[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWF5G_Vr4q_4ZrjKs2HJpmJb-WhodXWnEpfKQA1t8vIA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":137,"fingerprints":323},"social-photo-blocks","Social Photo Blocks","1.2","Sergiy Dzysyak","https:\u002F\u002Fprofiles.wordpress.org\u002Fdzysyak\u002F","\u003Cp>Plugin provides basic photo grid and photo slider functionality implemented in widgets, short codes and Guttenberg blocks. Photo media is taken from your public Instagram account via API provided by Instagram\u002FFacebook.\u003C\u002Fp>\n\u003Cp>Key features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugin uses new Facebook API for Instagram.\u003C\u002Fli>\n\u003Cli>Basic photo grid from social network.\u003C\u002Fli>\n\u003Cli>Basic photo slider from social networks.\u003C\u002Fli>\n\u003Cli>Confugurable number of columns and rows, grid container width and alignmer for each instance.\u003C\u002Fli>\n\u003Cli>Memcache or file cache API calls to improve website speed and reduce number of API calls.\u003C\u002Fli>\n\u003Cli>Plugin does not use any thirdparty service to handle your data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Supported social platform APIs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Instagram (Instagram is a registered trademark and company owned by Facebook)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Short code example:\u003C\u002Fp>\n\u003Cp>[sp_grid cols=’3′ rows=’3′ width=’100%’ align=’center’]\u003C\u002Fp>\n\u003Cp>[sp_slider width=’100%’ align=’center’]\u003C\u002Fp>\n\u003Cp>Demo page:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Ferlycoder.com\u002Fsocial-photo-grid-and-slider-demo\u002F\u003C\u002Fp>\n","Plugin provides basic photo grid and photo slider functionality implemented in widgets, short codes and Guttenberg blocks.",0,1001,"2022-08-27T21:45:00.000Z","6.0.11","5.0","5.6",[18,19,20,21,22],"grid","instagram","photo","slider","social","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsocial-photo-grid","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-photo-blocks.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":33,"computed_at":35},"dzysyak",4,200,80,30,"2026-04-04T15:46:57.644Z",[37,62,83,101,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":11,"last_vuln_date":61,"fetched_at":27},"simple-photo-feed","Simple Photo Feed","1.4.3","George Pattichis","https:\u002F\u002Fprofiles.wordpress.org\u002Fpattihis\u002F","\u003Cp>\u003Cstrong>Simple Photo Feed\u003C\u002Fstrong> is a free WordPress plugin that lets you embed your Instagram photos as a gallery in your website.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy embed feature to display Instagram posts from your account.\u003C\u002Fli>\n\u003Cli>Super simple to set up – No coding or editing files!\u003C\u002Fli>\n\u003Cli>Completely responsive and mobile ready – layout looks great on any screen size and in any container width\u003C\u002Fli>\n\u003Cli>Customizable – Customize the number of photos, number of columns, image size and captions display!\u003C\u002Fli>\n\u003Cli>Use the built-in shortcode options to completely customize your Instagram feed\u003C\u002Fli>\n\u003Cli>Built in optional lightbox to view larger images and scroll through gallery without leaving the current site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Increase Social Engagement – Increase engagement between you and your Instagram followers. Increase your number of followers by displaying your Instagram content directly on your site.\u003C\u002Fli>\n\u003Cli>Save Time – Don’t have time to update your photos on your site? Save time and increase efficiency by only posting your photos to Instagram and automatically displaying them on your website\u003C\u002Fli>\n\u003Cli>Keep Your Site Looking Fresh – Automatically push your new Instagram content straight to your site to keep it looking fresh and keeping your audience engaged.\u003C\u002Fli>\n\u003Cli>Super simple to set up – Once installed, you can be displaying your Instagram photos within 30 seconds! No coding required, no complex steps or Instagram Developer account needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Simple Photo Feed provides an easy way to connect to your Instagram account and display your photos in your WordPress site.",1000,13328,100,7,"2025-07-03T21:55:00.000Z","6.8.5","5.3.0","7.2",[54,55,19,56,22],"embed","feed","photo-gallery","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-photo-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-photo-feed.1.4.3.zip",99,1,"2025-02-18 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":11,"num_ratings":11,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":81,"download_link":82,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"amazing-widgets","Amazing Widgets","1.0.0","Gabfire","https:\u002F\u002Fprofiles.wordpress.org\u002Fgabfire\u002F","\u003Cp>Amazing Widgets is a feature-packed plugin that adds the most commonly used widgets to your site. Rather than having to download several plugins by various authors, this plugin bundles together the most popular widgets.\u003C\u002Fp>\n\u003Cp>It is maintained by the folks over at http:\u002F\u002Fwww.gabfirethemes.com\u003C\u002Fp>\n","Amazing Widgets contains some useful widgets to extend your WordPress site. It is a free plugin that will work with ANY theme.",10,2282,"2015-11-02T08:32:00.000Z","4.3.34","4.0","",[77,19,78,79,80],"content-slider","post-tabs","social-icons","timeline-posts","http:\u002F\u002Fwww.gabfirethemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famazing-widgets.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":70,"downloaded":91,"rating":47,"num_ratings":60,"last_updated":92,"tested_up_to":93,"requires_at_least":15,"requires_php":94,"tags":95,"homepage":99,"download_link":100,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"cwo-photo","CWO Photo","0.1","paulmiernathan","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaulmiernathan\u002F","\u003Cp>After login with Google and creating Google credentials in Google console developers, you will have access to your own Google Photos albums. Using shortcodes, you will be able to display your photos anywhere on your website. You can add several parameters in the shortcode in order to customize it and then obtain the result you want.\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","The CWO Photo plugin allows you to import your own photos from your Google Photos albums and to display it in slider or in grid according to your pref &hellip;",7840,"2021-07-12T09:52:00.000Z","5.8.13","7.2.10",[96,97,18,98,21],"album","google-photo","photos","https:\u002F\u002Fcwo-photo.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcwo-photo.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":11,"downloaded":109,"rating":11,"num_ratings":11,"last_updated":110,"tested_up_to":111,"requires_at_least":15,"requires_php":112,"tags":113,"homepage":119,"download_link":120,"security_score":47,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"b19-social-feed","B19 Social Feed","1.0.1","株式会社ビーク","https:\u002F\u002Fprofiles.wordpress.org\u002Fb19cojp\u002F","\u003Cp>\u003Cstrong>B19 Social Feed\u003C\u002Fstrong> is a simple and lightweight plugin to display your social media posts on your WordPress website.\u003C\u002Fp>\n\u003Cp>This plugin connects to social media platforms via their official APIs and requires a \u003Cstrong>Professional Account\u003C\u002Fstrong> (Business or Creator account).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Setup\u003C\u002Fstrong> – Connect with your Professional Account in minutes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Grid Layout\u003C\u002Fstrong> – Display photos in 2-6 columns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching\u003C\u002Fstrong> – Built-in caching to reduce API calls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Place your feed anywhere with shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal impact on page load speed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Japanese Language Support\u003C\u002Fstrong> – Full Japanese translation included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Professional Account\u003C\u002Fstrong> – Business or Creator account\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Facebook Page\u003C\u002Fstrong> – Connected to your Professional Account\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Facebook Developer Account\u003C\u002Fstrong> – To create an app and get access token\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Basic usage: \u003Ccode>[b19_social_feed]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>With options: \u003Ccode>[b19_social_feed num=\"6\" cols=\"3\" caption=\"true\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Parameters:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>num\u003C\u002Fcode> – Number of photos to display (default: 12)\u003Cbr \u002F>\n* \u003Ccode>cols\u003C\u002Fcode> – Number of columns, 2-6 (default: 4)\u003Cbr \u002F>\n* \u003Ccode>caption\u003C\u002Fcode> – Show captions, true\u002Ffalse (default: false)\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following external services:\u003C\u002Fp>\n\u003Ch3>Instagram Graph API (via Meta Graph API)\u003C\u002Fh3>\n\u003Cp>This plugin uses the Instagram Graph API to fetch and display Instagram posts from your Professional Account (Business or Creator account).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What this service is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\nRetrieving Instagram posts including images, videos, captions, and engagement data to display on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>API Endpoint:\u003C\u002Fstrong> https:\u002F\u002Fgraph.facebook.com\u002Fv21.0\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data sent to the service:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Your Instagram Business Account ID\u003Cbr \u002F>\n* Your Access Token\u003Cbr \u002F>\n* Request for media data (id, caption, media_type, media_url, thumbnail_url, permalink, timestamp, like_count, comments_count)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* When the plugin settings page is loaded (to verify connection)\u003Cbr \u002F>\n* When displaying the Instagram feed on your website (after cache expires, default: 1 hour)\u003Cbr \u002F>\n* When manually refreshing the feed from admin panel\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service Provider:\u003C\u002Fstrong> Meta Platforms, Inc.\u003Cbr \u002F>\n\u003Cstrong>Terms of Service:\u003C\u002Fstrong> https:\u002F\u002Fdevelopers.facebook.com\u002Fterms\u002F\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Fwww.facebook.com\u002Fprivacy\u002Fpolicy\u002F\u003Cbr \u002F>\n\u003Cstrong>Instagram Terms:\u003C\u002Fstrong> https:\u002F\u002Fhelp.instagram.com\u002F581066165581870\u003Cbr \u002F>\n\u003Cstrong>Instagram Privacy:\u003C\u002Fstrong> https:\u002F\u002Fprivacycenter.instagram.com\u002Fpolicy\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin stores the following data:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access token (stored in WordPress database)\u003C\u002Fli>\n\u003Cli>App ID and App Secret (stored in WordPress database)\u003C\u002Fli>\n\u003Cli>Post data (temporarily cached)\u003C\u002Fli>\n\u003Cli>Username and profile picture URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please also review the privacy policies of the external services listed above.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Meta Graph API\u003C\u002Fli>\n\u003Cli>WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Developer:\u003C\u002Fstrong> B19 Co., Ltd.\u003Cbr \u002F>\n\u003Cstrong>Website:\u003C\u002Fstrong> https:\u002F\u002Fb19.co.jp\u002F\u003Cbr \u002F>\n\u003Cstrong>Support:\u003C\u002Fstrong> Please use the WordPress.org support forum or contact us through our website.\u003C\u002Fp>\n","Display your social media feed on your WordPress site. Connect your professional account and show your posts in a beautiful grid layout.",104,"2026-01-06T01:45:00.000Z","6.9.4","7.4",[114,115,116,117,118],"gallery","photo-grid","social-feed","social-media","widget","https:\u002F\u002Fb19.co.jp\u002Fplugins\u002Fsocial-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fb19-social-feed.1.0.1.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":11,"downloaded":129,"rating":11,"num_ratings":11,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":16,"tags":133,"homepage":135,"download_link":136,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-social-feed-gallery","WP Social Feed Gallery","0.1.0","WDDPortfolio","https:\u002F\u002Fprofiles.wordpress.org\u002Fwddportfolio\u002F","\u003Cp>WP Social Feed Gallery is a simple WordPress plugin that allow you to display your Instagram feed pictures in your website. It does not require you to provide your login details or sign in via oAuth.\u003C\u002Fp>\n\u003Cp>The widget is built with the following philosophy:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use of sensible and simple \u003Cstrong>HTML5 markup\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Provide \u003Cstrong>username\u003C\u002Fstrong> and \u003Cstrong>hashtag\u003C\u002Fstrong> – it is up to you to show the widget to your theme and taste\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache possible\u003C\u002Fstrong> – Default Cache time is 2 hours for rapid load\u003C\u002Fli>\n\u003Cli>Change \u003Cstrong>number of columns\u003C\u002Fstrong>, colors and borders.\u003C\u002Fli>\n\u003Cli>Follow using the \u003Cstrong>Instagram\u003C\u002Fstrong> button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Setup flow\u003C\u002Fstrong> to configure and go live in minutes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A plugin by \u003Ca href=\"https:\u002F\u002Fwww.wddportfolio.com\u002F\" title=\"WordPress Theme and Development Company\" rel=\"nofollow ugc\">WDDPortfolio\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.mfurqanabid.com\u002F\" title=\"WordPress developer\" rel=\"nofollow ugc\">Muhammad Furqan Abid\u003C\u002Fa>.\u003C\u002Fp>\n","WP Social Feed Gallery is a simple WordPress plugin that allow you to display your Instagram feed pictures in your website.",944,"2019-12-17T03:31:00.000Z","5.3.21","4.7",[19,134,98,116,118],"photography","https:\u002F\u002Fgithub.com\u002Fwddportfolio\u002Fwp-social-feed-gallery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-social-feed-gallery.zip",{"attackSurface":138,"codeSignals":197,"taintFlows":309,"riskAssessment":310,"analyzedAt":322},{"hooks":139,"ajaxHandlers":173,"restRoutes":183,"shortcodes":184,"cronEvents":193,"entryPointCount":31,"unprotectedCount":196},[140,146,151,155,158,162,165,169],{"type":141,"name":142,"callback":143,"file":144,"line":145},"filter","cron_schedules","custom_time_cron","social-photo-blocks.php",39,{"type":147,"name":148,"callback":149,"priority":70,"file":144,"line":150},"action","token_renew_hook","refreshTockenLong",41,{"type":147,"name":152,"callback":153,"file":144,"line":154},"init","init_scripts_and_styles",46,{"type":141,"name":156,"callback":156,"priority":70,"file":144,"line":157},"get_media_list",50,{"type":147,"name":159,"callback":160,"file":144,"line":161},"enqueue_block_assets","block_assets",54,{"type":147,"name":163,"callback":163,"file":144,"line":164},"admin_init",57,{"type":147,"name":166,"callback":167,"file":144,"line":168},"admin_menu","plugin_setup_menu",58,{"type":147,"name":170,"callback":171,"file":144,"line":172},"widgets_init","closure",797,[174,179],{"action":175,"nopriv":176,"callback":177,"hasNonce":176,"hasCapCheck":176,"file":144,"line":178},"cache_refresh",false,"refresh_lists_cache",61,{"action":180,"nopriv":176,"callback":181,"hasNonce":176,"hasCapCheck":176,"file":144,"line":182},"renew_token","renew_token_manually",62,[],[185,189],{"tag":186,"callback":187,"file":144,"line":188},"sp_grid","Social_Photo_Grid_shortcode",51,{"tag":190,"callback":191,"file":144,"line":192},"sp_slider","Social_Photo_Slider_shortcode",52,[194],{"hook":148,"callback":148,"file":144,"line":195},43,2,{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":306,"externalRequests":307,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":308},[],{"prepared":11,"raw":11,"locations":200},[],{"escaped":202,"rawEcho":203,"locations":204},26,66,[205,208,210,212,214,216,218,220,222,224,225,226,228,230,231,232,234,236,237,238,240,242,244,246,248,250,251,252,254,256,257,258,260,262,263,264,266,268,269,271,273,274,276,278,279,280,282,284,285,286,288,289,290,291,292,293,295,296,297,298,299,300,301,302,303,305],{"file":144,"line":206,"context":207},233,"raw output",{"file":144,"line":209,"context":207},265,{"file":144,"line":211,"context":207},473,{"file":144,"line":213,"context":207},634,{"file":144,"line":215,"context":207},635,{"file":144,"line":217,"context":207},636,{"file":144,"line":219,"context":207},638,{"file":144,"line":221,"context":207},666,{"file":144,"line":223,"context":207},667,{"file":144,"line":223,"context":207},{"file":144,"line":223,"context":207},{"file":144,"line":227,"context":207},669,{"file":144,"line":229,"context":207},670,{"file":144,"line":229,"context":207},{"file":144,"line":229,"context":207},{"file":144,"line":233,"context":207},672,{"file":144,"line":235,"context":207},673,{"file":144,"line":235,"context":207},{"file":144,"line":235,"context":207},{"file":144,"line":239,"context":207},726,{"file":144,"line":241,"context":207},727,{"file":144,"line":243,"context":207},728,{"file":144,"line":245,"context":207},730,{"file":144,"line":247,"context":207},770,{"file":144,"line":249,"context":207},771,{"file":144,"line":249,"context":207},{"file":144,"line":249,"context":207},{"file":144,"line":253,"context":207},773,{"file":144,"line":255,"context":207},774,{"file":144,"line":255,"context":207},{"file":144,"line":255,"context":207},{"file":144,"line":259,"context":207},776,{"file":144,"line":261,"context":207},777,{"file":144,"line":261,"context":207},{"file":144,"line":261,"context":207},{"file":144,"line":265,"context":207},779,{"file":144,"line":267,"context":207},780,{"file":144,"line":267,"context":207},{"file":144,"line":270,"context":207},782,{"file":144,"line":272,"context":207},783,{"file":144,"line":272,"context":207},{"file":144,"line":275,"context":207},785,{"file":144,"line":277,"context":207},786,{"file":144,"line":277,"context":207},{"file":144,"line":277,"context":207},{"file":144,"line":281,"context":207},788,{"file":144,"line":283,"context":207},789,{"file":144,"line":283,"context":207},{"file":144,"line":283,"context":207},{"file":287,"line":60,"context":207},"tpl\\recent_basic.php",{"file":287,"line":60,"context":207},{"file":287,"line":60,"context":207},{"file":287,"line":60,"context":207},{"file":287,"line":60,"context":207},{"file":287,"line":31,"context":207},{"file":294,"line":60,"context":207},"tpl\\recent_slider.php",{"file":294,"line":60,"context":207},{"file":294,"line":60,"context":207},{"file":294,"line":60,"context":207},{"file":294,"line":60,"context":207},{"file":294,"line":60,"context":207},{"file":294,"line":60,"context":207},{"file":294,"line":31,"context":207},{"file":294,"line":31,"context":207},{"file":294,"line":304,"context":207},6,{"file":294,"line":304,"context":207},3,5,[],[],{"summary":311,"deductions":312},"The \"social-photo-blocks\" plugin v1.2 exhibits a mixed security posture, with some positive indicators but significant areas of concern. The absence of any recorded vulnerabilities in its history is a strong positive, suggesting a generally well-maintained codebase or a lack of prior focused security analysis. Furthermore, the plugin exclusively uses prepared statements for its SQL queries, which is an excellent practice that mitigates SQL injection risks.\n\nHowever, the static analysis reveals critical weaknesses. A substantial portion of the plugin's output is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also lacks nonce checks and capability checks for its two AJAX handlers. This means that any authenticated user, regardless of their role or permissions, could potentially trigger these AJAX actions, creating an open door for malicious actors to exploit them. The presence of unprotected entry points is a direct security concern.\n\nDespite the clean vulnerability history, the identified code signals of unescaped output and unprotected AJAX handlers represent immediate and actionable risks. The plugin's strengths lie in its SQL handling and lack of historical exploits, but these are overshadowed by the high probability of XSS and potential unauthorized action execution due to the lack of proper authorization and sanitization on its entry points. A balanced conclusion is that while the plugin has avoided known vulnerabilities, it has introduced several common attack vectors through its implementation that require immediate attention.",[313,316,318,320],{"reason":314,"points":315},"Unescaped output (28% of 92 outputs)",8,{"reason":317,"points":70},"AJAX handlers without auth checks (2)",{"reason":319,"points":315},"Nonce checks missing on AJAX handlers",{"reason":321,"points":315},"Capability checks missing on AJAX handlers","2026-03-17T06:22:29.133Z",{"wat":324,"direct":335},{"assetPaths":325,"generatorPatterns":329,"scriptPaths":330,"versionParams":331},[326,327,328],"\u002Fwp-content\u002Fplugins\u002Fsocial-photo-blocks\u002Fjs\u002Fadmin\u002Findex.js","\u002Fwp-content\u002Fplugins\u002Fsocial-photo-blocks\u002Fjs\u002Fpublic\u002Findex.js","\u002Fwp-content\u002Fplugins\u002Fsocial-photo-blocks\u002Fcss\u002Fpublic.css",[],[326,327],[332,333,334],"social-photo-blocks\u002Fjs\u002Fadmin\u002Findex.js?ver=","social-photo-blocks\u002Fjs\u002Fpublic\u002Findex.js?ver=","social-photo-blocks\u002Fcss\u002Fpublic.css?ver=",{"cssClasses":336,"htmlComments":341,"htmlAttributes":342,"restEndpoints":362,"jsGlobals":363,"shortcodeOutput":364},[337,338,339,340],"social-photo-blocks-block","social-photo-block-slider","sp-grid","sp-slider",[],[343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361],"data-photo-count","data-photos-in-row","data-image-size","data-border-width","data-border-radius","data-border-color","data-margin-between-images","data-show-author","data-show-date","data-show-likes","data-show-caption","data-navigation-arrows","data-navigation-dots","data-autoplay","data-autoplay-speed","data-pause-on-hover","data-images-to-scroll","data-adaptive-height","data-rtl",[],[],[365,366],"[sp_grid]","[sp_slider]"]