social Networks Auto-Poster \u003C= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.4.3","4.4.4",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Cross-Site Request Forgery (CSRF)","2024-05-21 18:36:02","2024-05-22 06:50:33",[109],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F306b23ee-7dcb-4281-a218-21168998c4b9?source=api-prod",[],{"id":112,"url_slug":113,"title":114,"description":115,"plugin_slug":4,"theme_slug":39,"affected_versions":101,"patched_in_version":102,"severity":67,"cvss_score":116,"cvss_vector":117,"vuln_type":118,"published_date":119,"updated_date":120,"references":121,"days_to_patch":48,"patch_diff_files":123,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-2088","nextscripts-social-networks-auto-poster-authenticatedsubscriber-sensitive-information-exposure","NextScripts: Social Networks Auto-Poster \u003C= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets.",8.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:L\u002FA:N","Exposure of Sensitive Information Through Data Queries","2024-05-21 18:34:01","2024-05-22 06:50:34",[122],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F70724bc7-c1f4-4965-8bba-99b2ed21d34b?source=api-prod",[],{"id":125,"url_slug":126,"title":127,"description":128,"plugin_slug":4,"theme_slug":39,"affected_versions":101,"patched_in_version":102,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":129,"updated_date":130,"references":131,"days_to_patch":48,"patch_diff_files":133,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-1762","nextscripts-social-networks-auto-poster-unauthenticated-stored-cross-site-scripting-via-user-agent","NextScripts: Social Networks Auto-Poster \u003C= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view \"All Cron Events\" in order for the injection to fire.","2024-05-21 18:29:23","2024-05-22 06:50:35",[132],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8063a545-4792-4ab7-b188-0e51a0fcfed4?source=api-prod",[],{"id":135,"url_slug":136,"title":137,"description":138,"plugin_slug":4,"theme_slug":39,"affected_versions":139,"patched_in_version":140,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":141,"updated_date":142,"references":143,"days_to_patch":145,"patch_diff_files":146,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-49183","nextscripts-reflected-cross-site-scripting-via-code","NextScripts \u003C= 4.4.2 - Reflected Cross-Site Scripting via code","The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘code’ parameter in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=4.4.2","4.4.3","2023-11-29 00:00:00","2024-01-22 19:56:02",[144],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F15f00b65-8304-4132-a2cf-8145444ecfb1?source=api-prod",55,[],{"id":148,"url_slug":149,"title":150,"description":151,"plugin_slug":4,"theme_slug":39,"affected_versions":152,"patched_in_version":153,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":154,"updated_date":142,"references":155,"days_to_patch":157,"patch_diff_files":158,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"WF-752caefe-7e87-4d4f-89e0-fbd28e4076c4-social-networks-auto-poster-facebook-twitter-g","nextscripts-social-networks-auto-poster-reflected-cross-site-scripting-2","NextScripts: Social Networks Auto-Poster \u003C= 4.3.25 - Reflected Cross-Site Scripting","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 4.3.25. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=4.3.25","4.3.26","2022-07-04 00:00:00",[156],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F752caefe-7e87-4d4f-89e0-fbd28e4076c4?source=api-prod",568,[],{"id":160,"url_slug":161,"title":162,"description":163,"plugin_slug":4,"theme_slug":39,"affected_versions":164,"patched_in_version":165,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":166,"updated_date":142,"references":167,"days_to_patch":169,"patch_diff_files":170,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2021-24975","nextscripts-social-networks-auto-poster-unauthenticated-stored-cross-site-scripting","NextScripts: Social Networks Auto-Poster \u003C= 4.3.23 - Unauthenticated Stored Cross-Site Scripting","The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue","\u003C4.3.24","4.3.24","2022-01-03 00:00:00",[168],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0c0c1e62-1a1c-4a76-bd99-7ede232dc965?source=api-prod",750,[],{"id":172,"url_slug":173,"title":174,"description":175,"plugin_slug":4,"theme_slug":39,"affected_versions":176,"patched_in_version":177,"severity":41,"cvss_score":178,"cvss_vector":179,"vuln_type":105,"published_date":166,"updated_date":142,"references":180,"days_to_patch":169,"patch_diff_files":182,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2021-25072","nextscripts-social-networks-auto-poster-arbitrary-post-deletion-via-cross-site-request-forgery","NextScripts: Social Networks Auto-Poster \u003C= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery","The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack","\u003C4.3.25","4.3.25",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:H\u002FA:N",[181],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F418e1f3b-ca99-4576-add9-d6134ba3869d?source=api-prod",[],{"id":184,"url_slug":185,"title":186,"description":187,"plugin_slug":4,"theme_slug":39,"affected_versions":188,"patched_in_version":189,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":190,"updated_date":142,"references":191,"days_to_patch":193,"patch_diff_files":194,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2021-38356","nextscripts-social-networks-auto-poster-reflected-cross-site-scripting","NextScripts: Social Networks Auto-Poster \u003C= 4.3.20 - Reflected Cross-Site Scripting","The NextScripts: Social Networks Auto-Poster \u003C= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc\u002Fnxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].","\u003C=4.3.20","4.3.21","2021-11-28 10:14:00",[192],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2f715a80-ec70-4f1e-8ec9-c6f70173e5d7?source=api-prod",785,[],{"id":196,"url_slug":197,"title":198,"description":199,"plugin_slug":4,"theme_slug":39,"affected_versions":200,"patched_in_version":201,"severity":41,"cvss_score":202,"cvss_vector":203,"vuln_type":204,"published_date":205,"updated_date":206,"references":207,"days_to_patch":209,"patch_diff_files":210,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2020-36831","nextscripts-social-networks-auto-poster-missing-authorization","NextScripts: Social Networks Auto-Poster \u003C= 4.3.17 - Missing Authorization","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege\u002Fsecurity functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.","\u003C=4.3.17","4.3.18",5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:N\u002FI:L\u002FA:N","Improper Access Control","2020-09-05 00:00:00","2024-10-16 06:43:28",[208],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3709465d-6d67-45bd-abb9-4875065b8129?source=api-prod",1502,[],{"id":212,"url_slug":213,"title":214,"description":215,"plugin_slug":4,"theme_slug":39,"affected_versions":216,"patched_in_version":217,"severity":41,"cvss_score":88,"cvss_vector":89,"vuln_type":44,"published_date":218,"updated_date":142,"references":219,"days_to_patch":221,"patch_diff_files":222,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2019-9911","nextscripts-social-networks-auto-poster-reflected-cross-site-scripting-3","NextScripts: Social Networks Auto-Poster \u003C= 4.2.7 - Reflected Cross-Site Scripting","The NextScripts: Social Networks Auto-Poster plugin before 4.2.8 for WordPress has wp-admin\u002Fadmin.php?page=nxssnap-reposter&action=edit item XSS.","\u003C4.2.8","4.2.8","2019-02-05 00:00:00",[220],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff3781245-14b1-4b1c-a471-a5a413cdb2ed?source=api-prod",1813,[],{"id":224,"url_slug":225,"title":226,"description":227,"plugin_slug":4,"theme_slug":39,"affected_versions":228,"patched_in_version":229,"severity":67,"cvss_score":230,"cvss_vector":231,"vuln_type":44,"published_date":232,"updated_date":142,"references":233,"days_to_patch":235,"patch_diff_files":236,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":95,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"WF-9d2df49d-0276-403d-9fe8-00fdf7262818-social-networks-auto-poster-facebook-twitter-g","nextscripts-social-networks-auto-poster-stored-cross-site-scripting","NextScripts: Social Networks Auto-Poster \u003C= 3.4.17 - Stored Cross-Site Scripting","The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nxsMainFromElementAccts’ parameter in versions before 3.4.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C3.4.18","3.4.18",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2015-05-25 00:00:00",[234],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d2df49d-0276-403d-9fe8-00fdf7262818?source=api-prod",3165,[],{"slug":238,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":239,"trust_score":240,"computed_at":241},"nextscripts",783,37,"2026-05-19T22:38:29.083Z",[243,265,284,310,334],{"slug":244,"name":245,"version":246,"author":247,"author_profile":248,"description":249,"short_description":250,"active_installs":251,"downloaded":252,"rating":95,"num_ratings":95,"last_updated":253,"tested_up_to":254,"requires_at_least":255,"requires_php":18,"tags":256,"homepage":261,"download_link":262,"security_score":263,"vuln_count":95,"unpatched_count":95,"last_vuln_date":39,"fetched_at":264},"wp-tweetbox","WP Tweetbox","0.1","Riyaz","https:\u002F\u002Fprofiles.wordpress.org\u002Friyaznet\u002F","\u003Cp>WP Tweetbox adds a manual tweetbox with Twitter-style editor at the end of posts and pages.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tweets branded to your website\u003C\u002Fli>\n\u003Cli>Fully Customizable Tweetbox\u003C\u002Fli>\n\u003Cli>Tweet text can be auto-generated\u003C\u002Fli>\n\u003Cli>You can specify a custom Tweet text for individual posts\u002Fpages\u003C\u002Fli>\n\u003Cli>Tweetbox can be disabled on individual posts\u002Fpages\u003C\u002Fli>\n\u003Cli>Supports Su.pr, Bit.ly, Bitly.pro, Wp.me URL shorteners\u003C\u002Fli>\n\u003Cli>You can use a WordPress short URL with post ID or long permalink URL as well\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Tweetbox adds a highly customizable Tweetbox at the end of blog posts and pages. Tweets are branded with your own website URL.",10,3440,"2010-08-26T13:30:00.000Z","3.0.5","2.9.2",[257,258,259,24,260],"social","social-bookmarking","social-media-sharing","twitter","http:\u002F\u002Fwww.riyaz.net\u002Fwp-tweetbox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tweetbox.0.1.zip",85,"2026-04-06T09:54:40.288Z",{"slug":266,"name":267,"version":268,"author":269,"author_profile":270,"description":271,"short_description":272,"active_installs":95,"downloaded":273,"rating":95,"num_ratings":95,"last_updated":274,"tested_up_to":275,"requires_at_least":276,"requires_php":277,"tags":278,"homepage":281,"download_link":282,"security_score":283,"vuln_count":95,"unpatched_count":95,"last_vuln_date":39,"fetched_at":31},"nevamiss","Nevamiss Auto Share","1.1.5","Eliasu Abraman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsabali33\u002F","\u003Cp>This project is a WordPress plugin that allows site administrators to share their content to social media networks\u003Cbr \u002F>\nIt requires configuration and authorization of the supported social media networks.\u003C\u002Fp>\n\u003Ch3>How to set it up\u003C\u002Fh3>\n\u003Cp>– Install this plugin at Dashboard > Plugins > Add New.\u003Cbr \u002F>\n– Go to Auto Share > Settings > General > API Keys & Secrets the add API keys for the networks you intend to post to.\u003Cbr \u002F>\n– Login to the configured networks at Auto Share > Settings > Network Accounts.\u003Cbr \u002F>\n– That’s all\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>– Instantly share post to social media accounts\u003Cbr \u002F>\n– Create crons called schedules to share contents at selected times\u003Cbr \u002F>\n– Support multiple login to different accounts on the same network.\u003Cbr \u002F>\n– Re-order the order of sharing for schedule posts.\u003Cbr \u002F>\n– Track shared posts for schedules\u003Cbr \u002F>\n– Display upcoming posts and last shared posts\u003Cbr \u002F>\n– URL shortnering\u003C\u002Fp>\n\u003Ch3>Supported Social Media Networks\u003C\u002Fh3>\n\u003Cp>– Facebook\u003Cbr \u002F>\n– X\u003Cbr \u002F>\n– Linkedin\u003Cbr \u002F>\n– Instagram\u003C\u002Fp>\n\u003Ch3>Supported URL Shortners\u003C\u002Fh3>\n\u003Cp>– Rebrandly\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to third-party APIs to provide its features. These connections occur only after explicit authorization by the site administrator. The plugin enables features such as posting content to social media accounts, creating short URLs, and retrieving user account details. Below is a comprehensive explanation of how the plugin interacts with these external services and ensures compliance with privacy and security standards.\u003C\u002Fp>\n\u003Ch3>Data Collection and Handling\u003C\u002Fh3>\n\u003Cp>The plugin collects and processes the following data to enable integration with external services:\u003Cbr \u002F>\n– \u003Cstrong>Usernames or full names\u003C\u002Fstrong>: Used for account identification.\u003Cbr \u002F>\n– \u003Cstrong>Remote account IDs\u003C\u002Fstrong>: Required for managing external accounts via the plugin.\u003Cbr \u002F>\n– \u003Cstrong>Access tokens and expiry dates\u003C\u002Fstrong>: Used for authentication and secure API communication.\u003C\u002Fp>\n\u003Cp>This data is:\u003Cbr \u002F>\n1. Stored securely in the WordPress database, encrypted when applicable.\u003Cbr \u002F>\n2. Used solely to perform authorized actions, such as posting content or scheduling tasks.\u003Cbr \u002F>\n3. Removed when the user revokes authorization or deletes the plugin.\u003C\u002Fp>\n\u003Cp>The plugin does not collect or share any additional data beyond what is required to facilitate its features.\u003C\u002Fp>\n\u003Ch3>User Consent and Privacy\u003C\u002Fh3>\n\u003Cp>– The plugin requires \u003Cstrong>explicit user authorization\u003C\u002Fstrong> before connecting to any external service. Users are presented with a consent screen detailing:\u003Cbr \u002F>\n – The purpose of the connection.\u003Cbr \u002F>\n – The data that will be shared.\u003Cbr \u002F>\n – Links to the external service’s privacy policy.\u003Cbr \u002F>\n– No data is transmitted to third-party services without user consent.\u003Cbr \u002F>\n– Users can revoke access at any time via the plugin’s settings. Upon revocation, all related data is securely deleted.\u003C\u002Fp>\n\u003Cp>The plugin complies with global privacy regulations, including GDPR and CCPA. It minimizes data collection and ensures that users can exercise their rights to data access, correction, and deletion.\u003C\u002Fp>\n\u003Ch3>Security Practices\u003C\u002Fh3>\n\u003Cp>– All API communications occur over secure HTTPS connections.\u003Cbr \u002F>\n– Access tokens are stored encrypted and are not exposed to unauthorized users.\u003Cbr \u002F>\n– Expired tokens are automatically removed, and users are prompted to reauthorize when necessary.\u003Cbr \u002F>\n– The plugin implements error handling for API requests, including retries and logging failures in a secure log file.\u003C\u002Fp>\n\u003Ch3>List of External Services\u003C\u002Fh3>\n\u003Cp>Below are the external services used by the plugin, their APIs, and links to their respective terms and policies:\u003C\u002Fp>\n\u003Ch4>Rebrandly\u003C\u002Fh4>\n\u003Cp>– \u003Cstrong>Purpose\u003C\u002Fstrong>: Short URL generation for social media posts.\u003Cbr \u002F>\n– \u003Cstrong>API\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fapi.rebrandly.com\u002Fv1\u002Flinks\" rel=\"nofollow ugc\">API Link\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.rebrandly.com\u002Fterms-conditions\" rel=\"nofollow ugc\">Rebrandly Terms\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.rebrandly.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Rebrandly Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>X (formerly Twitter)\u003C\u002Fh4>\n\u003Cp>– \u003Cstrong>Purpose\u003C\u002Fstrong>: Content posting, media upload, and account management.\u003Cbr \u002F>\n– \u003Cstrong>APIs\u003C\u002Fstrong>:\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fi\u002Foauth2\u002Fauthorize\" rel=\"nofollow ugc\">Authorization\u003C\u002Fa>: Used for user login and token generation.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fupload.twitter.com\u002F1.1\" rel=\"nofollow ugc\">Media Upload\u003C\u002Fa>: Used for uploading media files.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fapi.twitter.com\u002F2\" rel=\"nofollow ugc\">Posting\u003C\u002Fa>: Used for posting text-based content.\u003Cbr \u002F>\n– \u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdeveloper.x.com\u002Fen\u002Fdeveloper-terms\u002Fagreement-and-policy\" rel=\"nofollow ugc\">Developer Terms\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fx.com\u002Fen\u002Fprivacy\" rel=\"nofollow ugc\">X Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Facebook\u003C\u002Fh4>\n\u003Cp>– \u003Cstrong>Purpose\u003C\u002Fstrong>: Content posting, account retrieval, and page management.\u003Cbr \u002F>\n– \u003Cstrong>APIs\u003C\u002Fstrong>:\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fv20.0\u002Fdialog\u002Foauth\" rel=\"nofollow ugc\">Authorization\u003C\u002Fa>: Used to initiate user login and consent.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fgraph.facebook.com\u002Fv20.0\u002Foauth\u002Faccess_token\" rel=\"nofollow ugc\">Access Tokens\u003C\u002Fa>: Used to retrieve access tokens after user consent.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fgraph.facebook.com\u002F\" rel=\"nofollow ugc\">Graph API\u003C\u002Fa>: Used to manage user accounts and post content.\u003Cbr \u002F>\n– \u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fterms\u002Fdfc_platform_terms\u002F\" rel=\"nofollow ugc\">Facebook Platform Terms\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fdevpolicy\u002F\" rel=\"nofollow ugc\">Facebook Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Instagram\u003C\u002Fh4>\n\u003Cp>– \u003Cstrong>Purpose\u003C\u002Fstrong>: Content posting and account management.\u003Cbr \u002F>\n– \u003Cstrong>APIs\u003C\u002Fstrong>:\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Foauth\u002Fauthorize\" rel=\"nofollow ugc\">Authorization\u003C\u002Fa>: Used for user login and token generation.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fapi.instagram.com\u002Foauth\u002Faccess_token\" rel=\"nofollow ugc\">Access Tokens\u003C\u002Fa>: Used to retrieve access tokens.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fgraph.instagram.com\u002F\" rel=\"nofollow ugc\">Graph API\u003C\u002Fa>: Used for posting content and retrieving account details.\u003Cbr \u002F>\n– \u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fterms\u002Fdfc_platform_terms\u002F\" rel=\"nofollow ugc\">Instagram Platform Terms\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policies\u003C\u002Fstrong>:\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fdevpolicy\u002F\" rel=\"nofollow ugc\">Developer Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fprivacycenter.instagram.com\u002Fpolicy\" rel=\"nofollow ugc\">General Instagram Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>LinkedIn\u003C\u002Fh4>\n\u003Cp>– \u003Cstrong>Purpose\u003C\u002Fstrong>: Content posting and account management.\u003Cbr \u002F>\n– \u003Cstrong>APIs\u003C\u002Fstrong>:\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Foauth\u002Fv2\u002Fauthorization\" rel=\"nofollow ugc\">Authorization\u003C\u002Fa>: Used to create login and consent flow.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fapi.linkedin.com\u002F\" rel=\"nofollow ugc\">API Root\u003C\u002Fa>: Used for accessing user data and posting content.\u003Cbr \u002F>\n – \u003Ca href=\"https:\u002F\u002Fapi.linkedin.com\u002Fv2\" rel=\"nofollow ugc\">Version 2 API\u003C\u002Fa>: An updated version of the API.\u003Cbr \u002F>\n– \u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Flegal\u002Fl\u002Fapi-terms-of-use\" rel=\"nofollow ugc\">LinkedIn API Terms\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Flegal\u002Fprivacy-policy\" rel=\"nofollow ugc\">LinkedIn Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>—\u003C\u002Fp>\n\u003Ch3>Plugin Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin provides a privacy policy section in the plugin’s settings page, summarizing:\u003Cbr \u002F>\n1. The data collected and its purpose.\u003Cbr \u002F>\n2. The list of external services used.\u003Cbr \u002F>\n3. User rights regarding data access, correction, and deletion.\u003Cbr \u002F>\n4. A direct link to the plugin documentation.\u003C\u002Fp>\n\u003Ch3>When Does the Plugin Communicate with These Services?\u003C\u002Fh3>\n\u003Cp>The plugin reaches out to the supported social media networks APIs in the following circumstances:\u003Cbr \u002F>\n– When a user authenticates via their social media account to grant access.\u003Cbr \u002F>\n– When posting content on behalf of the user (through schedules).\u003Cbr \u002F>\n– When a user manually decides to instantly share a WordPress post to authorized social media accounts.\u003Cbr \u002F>\n– Create a UI interface where site managers can post custom content based on a category of posts.\u003C\u002Fp>\n","This plugin allows site users to auto-share their site content to authorized social media accounts.",826,"2025-01-10T11:16:00.000Z","6.7.5","5.6","8.0",[279,20,21,23,280],"auto-post","social-network","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnevamiss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnevamiss.1.1.5.zip",92,{"slug":285,"name":286,"version":287,"author":288,"author_profile":289,"description":290,"short_description":291,"active_installs":292,"downloaded":293,"rating":294,"num_ratings":295,"last_updated":296,"tested_up_to":297,"requires_at_least":298,"requires_php":299,"tags":300,"homepage":306,"download_link":307,"security_score":308,"vuln_count":52,"unpatched_count":95,"last_vuln_date":309,"fetched_at":31},"social-icons-widget-by-wpzoom","Social Icons Widget & Block – Social Media Icons & Share Buttons","4.5.10","WPZOOM","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpzoom\u002F","\u003Ch4>Social Media Icons & Share Buttons for WordPress\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The best social icons plugin for WordPress.\u003C\u002Fstrong> Add beautiful social media icons and share buttons anywhere on your site. 400+ icons, Gutenberg block, widget, Elementor support – all in one plugin.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsocial-icons-widget-by-wpzoom\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002Fsocial-icons\u002F\" rel=\"nofollow ugc\">Social Icons Block Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002Fsocial-icons\u002F2016\u002F04\u002F21\u002Fsharing-buttons\u002F\" rel=\"nofollow ugc\">Sharing Buttons Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Social Icons & Sharing Buttons\u003C\u002Fstrong> helps you to add social media icons and sharing buttons to your website. The plugin includes several icon sets, which gives you the possibility to use the widget for more than just linking to your social media profiles. You can use generic icons to add links to anything you want, and enable sharing buttons to let visitors share your content across social networks.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>With the help of WPZOOM’s excellent Social Icons Widget plugin, you can link to all your social network profiles and add sharing buttons in no time, letting your visitors easily get in touch with you on all social media channels and share your content.\u003Cbr \u002F>\n ⭐️⭐️⭐️⭐️⭐️\u003Cbr \u002F>\n WPKlik\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>What’s new in 4.5.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW: Social Sharing Buttons Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NEW: Add Social Sharing Buttons in posts and pages\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s new in 4.4.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW: Add SVG Icons in the Social Icons Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s new in 4.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW: Gutenberg Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>New icon styles in the new Social Icons Block\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Where I can view a Demo?\u003C\u002Fh4>\n\u003Cp>You can view the plugin live in all our themes at \u003Ca href=\"https:\u002F\u002Fwww.wpzoom.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">WPZOOM\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>View Demo & Examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002F?theme=foodica\" rel=\"nofollow ugc\">Foodica Theme\u003C\u002Fa> – header bar and sidebar\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002Finspiro\" rel=\"nofollow ugc\">Inspiro Theme\u003C\u002Fa> – sidebar panel and footer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Social Icons Block:\u003C\u002Fstrong>\u003Cbr \u002F>\n* SVG Icons Support – Upload custom SVG icons\u003Cbr \u002F>\n* 400+ Custom Icons from 5 Icon Sets\u003Cbr \u002F>\n* Gutenberg Block with Live Preview\u003Cbr \u002F>\n* Drag & Drop Icons with Sortable Arrows\u003Cbr \u002F>\n* Color Picker for Each Icon\u003Cbr \u002F>\n* Search by Keywords\u003Cbr \u002F>\n* Adjust Icon Size & Padding\u003Cbr \u002F>\n* Multiple Styles: Icon Shape and Icon with Background\u003Cbr \u002F>\n* 3 Background Styles: Rounded Corners, Round, Square\u003Cbr \u002F>\n* Icon Sets + Shortcodes\u003Cbr \u002F>\n* Elementor Widget Integration\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Social Sharing Buttons Block:\u003C\u002Fstrong>\u003Cbr \u002F>\n* 12+ Sharing Platforms: Facebook, X, Threads, LinkedIn, Pinterest, Reddit, Telegram, WhatsApp, Bluesky, Email, Copy Link, and Print\u003Cbr \u002F>\n* Multiple Button Styles: Circle, Square, Rounded, Outlined, Minimal, One-tone\u003Cbr \u002F>\n* Customizable Colors, Sizes, Padding & Margins\u003Cbr \u002F>\n* Show\u002FHide Labels\u003Cbr \u002F>\n* Print Button to Trigger Browser Print Dialog\u003Cbr \u002F>\n* Copy Link Button with Visual Feedback\u003Cbr \u002F>\n* X\u002FTwitter Username Integration (via parameter)\u003C\u002Fp>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cp>Upgrade to \u003Ca href=\"https:\u002F\u002Fwww.wpzoom.com\u002Fplugins\u002Fsocial-share\u002F\" rel=\"nofollow ugc\">Social Icons Widget PRO\u003C\u002Fa> to unlock powerful features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Floating Buttons\u003C\u002Fstrong> – Display social sharing icons as a fixed floating bar on the side of your website (NEW!)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share Analytics Dashboard\u003C\u002Fstrong> – Track how visitors share your content with detailed analytics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Like Button\u003C\u002Fstrong> – Add a like button to let visitors engage with your posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI Share Buttons\u003C\u002Fstrong> – Share to ChatGPT, Claude, and Perplexity AI platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share Counts\u003C\u002Fstrong> – Display total and individual share counts on buttons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>External Share Counts\u003C\u002Fstrong> – Fetch real share counts from Facebook, Pinterest via SharedCount API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom SVG Icon Uploads\u003C\u002Fstrong> – Upload your own custom SVG icons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nav Menu Integration\u003C\u002Fstrong> – Add social icons directly to WordPress navigation menus\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard Widget\u003C\u002Fstrong> – Quick stats overview right on your WordPress dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong> – Get help faster with priority email support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpzoom.com\u002Fplugins\u002Fsocial-share\u002F\" rel=\"nofollow ugc\">Learn more about PRO \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>General Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* 100+ Sites\u002FSocial Networks Supported\u003Cbr \u002F>\n* FontAwesome Integration\u003Cbr \u002F>\n* Academicons Integration: 38 Academia Icons for Academics\u003Cbr \u002F>\n* Supports Email Addresses (mailto:email@example.com)\u003Cbr \u002F>\n* Supports Telephone Numbers (tel:12345)\u003Cbr \u002F>\n* Supports Viber (viber:\u002F\u002Fadd?number=123456)\u003Cbr \u002F>\n* Supports WhatsApp (https:\u002F\u002Fapi.whatsapp.com\u002Fsend?phone=15551234567)\u003C\u002Fp>\n\u003Ch4>Icons\u003C\u002Fh4>\n\u003Cp>Twitter, X, Facebook, Instagram, Pinterest, Snapchat, Threads, Yelp, LinkedIn, Bloglovin’, Lookbook, Feedly, Periscope, SoundCloud, Spotify, Last.fm, YouTube, Vimeo, Flickr, 500px, Tumblr, Blogger, Reddit, Dribbble, Envato, Behance, DeviantArt, GitHub, RSS, Disqus, Stackoverflow, Komoot, Tiktok, Mailchimp, Podcasts, Telegram, TripAdvisor, AirBnb, Baidu, ebay, Medium, Periscope, Snapchat, Bandcamp, Eyem, Viber, Quora, Etsy, Meetup, Linode, IMDB, Overwatch, Strava, Tidal, Deezer, Unsplash, Codered, Udemy, CrunchBase, Angie’s List, App Store, Nextdoor, WhatsApp, ResearchGate, Slack, Songkick, ReverbNation, Bluesky\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Some Social Icons are provided by the Socicon icon font.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fjpswalsh.github.io\u002Facademicons\u002F\" rel=\"nofollow ugc\">Academicons\u003C\u002Fa> are provided by James Walsh.\u003C\u002Fp>\n\u003Ch4>GDPR COMPLIANCE\u003C\u002Fh4>\n\u003Cp>Social Icons & Sharing Buttons does not collect any information from your visitors, therefore it’s \u003Cstrong>100% GDPR compliant\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>Looking to contribute code to this plugin? Go ahead and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpzoom\u002Fsocial-icons-widget\u002F\" rel=\"nofollow ugc\">fork the repository over at GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.",100000,3783432,98,143,"2026-04-11T14:55:00.000Z","7.0","6.5","7.4",[301,302,303,304,305],"share-buttons","social-icons","social-media-icons","social-media-widget","social-sharing","https:\u002F\u002Fwww.wpzoom.com\u002Fplugins\u002Fsocial-share\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-icons-widget-by-wpzoom.4.5.10.zip",96,"2026-03-12 20:38:20",{"slug":311,"name":312,"version":313,"author":314,"author_profile":315,"description":316,"short_description":317,"active_installs":318,"downloaded":319,"rating":320,"num_ratings":321,"last_updated":322,"tested_up_to":16,"requires_at_least":323,"requires_php":299,"tags":324,"homepage":329,"download_link":330,"security_score":331,"vuln_count":332,"unpatched_count":95,"last_vuln_date":333,"fetched_at":31},"blog2social","Blog2Social: Social Media Auto Post & Scheduler","8.9.0","Adenion","https:\u002F\u002Fprofiles.wordpress.org\u002Fpr-gateway\u002F","\u003Cp>\u003Cstrong>Social Media Auto-Posting and Scheduling Plugin for WordPress Sites and Blogs.\u003C\u002Fstrong>\u003Cbr \u002F>\nBlog2Social autoposts, cross-promotes, schedules and automatically shares your website content and content from any other source to social networks such as \u003Cstrong>Facebook, X (Twitter), Instagram, LinkedIn, TikTok, YouTube, Reddit, Medium, Pinterest, Telegram, Mastodon, Discord, Bluesky, Google Business Profile, Threads, Flickr, VK.com, Tumblr, Torial, Diigo, Blogger.com, Instapaper, Ravelry, Vimeo, HumHub, Band, XING.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Blog2Social automatically creates social media posts for your content and shares them at the best times for each network. Save valuable time and effort by avoiding manual sharing.\u003C\u002Fp>\n\u003Cp>\u003Cem>Compatible with WooCommerce, Gutenberg Editor, Hummingbird, Bitly, Rebrand.ly, Sniply, WP Automatic Plugin, Page Builder & RSS Importer.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>#New: AI Post Templates, Extended Comment Feature & Improved Preview\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AI Post Templates: Define individual prompts per network (e.g. Facebook, X, Instagram) and customize tone and writing style for AI-generated content\u003C\u002Fli>\n\u003Cli>Extended Comment Feature: “First” Comment now available for Flickr, Reddit, VKontakte, YouTube, Vimeo, Mastodon, Discord, Threads, and Band\u003C\u002Fli>\n\u003Cli>Improved Post Preview: More stable and reliable preview through optimized post templates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Blog2Social is a freemium WordPress plugin with a free basic version and Premium plans offering advanced features. Some functions of the auto-poster are Premium features to comply with the API rules and community guidelines of the social networks.\u003C\u002Fp>\n\u003Cp>The Blog2Social Free version offers a wide range of features. (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblog2social\u002F#faq\" title=\"Blog2Social Free Features\" rel=\"ugc\">See what’s included in the free version\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>To benefit from advanced features for automatic sharing and scheduling your content on social media, you can \u003Ca href=\"https:\u002F\u002Fwww.blog2social.com\u002Fen\u002Fplugin\u002Fwordpress\u002Fpremium-trial\u002F\" title=\"Free Blog2Social Premium Trial\" rel=\"nofollow ugc\">start your free 30-day Blog2Social Premium Pro trial today.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Supported Networks\u003C\u002Fh4>\n\u003Cp>for cross-posting\u003Cbr \u002F>\n* \u003Cstrong>Facebook\u003C\u002Fstrong> – Post to your profile and page (Free)\u003Cbr \u002F>\n* \u003Cstrong>X (Twitter)\u003C\u002Fstrong> – Post to your X account (add-on)\u003Cbr \u002F>\n* \u003Cstrong>Instagram\u003C\u002Fstrong> – Post to your business account (from Smart)\u003Cbr \u002F>\n* \u003Cstrong>LinkedIn\u003C\u002Fstrong> – Post to your profile (Free) or page (from Pro)\u003Cbr \u002F>\n* \u003Cstrong>TikTok\u003C\u002Fstrong> – Share blog posts, images, and videos directly on TikTok (add-on) and photo posts or carousels with multiple images (from Pro)\u003Cbr \u002F>\n* \u003Cstrong>YouTube\u003C\u002Fstrong> – Publish videos on your YouTube channel (add-on)\u003Cbr \u002F>\n* \u003Cstrong>Reddit\u003C\u002Fstrong> – Post to your subreddits (Free)\u003Cbr \u002F>\n* \u003Cstrong>Medium\u003C\u002Fstrong> – Post with canonical-backlinks to your original post (Free)\u003Cbr \u002F>\n* \u003Cstrong>Pinterest\u003C\u002Fstrong> – Post to all your Pinboards (from Smart)\u003Cbr \u002F>\n* \u003Cstrong>Telegram\u003C\u002Fstrong> – Post to your Telegram groups and channels (from Business)\u003Cbr \u002F>\n* \u003Cstrong>Mastodon\u003C\u002Fstrong> – Post to your Mastodon account (from Pro)\u003Cbr \u002F>\n* \u003Cstrong>Discord\u003C\u002Fstrong> – Post to your Discord servers (from Smart)\u003Cbr \u002F>\n* \u003Cstrong>Google Business Profile\u003C\u002Fstrong> – Post to your Google Business Listing (from Pro)\u003Cbr \u002F>\n* \u003Cstrong>Bluesky\u003C\u002Fstrong> – Post to your Bluesky account (Free)\u003Cbr \u002F>\n* \u003Cstrong>Threads\u003C\u002Fstrong> – Post to your account (Free)\u003Cbr \u002F>\n* \u003Cstrong>Tumblr\u003C\u002Fstrong> – Post with canonical-backlinks (Free)\u003Cbr \u002F>\n* \u003Cstrong>Torial\u003C\u002Fstrong> – Post with canonical-backlinks (Free)\u003Cbr \u002F>\n* \u003Cstrong>Flickr\u003C\u002Fstrong> – Post to your Flickr profile (Free)\u003Cbr \u002F>\n* \u003Cstrong>VK.com\u003C\u002Fstrong> – Post to your profile (Free), page (from Pro) or groups (from Pro)\u003Cbr \u002F>\n* \u003Cstrong>Diigo\u003C\u002Fstrong> – Post a bookmark to your account (Free)\u003Cbr \u002F>\n* \u003Cstrong>Blogger.com\u003C\u002Fstrong> – Post with canonical-backlinks (from Smart)\u003Cbr \u002F>\n* \u003Cstrong>Instapaper\u003C\u002Fstrong> – Post to your Instapaper account (from Pro)\u003Cbr \u002F>\n* \u003Cstrong>Ravelry\u003C\u002Fstrong> – Post to your Ravelry account (from Smart)\u003Cbr \u002F>\n* \u003Cstrong>Vimeo\u003C\u002Fstrong> – Publish videos on your Vimeo channel (add-on)\u003Cbr \u002F>\n* \u003Cstrong>HumHub\u003C\u002Fstrong> – Post to your profile and space (add-on)\u003Cbr \u002F>\n* \u003Cstrong>Band\u003C\u002Fstrong> – Post to your Band groups (from Smart)\u003Cbr \u002F>\n* \u003Cstrong>XING\u003C\u002Fstrong> – Post to your profile (Free) and page (from Pro)\u003C\u002Fp>\n\u003Ch4>Key Benefits of Using Blog2Social for Social Media Automation\u003C\u002Fh4>\n\u003Cp>BLOG2SOCIAL FREE\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Share your content on 14 different networks: Facebook (profile and page), LinkedIn (profile), Threads, Bluesky, XING (profile), VK (profile), Pinterest, Reddit, Torial, Medium, Tumblr, Flickr, Diigo at once.\u003C\u002Fli>\n\u003Cli>Customize your social media posts with personal comments, hashtags, handles, emojis, and select images or animated GIFs. \u003C\u002Fli>\n\u003Cli>Edit the complete HTML markup for Tumblr, Torial, and Medium. \u003C\u002Fli>\n\u003Cli>Manage all users posts and pages and share them on your channels.\u003C\u002Fli>\n\u003Cli>Re-post old posts and keep your feed active.\u003C\u002Fli>\n\u003Cli>Save your social media posts as drafts.\u003C\u002Fli>\n\u003Cli>Share links and posts from other sources.\u003C\u002Fli>\n\u003Cli>View all your social media posts in one single place.\u003C\u002Fli>\n\u003Cli>Automatically generate hashtags from WordPress tags.\u003C\u002Fli>\n\u003Cli>Edit meta tag information of your blog posts and pages.\u003C\u002Fli>\n\u003Cli>Use the \u003Ca href=\"https:\u002F\u002Fwww.blog2social.com\u002Fen\u002Fwebapp\u002Fextension\u002F\" rel=\"nofollow ugc\">free Blog2Social Extension for Firefox and Chrome\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Let AI write, refine and optimize your social media posts with customizable templates per network (including tone and writing style adjustments)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>BLOG2SOCIAL PREMIUM\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Share content on over 21 networks: Facebook, X (Twitter), LinkedIn, XING, VK, Pinterest, Instagram, TikTok, YouTube, Vimeo, Reddit, Torial, Medium, Tumblr, Flickr, Diigo, Google Business Profile, Telegram, Ravelry, Discord, Instapaper, Mastodon, Bluesky, HumHub, Band.\u003C\u002Fli>\n\u003Cli>Schedule your Posts and Videos for any time and date and at your best times.\u003C\u002Fli>\n\u003Cli>Automatically create, schedule and publish posts from your website.\u003C\u002Fli>\n\u003Cli>Share videos, image galleries, Reels and Stories.\u003C\u002Fli>\n\u003Cli>Autopost imported content via RSS.\u003C\u002Fli>\n\u003Cli>Create custom templates per platform.\u003C\u002Fli>\n\u003Cli>Manage all users’ posts and accounts.\u003C\u002Fli>\n\u003Cli>Track success with UTM parameters.\u003C\u002Fli>\n\u003Cli>Manage multiple accounts per network.\u003C\u002Fli>\n\u003Cli>Team management for Business licenses.\u003C\u002Fli>\n\u003Cli>Priority support by email and phone.\u003C\u002Fli>\n\u003Cli>Advanced AI control: Define individual prompts, tone, and writing style per network for optimized social media performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>10 REASONS FOR CHOOSING BLOG2SOCIAL PREMIUM\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Easy Social Media Scheduling\u003C\u002Fstrong> – Auto-post and schedule your content with the built-in Best Time Manager or set your own custom times. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cross-Posting and Cross-Promotion\u003C\u002Fstrong> – Customize each post per network with hashtags, @handles, emojis, images, GIFs, and post format options. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Media Calendar\u003C\u002Fstrong> – Manage, organize, edit, and reschedule your posts via drag & drop. Filter by network or date. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Media Autoposting\u003C\u002Fstrong> – Automatically share new and updated blog posts. Assign posting rules to users or import RSS feeds. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share Content from Any Source\u003C\u002Fstrong> – Create and publish posts from links, texts, images, or videos—right from your browser or clipboard. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Video Post Sharing and Scheduling\u003C\u002Fstrong> – Publish and schedule videos for YouTube, Vimeo, TikTok, Facebook, Instagram, LinkedIn, and more. Reels & Stories included. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social-Media-Ready Website Content\u003C\u002Fstrong> – Edit and enhance link previews by customizing Open Graph and X Card tags for every post or page. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL Tracking with Analytics Parameters\u003C\u002Fstrong> – Add UTM or other URL parameters for detailed tracking in Google Analytics and similar tools. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Re-Share and Re-Schedule Evergreen Content\u003C\u002Fstrong> – Keep your social feeds active by repurposing and reusing older posts. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extended Tools and more Features\u003C\u002Fstrong> – Access URL shorteners (Bitly, Rebrandly, Sniply), AI text assistant Assistini, share to Threads, retweet on X, and more.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Supported Languages\u003C\u002Fh4>\n\u003Cp>English, German, French, Portuguese, Russian, Spanish, Italian, Swedish, Korean\u003C\u002Fp>\n","Automatically share and schedule your WordPress content on top social platforms like Facebook, Instagram, LinkedIn, TikTok, and more.",50000,4834677,90,2086,"2026-04-14T11:54:00.000Z","6.2",[279,325,326,327,328],"auto-repost","cross-posting","social-media-automation","social-media-scheduler","https:\u002F\u002Fwww.blog2social.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog2social.8.9.0.zip",76,24,"2026-05-12 15:27:25",{"slug":335,"name":336,"version":337,"author":338,"author_profile":339,"description":340,"short_description":341,"active_installs":11,"downloaded":342,"rating":13,"num_ratings":343,"last_updated":344,"tested_up_to":16,"requires_at_least":345,"requires_php":346,"tags":347,"homepage":351,"download_link":352,"security_score":353,"vuln_count":95,"unpatched_count":95,"last_vuln_date":39,"fetched_at":31},"jetpack-social","Jetpack Social","8.0.1","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Ch3>Write once, publish everywhere.\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Grow your following by sharing your content with Jetpack Social!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>It’s important to publish on both your website & social media in order to reach your whole audience. If you only publish on social media, you’re missing up to 60% of adults on a daily basis. Jetpack Social makes it easy to automatically share your site’s posts on popular social media channels such as Facebook and Tumblr. Increase your audience by engaging your site’s viewers & your social followers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage all channels from a single hub to save time\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Don’t have the time to keep up with social media? Jetpack Social pushes your site’s posts and products to all your social media channels in one place, with just a few clicks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Set it and forget it!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Jetpack Social has scheduling tools that allow you to set your posts to publish at the time and day that works for your plan. Schedule your posts in advance so you’re not chained to your desk and publish at the time of day your fans are most engaged on social media.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Social Image Generator\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With the Jetpack Social plan, you can have engaging imagery created automatically using the Social Image Generator feature. You can overlay custom text onto your images and choose from a variety of styles to increase engagement on your social posts. Most importantly, you’ll save time by doing it all within the WordPress editor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Organic Content Sharing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Boost your social media engagement with Jetpack Social’s Organic Content Sharing feature. Research indicates that manually published posts receive 50% more interaction compared to shared links. Our feature allows you to select custom images, videos, and text to share your blog posts as native social media content, enhancing engagement and saving you time. This feature is available with the Jetpack Social plan.\u003C\u002Fp>\n","Write once, publish everywhere. Reach your target audience by sharing your content with Jetpack Social!",902451,74,"2026-02-19T11:53:00.000Z","6.8","7.2",[348,327,349,350,305],"auto-share","social-media-marketing","social-media-scheduling","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-social","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjetpack-social.8.0.1.zip",100,{"attackSurface":355,"codeSignals":589,"taintFlows":1424,"riskAssessment":2386,"analyzedAt":2401},{"hooks":356,"ajaxHandlers":536,"restRoutes":564,"shortcodes":565,"cronEvents":584,"entryPointCount":587,"unprotectedCount":588},[357,363,366,371,374,379,383,386,390,394,396,400,402,405,409,414,417,421,424,427,430,435,438,441,444,448,451,455,459,464,468,472,476,479,482,486,491,495,499,502,505,509,511,514,518,522,525,529,533],{"type":358,"name":359,"callback":360,"file":361,"line":362},"action","admin_head","init","inc\\nxs_class_flt.php",13,{"type":358,"name":364,"callback":365,"file":361,"line":28},"admin_enqueue_scripts","enqueue",{"type":367,"name":368,"callback":369,"file":361,"line":370},"filter","pre_get_posts","nxs_noSing",896,{"type":367,"name":372,"callback":372,"priority":251,"file":361,"line":373},"posts_where",1113,{"type":358,"name":375,"callback":376,"file":377,"line":378},"http_api_curl","imgUplcurl","inc\\nxs_class_http.php",26,{"type":358,"name":380,"callback":381,"file":382,"line":362},"admin_menu","nxs_adminMenu","inc\\nxs_class_mgmt.php",{"type":358,"name":364,"callback":384,"file":382,"line":385},"nx_enqueue_bootstrap",91,{"type":358,"name":387,"callback":388,"file":389,"line":362},"network_admin_menu","ntAdminMenu","inc\\nxs_class_snap.php",{"type":358,"name":391,"callback":392,"file":389,"line":393},"admin_notices","nxs_admin_notice__wrongProHelper",75,{"type":358,"name":364,"callback":395,"file":389,"line":283},"nxs_snap_pointer_admin_enqueue_scripts",{"type":358,"name":397,"callback":398,"file":389,"line":399},"wp_head","nxs_contCron_js",93,{"type":358,"name":364,"callback":395,"file":389,"line":401},178,{"type":358,"name":380,"callback":403,"file":389,"line":404},"hook_that",1833,{"type":358,"name":406,"callback":407,"file":389,"line":408},"admin_footer","nxs_qp_ajax_script",1836,{"type":358,"name":410,"callback":411,"file":412,"line":413},"wp_loaded","nxs_cron_manual","inc\\nxs_functions_engine.php",315,{"type":358,"name":391,"callback":415,"file":416,"line":202},"nxs_noPinpressrMsg","inc\\nxs_functions_wp.php",{"type":367,"name":418,"callback":419,"priority":251,"file":416,"line":420},"plugin_row_meta","nxs_row_meta_nomem",8,{"type":367,"name":422,"callback":423,"priority":251,"file":416,"line":420},"plugin_action_links","ns_add_nomem_link",{"type":367,"name":422,"callback":425,"priority":251,"file":416,"line":426},"ns_add_settings_link",27,{"type":367,"name":418,"callback":428,"priority":251,"file":416,"line":429},"nxs_row_meta",49,{"type":358,"name":431,"callback":432,"priority":433,"file":416,"line":434},"admin_bar_menu","nxsToolbarLinkToPostToFavs",999,161,{"type":358,"name":397,"callback":436,"file":416,"line":437},"jsPostToFAV",174,{"type":358,"name":439,"callback":440,"file":416,"line":437},"wp_footer","nxsFavFooter",{"type":358,"name":359,"callback":442,"file":416,"line":443},"jsPostToSNAP",344,{"type":358,"name":445,"callback":446,"file":416,"line":447},"add_meta_boxes","addCustomBoxes",347,{"type":358,"name":406,"callback":449,"file":416,"line":450},"nxs_admin_footer_pp",353,{"type":358,"name":452,"callback":453,"priority":251,"file":416,"line":454},"bp_activity_posted_update","nxs_doNewBPPost",836,{"type":367,"name":456,"callback":457,"priority":251,"file":416,"line":458},"get_avatar","ns_get_avatar",993,{"type":367,"name":460,"callback":461,"priority":251,"file":462,"line":463},"wp_http_cookie_value","nxs_urlencCookies","inc-cl\\wl.php",191,{"type":367,"name":465,"callback":466,"priority":251,"file":467,"line":202},"register_post_type_args","my_post_type_args","inc-cl\\wp.api.php",{"type":358,"name":360,"callback":469,"priority":95,"file":470,"line":471},"nxs_initSNAP","NextScripts_SNAP.php",29,{"type":358,"name":473,"callback":474,"file":470,"line":475},"edit_post","NS_SNAP_SavePostMetaTags",33,{"type":358,"name":477,"callback":474,"file":470,"line":478},"publish_post",34,{"type":358,"name":480,"callback":474,"file":470,"line":481},"save_post",35,{"type":358,"name":397,"callback":483,"priority":484,"file":470,"line":485},"nxs_addOGTagsPreHolder",150,41,{"type":358,"name":487,"callback":488,"priority":489,"file":470,"line":490},"shutdown","nxs_end_flush_ob",1000,42,{"type":367,"name":492,"callback":493,"file":470,"line":494},"wpmu_blogs_columns","nxssnapmu_columns_head",45,{"type":358,"name":496,"callback":497,"priority":251,"file":470,"line":498},"manage_blogs_custom_column","nxssnapmu_columns_content",46,{"type":358,"name":500,"callback":497,"priority":251,"file":470,"line":501},"manage_sites_custom_column",47,{"type":358,"name":406,"callback":503,"file":470,"line":504},"nxs_add_style",48,{"type":358,"name":506,"callback":507,"priority":353,"file":470,"line":508},"transition_post_status","nxs_snapLogPublishTo",52,{"type":358,"name":359,"callback":510,"file":470,"line":145},"nxs_adminCSS",{"type":358,"name":364,"callback":512,"file":470,"line":513},"nxssnap_enqueue_scripts",56,{"type":358,"name":515,"callback":516,"file":470,"line":517},"admin_init","nxs_adminInitFunc",57,{"type":358,"name":519,"callback":520,"file":470,"line":521},"in_admin_header","nxs_admin_header",58,{"type":367,"name":523,"callback":524,"file":470,"line":13},"cron_schedules","cron_add_nxsAutPoster",{"type":358,"name":526,"callback":527,"file":470,"line":528},"nxs_querypost_event","nxs_checkQuery",67,{"type":358,"name":530,"callback":531,"file":470,"line":532},"nxs_hourly_event","nxs_do_this_hourly",68,{"type":358,"name":410,"callback":534,"file":470,"line":535},"nxs_activation",69,[537,541,545,548,552,556,560],{"action":538,"nopriv":51,"callback":539,"hasNonce":51,"hasCapCheck":51,"file":389,"line":540},"_ajax_fetch_custom_list","nxs_ajax_fetch_custom_list_callback",1671,{"action":542,"nopriv":51,"callback":543,"hasNonce":51,"hasCapCheck":51,"file":416,"line":544},"nxsDoLic","nxsDoLic_ajax",342,{"action":546,"nopriv":51,"callback":547,"hasNonce":51,"hasCapCheck":51,"file":470,"line":429},"nxs_saveSiteSets","nxs_saveSiteSets_ajax",{"action":549,"nopriv":51,"callback":550,"hasNonce":51,"hasCapCheck":51,"file":470,"line":551},"nxs_getExpSettings","nxs_getExpSettings_ajax",59,{"action":553,"nopriv":51,"callback":554,"hasNonce":51,"hasCapCheck":51,"file":470,"line":555},"nxs_clLgo","nxs_clLgo_ajax",61,{"action":557,"nopriv":51,"callback":558,"hasNonce":51,"hasCapCheck":51,"file":470,"line":559},"nxs_rfLgo","nxs_rfLgo_ajax",62,{"action":561,"nopriv":51,"callback":562,"hasNonce":51,"hasCapCheck":51,"file":470,"line":563},"nxs_snap_aj","nxs_snapAjax",64,[],[566,571,575,580],{"tag":567,"callback":568,"file":569,"line":570},"nxs_postedlinks","nxs_postedlinks_func","inc\\nxs_functions_adv.php",470,{"tag":572,"callback":573,"file":569,"line":574},"nxs-ntinsrlist","nxs_scInstrList",481,{"tag":576,"callback":577,"file":578,"line":579},"nxs_fbembed","nxs_fbembed_func","inc-cl\\fb.php",589,{"tag":581,"callback":582,"file":470,"line":583},"nxs_links","nxs_links_func",78,[585,586],{"hook":530,"callback":530,"file":470,"line":393},{"hook":526,"callback":526,"file":470,"line":331},11,7,{"dangerousFunctions":590,"sqlUsage":606,"outputEscaping":609,"fileOperations":362,"externalRequests":251,"nonceChecks":1422,"capabilityChecks":429,"bundledLibraries":1423},[591,595,600,603],{"fn":592,"file":361,"line":593,"context":594},"create_function",268,"$pval['rpstCustTD'] = array_filter($pval['rpstCustTD'], create_function('$value', 'global $nxs_cTime",{"fn":596,"file":597,"line":598,"context":599},"unserialize","inc\\nxs_functions.php",181,"$rq = new nxsHttp; $ret = $rq->request('http:\u002F\u002Fip-api.com\u002Fphp\u002F'.$ip['ip'].'?fields=countryCode,regio",{"fn":592,"file":412,"line":601,"context":602},290,"$rpstrOpts['rpstCustTD'] = array_filter($rpstrOpts['rpstCustTD'], create_function('$value', 'global ",{"fn":596,"file":412,"line":604,"context":605},301,"$post = unserialize($row['extInfo']); $arrOut = nxs_postFromForm($post, $networks, true); $wpdb->d",{"prepared":607,"raw":95,"locations":608},81,[],{"escaped":610,"rawEcho":611,"locations":612},2299,523,[613,616,618,619,621,623,624,625,626,628,630,632,634,636,637,639,640,642,643,645,647,649,650,652,653,655,656,658,660,662,664,666,668,670,672,674,676,678,680,682,684,686,688,690,692,694,696,698,700,702,704,706,708,710,711,713,715,717,719,721,723,725,727,729,731,733,735,737,739,741,743,745,747,749,750,752,754,756,757,759,761,763,765,767,768,770,772,774,776,778,780,782,784,786,788,789,791,793,795,797,799,801,802,803,804,805,807,809,810,811,812,813,815,816,817,818,820,822,823,824,826,828,829,832,833,834,835,836,837,838,839,840,842,843,844,845,847,848,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,866,868,869,871,873,874,875,876,877,878,879,880,882,884,886,887,889,891,892,893,895,897,899,901,902,903,904,906,907,908,910,911,912,913,914,915,917,918,919,920,921,922,923,924,925,927,928,930,931,932,933,934,936,937,938,940,942,944,946,948,949,950,951,953,955,957,959,960,961,963,964,965,966,968,970,971,973,974,976,978,979,981,982,983,985,987,988,990,991,992,994,996,997,999,1001,1003,1004,1006,1008,1009,1011,1013,1015,1017,1019,1021,1023,1025,1027,1029,1030,1031,1033,1035,1037,1039,1041,1042,1043,1045,1046,1047,1049,1051,1053,1055,1057,1059,1060,1062,1064,1066,1068,1070,1072,1074,1075,1076,1078,1080,1082,1083,1084,1085,1087,1089,1090,1092,1094,1095,1096,1097,1099,1101,1103,1104,1105,1106,1108,1110,1112,1113,1114,1116,1118,1120,1122,1123,1125,1126,1127,1129,1130,1131,1132,1134,1136,1138,1140,1142,1144,1146,1148,1150,1152,1153,1154,1155,1158,1159,1160,1162,1164,1166,1168,1169,1170,1171,1172,1173,1174,1176,1178,1180,1182,1184,1186,1188,1190,1192,1193,1194,1196,1197,1199,1201,1203,1205,1206,1208,1210,1212,1214,1215,1216,1217,1219,1220,1222,1224,1225,1227,1229,1230,1231,1232,1233,1234,1235,1237,1239,1240,1241,1242,1244,1245,1246,1247,1248,1250,1252,1254,1256,1258,1260,1262,1264,1265,1266,1267,1268,1269,1271,1273,1274,1275,1276,1279,1280,1281,1283,1285,1286,1287,1288,1290,1293,1294,1295,1296,1297,1299,1300,1302,1303,1304,1305,1307,1309,1310,1311,1312,1314,1316,1317,1318,1319,1320,1321,1323,1324,1326,1329,1330,1333,1335,1336,1337,1338,1340,1343,1345,1346,1347,1348,1349,1350,1352,1353,1354,1355,1356,1358,1359,1360,1361,1363,1364,1365,1366,1368,1369,1370,1372,1373,1374,1376,1378,1379,1380,1381,1382,1383,1384,1386,1387,1389,1391,1393,1394,1396,1398,1400,1401,1403,1405,1406,1407,1408,1409,1410,1411,1412,1414,1415,1416,1417,1418,1419,1421],{"file":614,"line":555,"context":615},"inc\\nxs_class_addns.php","raw output",{"file":614,"line":617,"context":615},63,{"file":614,"line":563,"context":615},{"file":614,"line":620,"context":615},65,{"file":614,"line":622,"context":615},77,{"file":614,"line":583,"context":615},{"file":614,"line":308,"context":615},{"file":614,"line":294,"context":615},{"file":614,"line":627,"context":615},99,{"file":614,"line":629,"context":615},122,{"file":614,"line":631,"context":615},138,{"file":614,"line":633,"context":615},139,{"file":614,"line":635,"context":615},142,{"file":614,"line":635,"context":615},{"file":614,"line":638,"context":615},146,{"file":361,"line":544,"context":615},{"file":361,"line":641,"context":615},345,{"file":361,"line":641,"context":615},{"file":361,"line":644,"context":615},354,{"file":361,"line":646,"context":615},356,{"file":361,"line":648,"context":615},394,{"file":361,"line":648,"context":615},{"file":361,"line":651,"context":615},401,{"file":361,"line":651,"context":615},{"file":361,"line":654,"context":615},402,{"file":361,"line":654,"context":615},{"file":361,"line":657,"context":615},445,{"file":361,"line":659,"context":615},459,{"file":361,"line":661,"context":615},460,{"file":361,"line":663,"context":615},464,{"file":361,"line":665,"context":615},465,{"file":361,"line":667,"context":615},473,{"file":361,"line":669,"context":615},479,{"file":361,"line":671,"context":615},486,{"file":361,"line":673,"context":615},487,{"file":361,"line":675,"context":615},488,{"file":361,"line":677,"context":615},490,{"file":361,"line":679,"context":615},491,{"file":361,"line":681,"context":615},493,{"file":361,"line":683,"context":615},494,{"file":361,"line":685,"context":615},501,{"file":361,"line":687,"context":615},502,{"file":361,"line":689,"context":615},508,{"file":361,"line":691,"context":615},512,{"file":361,"line":693,"context":615},526,{"file":361,"line":695,"context":615},527,{"file":361,"line":697,"context":615},528,{"file":361,"line":699,"context":615},532,{"file":361,"line":701,"context":615},533,{"file":361,"line":703,"context":615},537,{"file":361,"line":705,"context":615},542,{"file":361,"line":707,"context":615},543,{"file":361,"line":709,"context":615},549,{"file":361,"line":157,"context":615},{"file":361,"line":712,"context":615},569,{"file":361,"line":714,"context":615},573,{"file":361,"line":716,"context":615},579,{"file":361,"line":718,"context":615},598,{"file":361,"line":720,"context":615},600,{"file":361,"line":722,"context":615},608,{"file":361,"line":724,"context":615},616,{"file":361,"line":726,"context":615},625,{"file":361,"line":728,"context":615},644,{"file":361,"line":730,"context":615},650,{"file":361,"line":732,"context":615},655,{"file":361,"line":734,"context":615},660,{"file":361,"line":736,"context":615},670,{"file":361,"line":738,"context":615},675,{"file":361,"line":740,"context":615},684,{"file":361,"line":742,"context":615},690,{"file":361,"line":744,"context":615},694,{"file":361,"line":746,"context":615},696,{"file":361,"line":748,"context":615},702,{"file":361,"line":748,"context":615},{"file":361,"line":751,"context":615},705,{"file":361,"line":753,"context":615},706,{"file":361,"line":755,"context":615},710,{"file":361,"line":755,"context":615},{"file":361,"line":758,"context":615},719,{"file":361,"line":760,"context":615},720,{"file":361,"line":762,"context":615},734,{"file":361,"line":764,"context":615},735,{"file":361,"line":766,"context":615},742,{"file":361,"line":169,"context":615},{"file":361,"line":769,"context":615},753,{"file":361,"line":771,"context":615},757,{"file":361,"line":773,"context":615},767,{"file":361,"line":775,"context":615},768,{"file":361,"line":777,"context":615},771,{"file":361,"line":779,"context":615},772,{"file":361,"line":781,"context":615},775,{"file":361,"line":783,"context":615},776,{"file":361,"line":785,"context":615},779,{"file":361,"line":787,"context":615},780,{"file":361,"line":193,"context":615},{"file":361,"line":790,"context":615},786,{"file":361,"line":792,"context":615},797,{"file":361,"line":794,"context":615},798,{"file":361,"line":796,"context":615},805,{"file":361,"line":798,"context":615},818,{"file":361,"line":800,"context":615},827,{"file":361,"line":800,"context":615},{"file":361,"line":800,"context":615},{"file":361,"line":800,"context":615},{"file":361,"line":800,"context":615},{"file":361,"line":806,"context":615},828,{"file":361,"line":808,"context":615},833,{"file":361,"line":808,"context":615},{"file":361,"line":808,"context":615},{"file":361,"line":808,"context":615},{"file":361,"line":454,"context":615},{"file":361,"line":814,"context":615},850,{"file":361,"line":814,"context":615},{"file":361,"line":814,"context":615},{"file":361,"line":814,"context":615},{"file":361,"line":819,"context":615},856,{"file":382,"line":821,"context":615},60,{"file":382,"line":559,"context":615},{"file":382,"line":463,"context":615},{"file":382,"line":825,"context":615},210,{"file":382,"line":827,"context":615},287,{"file":382,"line":827,"context":615},{"file":830,"line":831,"context":615},"inc\\nxs_class_ntlist.php",36,{"file":830,"line":240,"context":615},{"file":830,"line":240,"context":615},{"file":830,"line":27,"context":615},{"file":830,"line":490,"context":615},{"file":830,"line":490,"context":615},{"file":830,"line":504,"context":615},{"file":830,"line":504,"context":615},{"file":830,"line":429,"context":615},{"file":830,"line":841,"context":615},51,{"file":830,"line":841,"context":615},{"file":830,"line":841,"context":615},{"file":830,"line":841,"context":615},{"file":830,"line":846,"context":615},53,{"file":830,"line":846,"context":615},{"file":830,"line":849,"context":615},54,{"file":830,"line":849,"context":615},{"file":830,"line":849,"context":615},{"file":830,"line":517,"context":615},{"file":830,"line":517,"context":615},{"file":830,"line":559,"context":615},{"file":830,"line":617,"context":615},{"file":830,"line":617,"context":615},{"file":830,"line":563,"context":615},{"file":830,"line":563,"context":615},{"file":830,"line":563,"context":615},{"file":830,"line":13,"context":615},{"file":830,"line":13,"context":615},{"file":830,"line":13,"context":615},{"file":830,"line":532,"context":615},{"file":830,"line":865,"context":615},72,{"file":830,"line":867,"context":615},73,{"file":830,"line":867,"context":615},{"file":830,"line":870,"context":615},83,{"file":830,"line":872,"context":615},89,{"file":830,"line":872,"context":615},{"file":830,"line":872,"context":615},{"file":830,"line":320,"context":615},{"file":830,"line":385,"context":615},{"file":830,"line":627,"context":615},{"file":830,"line":353,"context":615},{"file":830,"line":353,"context":615},{"file":830,"line":881,"context":615},103,{"file":830,"line":883,"context":615},118,{"file":830,"line":885,"context":615},125,{"file":830,"line":885,"context":615},{"file":830,"line":888,"context":615},130,{"file":830,"line":890,"context":615},153,{"file":830,"line":890,"context":615},{"file":830,"line":890,"context":615},{"file":830,"line":894,"context":615},160,{"file":830,"line":896,"context":615},170,{"file":830,"line":898,"context":615},177,{"file":830,"line":900,"context":615},182,{"file":830,"line":900,"context":615},{"file":830,"line":900,"context":615},{"file":830,"line":900,"context":615},{"file":830,"line":905,"context":615},183,{"file":830,"line":905,"context":615},{"file":830,"line":905,"context":615},{"file":830,"line":909,"context":615},187,{"file":830,"line":909,"context":615},{"file":830,"line":909,"context":615},{"file":830,"line":909,"context":615},{"file":830,"line":909,"context":615},{"file":830,"line":909,"context":615},{"file":830,"line":916,"context":615},188,{"file":830,"line":916,"context":615},{"file":830,"line":916,"context":615},{"file":830,"line":916,"context":615},{"file":830,"line":916,"context":615},{"file":830,"line":463,"context":615},{"file":830,"line":463,"context":615},{"file":830,"line":463,"context":615},{"file":830,"line":463,"context":615},{"file":830,"line":926,"context":615},195,{"file":830,"line":926,"context":615},{"file":830,"line":929,"context":615},196,{"file":830,"line":929,"context":615},{"file":830,"line":929,"context":615},{"file":830,"line":929,"context":615},{"file":830,"line":929,"context":615},{"file":830,"line":935,"context":615},201,{"file":830,"line":935,"context":615},{"file":830,"line":935,"context":615},{"file":830,"line":939,"context":615},207,{"file":830,"line":941,"context":615},209,{"file":830,"line":943,"context":615},214,{"file":830,"line":945,"context":615},216,{"file":830,"line":947,"context":615},328,{"file":830,"line":947,"context":615},{"file":830,"line":947,"context":615},{"file":830,"line":947,"context":615},{"file":830,"line":952,"context":615},329,{"file":830,"line":954,"context":615},333,{"file":830,"line":956,"context":615},335,{"file":830,"line":958,"context":615},338,{"file":830,"line":958,"context":615},{"file":830,"line":958,"context":615},{"file":830,"line":962,"context":615},341,{"file":830,"line":962,"context":615},{"file":830,"line":443,"context":615},{"file":830,"line":443,"context":615},{"file":830,"line":967,"context":615},351,{"file":830,"line":969,"context":615},352,{"file":830,"line":969,"context":615},{"file":830,"line":972,"context":615},365,{"file":830,"line":972,"context":615},{"file":830,"line":975,"context":615},368,{"file":830,"line":977,"context":615},371,{"file":830,"line":977,"context":615},{"file":830,"line":980,"context":615},378,{"file":830,"line":980,"context":615},{"file":830,"line":980,"context":615},{"file":830,"line":984,"context":615},391,{"file":830,"line":986,"context":615},393,{"file":830,"line":986,"context":615},{"file":830,"line":989,"context":615},395,{"file":830,"line":989,"context":615},{"file":830,"line":989,"context":615},{"file":830,"line":993,"context":615},398,{"file":830,"line":995,"context":615},399,{"file":830,"line":995,"context":615},{"file":830,"line":998,"context":615},406,{"file":830,"line":1000,"context":615},414,{"file":830,"line":1002,"context":615},424,{"file":830,"line":1002,"context":615},{"file":830,"line":1005,"context":615},510,{"file":389,"line":1007,"context":615},102,{"file":389,"line":883,"context":615},{"file":389,"line":1010,"context":615},120,{"file":389,"line":1012,"context":615},121,{"file":389,"line":1014,"context":615},124,{"file":389,"line":1016,"context":615},155,{"file":389,"line":1018,"context":615},208,{"file":389,"line":1020,"context":615},211,{"file":389,"line":1022,"context":615},213,{"file":389,"line":1024,"context":615},266,{"file":389,"line":1026,"context":615},275,{"file":389,"line":1028,"context":615},318,{"file":389,"line":646,"context":615},{"file":389,"line":977,"context":615},{"file":389,"line":1032,"context":615},388,{"file":389,"line":1034,"context":615},576,{"file":389,"line":1036,"context":615},630,{"file":389,"line":1038,"context":615},733,{"file":389,"line":1040,"context":615},770,{"file":389,"line":1040,"context":615},{"file":389,"line":1040,"context":615},{"file":389,"line":1044,"context":615},778,{"file":389,"line":1044,"context":615},{"file":389,"line":1044,"context":615},{"file":389,"line":1048,"context":615},849,{"file":389,"line":1050,"context":615},912,{"file":389,"line":1052,"context":615},924,{"file":389,"line":1054,"context":615},927,{"file":389,"line":1056,"context":615},954,{"file":389,"line":1058,"context":615},978,{"file":389,"line":1058,"context":615},{"file":389,"line":1061,"context":615},982,{"file":389,"line":1063,"context":615},988,{"file":389,"line":1065,"context":615},1013,{"file":389,"line":1067,"context":615},1022,{"file":389,"line":1069,"context":615},1055,{"file":389,"line":1071,"context":615},1064,{"file":389,"line":1073,"context":615},1111,{"file":389,"line":1073,"context":615},{"file":389,"line":373,"context":615},{"file":389,"line":1077,"context":615},1114,{"file":389,"line":1079,"context":615},1115,{"file":389,"line":1081,"context":615},1116,{"file":389,"line":1081,"context":615},{"file":389,"line":1081,"context":615},{"file":389,"line":1081,"context":615},{"file":389,"line":1086,"context":615},1120,{"file":389,"line":1088,"context":615},1132,{"file":389,"line":1088,"context":615},{"file":389,"line":1091,"context":615},1147,{"file":389,"line":1093,"context":615},1155,{"file":389,"line":1093,"context":615},{"file":389,"line":1093,"context":615},{"file":389,"line":1093,"context":615},{"file":389,"line":1098,"context":615},1591,{"file":389,"line":1100,"context":615},1630,{"file":389,"line":1102,"context":615},1631,{"file":597,"line":52,"context":615},{"file":597,"line":437,"context":615},{"file":597,"line":437,"context":615},{"file":597,"line":1107,"context":615},255,{"file":597,"line":1109,"context":615},256,{"file":597,"line":1111,"context":615},304,{"file":569,"line":841,"context":615},{"file":569,"line":399,"context":615},{"file":569,"line":1115,"context":615},113,{"file":569,"line":1117,"context":615},116,{"file":569,"line":1119,"context":615},202,{"file":569,"line":1121,"context":615},403,{"file":416,"line":598,"context":615},{"file":416,"line":1124,"context":615},361,{"file":416,"line":1124,"context":615},{"file":416,"line":1124,"context":615},{"file":416,"line":1128,"context":615},363,{"file":416,"line":677,"context":615},{"file":416,"line":681,"context":615},{"file":416,"line":685,"context":615},{"file":416,"line":1133,"context":615},517,{"file":416,"line":1135,"context":615},583,{"file":416,"line":1137,"context":615},640,{"file":416,"line":1139,"context":615},674,{"file":416,"line":1141,"context":615},763,{"file":416,"line":1143,"context":615},764,{"file":416,"line":1145,"context":615},803,{"file":416,"line":1147,"context":615},834,{"file":416,"line":1149,"context":615},879,{"file":416,"line":1151,"context":615},897,{"file":416,"line":1151,"context":615},{"file":416,"line":1151,"context":615},{"file":416,"line":1151,"context":615},{"file":1156,"line":1157,"context":615},"inc-cl\\apis\\xmlrpc-client.php",454,{"file":1156,"line":681,"context":615},{"file":1156,"line":697,"context":615},{"file":1156,"line":1161,"context":615},545,{"file":1156,"line":1163,"context":615},881,{"file":1156,"line":1165,"context":615},898,{"file":1167,"line":485,"context":615},"inc-cl\\bg.php",{"file":1167,"line":429,"context":615},{"file":1167,"line":393,"context":615},{"file":1167,"line":393,"context":615},{"file":1167,"line":393,"context":615},{"file":578,"line":620,"context":615},{"file":578,"line":867,"context":615},{"file":578,"line":1175,"context":615},132,{"file":578,"line":1177,"context":615},141,{"file":578,"line":1179,"context":615},156,{"file":578,"line":1181,"context":615},157,{"file":578,"line":1183,"context":615},162,{"file":578,"line":1185,"context":615},163,{"file":578,"line":1187,"context":615},172,{"file":578,"line":1189,"context":615},197,{"file":578,"line":1191,"context":615},233,{"file":578,"line":1191,"context":615},{"file":578,"line":1191,"context":615},{"file":578,"line":1195,"context":615},254,{"file":578,"line":1195,"context":615},{"file":578,"line":1198,"context":615},286,{"file":578,"line":1200,"context":615},289,{"file":578,"line":1202,"context":615},294,{"file":578,"line":1204,"context":615},299,{"file":578,"line":989,"context":615},{"file":578,"line":1207,"context":615},437,{"file":578,"line":1209,"context":615},521,{"file":578,"line":1211,"context":615},572,{"file":1213,"line":481,"context":615},"inc-cl\\fl.php",{"file":1213,"line":517,"context":615},{"file":1213,"line":583,"context":615},{"file":1213,"line":583,"context":615},{"file":1218,"line":872,"context":615},"inc-cl\\gmb.php",{"file":1218,"line":399,"context":615},{"file":1218,"line":1221,"context":615},158,{"file":1218,"line":1223,"context":615},159,{"file":1218,"line":894,"context":615},{"file":1226,"line":240,"context":615},"inc-cl\\ig.api.php",{"file":1228,"line":841,"context":615},"inc-cl\\li.php",{"file":1228,"line":841,"context":615},{"file":1228,"line":841,"context":615},{"file":1228,"line":535,"context":615},{"file":1228,"line":872,"context":615},{"file":1228,"line":1115,"context":615},{"file":1228,"line":1014,"context":615},{"file":1228,"line":1236,"context":615},126,{"file":1228,"line":1238,"context":615},137,{"file":1228,"line":633,"context":615},{"file":1228,"line":1185,"context":615},{"file":1228,"line":1185,"context":615},{"file":1228,"line":1243,"context":615},165,{"file":1228,"line":1243,"context":615},{"file":1228,"line":598,"context":615},{"file":1228,"line":598,"context":615},{"file":1228,"line":905,"context":615},{"file":1228,"line":1249,"context":615},186,{"file":1228,"line":1251,"context":615},228,{"file":1228,"line":1253,"context":615},232,{"file":1228,"line":1255,"context":615},235,{"file":1228,"line":1257,"context":615},248,{"file":1228,"line":1259,"context":615},252,{"file":1228,"line":1261,"context":615},343,{"file":1263,"line":490,"context":615},"inc-cl\\md.php",{"file":1263,"line":849,"context":615},{"file":1263,"line":528,"context":615},{"file":1263,"line":528,"context":615},{"file":1263,"line":622,"context":615},{"file":1263,"line":622,"context":615},{"file":1270,"line":555,"context":615},"inc-cl\\ok.php",{"file":1272,"line":478,"context":615},"inc-cl\\pk.php",{"file":1272,"line":846,"context":615},{"file":1272,"line":620,"context":615},{"file":1272,"line":583,"context":615},{"file":1277,"line":1278,"context":615},"inc-cl\\pn.php",44,{"file":1277,"line":517,"context":615},{"file":1277,"line":617,"context":615},{"file":1277,"line":1282,"context":615},111,{"file":1277,"line":1284,"context":615},114,{"file":1277,"line":1238,"context":615},{"file":1277,"line":1221,"context":615},{"file":1277,"line":1243,"context":615},{"file":1277,"line":1289,"context":615},167,{"file":1291,"line":1292,"context":615},"inc-cl\\rd.php",43,{"file":1291,"line":429,"context":615},{"file":1291,"line":385,"context":615},{"file":1291,"line":1238,"context":615},{"file":1291,"line":633,"context":615},{"file":1298,"line":240,"context":615},"inc-cl\\sc.php",{"file":1298,"line":846,"context":615},{"file":1298,"line":1301,"context":615},80,{"file":1298,"line":1301,"context":615},{"file":1298,"line":881,"context":615},{"file":1298,"line":1177,"context":615},{"file":1306,"line":332,"context":615},"inc-cl\\st.php",{"file":1308,"line":831,"context":615},"inc-cl\\tr.php",{"file":1308,"line":508,"context":615},{"file":1308,"line":559,"context":615},{"file":1308,"line":532,"context":615},{"file":1308,"line":1313,"context":615},70,{"file":1308,"line":1315,"context":615},87,{"file":1308,"line":872,"context":615},{"file":1308,"line":283,"context":615},{"file":1308,"line":399,"context":615},{"file":1308,"line":638,"context":615},{"file":1308,"line":638,"context":615},{"file":1308,"line":1322,"context":615},148,{"file":1308,"line":909,"context":615},{"file":1308,"line":1325,"context":615},192,{"file":1327,"line":1328,"context":615},"inc-cl\\vb.api.php",6,{"file":1327,"line":420,"context":615},{"file":1331,"line":1332,"context":615},"inc-cl\\vk.php",28,{"file":1331,"line":1334,"context":615},32,{"file":1331,"line":831,"context":615},{"file":1331,"line":1292,"context":615},{"file":1331,"line":145,"context":615},{"file":1331,"line":1339,"context":615},107,{"file":1341,"line":1342,"context":615},"inc-cl\\wb.php",23,{"file":1341,"line":1344,"context":615},30,{"file":1341,"line":501,"context":615},{"file":1341,"line":501,"context":615},{"file":462,"line":1111,"context":615},{"file":462,"line":1111,"context":615},{"file":462,"line":1111,"context":615},{"file":462,"line":1351,"context":615},313,{"file":462,"line":1351,"context":615},{"file":462,"line":1351,"context":615},{"file":462,"line":1351,"context":615},{"file":462,"line":1351,"context":615},{"file":462,"line":1357,"context":615},314,{"file":462,"line":1357,"context":615},{"file":462,"line":413,"context":615},{"file":462,"line":413,"context":615},{"file":462,"line":1362,"context":615},316,{"file":462,"line":1362,"context":615},{"file":462,"line":1362,"context":615},{"file":462,"line":958,"context":615},{"file":462,"line":1367,"context":615},340,{"file":462,"line":443,"context":615},{"file":462,"line":641,"context":615},{"file":462,"line":1371,"context":615},348,{"file":462,"line":1371,"context":615},{"file":462,"line":1124,"context":615},{"file":462,"line":1375,"context":615},364,{"file":462,"line":1377,"context":615},386,{"file":462,"line":984,"context":615},{"file":462,"line":984,"context":615},{"file":462,"line":984,"context":615},{"file":462,"line":984,"context":615},{"file":462,"line":984,"context":615},{"file":462,"line":984,"context":615},{"file":462,"line":1385,"context":615},392,{"file":462,"line":1385,"context":615},{"file":462,"line":1388,"context":615},439,{"file":462,"line":1390,"context":615},441,{"file":462,"line":1392,"context":615},442,{"file":462,"line":1392,"context":615},{"file":462,"line":1395,"context":615},448,{"file":462,"line":1397,"context":615},467,{"file":462,"line":1399,"context":615},475,{"file":462,"line":697,"context":615},{"file":462,"line":1402,"context":615},539,{"file":1404,"line":471,"context":615},"inc-cl\\xi.php",{"file":1404,"line":490,"context":615},{"file":1404,"line":846,"context":615},{"file":1404,"line":145,"context":615},{"file":1404,"line":617,"context":615},{"file":1404,"line":620,"context":615},{"file":1404,"line":867,"context":615},{"file":1404,"line":393,"context":615},{"file":1404,"line":1413,"context":615},129,{"file":1404,"line":1223,"context":615},{"file":1404,"line":598,"context":615},{"file":1404,"line":945,"context":615},{"file":1404,"line":945,"context":615},{"file":1404,"line":1026,"context":615},{"file":1404,"line":1420,"context":615},280,{"file":1404,"line":827,"context":615},12,[],[1425,1460,1477,1487,1500,1576,1596,1656,1677,1692,1706,1721,1736,1824,1834,1877,1893,1908,1922,1935,1950,1965,1979,2036,2044,2082,2094,2107,2122,2135,2148,2161,2243,2252,2260,2270,2280,2288,2299,2316,2329,2339,2352,2360,2373],{"entryPoint":1426,"graph":1427,"unsanitizedCount":48,"severity":41},"nxs_snapAjax (inc\\nxs_functions_adv.php:2)",{"nodes":1428,"edges":1454},[1429,1433,1438,1441,1446,1448,1452],{"id":1430,"type":1431,"label":1432,"file":569,"line":513},"n0","source","$_POST (x2)",{"id":1434,"type":1435,"label":1436,"file":569,"line":513,"wp_function":1437},"n1","sink","echo() [XSS]","echo",{"id":1439,"type":1431,"label":1440,"file":569,"line":867},"n2","$_POST",{"id":1442,"type":1435,"label":1443,"file":569,"line":1444,"wp_function":1445},"n3","query() [SQLi]",84,"query",{"id":1447,"type":1431,"label":1440,"file":569,"line":1328},"n4",{"id":1449,"type":1450,"label":1451,"file":569,"line":1328},"n5","transform","→ showNTSettings()",{"id":1453,"type":1435,"label":1436,"file":462,"line":1385,"wp_function":1437},"n6",[1455,1457,1458,1459],{"from":1430,"to":1434,"sanitized":1456},true,{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"entryPoint":1461,"graph":1462,"unsanitizedCount":48,"severity":41},"\u003Cnxs_functions_adv> (inc\\nxs_functions_adv.php:0)",{"nodes":1463,"edges":1472},[1464,1466,1467,1468,1469,1470,1471],{"id":1430,"type":1431,"label":1465,"file":569,"line":513},"$_POST (x3)",{"id":1434,"type":1435,"label":1436,"file":569,"line":513,"wp_function":1437},{"id":1439,"type":1431,"label":1440,"file":569,"line":867},{"id":1442,"type":1435,"label":1443,"file":569,"line":1444,"wp_function":1445},{"id":1447,"type":1431,"label":1440,"file":569,"line":1328},{"id":1449,"type":1450,"label":1451,"file":569,"line":1328},{"id":1453,"type":1435,"label":1436,"file":462,"line":1385,"wp_function":1437},[1473,1474,1475,1476],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"entryPoint":1478,"graph":1479,"unsanitizedCount":48,"severity":41},"nxs_do_this_hourly (inc\\nxs_functions_wp.php:533)",{"nodes":1480,"edges":1485},[1481,1484],{"id":1430,"type":1431,"label":1482,"file":416,"line":1483},"$_SERVER",580,{"id":1434,"type":1435,"label":1436,"file":416,"line":1135,"wp_function":1437},[1486],{"from":1430,"to":1434,"sanitized":51},{"entryPoint":1488,"graph":1489,"unsanitizedCount":29,"severity":41},"nxs_doNewNPPost (inc\\nxs_functions_wp.php:741)",{"nodes":1490,"edges":1497},[1491,1493,1494,1496],{"id":1430,"type":1431,"label":1492,"file":416,"line":1141},"$_POST['ddt']",{"id":1434,"type":1435,"label":1436,"file":416,"line":1141,"wp_function":1437},{"id":1439,"type":1431,"label":1440,"file":416,"line":1495},744,{"id":1442,"type":1435,"label":1436,"file":416,"line":1143,"wp_function":1437},[1498,1499],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"entryPoint":1501,"graph":1502,"unsanitizedCount":587,"severity":41},"\u003Cbg> (inc-cl\\bg.php:0)",{"nodes":1503,"edges":1559},[1504,1506,1507,1509,1510,1511,1513,1514,1517,1520,1522,1524,1527,1529,1531,1534,1536,1540,1543,1545,1547,1550,1552,1554,1557],{"id":1430,"type":1431,"label":1505,"file":1167,"line":1332},"$_GET (x21)",{"id":1434,"type":1435,"label":1436,"file":1167,"line":517,"wp_function":1437},{"id":1439,"type":1431,"label":1508,"file":1167,"line":1332},"$_GET",{"id":1442,"type":1435,"label":1436,"file":1167,"line":393,"wp_function":1437},{"id":1447,"type":1431,"label":1508,"file":1167,"line":532},{"id":1449,"type":1450,"label":1512,"file":1167,"line":532},"→ elemKeySecret()",{"id":1453,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1515,"type":1431,"label":1508,"file":1167,"line":1516},"n7",82,{"id":1518,"type":1450,"label":1519,"file":1167,"line":1516},"n8","→ elemUserPass()",{"id":1521,"type":1435,"label":1436,"file":830,"line":905,"wp_function":1437},"n9",{"id":1523,"type":1431,"label":1508,"file":1167,"line":308},"n10",{"id":1525,"type":1450,"label":1526,"file":1167,"line":308},"n11","→ elemTitleFormat()",{"id":1528,"type":1435,"label":1436,"file":830,"line":935,"wp_function":1437},"n12",{"id":1530,"type":1431,"label":1508,"file":1167,"line":308},"n13",{"id":1532,"type":1450,"label":1533,"file":1167,"line":308},"n14","→ elemMsgFormat()",{"id":1535,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},"n15",{"id":1537,"type":1431,"label":1538,"file":1167,"line":1539},"n16","$_GET (x2)",136,{"id":1541,"type":1450,"label":1542,"file":1167,"line":1539},"n17","→ elemEdTitleFormat()",{"id":1544,"type":1435,"label":1436,"file":830,"line":941,"wp_function":1437},"n18",{"id":1546,"type":1431,"label":1538,"file":1167,"line":1238},"n19",{"id":1548,"type":1450,"label":1549,"file":1167,"line":1238},"n20","→ elemEdMsgFormat()",{"id":1551,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},"n21",{"id":1553,"type":1431,"label":1538,"file":1167,"line":633},"n22",{"id":1555,"type":1450,"label":1556,"file":1167,"line":633},"n23","→ nxs_showURLToUseDlg()",{"id":1558,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},"n24",[1560,1561,1562,1563,1564,1565,1566,1567,1568,1569,1570,1571,1572,1573,1574,1575],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"from":1515,"to":1518,"sanitized":51},{"from":1518,"to":1521,"sanitized":51},{"from":1523,"to":1525,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1530,"to":1532,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1537,"to":1541,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"from":1546,"to":1548,"sanitized":51},{"from":1548,"to":1551,"sanitized":51},{"from":1553,"to":1555,"sanitized":51},{"from":1555,"to":1558,"sanitized":51},{"entryPoint":1577,"graph":1578,"unsanitizedCount":420,"severity":41},"getListOfPages (inc-cl\\fb.php:144)",{"nodes":1579,"edges":1592},[1580,1583,1584,1586,1588],{"id":1430,"type":1431,"label":1581,"file":578,"line":1582},"$_POST (x6)",144,{"id":1434,"type":1435,"label":1436,"file":578,"line":1179,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":578,"line":1585},198,{"id":1442,"type":1450,"label":1587,"file":578,"line":1585},"→ nxs_saveOption()",{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},"update_option() [Settings Manipulation]",379,"update_option",[1593,1594,1595],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":1597,"graph":1598,"unsanitizedCount":1655,"severity":41},"\u003Cfb> (inc-cl\\fb.php:0)",{"nodes":1599,"edges":1637},[1600,1602,1603,1605,1606,1607,1610,1611,1612,1614,1615,1616,1617,1619,1620,1621,1622,1623,1625,1627,1628,1630,1631,1632,1633,1635],{"id":1430,"type":1431,"label":1601,"file":578,"line":629},"$_POST (x95)",{"id":1434,"type":1435,"label":1436,"file":578,"line":1177,"wp_function":1437},{"id":1439,"type":1431,"label":1604,"file":578,"line":635},"$_POST (x4)",{"id":1442,"type":1450,"label":1587,"file":578,"line":635},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},{"id":1449,"type":1431,"label":1608,"file":578,"line":1609},"$_POST (x5)",231,{"id":1453,"type":1450,"label":1512,"file":578,"line":1609},{"id":1515,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1518,"type":1431,"label":1432,"file":578,"line":1613},302,{"id":1521,"type":1450,"label":1533,"file":578,"line":1613},{"id":1523,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},{"id":1525,"type":1431,"label":1440,"file":578,"line":947},{"id":1528,"type":1450,"label":1618,"file":578,"line":947},"→ askForSURL()",{"id":1530,"type":1435,"label":1436,"file":830,"line":635,"wp_function":1437},{"id":1532,"type":1431,"label":1440,"file":578,"line":1390},{"id":1535,"type":1450,"label":1549,"file":578,"line":1390},{"id":1537,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},{"id":1541,"type":1431,"label":1440,"file":578,"line":1624},457,{"id":1544,"type":1450,"label":1626,"file":578,"line":1624},"→ nxs_showImgToUseDlg()",{"id":1546,"type":1435,"label":1436,"file":416,"line":681,"wp_function":1437},{"id":1548,"type":1431,"label":1440,"file":578,"line":1629},458,{"id":1551,"type":1450,"label":1556,"file":578,"line":1629},{"id":1553,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},{"id":1555,"type":1431,"label":1440,"file":578,"line":1629},{"id":1558,"type":1450,"label":1634,"file":578,"line":1629},"→ nxs_tmpltImportComments()",{"id":1636,"type":1435,"label":1436,"file":830,"line":1002,"wp_function":1437},"n25",[1638,1639,1640,1641,1642,1643,1644,1645,1646,1647,1648,1649,1650,1651,1652,1653,1654],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"from":1453,"to":1515,"sanitized":51},{"from":1518,"to":1521,"sanitized":51},{"from":1521,"to":1523,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1528,"to":1530,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1535,"to":1537,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"from":1544,"to":1546,"sanitized":51},{"from":1548,"to":1551,"sanitized":51},{"from":1551,"to":1553,"sanitized":51},{"from":1555,"to":1558,"sanitized":51},{"from":1558,"to":1636,"sanitized":51},16,{"entryPoint":1657,"graph":1658,"unsanitizedCount":29,"severity":41},"doAuth (inc-cl\\fl.php:25)",{"nodes":1659,"edges":1672},[1660,1661,1663,1666,1668,1670],{"id":1430,"type":1431,"label":1508,"file":1213,"line":1334},{"id":1434,"type":1450,"label":1662,"file":1213,"line":1334},"→ getReqToken()",{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},"inc-cl\\apis\\scOAuth.php",154,{"id":1442,"type":1431,"label":1667,"file":1213,"line":1292},"$_GET['oauth_verifier']",{"id":1447,"type":1450,"label":1669,"file":1213,"line":1292},"→ getAccToken()",{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},176,[1673,1674,1675,1676],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":1678,"graph":1679,"unsanitizedCount":29,"severity":41},"\u003Cfl> (inc-cl\\fl.php:0)",{"nodes":1680,"edges":1687},[1681,1682,1683,1684,1685,1686],{"id":1430,"type":1431,"label":1508,"file":1213,"line":1334},{"id":1434,"type":1450,"label":1662,"file":1213,"line":1334},{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1442,"type":1431,"label":1667,"file":1213,"line":1292},{"id":1447,"type":1450,"label":1669,"file":1213,"line":1292},{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},[1688,1689,1690,1691],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":1693,"graph":1694,"unsanitizedCount":52,"severity":41},"getListOfPagesLIV2 (inc-cl\\li.php:95)",{"nodes":1695,"edges":1702},[1696,1698,1699,1700,1701],{"id":1430,"type":1431,"label":1440,"file":1228,"line":1697},95,{"id":1434,"type":1435,"label":1436,"file":1228,"line":1115,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1228,"line":1284},{"id":1442,"type":1450,"label":1587,"file":1228,"line":1284},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[1703,1704,1705],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":1707,"graph":1708,"unsanitizedCount":1720,"severity":41},"getListOfPagesNXS (inc-cl\\li.php:117)",{"nodes":1709,"edges":1716},[1710,1711,1712,1714,1715],{"id":1430,"type":1431,"label":1432,"file":1228,"line":629},{"id":1434,"type":1435,"label":1436,"file":1228,"line":1014,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1228,"line":1713},127,{"id":1442,"type":1450,"label":1587,"file":1228,"line":1713},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[1717,1718,1719],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},4,{"entryPoint":1722,"graph":1723,"unsanitizedCount":1720,"severity":41},"getListOfGroupsNXS (inc-cl\\li.php:129)",{"nodes":1724,"edges":1732},[1725,1727,1728,1730,1731],{"id":1430,"type":1431,"label":1432,"file":1228,"line":1726},135,{"id":1434,"type":1435,"label":1436,"file":1228,"line":1238,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1228,"line":1729},140,{"id":1442,"type":1450,"label":1587,"file":1228,"line":1729},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[1733,1734,1735],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":1737,"graph":1738,"unsanitizedCount":1292,"severity":41},"\u003Cli> (inc-cl\\li.php:0)",{"nodes":1739,"edges":1799},[1740,1742,1743,1744,1745,1747,1748,1750,1751,1752,1753,1754,1755,1756,1757,1759,1760,1761,1763,1764,1765,1766,1767,1768,1770,1771,1772,1774,1776,1778,1781,1783,1785,1788,1790,1792,1795,1797],{"id":1430,"type":1431,"label":1741,"file":1228,"line":485},"$_GET (x3)",{"id":1434,"type":1435,"label":1436,"file":1228,"line":841,"wp_function":1437},{"id":1439,"type":1431,"label":1508,"file":1228,"line":517},{"id":1442,"type":1435,"label":1436,"file":1228,"line":1115,"wp_function":1437},{"id":1447,"type":1431,"label":1746,"file":1228,"line":629},"$_POST (x13)",{"id":1449,"type":1435,"label":1436,"file":1228,"line":1014,"wp_function":1437},{"id":1453,"type":1431,"label":1749,"file":1228,"line":1413},"$_POST (x99)",{"id":1515,"type":1435,"label":1436,"file":1228,"line":484,"wp_function":1437},{"id":1518,"type":1431,"label":1581,"file":1228,"line":1284},{"id":1521,"type":1450,"label":1587,"file":1228,"line":1284},{"id":1523,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},{"id":1525,"type":1431,"label":1440,"file":1228,"line":1223},{"id":1528,"type":1450,"label":1512,"file":1228,"line":1223},{"id":1530,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1532,"type":1431,"label":1432,"file":1228,"line":1758},199,{"id":1535,"type":1450,"label":1519,"file":1228,"line":1758},{"id":1537,"type":1435,"label":1436,"file":830,"line":905,"wp_function":1437},{"id":1541,"type":1431,"label":1465,"file":1228,"line":1762},261,{"id":1544,"type":1450,"label":1526,"file":1228,"line":1762},{"id":1546,"type":1435,"label":1436,"file":830,"line":935,"wp_function":1437},{"id":1548,"type":1431,"label":1608,"file":1228,"line":1762},{"id":1551,"type":1450,"label":1533,"file":1228,"line":1762},{"id":1553,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},{"id":1555,"type":1431,"label":1440,"file":1228,"line":1769},300,{"id":1558,"type":1450,"label":1618,"file":1228,"line":1769},{"id":1636,"type":1435,"label":1436,"file":830,"line":635,"wp_function":1437},{"id":1773,"type":1431,"label":1465,"file":1228,"line":958},"n26",{"id":1775,"type":1450,"label":1542,"file":1228,"line":958},"n27",{"id":1777,"type":1435,"label":1436,"file":830,"line":941,"wp_function":1437},"n28",{"id":1779,"type":1431,"label":1604,"file":1228,"line":1780},"n29",339,{"id":1782,"type":1450,"label":1549,"file":1228,"line":1780},"n30",{"id":1784,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},"n31",{"id":1786,"type":1431,"label":1432,"file":1228,"line":1787},"n32",355,{"id":1789,"type":1450,"label":1626,"file":1228,"line":1787},"n33",{"id":1791,"type":1435,"label":1436,"file":416,"line":681,"wp_function":1437},"n34",{"id":1793,"type":1431,"label":1432,"file":1228,"line":1794},"n35",357,{"id":1796,"type":1450,"label":1556,"file":1228,"line":1794},"n36",{"id":1798,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},"n37",[1800,1801,1802,1803,1804,1805,1806,1807,1808,1809,1810,1811,1812,1813,1814,1815,1816,1817,1818,1819,1820,1821,1822,1823],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"from":1453,"to":1515,"sanitized":1456},{"from":1518,"to":1521,"sanitized":51},{"from":1521,"to":1523,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1528,"to":1530,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1535,"to":1537,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"from":1544,"to":1546,"sanitized":51},{"from":1548,"to":1551,"sanitized":51},{"from":1551,"to":1553,"sanitized":51},{"from":1555,"to":1558,"sanitized":51},{"from":1558,"to":1636,"sanitized":51},{"from":1773,"to":1775,"sanitized":51},{"from":1775,"to":1777,"sanitized":51},{"from":1779,"to":1782,"sanitized":51},{"from":1782,"to":1784,"sanitized":51},{"from":1786,"to":1789,"sanitized":51},{"from":1789,"to":1791,"sanitized":51},{"from":1793,"to":1796,"sanitized":51},{"from":1796,"to":1798,"sanitized":51},{"entryPoint":1825,"graph":1826,"unsanitizedCount":48,"severity":41},"doAuth (inc-cl\\md.php:13)",{"nodes":1827,"edges":1832},[1828,1830],{"id":1430,"type":1431,"label":1508,"file":1263,"line":1829},17,{"id":1434,"type":1435,"label":1436,"file":1263,"line":1831,"wp_function":1437},18,[1833],{"from":1430,"to":1434,"sanitized":51},{"entryPoint":1835,"graph":1836,"unsanitizedCount":251,"severity":41},"\u003Cmd> (inc-cl\\md.php:0)",{"nodes":1837,"edges":1862},[1838,1839,1840,1843,1844,1845,1846,1847,1848,1849,1850,1851,1852,1853,1854,1855,1856,1857,1858,1859,1860,1861],{"id":1430,"type":1431,"label":1508,"file":1263,"line":1829},{"id":1434,"type":1435,"label":1436,"file":1263,"line":1831,"wp_function":1437},{"id":1439,"type":1431,"label":1841,"file":1263,"line":1842},"$_GET (x6)",21,{"id":1442,"type":1435,"label":1436,"file":1263,"line":846,"wp_function":1437},{"id":1447,"type":1431,"label":1508,"file":1263,"line":559},{"id":1449,"type":1450,"label":1512,"file":1263,"line":559},{"id":1453,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1515,"type":1431,"label":1508,"file":1263,"line":535},{"id":1518,"type":1450,"label":1526,"file":1263,"line":535},{"id":1521,"type":1435,"label":1436,"file":830,"line":935,"wp_function":1437},{"id":1523,"type":1431,"label":1508,"file":1263,"line":535},{"id":1525,"type":1450,"label":1533,"file":1263,"line":535},{"id":1528,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},{"id":1530,"type":1431,"label":1538,"file":1263,"line":1012},{"id":1532,"type":1450,"label":1542,"file":1263,"line":1012},{"id":1535,"type":1435,"label":1436,"file":830,"line":941,"wp_function":1437},{"id":1537,"type":1431,"label":1538,"file":1263,"line":1012},{"id":1541,"type":1450,"label":1549,"file":1263,"line":1012},{"id":1544,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},{"id":1546,"type":1431,"label":1538,"file":1263,"line":629},{"id":1548,"type":1450,"label":1556,"file":1263,"line":629},{"id":1551,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},[1863,1864,1865,1866,1867,1868,1869,1870,1871,1872,1873,1874,1875,1876],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"from":1515,"to":1518,"sanitized":51},{"from":1518,"to":1521,"sanitized":51},{"from":1523,"to":1525,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1530,"to":1532,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1537,"to":1541,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"from":1546,"to":1548,"sanitized":51},{"from":1548,"to":1551,"sanitized":51},{"entryPoint":1878,"graph":1879,"unsanitizedCount":29,"severity":41},"doAuth (inc-cl\\pk.php:27)",{"nodes":1880,"edges":1888},[1881,1883,1884,1885,1886,1887],{"id":1430,"type":1431,"label":1508,"file":1272,"line":1882},31,{"id":1434,"type":1450,"label":1662,"file":1272,"line":1882},{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1442,"type":1431,"label":1667,"file":1272,"line":490},{"id":1447,"type":1450,"label":1669,"file":1272,"line":490},{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},[1889,1890,1891,1892],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":1894,"graph":1895,"unsanitizedCount":29,"severity":41},"\u003Cpk> (inc-cl\\pk.php:0)",{"nodes":1896,"edges":1903},[1897,1898,1899,1900,1901,1902],{"id":1430,"type":1431,"label":1508,"file":1272,"line":1882},{"id":1434,"type":1450,"label":1662,"file":1272,"line":1882},{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1442,"type":1431,"label":1667,"file":1272,"line":490},{"id":1447,"type":1450,"label":1669,"file":1272,"line":490},{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},[1904,1905,1906,1907],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":1909,"graph":1910,"unsanitizedCount":1720,"severity":41},"getListOfPNBoards (inc-cl\\pn.php:157)",{"nodes":1911,"edges":1918},[1912,1913,1914,1916,1917],{"id":1430,"type":1431,"label":1432,"file":1277,"line":1185},{"id":1434,"type":1435,"label":1436,"file":1277,"line":1243,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1277,"line":1915},168,{"id":1442,"type":1450,"label":1587,"file":1277,"line":1915},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[1919,1920,1921],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":1923,"graph":1924,"unsanitizedCount":1720,"severity":41},"getListOfSubReddits (inc-cl\\rd.php:131)",{"nodes":1925,"edges":1931},[1926,1927,1928,1929,1930],{"id":1430,"type":1431,"label":1432,"file":1291,"line":1726},{"id":1434,"type":1435,"label":1436,"file":1291,"line":1238,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1291,"line":1729},{"id":1442,"type":1450,"label":1587,"file":1291,"line":1729},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[1932,1933,1934],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":1936,"graph":1937,"unsanitizedCount":29,"severity":41},"doAuth (inc-cl\\sc.php:25)",{"nodes":1938,"edges":1945},[1939,1940,1941,1942,1943,1944],{"id":1430,"type":1431,"label":1508,"file":1298,"line":1882},{"id":1434,"type":1450,"label":1662,"file":1298,"line":1882},{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1442,"type":1431,"label":1667,"file":1298,"line":494},{"id":1447,"type":1450,"label":1669,"file":1298,"line":494},{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},[1946,1947,1948,1949],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":1951,"graph":1952,"unsanitizedCount":29,"severity":41},"\u003Csc> (inc-cl\\sc.php:0)",{"nodes":1953,"edges":1960},[1954,1955,1956,1957,1958,1959],{"id":1430,"type":1431,"label":1508,"file":1298,"line":1882},{"id":1434,"type":1450,"label":1662,"file":1298,"line":1882},{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1442,"type":1431,"label":1667,"file":1298,"line":494},{"id":1447,"type":1450,"label":1669,"file":1298,"line":494},{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},[1961,1962,1963,1964],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":1966,"graph":1967,"unsanitizedCount":52,"severity":41},"getListOfBlogs (inc-cl\\tr.php:58)",{"nodes":1968,"edges":1975},[1969,1970,1971,1973,1974],{"id":1430,"type":1431,"label":1440,"file":1308,"line":521},{"id":1434,"type":1435,"label":1436,"file":1308,"line":1313,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1308,"line":1972},71,{"id":1442,"type":1450,"label":1587,"file":1308,"line":1972},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[1976,1977,1978],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":1980,"graph":1981,"unsanitizedCount":426,"severity":41},"\u003Ctr> (inc-cl\\tr.php:0)",{"nodes":1982,"edges":2017},[1983,1985,1986,1988,1989,1990,1991,1992,1993,1994,1995,1997,1999,2000,2001,2002,2003,2005,2006,2007,2009,2010,2011,2012,2013,2014,2015,2016],{"id":1430,"type":1431,"label":1984,"file":1308,"line":521},"$_POST (x9)",{"id":1434,"type":1435,"label":1436,"file":1308,"line":1313,"wp_function":1437},{"id":1439,"type":1431,"label":1987,"file":1308,"line":521},"$_POST (x46)",{"id":1442,"type":1435,"label":1436,"file":1308,"line":607,"wp_function":1437},{"id":1447,"type":1431,"label":1432,"file":1308,"line":1972},{"id":1449,"type":1450,"label":1587,"file":1308,"line":1972},{"id":1453,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},{"id":1515,"type":1431,"label":1465,"file":1308,"line":1697},{"id":1518,"type":1450,"label":1512,"file":1308,"line":1697},{"id":1521,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1523,"type":1431,"label":1465,"file":1308,"line":1996},104,{"id":1525,"type":1450,"label":1998,"file":1308,"line":1996},"→ nxs_doShowHint()",{"id":1528,"type":1435,"label":1436,"file":416,"line":1124,"wp_function":1437},{"id":1530,"type":1431,"label":1432,"file":1308,"line":1236},{"id":1532,"type":1450,"label":1533,"file":1308,"line":1236},{"id":1535,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},{"id":1537,"type":1431,"label":1432,"file":1308,"line":2004},184,{"id":1541,"type":1450,"label":1549,"file":1308,"line":2004},{"id":1544,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},{"id":1546,"type":1431,"label":1432,"file":1308,"line":2008},190,{"id":1548,"type":1450,"label":1542,"file":1308,"line":2008},{"id":1551,"type":1435,"label":1436,"file":830,"line":941,"wp_function":1437},{"id":1553,"type":1431,"label":1432,"file":1308,"line":935},{"id":1555,"type":1450,"label":1626,"file":1308,"line":935},{"id":1558,"type":1435,"label":1436,"file":416,"line":681,"wp_function":1437},{"id":1636,"type":1431,"label":1432,"file":1308,"line":1119},{"id":1773,"type":1450,"label":1556,"file":1308,"line":1119},{"id":1775,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},[2018,2019,2020,2021,2022,2023,2024,2025,2026,2027,2028,2029,2030,2031,2032,2033,2034,2035],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"from":1515,"to":1518,"sanitized":51},{"from":1518,"to":1521,"sanitized":51},{"from":1523,"to":1525,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1530,"to":1532,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1537,"to":1541,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"from":1546,"to":1548,"sanitized":51},{"from":1548,"to":1551,"sanitized":51},{"from":1553,"to":1555,"sanitized":51},{"from":1555,"to":1558,"sanitized":51},{"from":1636,"to":1773,"sanitized":51},{"from":1773,"to":1775,"sanitized":51},{"entryPoint":2037,"graph":2038,"unsanitizedCount":48,"severity":41},"doAuth (inc-cl\\wb.php:13)",{"nodes":2039,"edges":2042},[2040,2041],{"id":1430,"type":1431,"label":1508,"file":1341,"line":362},{"id":1434,"type":1435,"label":1436,"file":1341,"line":1342,"wp_function":1437},[2043],{"from":1430,"to":1434,"sanitized":51},{"entryPoint":2045,"graph":2046,"unsanitizedCount":1422,"severity":41},"\u003Cwb> (inc-cl\\wb.php:0)",{"nodes":2047,"edges":2069},[2048,2049,2050,2052,2054,2055,2056,2057,2058,2059,2060,2061,2062,2063,2064,2065,2066,2067,2068],{"id":1430,"type":1431,"label":1508,"file":1341,"line":362},{"id":1434,"type":1435,"label":1436,"file":1341,"line":1342,"wp_function":1437},{"id":1439,"type":1431,"label":2051,"file":1341,"line":378},"$_GET (x7)",{"id":1442,"type":1435,"label":1436,"file":1341,"line":2053,"wp_function":1437},39,{"id":1447,"type":1431,"label":1741,"file":1341,"line":831},{"id":1449,"type":1450,"label":1512,"file":1341,"line":831},{"id":1453,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1515,"type":1431,"label":1538,"file":1341,"line":240},{"id":1518,"type":1450,"label":1533,"file":1341,"line":240},{"id":1521,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},{"id":1523,"type":1431,"label":1538,"file":1341,"line":343},{"id":1525,"type":1450,"label":1549,"file":1341,"line":343},{"id":1528,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},{"id":1530,"type":1431,"label":1538,"file":1341,"line":583},{"id":1532,"type":1450,"label":1626,"file":1341,"line":583},{"id":1535,"type":1435,"label":1436,"file":416,"line":681,"wp_function":1437},{"id":1537,"type":1431,"label":1538,"file":1341,"line":1301},{"id":1541,"type":1450,"label":1556,"file":1341,"line":1301},{"id":1544,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},[2070,2071,2072,2073,2074,2075,2076,2077,2078,2079,2080,2081],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"from":1515,"to":1518,"sanitized":51},{"from":1518,"to":1521,"sanitized":51},{"from":1523,"to":1525,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1530,"to":1532,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1537,"to":1541,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"entryPoint":2083,"graph":2084,"unsanitizedCount":48,"severity":41},"nxs_rePostToWL_ajax (inc-cl\\wl.php:493)",{"nodes":2085,"edges":2091},[2086,2088,2090],{"id":1430,"type":1431,"label":1440,"file":462,"line":2087},497,{"id":1434,"type":1450,"label":2089,"file":462,"line":2087},"→ nxs_doPublishToWL()",{"id":1439,"type":1435,"label":1436,"file":462,"line":1402,"wp_function":1437},[2092,2093],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"entryPoint":2095,"graph":2096,"unsanitizedCount":48,"severity":41},"\u003Cwl> (inc-cl\\wl.php:0)",{"nodes":2097,"edges":2103},[2098,2099,2100,2101,2102],{"id":1430,"type":1431,"label":1432,"file":462,"line":681},{"id":1434,"type":1435,"label":1436,"file":462,"line":697,"wp_function":1437},{"id":1439,"type":1431,"label":1440,"file":462,"line":2087},{"id":1442,"type":1450,"label":2089,"file":462,"line":2087},{"id":1447,"type":1435,"label":1436,"file":462,"line":1402,"wp_function":1437},[2104,2105,2106],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2108,"graph":2109,"unsanitizedCount":29,"severity":41},"doAuth (inc-cl\\xi.php:21)",{"nodes":2110,"edges":2117},[2111,2112,2113,2114,2115,2116],{"id":1430,"type":1431,"label":1508,"file":1404,"line":378},{"id":1434,"type":1450,"label":1662,"file":1404,"line":378},{"id":1439,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1442,"type":1431,"label":1667,"file":1404,"line":481},{"id":1447,"type":1450,"label":1669,"file":1404,"line":481},{"id":1449,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},[2118,2119,2120,2121],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"from":1447,"to":1449,"sanitized":51},{"entryPoint":2123,"graph":2124,"unsanitizedCount":1720,"severity":41},"getPgsList (inc-cl\\xi.php:48)",{"nodes":2125,"edges":2131},[2126,2127,2128,2129,2130],{"id":1430,"type":1431,"label":1432,"file":1404,"line":504},{"id":1434,"type":1435,"label":1436,"file":1404,"line":846,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1404,"line":513},{"id":1442,"type":1450,"label":1587,"file":1404,"line":513},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2132,2133,2134],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2136,"graph":2137,"unsanitizedCount":1720,"severity":41},"getGrpList (inc-cl\\xi.php:58)",{"nodes":2138,"edges":2144},[2139,2140,2141,2142,2143],{"id":1430,"type":1431,"label":1432,"file":1404,"line":521},{"id":1434,"type":1435,"label":1436,"file":1404,"line":617,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1404,"line":13},{"id":1442,"type":1450,"label":1587,"file":1404,"line":13},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2145,2146,2147],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2149,"graph":2150,"unsanitizedCount":1720,"severity":41},"getGrpForums (inc-cl\\xi.php:68)",{"nodes":2151,"edges":2157},[2152,2153,2154,2155,2156],{"id":1430,"type":1431,"label":1432,"file":1404,"line":532},{"id":1434,"type":1435,"label":1436,"file":1404,"line":867,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1404,"line":331},{"id":1442,"type":1450,"label":1587,"file":1404,"line":331},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2158,2159,2160],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2162,"graph":2163,"unsanitizedCount":240,"severity":41},"\u003Cxi> (inc-cl\\xi.php:0)",{"nodes":2164,"edges":2216},[2165,2167,2168,2170,2172,2173,2174,2175,2176,2177,2178,2179,2180,2181,2183,2184,2185,2187,2188,2189,2190,2191,2192,2194,2195,2196,2197,2198,2199,2201,2202,2203,2205,2206,2207,2209,2210,2211,2212,2214],{"id":1430,"type":1431,"label":2166,"file":1404,"line":504},"$_POST (x12)",{"id":1434,"type":1435,"label":1436,"file":1404,"line":846,"wp_function":1437},{"id":1439,"type":1431,"label":2169,"file":1404,"line":535},"$_POST (x85)",{"id":1442,"type":1435,"label":1436,"file":1404,"line":2171,"wp_function":1437},86,{"id":1447,"type":1431,"label":1508,"file":1404,"line":378},{"id":1449,"type":1450,"label":1662,"file":1404,"line":378},{"id":1453,"type":1435,"label":1436,"file":1664,"line":1665,"wp_function":1437},{"id":1515,"type":1431,"label":1667,"file":1404,"line":481},{"id":1518,"type":1450,"label":1669,"file":1404,"line":481},{"id":1521,"type":1435,"label":1436,"file":1664,"line":1671,"wp_function":1437},{"id":1523,"type":1431,"label":1581,"file":1404,"line":513},{"id":1525,"type":1450,"label":1587,"file":1404,"line":513},{"id":1528,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},{"id":1530,"type":1431,"label":1432,"file":1404,"line":2182},97,{"id":1532,"type":1450,"label":1519,"file":1404,"line":2182},{"id":1535,"type":1435,"label":1436,"file":830,"line":905,"wp_function":1437},{"id":1537,"type":1431,"label":1440,"file":1404,"line":2186},189,{"id":1541,"type":1450,"label":1526,"file":1404,"line":2186},{"id":1544,"type":1435,"label":1436,"file":830,"line":935,"wp_function":1437},{"id":1546,"type":1431,"label":1465,"file":1404,"line":825},{"id":1548,"type":1450,"label":1512,"file":1404,"line":825},{"id":1551,"type":1435,"label":1436,"file":830,"line":916,"wp_function":1437},{"id":1553,"type":1431,"label":1432,"file":1404,"line":2193},227,{"id":1555,"type":1450,"label":1533,"file":1404,"line":2193},{"id":1558,"type":1435,"label":1436,"file":830,"line":929,"wp_function":1437},{"id":1636,"type":1431,"label":1440,"file":1404,"line":1253},{"id":1773,"type":1450,"label":1618,"file":1404,"line":1253},{"id":1775,"type":1435,"label":1436,"file":830,"line":635,"wp_function":1437},{"id":1777,"type":1431,"label":1465,"file":1404,"line":2200},279,{"id":1779,"type":1450,"label":1542,"file":1404,"line":2200},{"id":1782,"type":1435,"label":1436,"file":830,"line":941,"wp_function":1437},{"id":1784,"type":1431,"label":1432,"file":1404,"line":2204},291,{"id":1786,"type":1450,"label":1549,"file":1404,"line":2204},{"id":1789,"type":1435,"label":1436,"file":830,"line":945,"wp_function":1437},{"id":1791,"type":1431,"label":1432,"file":1404,"line":2208},292,{"id":1793,"type":1450,"label":1556,"file":1404,"line":2208},{"id":1796,"type":1435,"label":1436,"file":416,"line":685,"wp_function":1437},{"id":1798,"type":1431,"label":1440,"file":1404,"line":544},{"id":2213,"type":1450,"label":1626,"file":1404,"line":544},"n38",{"id":2215,"type":1435,"label":1436,"file":416,"line":681,"wp_function":1437},"n39",[2217,2218,2219,2220,2221,2222,2223,2224,2225,2226,2227,2228,2229,2230,2231,2232,2233,2234,2235,2236,2237,2238,2239,2240,2241,2242],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":51},{"from":1449,"to":1453,"sanitized":51},{"from":1515,"to":1518,"sanitized":51},{"from":1518,"to":1521,"sanitized":51},{"from":1523,"to":1525,"sanitized":51},{"from":1525,"to":1528,"sanitized":51},{"from":1530,"to":1532,"sanitized":51},{"from":1532,"to":1535,"sanitized":51},{"from":1537,"to":1541,"sanitized":51},{"from":1541,"to":1544,"sanitized":51},{"from":1546,"to":1548,"sanitized":51},{"from":1548,"to":1551,"sanitized":51},{"from":1553,"to":1555,"sanitized":51},{"from":1555,"to":1558,"sanitized":51},{"from":1636,"to":1773,"sanitized":51},{"from":1773,"to":1775,"sanitized":51},{"from":1777,"to":1779,"sanitized":51},{"from":1779,"to":1782,"sanitized":51},{"from":1784,"to":1786,"sanitized":51},{"from":1786,"to":1789,"sanitized":51},{"from":1791,"to":1793,"sanitized":51},{"from":1793,"to":1796,"sanitized":51},{"from":1798,"to":2213,"sanitized":51},{"from":2213,"to":2215,"sanitized":51},{"entryPoint":2244,"graph":2245,"unsanitizedCount":95,"severity":2251},"showPage_reposter (inc\\nxs_class_mgmt.php:154)",{"nodes":2246,"edges":2249},[2247,2248],{"id":1430,"type":1431,"label":1508,"file":382,"line":1665},{"id":1434,"type":1435,"label":1436,"file":382,"line":1221,"wp_function":1437},[2250],{"from":1430,"to":1434,"sanitized":1456},"low",{"entryPoint":2253,"graph":2254,"unsanitizedCount":95,"severity":2251},"\u003Cnxs_class_mgmt> (inc\\nxs_class_mgmt.php:0)",{"nodes":2255,"edges":2258},[2256,2257],{"id":1430,"type":1431,"label":1508,"file":382,"line":1665},{"id":1434,"type":1435,"label":1436,"file":382,"line":1221,"wp_function":1437},[2259],{"from":1430,"to":1434,"sanitized":1456},{"entryPoint":2261,"graph":2262,"unsanitizedCount":95,"severity":2251},"\u003Cnxs_class_snap> (inc\\nxs_class_snap.php:0)",{"nodes":2263,"edges":2268},[2264,2267],{"id":1430,"type":1431,"label":2265,"file":389,"line":2266},"$_FILES",175,{"id":1434,"type":1435,"label":1436,"file":389,"line":1034,"wp_function":1437},[2269],{"from":1430,"to":1434,"sanitized":1456},{"entryPoint":2271,"graph":2272,"unsanitizedCount":95,"severity":2251},"nxs_checkQuery (inc\\nxs_functions_engine.php:124)",{"nodes":2273,"edges":2278},[2274,2277],{"id":1430,"type":1431,"label":2275,"file":412,"line":2276},"$_GET['nxs-cronrun']",128,{"id":1434,"type":1435,"label":1436,"file":412,"line":2276,"wp_function":1437},[2279],{"from":1430,"to":1434,"sanitized":1456},{"entryPoint":2281,"graph":2282,"unsanitizedCount":95,"severity":2251},"\u003Cnxs_functions_engine> (inc\\nxs_functions_engine.php:0)",{"nodes":2283,"edges":2286},[2284,2285],{"id":1430,"type":1431,"label":2275,"file":412,"line":2276},{"id":1434,"type":1435,"label":1436,"file":412,"line":2276,"wp_function":1437},[2287],{"from":1430,"to":1434,"sanitized":1456},{"entryPoint":2289,"graph":2290,"unsanitizedCount":95,"severity":2251},"nxs_getExpSettings_ajax (inc\\nxs_functions_wp.php:668)",{"nodes":2291,"edges":2297},[2292,2294],{"id":1430,"type":1431,"label":1440,"file":416,"line":2293},669,{"id":1434,"type":1435,"label":2295,"file":416,"line":736,"wp_function":2296},"header() [Header Injection]","header",[2298],{"from":1430,"to":1434,"sanitized":1456},{"entryPoint":2300,"graph":2301,"unsanitizedCount":95,"severity":2251},"\u003Cnxs_functions_wp> (inc\\nxs_functions_wp.php:0)",{"nodes":2302,"edges":2311},[2303,2304,2305,2306,2307,2308,2309,2310],{"id":1430,"type":1431,"label":1482,"file":416,"line":1483},{"id":1434,"type":1435,"label":1436,"file":416,"line":1135,"wp_function":1437},{"id":1439,"type":1431,"label":1440,"file":416,"line":2293},{"id":1442,"type":1435,"label":2295,"file":416,"line":736,"wp_function":2296},{"id":1447,"type":1431,"label":1492,"file":416,"line":1141},{"id":1449,"type":1435,"label":1436,"file":416,"line":1141,"wp_function":1437},{"id":1453,"type":1431,"label":1440,"file":416,"line":1495},{"id":1515,"type":1435,"label":1436,"file":416,"line":1143,"wp_function":1437},[2312,2313,2314,2315],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":1456},{"from":1447,"to":1449,"sanitized":1456},{"from":1453,"to":1515,"sanitized":1456},{"entryPoint":2317,"graph":2318,"unsanitizedCount":29,"severity":2251},"getListOfPagesNX (inc-cl\\fb.php:122)",{"nodes":2319,"edges":2325},[2320,2321,2322,2323,2324],{"id":1430,"type":1431,"label":1440,"file":578,"line":629},{"id":1434,"type":1435,"label":1436,"file":578,"line":1177,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":578,"line":635},{"id":1442,"type":1450,"label":1587,"file":578,"line":635},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2326,2327,2328],{"from":1430,"to":1434,"sanitized":1456},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2330,"graph":2331,"unsanitizedCount":29,"severity":2251},"nxsCptCheck (inc-cl\\ig.api.php:10)",{"nodes":2332,"edges":2336},[2333,2334,2335],{"id":1430,"type":1431,"label":1432,"file":1226,"line":1422},{"id":1434,"type":1450,"label":1587,"file":1226,"line":1422},{"id":1439,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2337,2338],{"from":1430,"to":1434,"sanitized":51},{"from":1434,"to":1439,"sanitized":51},{"entryPoint":2340,"graph":2341,"unsanitizedCount":202,"severity":2251},"\u003Cig.api> (inc-cl\\ig.api.php:0)",{"nodes":2342,"edges":2348},[2343,2344,2345,2346,2347],{"id":1430,"type":1431,"label":1440,"file":1226,"line":251},{"id":1434,"type":1435,"label":1436,"file":1226,"line":240,"wp_function":1437},{"id":1439,"type":1431,"label":1604,"file":1226,"line":1422},{"id":1442,"type":1450,"label":1587,"file":1226,"line":1422},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2349,2350,2351],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2353,"graph":2354,"unsanitizedCount":95,"severity":2251},"doAuth (inc-cl\\li.php:38)",{"nodes":2355,"edges":2358},[2356,2357],{"id":1430,"type":1431,"label":1741,"file":1228,"line":485},{"id":1434,"type":1435,"label":1436,"file":1228,"line":841,"wp_function":1437},[2359],{"from":1430,"to":1434,"sanitized":1456},{"entryPoint":2361,"graph":2362,"unsanitizedCount":1720,"severity":2251},"\u003Cpn> (inc-cl\\pn.php:0)",{"nodes":2363,"edges":2369},[2364,2365,2366,2367,2368],{"id":1430,"type":1431,"label":1432,"file":1277,"line":1185},{"id":1434,"type":1435,"label":1436,"file":1277,"line":1243,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1277,"line":1915},{"id":1442,"type":1450,"label":1587,"file":1277,"line":1915},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2370,2371,2372],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"entryPoint":2374,"graph":2375,"unsanitizedCount":1720,"severity":2251},"\u003Crd> (inc-cl\\rd.php:0)",{"nodes":2376,"edges":2382},[2377,2378,2379,2380,2381],{"id":1430,"type":1431,"label":1432,"file":1291,"line":1726},{"id":1434,"type":1435,"label":1436,"file":1291,"line":1238,"wp_function":1437},{"id":1439,"type":1431,"label":1432,"file":1291,"line":1729},{"id":1442,"type":1450,"label":1587,"file":1291,"line":1729},{"id":1447,"type":1435,"label":1589,"file":569,"line":1590,"wp_function":1591},[2383,2384,2385],{"from":1430,"to":1434,"sanitized":51},{"from":1439,"to":1442,"sanitized":51},{"from":1442,"to":1447,"sanitized":51},{"summary":2387,"deductions":2388},"The plugin \"social-networks-auto-poster-facebook-twitter-g\" version 4.4.7 presents a mixed security posture with several areas of concern that outweigh its strengths. While it utilizes prepared statements for SQL queries and a significant portion of its output is properly escaped, the presence of unprotected AJAX handlers and dangerous functions like `create_function` and `unserialize` indicates potential vulnerabilities. The history of 14 CVEs, with 2 currently unpatched and a prevalence of high and medium severity issues including Deserialization of Untrusted Data, CSRF, and Improper Access Control, strongly suggests a pattern of recurring security weaknesses.\n\nThe static analysis reveals an attack surface with 7 AJAX handlers, 7 of which lack authentication checks, posing a significant risk of unauthorized actions. The use of dangerous functions like `unserialize` without proper sanitization on user-supplied data is a critical concern, potentially leading to deserialization vulnerabilities. Furthermore, the taint analysis shows a high number of flows with unsanitized paths (37), although no critical or high severity flows were explicitly identified in this analysis, the sheer volume suggests a potential for overlooked vulnerabilities.\n\nIn conclusion, despite some good security practices in place, the significant number of unprotected entry points, the presence of dangerous functions, and the extensive history of vulnerabilities, particularly those related to deserialization and access control, indicate a substantial risk. The plugin requires immediate attention to address unpatched vulnerabilities and to implement robust authentication and input sanitization for all entry points, especially AJAX handlers.",[2389,2392,2394,2396,2399],{"reason":2390,"points":2391},"Unprotected AJAX handlers",20,{"reason":2393,"points":2391},"Dangerous functions present (unserialize, create_function)",{"reason":2395,"points":2391},"Unpatched CVEs",{"reason":2397,"points":2398},"High number of unsanitized taint flows",15,{"reason":2400,"points":2398},"High severity vulnerability history (3 high)","2026-03-16T17:25:05.592Z",{"wat":2403,"direct":2416},{"assetPaths":2404,"generatorPatterns":2409,"scriptPaths":2410,"versionParams":2413},[2405,2406,2407,2408],"\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Finc-cl\u002F","\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Fimg\u002F","\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Fjs\u002F","\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Fcss\u002F",[],[2411,2412],"\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Fjs\u002Fnxssnap-admin.js","\u002Fwp-content\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Fjs\u002Fnxssnap-common.js",[2414,2415],"social-networks-auto-poster-facebook-twitter-g\u002Fjs\u002Fnxssnap-admin.js?ver=","social-networks-auto-poster-facebook-twitter-g\u002Fjs\u002Fnxssnap-common.js?ver=",{"cssClasses":2417,"htmlComments":2420,"htmlAttributes":2423,"restEndpoints":2426,"jsGlobals":2430,"shortcodeOutput":2434},[2418,2419],"nxs_snap_body","nxssnap_wrap",[2421,2422],"\u003C!-- NextScripts: Social Networks Auto-Poster -->","\u003C!-- V5 Beta -->",[2424,2425],"data-snap-id","data-snap-post-id",[2427,2428,2429],"\u002Fwp-json\u002Fnxs\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fnxs\u002Fv1\u002Faccounts","\u002Fwp-json\u002Fnxs\u002Fv1\u002Fposts",[2431,2432,2433],"window.nxs_SNAP_URL","window.nxs_SNAP_AJAX_URL","window.nxssnap_admin_obj",[2435],"[nxs_links]",{"error":1456,"url":2437,"statusCode":2438,"statusMessage":2439,"message":2439},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":362,"versions":2441},[2442,2462,2482,2503,2524,2545,2566,2587,2608,2629,2650,2671,2692],{"version":2443,"download_url":2444,"svn_tag_url":2445,"released_at":39,"has_diff":51,"diff_files_changed":2446,"diff_lines":39,"trac_diff_url":2447,"vulnerabilities":2448,"is_current":51},"3.8.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.3.8.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F3.8.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.4.31&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.8.8",[2449,2450,2451,2452,2453,2454,2455,2456,2457,2458,2459,2460,2461],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2463,"download_url":2464,"svn_tag_url":2465,"released_at":39,"has_diff":51,"diff_files_changed":2466,"diff_lines":39,"trac_diff_url":2467,"vulnerabilities":2468,"is_current":51},"3.4.31","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.3.4.31.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F3.4.31\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.2.3&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.4.31",[2469,2470,2471,2472,2473,2474,2475,2476,2477,2478,2479,2480,2481],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2483,"download_url":2484,"svn_tag_url":2485,"released_at":39,"has_diff":51,"diff_files_changed":2486,"diff_lines":39,"trac_diff_url":2487,"vulnerabilities":2488,"is_current":51},"3.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.3.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F3.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.1.2&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.2.3",[2489,2490,2491,2492,2493,2494,2495,2496,2497,2498,2499,2500,2501,2502],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2504,"download_url":2505,"svn_tag_url":2506,"released_at":39,"has_diff":51,"diff_files_changed":2507,"diff_lines":39,"trac_diff_url":2508,"vulnerabilities":2509,"is_current":51},"3.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.3.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F3.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.0.9&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.1.2",[2510,2511,2512,2513,2514,2515,2516,2517,2518,2519,2520,2521,2522,2523],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2525,"download_url":2526,"svn_tag_url":2527,"released_at":39,"has_diff":51,"diff_files_changed":2528,"diff_lines":39,"trac_diff_url":2529,"vulnerabilities":2530,"is_current":51},"3.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.3.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F3.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.7.22&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F3.0.9",[2531,2532,2533,2534,2535,2536,2537,2538,2539,2540,2541,2542,2543,2544],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2546,"download_url":2547,"svn_tag_url":2548,"released_at":39,"has_diff":51,"diff_files_changed":2549,"diff_lines":39,"trac_diff_url":2550,"vulnerabilities":2551,"is_current":51},"2.7.22","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.2.7.22.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F2.7.22\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.7.14&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.7.22",[2552,2553,2554,2555,2556,2557,2558,2559,2560,2561,2562,2563,2564,2565],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2567,"download_url":2568,"svn_tag_url":2569,"released_at":39,"has_diff":51,"diff_files_changed":2570,"diff_lines":39,"trac_diff_url":2571,"vulnerabilities":2572,"is_current":51},"2.7.14","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.2.7.14.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F2.7.14\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.6.3&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.7.14",[2573,2574,2575,2576,2577,2578,2579,2580,2581,2582,2583,2584,2585,2586],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2588,"download_url":2589,"svn_tag_url":2590,"released_at":39,"has_diff":51,"diff_files_changed":2591,"diff_lines":39,"trac_diff_url":2592,"vulnerabilities":2593,"is_current":51},"2.6.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.2.6.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F2.6.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.5.5&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.6.3",[2594,2595,2596,2597,2598,2599,2600,2601,2602,2603,2604,2605,2606,2607],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2609,"download_url":2610,"svn_tag_url":2611,"released_at":39,"has_diff":51,"diff_files_changed":2612,"diff_lines":39,"trac_diff_url":2613,"vulnerabilities":2614,"is_current":51},"2.5.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.2.5.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F2.5.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.4.8&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.5.5",[2615,2616,2617,2618,2619,2620,2621,2622,2623,2624,2625,2626,2627,2628],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2630,"download_url":2631,"svn_tag_url":2632,"released_at":39,"has_diff":51,"diff_files_changed":2633,"diff_lines":39,"trac_diff_url":2634,"vulnerabilities":2635,"is_current":51},"2.4.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.2.4.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F2.4.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F1.9.13&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F2.4.8",[2636,2637,2638,2639,2640,2641,2642,2643,2644,2645,2646,2647,2648,2649],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2651,"download_url":2652,"svn_tag_url":2653,"released_at":39,"has_diff":51,"diff_files_changed":2654,"diff_lines":39,"trac_diff_url":2655,"vulnerabilities":2656,"is_current":51},"1.9.13","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.1.9.13.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F1.9.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F1.7.0&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F1.9.13",[2657,2658,2659,2660,2661,2662,2663,2664,2665,2666,2667,2668,2669,2670],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2672,"download_url":2673,"svn_tag_url":2674,"released_at":39,"has_diff":51,"diff_files_changed":2675,"diff_lines":39,"trac_diff_url":2676,"vulnerabilities":2677,"is_current":51},"1.7.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.1.7.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F1.7.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F1.6.1&new_path=%2Fsocial-networks-auto-poster-facebook-twitter-g%2Ftags%2F1.7.0",[2678,2679,2680,2681,2682,2683,2684,2685,2686,2687,2688,2689,2690,2691],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217},{"version":2693,"download_url":2694,"svn_tag_url":2695,"released_at":39,"has_diff":51,"diff_files_changed":2696,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":2697,"is_current":51},"1.6.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-networks-auto-poster-facebook-twitter-g.1.6.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsocial-networks-auto-poster-facebook-twitter-g\u002Ftags\u002F1.6.1\u002F",[],[2698,2699,2700,2701,2702,2703,2704,2705,2706,2707,2708,2709,2710,2711],{"id":160,"url_slug":161,"title":162,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":165},{"id":135,"url_slug":136,"title":137,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":140},{"id":184,"url_slug":185,"title":186,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":189},{"id":97,"url_slug":98,"title":99,"severity":41,"cvss_score":103,"vuln_type":105,"patched_in_version":102},{"id":196,"url_slug":197,"title":198,"severity":41,"cvss_score":202,"vuln_type":204,"patched_in_version":201},{"id":172,"url_slug":173,"title":174,"severity":41,"cvss_score":178,"vuln_type":105,"patched_in_version":177},{"id":112,"url_slug":113,"title":114,"severity":67,"cvss_score":116,"vuln_type":118,"patched_in_version":102},{"id":148,"url_slug":149,"title":150,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":153},{"id":125,"url_slug":126,"title":127,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":102},{"id":84,"url_slug":85,"title":86,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":39},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"id":62,"url_slug":63,"title":64,"severity":67,"cvss_score":68,"vuln_type":70,"patched_in_version":39},{"id":224,"url_slug":225,"title":226,"severity":67,"cvss_score":230,"vuln_type":44,"patched_in_version":229},{"id":212,"url_slug":213,"title":214,"severity":41,"cvss_score":88,"vuln_type":44,"patched_in_version":217}]