[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEZHZsVypiy9hrCCN-wP7qt_B5A19GAUi7xtOLV5-RlA":3,"$fH8wBinTKgeUGd9ik6GRIiyqYOpNpntkehgfJfPhYp3c":271,"$fnpaDvcKlnxo8RgyJ5E7X8jX46OfVADbUQj_s6ykgWTA":275},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":50,"crawl_stats":37,"alternatives":54,"analysis":158,"fingerprints":238},"tc-custom-javascript","TC Custom JavaScript","1.2.3","Tiny Code","https:\u002F\u002Fprofiles.wordpress.org\u002Ftinycode\u002F","\u003Cp>Add custom JavaScript to your site from a professional editor in the WordPress admin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>TC Custom JavaScript\u003C\u002Fstrong>‘s still in early stage. If you have any troubles when using it, or any ideas to improve its features to fit with your work, please do not hesitate to contact us.\u003C\u002Fp>\n","Add custom JavaScript to your site from a professional editor in the WordPress admin.",10000,116009,100,8,"2023-02-24T03:13:00.000Z","6.1.10","3.0.0","",[20,21,22,23],"custom-javascript","custom-js","edit-js-theme","javascript-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftc-custom-javascript.1.2.3.zip",84,1,0,"2020-07-21 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":28,"updated_date":44,"references":45,"days_to_patch":47,"patch_diff_files":48,"patch_trac_url":37,"research_status":37,"research_verified":49,"research_rounds_completed":27,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":49,"poc_model_used":37,"poc_verification_depth":37},"CVE-2020-14063","tc-custom-javascript-unauthenticated-stored-cross-site-scripting","TC Custom JavaScript \u003C= 1.2.1 - Unauthenticated Stored Cross-Site Scripting","A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors.",null,"\u003C1.2.2","1.2.2","high",8.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5574f8ab-74b7-4f6c-b8db-901cb6e45cfb?source=api-prod",1281,[],false,{"slug":51,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},"tinycode",68,"2026-05-19T22:11:52.450Z",[55,74,97,117,138],{"slug":21,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":27,"num_ratings":27,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"Custom JS","1.0.0","seosbg","https:\u002F\u002Fprofiles.wordpress.org\u002Fseosbg\u002F","\u003Cp>Custom JS WordPress plugin allows you to Custom JS fields in your theme. Simply amazing and easy to use.\u003Cbr \u002F>\nTo learn more about the Custom JS plugin please see Plugin URI. See screenshot examples at https:\u002F\u002Fwww.seosthemes.com\u002Fcustom-js\u002F\u003C\u002Fp>\n","Custom JS is easy to use. Custom JS WordPress plugin allows you to Custom JS fields in your theme - include js in head or footer.",200,3765,"2016-09-24T09:52:00.000Z","4.6.30","4.6",[68,69,20,21,70],"css","custom-css","textarea-css","https:\u002F\u002Fwww.seosthemes.com\u002Fcustom-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-js.zip",85,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":13,"vuln_count":26,"unpatched_count":27,"last_vuln_date":96,"fetched_at":29},"custom-css-js","Simple Custom CSS and JS","3.52","SilkyPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fdiana_burduja\u002F","\u003Cp>Customize your WordPress site’s appearance by easily adding custom CSS and JS code without even having to modify your theme or plugin files. This is perfect for adding custom CSS tweaks to your site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Text editor\u003C\u002Fstrong> with syntax highlighting \u003C\u002Fli>\n\u003Cli>Print the code \u003Cstrong>inline\u003C\u002Fstrong> or included into an \u003Cstrong>external file\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Print the code in the \u003Cstrong>header\u003C\u002Fstrong> or the \u003Cstrong>footer\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add CSS or JS to the \u003Cstrong>frontend\u003C\u002Fstrong> or the \u003Cstrong>admin side\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add as many codes as you want\u003C\u002Fli>\n\u003Cli>Keep your changes also when you change the theme\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add Custom CSS or JS to your website with an awesome editor.",700000,10174999,88,102,"2026-03-06T19:56:00.000Z","6.9.4","3.0.1","5.2.4",[91,69,21,92,93],"add-style","customize-theme","site-css","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-js.3.52.zip","2017-07-24 00:00:00",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":18,"download_link":115,"security_score":116,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"custom-css-and-javascript","Custom CSS and JavaScript","2.0.16","WP Zone","https:\u002F\u002Fprofiles.wordpress.org\u002Faspengrovestudios\u002F","\u003Cp>This plugin allows you to add custom site-wide CSS styles and JavaScript code to your WordPress site. Useful for overriding your theme’s styles and adding client-side functionality.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Code editor with syntax highlighting and AJAX saving to avoid reloading the editor at each save.\u003C\u002Fli>\n\u003Cli>Save and preview your CSS and JavaScript as a draft that is only applied to logged-in users with the necessary permissions until you are ready to publish your changes to the public.\u003C\u002Fli>\n\u003Cli>View and restore past revisions of your CSS and JavaScript.\u003C\u002Fli>\n\u003Cli>Automatically minify your custom CSS and JavaScript code to reduce file size.\u003C\u002Fli>\n\u003Cli>For the public, custom CSS and JavaScript code is served from the filesystem instead of the database for optimal performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now available! \u003Ca href=\"https:\u002F\u002Fwpzone.co\u002Fproduct\u002Fcustom-css-and-javascript-developer-edition\u002F?utm_source=custom-css-and-javascript&utm_medium=link&utm_campaign=wp-repo-upgrade-link\" rel=\"nofollow ugc\">Custom CSS and JavaScript Developer Edition\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Divide your CSS and JavaScript into multiple virtual files to keep your code organized (the code is still served as one CSS and one JS file on the front-end for efficiency).\u003C\u002Fli>\n\u003Cli>Supports Sassy CSS (SCSS)!\u003C\u002Fli>\n\u003Cli>Live preview for CSS!\u003C\u002Fli>\n\u003Cli>Upload and download CSS and JavaScript files, individually or in ZIP files.\u003C\u002Fli>\n\u003Cli>The developer logo and review\u002Fdonation links are removed from the editor page in the WordPress admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpzone.co\u002Fproduct\u002Fcustom-css-and-javascript-developer-edition\u002F?utm_source=custom-css-and-javascript&utm_medium=link&utm_campaign=wp-repo-upgrade-link\" rel=\"nofollow ugc\">Click here\u003C\u002Fa> to purchase!\u003C\u002Fp>\n\u003Cp>Alternatively, you can manually upload the plugin to your wp-content\u002Fplugins directory.\u003C\u002Fp>\n\u003Cp>If you like this plugin, please consider leaving a comment or review.\u003C\u002Fp>\n\u003Ch3>User Access Control\u003C\u002Fh3>\n\u003Cp>In the Custom CSS and JavaScript WordPress plugin, access to plugin features is determined by user capabilities. Users with the \u003Ccode>edit_theme_options\u003C\u002Fcode> capability will enjoy full access to all the plugin’s features.\u003C\u002Fp>\n\u003Cp>By default, the “Administrator” and “Editor” roles come equipped with the \u003Ccode>edit_theme_options\u003C\u002Fcode> capability. However, site administrators have the flexibility to customize these capabilities and assign them to other roles or individual users through plugins or custom code.\u003C\u002Fp>\n\u003Cp>Furthermore, to provide users with enhanced control, we’ve introduced a custom capability known as \u003Ccode>wpz_custom_css_js\u003C\u002Fcode>. Users possessing both the \u003Ccode>wpz_custom_css_js\u003C\u002Fcode> and \u003Ccode>edit_posts\u003C\u002Fcode> capabilities can be granted access to the plugin’s features.\u003C\u002Fp>\n\u003Ch3>You may also like these plugins\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpzone.co\u002F\" rel=\"nofollow ugc\">WP Zone\u003C\u002Fa> has built a bunch of plugins, add-ons, and themes. Check out other favorites here on the repository and don’t forget to leave a 5-star review to help others in the community decide.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-sales-report-for-woocommerce\u002F\" rel=\"ugc\">Product Sales Report for WooCommerce\u003C\u002Fa> – set up a custom sales report for the products in your WooCommerce store with toggle sorting options. Including or excluding items based on date range, sale status, product category and id, define display order, choose what fields to include, and generate your report with a click.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexport-order-items-for-woocommerce\u002F\" rel=\"ugc\">Export Order Items for WooCommerce\u003C\u002Fa> – export the order details for each sale in your WooCommerce store. Simplify order fulfillment, generate accounting reports in a few clicks, and download into CSV format for readability and universal compatibility with Export Order Items.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freplace-image\u002F\" rel=\"ugc\">Replace Image\u003C\u002Fa> – keep the same URL when uploading to the WordPress media library\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforce-update-check-for-plugins-and-themes\u002F\" rel=\"ugc\">Force Update Check for Plugins and Themes\u003C\u002Fa> -force Update Check for Plugins and Themes forces WordPress to run a theme and plugin update check whenever you visit the WordPress updates page\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-sendgrid-for-emails\u002F\" rel=\"ugc\">Connect SendGrid for Emails\u003C\u002Fa> –  connect SendGrid for Emails is a third-party fork of (and a drop-in replacement for) the official SendGrid plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-and-javascript\u002F\" rel=\"ugc\">Custom CSS and JavaScript\u003C\u002Fa> – allows you to add custom site-wide CSS styles and JavaScript code to your WordPress site. Useful for overriding your theme’s styles and adding client-side functionality.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-registration-notification-emails\u002F\" rel=\"ugc\">Disable User Registration Notification Emails\u003C\u002Fa> – when this plugin is activated, it disables the notification sent to the admin email when a new user account is registered.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-upload-for-bbpress\u002F\" rel=\"ugc\">Inline Image Upload for BBPress\u003C\u002Fa> – enables the TinyMCE WYSIWYG editor for BBPress forum topics and replies and adds a button to the editor’s “Insert\u002Fedit image” dialog that allows forum users to upload images from their computer and insert them inline into their posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-strength-for-woocommerce\u002F\" rel=\"ugc\">Password Strength for WooCommerce\u003C\u002Fa> – disables password strength enforcement in WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdonations-for-woocommerce\u002F\" rel=\"ugc\">Potent Donations for WooCommerce\u003C\u002Fa> – acceptance donations through your WooCommerce store\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortcodes-for-divi\u002F\" rel=\"ugc\">Shortcodes for Divi\u003C\u002Fa> – allows to use Divi Library layouts as shortcodes everywhere where text comes.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-export-and-import-for-woocommerce\u002F\" rel=\"ugc\">Stock Export and Import for WooCommerce\u003C\u002Fa> – generates reports on the stock status (in stock \u002F out of stock) and quantity of individual WooCommerce products.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frandom-quiz-addon-for-lifterlms\u002F\" rel=\"ugc\">Random Quiz Generator for LifterLMS\u003C\u002Fa> – pull a random set of questions from your quiz so users never get the same question twice when retaking or setting up a practice quiz.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-and-divi-icons\u002F\" rel=\"ugc\">WP and Divi Icons\u003C\u002Fa> – adds over 660 custom outline SVG icons to your website. SVG icons are vector icons, so they are sharp and look good on any screen at any size.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-layouts\u002F\" rel=\"ugc\">WP Layouts\u003C\u002Fa> – the best way to organize, import, and export your layouts, especially if you have multiple websites.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-squish\u002F\" rel=\"ugc\">WP Squish\u003C\u002Fa> – reduce the amount of storage space consumed by your WordPress installation through the application of user-definable JPEG compression levels and image resolution limits to uploaded images.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To view WP Zone’s premium WordPress plugins and themes, visit our \u003Ca href=\"https:\u002F\u002Fwpzone.co\u002Fproduct\u002F\" rel=\"nofollow ugc\">WordPress products catalog page\u003C\u002Fa>.\u003C\u002Fp>\n","Easily add custom CSS and JavaScript code to your WordPress site, with draft previewing, revisions, and minification!",176923,94,60,"2024-08-12T18:03:00.000Z","6.6.5","3.5",[69,20,112,113,114],"javascript","styles","stylesheet","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-and-javascript.2.0.16.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":13,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":136,"download_link":137,"security_score":73,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"custom-script-for-customizer","Custom Header Footer Scripts for Customizer","1.1.1","Rupok","https:\u002F\u002Fprofiles.wordpress.org\u002Fre_enter_rupok\u002F","\u003Cp>Add custom script to header and footer through WordPress Customizer. Edit your scripts with CodeMirror editor within Customizer. You can place any custom JavaScript, Google Analytics or embed script. Extremely helpful if you need to place any custom javascript or jQuery code to header or footer. This plugin gives you the ability to place different scripts to header or footer separately. Uses Customizer so you can edit the code live and see the changes on the fly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CodeMirror Editor\u003C\u002Fli>\n\u003Cli>Ability to add custom scripts to wp header.\u003C\u002Fli>\n\u003Cli>Ability to add custom scripts to wp footer.\u003C\u002Fli>\n\u003Cli>Ability to add multiple scripts.\u003C\u002Fli>\n\u003Cli>Ability to add Google Alalytics code.\u003C\u002Fli>\n\u003Cli>Ability to add any embed code.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check my free WordPress Theme \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fflexia\u002F\" rel=\"ugc\">Flexia\u003C\u002Fa>, one theme to rule them all.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check my other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fessential-addons-for-elementor-lite\u002F\" rel=\"ugc\">Essential Addons For Elementor\u003C\u002Fa>\u003C\u002Fstrong> – Most popular Elementor extensions with 1 Million+ active users in the WordPress repository.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterdocs\u002F\" rel=\"ugc\">BetterDocs\u003C\u002Fa>\u003C\u002Fstrong> – Best documentation & knowledge base plugin for WordPress to help you reduce support tickets\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterlinks\u002F\" rel=\"ugc\">BetterLinks\u003C\u002Fa>\u003C\u002Fstrong> – Latest best WordPress link management plugin for link shortening, tracking & analyzing.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotificationx\u002F\" rel=\"ugc\">NotificationX\u003C\u002Fa>\u003C\u002Fstrong> – Best Social Proof & FOMO Marketing Solution\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scheduled-posts\u002F\" rel=\"ugc\">SchedulePress\u003C\u002Fa>\u003C\u002Fstrong> – Complete solution for WordPress Post Scheduling to manage schedules through an editorial calendar.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembedpress\u002F\" rel=\"ugc\">EmbedPress\u003C\u002Fa>\u003C\u002Fstrong>– Embed videos, images, posts, audio, maps and upload PDF, DOC, PPT & all other types of content into your WordPress site with one-click and showcase it beautifully for the visitors.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemplately\u002F\" rel=\"ugc\">Templately\u003C\u002Fa>\u003C\u002Fstrong> Ultimate Template clouds with 1800+ ready templates for Elementor & Gutenberg along with FREE cloud collaboration with your team.\u003C\u002Fp>\n","Add custom script to header and footer through WordPress Customizer. Edit your scripts with CodeMirror editor within Customizer.",2000,25926,2,"2023-08-20T06:54:00.000Z","6.3.8","4.0",[132,20,133,134,135],"codemirror","custom-script","customizer-script","header-footer-script","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-script-for-customizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-script-for-customizer.1.1.1.zip",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":146,"downloaded":147,"rating":148,"num_ratings":149,"last_updated":150,"tested_up_to":65,"requires_at_least":151,"requires_php":18,"tags":152,"homepage":154,"download_link":155,"security_score":156,"vuln_count":26,"unpatched_count":26,"last_vuln_date":157,"fetched_at":29},"custom-css-editor","Custom CSS","1.4.0","FRESHFACE","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreshface\u002F","\u003Cp>Create custom CSS and JS codes. Delivered with our awesome Conditional Logic, you can easily specify\u003Cbr \u002F>\nwhere you want to your custom CSS code appear. You can write your CSS and JS codes inside\u003Cbr \u002F>\nnice ACE editor with syntax highlighter.Codes will be still presented, after you change the theme,\u003Cbr \u002F>\nso this is really good way to write CSS adjustments into your theme.\u003C\u002Fp>\n","Add custom CSS, JS, PHP, tracking code. Very easy to use!",1000,69353,50,17,"2017-11-28T15:06:00.000Z","4.0.0",[153,69,21],"custom-code","http:\u002F\u002Ffreshface.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-editor.zip",63,"2025-10-08 00:00:00",{"attackSurface":159,"codeSignals":187,"taintFlows":200,"riskAssessment":228,"analyzedAt":237},{"hooks":160,"ajaxHandlers":183,"restRoutes":184,"shortcodes":185,"cronEvents":186,"entryPointCount":27,"unprotectedCount":27},[161,167,171,175,179],{"type":162,"name":163,"callback":164,"file":165,"line":166},"action","admin_init","do_activation_redirect","core\\plugin.php",11,{"type":162,"name":168,"callback":169,"file":165,"line":170},"admin_menu","add",13,{"type":162,"name":172,"callback":173,"file":165,"line":174},"admin_enqueue_scripts","enqueque",14,{"type":162,"name":176,"callback":177,"file":165,"line":178},"admin_post_tc_custom_javascript","update",16,{"type":162,"name":180,"callback":181,"file":165,"line":182},"wp_print_footer_scripts","print_script_in_footer",18,[],[],[],[],{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":191,"fileOperations":27,"externalRequests":27,"nonceChecks":26,"capabilityChecks":127,"bundledLibraries":199},[],{"prepared":27,"raw":27,"locations":190},[],{"escaped":127,"rawEcho":127,"locations":192},[193,197],{"file":194,"line":195,"context":196},"core\\frontend.php",12,"raw output",{"file":198,"line":195,"context":196},"templates\\code-editor.php",[],[201,220],{"entryPoint":202,"graph":203,"unsanitizedCount":27,"severity":219},"update (core\\content.php:4)",{"nodes":204,"edges":216},[205,210],{"id":206,"type":207,"label":208,"file":209,"line":170},"n0","source","$_POST","core\\content.php",{"id":211,"type":212,"label":213,"file":209,"line":214,"wp_function":215},"n1","sink","update_option() [Settings Manipulation]",22,"update_option",[217],{"from":206,"to":211,"sanitized":218},true,"low",{"entryPoint":221,"graph":222,"unsanitizedCount":27,"severity":219},"\u003Ccontent> (core\\content.php:0)",{"nodes":223,"edges":226},[224,225],{"id":206,"type":207,"label":208,"file":209,"line":170},{"id":211,"type":212,"label":213,"file":209,"line":214,"wp_function":215},[227],{"from":206,"to":211,"sanitized":218},{"summary":229,"deductions":230},"The \"tc-custom-javascript\" plugin, version 1.2.3, exhibits a generally good security posture based on static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength. Furthermore, the plugin demonstrates responsible coding practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks.  However, the static analysis did reveal a concern with output escaping, where only 50% of the identified outputs were properly escaped. This indicates a potential weakness where unsanitized data could be rendered directly in the browser, leading to cross-site scripting vulnerabilities if user-supplied input is not handled correctly.\n\nThe vulnerability history for this plugin includes a single high-severity CVE in 2020, which was a cross-site scripting vulnerability. The fact that this vulnerability is no longer present in newer versions (as indicated by 'Currently unpatched: 0') is positive. However, the existence of a past high-severity vulnerability, particularly XSS, coupled with the current findings of partially unescaped output, suggests a recurring area of concern that requires continued vigilance. The plugin has strengths in its limited attack surface and secure data handling for SQL, but the output escaping issue warrants attention.",[231,234],{"reason":232,"points":233},"50% of outputs not properly escaped",5,{"reason":235,"points":236},"Past high severity vulnerability (XSS)",10,"2026-03-16T17:46:08.601Z",{"wat":239,"direct":260},{"assetPaths":240,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[241,242,243,244,245,246,247,248],"\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Fbootstrap\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Fbootstrap\u002Fcss\u002Fbootstrap-theme.min.css","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Fbootstrap\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Fcodemirror\u002Flib\u002Fcodemirror.css","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Fcodemirror\u002Flib\u002Fcodemirror.js","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Fcodemirror\u002Fmode\u002Fjavascript\u002Fjavascript.js","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Ftiny-code\u002Fgeneral.css","\u002Fwp-content\u002Fplugins\u002Ftc-custom-javascript\u002Fassets\u002Ftiny-code\u002Fcode-editor.js",[],[243,245,246,248],[252,253,254,255,256,257,258,259],"tc-custom-javascript\u002Fassets\u002Fbootstrap\u002Fcss\u002Fbootstrap.min.css?ver=","tc-custom-javascript\u002Fassets\u002Fbootstrap\u002Fcss\u002Fbootstrap-theme.min.css?ver=","tc-custom-javascript\u002Fassets\u002Fbootstrap\u002Fjs\u002Fbootstrap.min.js?ver=","tc-custom-javascript\u002Fassets\u002Fcodemirror\u002Flib\u002Fcodemirror.css?ver=","tc-custom-javascript\u002Fassets\u002Fcodemirror\u002Flib\u002Fcodemirror.js?ver=","tc-custom-javascript\u002Fassets\u002Fcodemirror\u002Fmode\u002Fjavascript\u002Fjavascript.js?ver=","tc-custom-javascript\u002Fassets\u002Ftiny-code\u002Fgeneral.css?ver=","tc-custom-javascript\u002Fassets\u002Ftiny-code\u002Fcode-editor.js?ver=",{"cssClasses":261,"htmlComments":266,"htmlAttributes":267,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":270},[262,263,264,265],"tccj-bootstrap-css","tccj-bootstrap-theme-css","tccj-codemirror-css","tccj-general-css",[],[],[],[],[],{"error":218,"url":272,"statusCode":273,"statusMessage":274,"message":274},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ftc-custom-javascript\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":127,"versions":276},[277,282],{"version":6,"download_url":24,"svn_tag_url":278,"released_at":37,"has_diff":49,"diff_files_changed":279,"diff_lines":37,"trac_diff_url":280,"vulnerabilities":281,"is_current":218},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftc-custom-javascript\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftc-custom-javascript%2Ftags%2F1.2.2&new_path=%2Ftc-custom-javascript%2Ftags%2F1.2.3",[],{"version":39,"download_url":283,"svn_tag_url":284,"released_at":37,"has_diff":49,"diff_files_changed":285,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":286,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftc-custom-javascript.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftc-custom-javascript\u002Ftags\u002F1.2.2\u002F",[],[]]