[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4XBvBjGFJcpthMEho7u5gLukfILuuwhyfNKvJAgrNg8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":142,"fingerprints":234},"theme-junkie-team-content","Theme Junkie Team Content","0.1.1","Theme Junkie","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemejunkie\u002F","\u003Cp>This plugin adds a team custom post type to your WordPress website to manage your teams. It should work with any WordPress themes but you need to create templates for \u003Ccode>archive-member.php\u003C\u002Fcode> and \u003Ccode>single-member.php\u003C\u002Fcode> to display the team data.\u003C\u002Fp>\n\u003Cp>It has built-in meta boxes to add more data to the member’s page such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Avatar uploader\u003C\u002Fli>\n\u003Cli>Team position\u003C\u002Fli>\n\u003Cli>5 social link profile\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Info\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developed by \u003Ca href=\"http:\u002F\u002Fwww.theme-junkie.com\u002F\" rel=\"nofollow ugc\">Theme Junkie\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthemejunkie\u002Ftheme-junkie-team-content\" rel=\"nofollow ugc\">Github\u003C\u002Fa> repo to contribute.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a Teams section to your WordPress website.",300,22491,0,"2022-10-26T15:53:00.000Z","6.1.10","4.6","",[19,20,21,22,23],"custom-post-type","member","members","post-type","team","http:\u002F\u002Fwww.theme-junkie.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-junkie-team-content.0.1.1.zip",63,1,"2025-06-27 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-53301","theme-junkie-team-content-authenticated-contributor-stored-cross-site-scripting","Theme Junkie Team Content \u003C= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Theme Junkie Team Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-02 19:40:48",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F96a0c18f-ddd7-4cae-bc61-c8fbf4cc3e66?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":49,"computed_at":51},"themejunkie",6,8510,81,30,"2026-04-04T18:14:03.794Z",[53,72,96,108,127],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":13,"downloaded":61,"rating":13,"num_ratings":13,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":17,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"membrio-member-directory","Membrio – Member Directory","1.0.0","Md Hazrath Ali","https:\u002F\u002Fprofiles.wordpress.org\u002Fhazrathali\u002F","\u003Cp>\u003Cstrong>Member Directory\u003C\u002Fstrong> is a custom WordPress plugin that helps you create a searchable member directory where each member can be associated with multiple teams. It includes frontend profile pages, team listings, and a contact form system with email notifications and admin storage.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom Post Types for Members and Teams\u003C\u002Fli>\n\u003Cli>Custom meta fields for member details:\n\u003Cul>\n\u003Cli>First Name, Last Name, Email, Address\u003C\u002Fli>\n\u003Cli>Profile and Cover Image\u003C\u002Fli>\n\u003Cli>Favorite Color (color picker)\u003C\u002Fli>\n\u003Cli>Status: Active or Draft\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Prevents duplicate member emails\u003C\u002Fli>\n\u003Cli>Associate a member with multiple teams\u003C\u002Fli>\n\u003Cli>Display all members and teams via shortcode or template\u003C\u002Fli>\n\u003Cli>Single Member Page at \u003Ccode>\u002Ffirst-name_last-name\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Contact Form on each member profile\n\u003Cul>\n\u003Cli>Sends email to the member\u003C\u002Fli>\n\u003Cli>Stores message in admin dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>View total contact submissions in admin list table\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use the “Members” and “Teams” menus in admin to add entries.\u003C\u002Fli>\n\u003Cli>Associate members with teams using the “Associated Teams” box.\u003C\u002Fli>\n\u003Cli>Embed member and team listings using shortcodes or templates.\u003C\u002Fli>\n\u003Cli>Visit \u003Ccode>\u002Ffirst-name_last-name\u003C\u002Fcode> to view a member’s public profile.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>[all_members]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays a list of all members with Active status.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[all_teams]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays a list of all teams.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","A simple and flexible WordPress plugin to manage members and associate them with multiple teams.",137,"2025-11-02T17:16:00.000Z","6.8.5","5.5","7.4",[67,19,68,21,69],"contact-form","directory","teams","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembrio-member-directory.1.0.0.zip",100,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":17,"tags":87,"homepage":92,"download_link":93,"security_score":94,"vuln_count":27,"unpatched_count":13,"last_vuln_date":95,"fetched_at":29},"buddyforms-review","BuddyForms Moderation ( Former: Review Logic )","1.5.1","Themekraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemekraft\u002F","\u003Cp>Problem\u003Cbr \u002F>\nIn WordPress it is not possible to edit a published post and save it as new draft or pending review without removing the post from the frontend.\u003Cbr \u002F>\nIn the moment, if the post status is set to something else as published, it is removed. This makes it impossible to create a private draft or set an edited post to pending review without creating a 404.\u003Cbr \u002F>\nFor the BuddyForms front-end editing we want to have the feature to save a private draft or set the edit post to pending review without creating a 404.\u003C\u002Fp>\n\u003Cp>With the BuddyForms Moderation Extension you can solve exactly this problem.\u003C\u002Fp>\n\u003Cp>The extension creates a new Form Builder MetaBox “Moderation”\u003C\u002Fp>\n\u003Cp>With 3 new Post Status\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Edit draft      –> Is a new created post or a new edit draft of an existing post and only available for your editing.\u003C\u002Fli>\n\u003Cli>Awaiting Review –> You have finished editing and want your post to be moderationed and published.\u003C\u002Fli>\n\u003Cli>Approved        –> Your post has been approved and is merged back to the live version.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How it works:\u003Cbr \u002F>\nIf you create a new edit draft, a new child post of your live post will be created as a duplicate of your live post.\u003Cbr \u002F>\nDuring the editing process you will edit the child post and your live version is untouched and available to the public.\u003Cbr \u002F>\nIf you set the post to “awaiting review” and a moderationer (admin) approves your post, the post will be merged back to the live version and set to approved.\u003C\u002Fp>\n\u003Cp>This will work for all the content, custom fields and taxonomies.\u003C\u002Fp>\n\u003Cp>Video from Webzio Showcase the Plugin!\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Flg2lAt0zljc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Mail Notification\u003Cbr \u002F>\nWith the BuddyForms in build Notification System you can create mail trigger notification for the different post status to let your users and Moderators know, when a new post is ready for moderation or gets approved.\u003C\u002Fp>\n\u003Cp>BuddyForms Moderation is the perfect plugin for you if you are in need of a solid frontend post editing moderation management.\u003C\u002Fp>\n\u003Cp>It doesn’t matter if you let your users create products or Kitten Story’s. It just work fine with any custom post type related plugin.\u003C\u002Fp>\n\u003Cp>The BuddyForms Moderation extension gives you full control of the user submissions without affecting the live version or even giving them the rights to edit a published post.\u003C\u002Fp>\n\u003Ch3>Documentation & Support\u003C\u002Fh3>\n\u003Ch4>Extensive Documentation and Support\u003C\u002Fh4>\n\u003Cp>All code is neat, clean and well documented (inline as well as in the documentation).\u003C\u002Fp>\n\u003Cp>The BuddyForms documentation with many how-tos is following now!\u003C\u002Fp>\n\u003Cp>If you still get stuck somewhere, our support gets you back on the right track.\u003Cbr \u002F>\nYou can find all help buttons in your BuddyForms Settings Panel in your WP Dashboard!\u003C\u002Fp>\n","Create new drafts or pending reviews from new or published posts without changing the live version.",40,7463,74,3,"2023-12-27T04:21:00.000Z","6.4.8","3.9",[88,89,21,90,91],"buddypress","custom-post-types","profiles","user","https:\u002F\u002Fthemekraft.com\u002Fproducts\u002Freview\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddyforms-review.1.5.1.zip",85,"2022-10-03 00:00:00",{"slug":97,"name":98,"version":99,"author":76,"author_profile":77,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":71,"num_ratings":83,"last_updated":104,"tested_up_to":15,"requires_at_least":86,"requires_php":17,"tags":105,"homepage":106,"download_link":107,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"buddyforms-woocommerce-form-elements","BuddyForms Form Elements for WooCommerce","1.5.11","\u003Cp>This is the BuddyForms Form Elements Extension for WooCommerce. Create powerful frontend management for your vendors. You need the BuddyForms plugin installed for the plugin to work. \u003Ca href=\"http:\u002F\u002Fbuddyforms.com\" rel=\"nofollow ugc\">Get BuddyForms now!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin adds a new section to the BuddyForms Form Builder with all WooCommerce fields to create product forms to manage (create\u002Fedit) products from the frontend.\u003C\u002Fp>\n\u003Ch3>WooCommerce Fields\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product General Data like Product Type, Price\u003C\u002Fli>\n\u003Cli>Inventory\u003C\u002Fli>\n\u003Cli>Shipping\u003C\u002Fli>\n\u003Cli>Linked Products\u003C\u002Fli>\n\u003Cli>Attributes\u003C\u002Fli>\n\u003Cli>Product Gallery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Keep your User in the Frontend.\u003C\u002Fp>\n\u003Cp>Your users can become vendors and are able to manage their WooCommerce products from the front end. If you use BuddyPress, all can be integrated into the members profile with one click.\u003C\u002Fp>\n\u003Cp>Create a Marketplace.\u003C\u002Fp>\n\u003Cp>Create All Kind of marketplaces and let your user become the vendor.\u003Cbr \u002F>\nlike classifieds, advertisements, creative markets…\u003C\u002Fp>\n\u003Cp>What else do I need to create a marketplace?\u003C\u002Fp>\n\u003Cp>BuddyForms WooCommerce Form Elements is build for one purpose, to make it easy for you to manage creating and editing your WooCommerce products. This plugin is a clean, bloat free solution to front end edition of your WooCommerce products.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>:\u003Cbr \u002F>\nThe plugin generates two different views.\u003C\u002Fp>\n\u003Col>\n\u003Cli>For the list of vendor products\u003C\u002Fli>\n\u003Cli>For the creation and edition screen.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>When used with BuddyPress, the members product listing can be displayed publicly to show their products directly within their profile page.\u003C\u002Fp>\n\u003Cp>If you wish to integrate WooCommerce with BuddyPress please use our \u003Ca href=\"http:\u002F\u002Fbuddyforms.com\" title=\"WooCommerce BuddyPress Integration WordPress Plugin\" rel=\"nofollow ugc\">WooCommerce and BuddyPress Profile synchronization plugin\u003C\u002Fa>. This plugin makes it very easy to integrate WooCommerce and other WooCommerce plugins directly within the BuddyPress profile pages.\u003C\u002Fp>\n\u003Cp>If you need a vendor management you can use any. This is a lot of freedom for you. You can change your vendors extension if you are unhappy, but all the rest will work. We decided to leave the vendor payment management to other plugins.\u003C\u002Fp>\n\u003Cp>There are already vendor plugins available from WooThemes and other developers.\u003C\u002Fp>\n\u003Cp>Free Vendor Plugins\u003C\u002Fp>\n\u003Cul>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-vendors\u002F\" rel=\"ugc\">WP Vendors\u003Ca>\u003C\u002Fa>\u003Cbr \u002F>\n\u003C\u002Fa>\u003C\u002Ful>\n\u003Cp>Paid Vendor Plugins\u003C\u002Fp>\n\u003Cul>\n\u003Ca href=\"http:\u002F\u002Fwww.woothemes.com\u002Fproducts\u002Fproduct-vendors\u002F\" rel=\"nofollow ugc\">Product Vendors\u003Ca>\u003C\u002Fa>\u003Cbr \u002F>\n\u003C\u002Fa>\u003C\u002Ful>\n\u003Cp>for more information please read the documentation on How to Create a Marketplace with WordPress, WooCommerce and BuddyPress.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fdocs.buddyforms.com\u002Farticle\u002F151-create-a-social-marketplace-with-woocommerce-and-buddypress\u003C\u002Fp>\n\u003Ch3>Documentation & Support\u003C\u002Fh3>\n\u003Ch4>Extensive Documentation and Support\u003C\u002Fh4>\n\u003Cp>All code is clean and well documented (inline as well as in the documentation).\u003C\u002Fp>\n\u003Cp>The BuddyForms documentation with many how-to’s is following now!\u003C\u002Fp>\n\u003Cp>If you still get stuck somewhere, our support gets you back on the right track.\u003Cbr \u002F>\nYou can find all help buttons in your BuddyForms settings panel in your WP dashboard!\u003C\u002Fp>\n","Let your WooCommerce Vendors Manage there Products from the Frontend",20,17651,"2022-12-21T01:26:00.000Z",[88,89,21,90,91],"http:\u002F\u002Fbuddyforms.com\u002Fdownloads\u002Fbuddyforms-woocommerce-form-elements\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddyforms-woocommerce-form-elements.1.5.11.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":13,"num_ratings":13,"last_updated":118,"tested_up_to":119,"requires_at_least":16,"requires_php":120,"tags":121,"homepage":125,"download_link":126,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"members-only-post-type","Members Only Post Type Membership","1.7.0","uri","https:\u002F\u002Fprofiles.wordpress.org\u002Ficelayer\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpbrisko.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Members Only Post Type\u003C\u002Fa> will make it easy for you to protect your custom post type content.\u003C\u002Fp>\n\u003Cp>Restricting Access to a Post Type is easy after you activate the plugin, go to the Protected Posts Settings Menu in the admin, and select the Post Types that you would be protected and save, that’s it, your post type will now be protected and only logged-in users will have access.\u003C\u002Fp>\n\u003Cp>This Plugin has a very simple user interface to select and restrict access to your custom post types.\u003C\u002Fp>\n\u003Ch4>Restrict access to\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Custom Post Types defined in plugins\u003C\u002Fli>\n\u003Cli>Built-In WordPress Post Types\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Restrict access to Post Types that have been generated by tools like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-post-type-ui\u002F\" rel=\"ugc\">Custom Post Type UI\u003C\u002Fa> and other similar tools\u003C\u002Fp>\n\u003Cp>Only if a user is logged in they will be able to access, the default access level is a subscriber.\u003C\u002Fp>\n","Members Only Post Type will protect your post type content allowing only logged in members of your site to view the protected post types.",10,2753,"2024-01-09T01:55:00.000Z","5.7.15","5.6",[122,19,123,124,22],"cpt","manage-post-type","membership","https:\u002F\u002Fwpbrisko.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembers-only-post-type.1.7.0.zip",{"slug":128,"name":129,"version":56,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":116,"downloaded":134,"rating":13,"num_ratings":13,"last_updated":135,"tested_up_to":136,"requires_at_least":16,"requires_php":17,"tags":137,"homepage":17,"download_link":141,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"zesty-custom-post-types-for-paid-memberships-pro","Zesty Custom Post Types for Paid Memberships Pro","Bijingus","https:\u002F\u002Fprofiles.wordpress.org\u002Fbijingus\u002F","\u003Cp>This plugin lets you restrict any custom post type’s content when using Paid Membershps Pro.\u003C\u002Fp>\n\u003Cp>Simply select the custom post type you’d like to restrict for members only and a box with restriction levels will then appear when editing any post of that type.\u003C\u002Fp>\n","Restrict any custom post type with Paid Memberships Pro.",795,"2022-06-23T13:50:00.000Z","6.0.11",[89,124,138,139,140],"paid-memberships-pro","pmpro","restrict","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzesty-custom-post-types-for-paid-memberships-pro.zip",{"attackSurface":143,"codeSignals":213,"taintFlows":226,"riskAssessment":227,"analyzedAt":233},{"hooks":144,"ajaxHandlers":209,"restRoutes":210,"shortcodes":211,"cronEvents":212,"entryPointCount":13,"unprotectedCount":13},[145,151,156,160,164,168,172,176,181,185,189,194,198,201,205],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","tjtc_admin_setup","admin\\admin.php",13,{"type":152,"name":153,"callback":154,"priority":116,"file":149,"line":155},"filter","enter_title_here","tjtc_title_placeholder",24,{"type":152,"name":157,"callback":158,"file":149,"line":159},"manage_edit-member_columns","tjtc_edit_member_columns",27,{"type":146,"name":161,"callback":162,"priority":116,"file":149,"line":163},"manage_member_posts_custom_column","tjtc_manage_member_columns",28,{"type":152,"name":165,"callback":166,"file":149,"line":167},"manage_edit-member_sortable_columns","tjtc_column_sortable",29,{"type":146,"name":169,"callback":170,"file":171,"line":150},"add_meta_boxes","tjtc_add_meta_boxes","admin\\metabox.php",{"type":146,"name":173,"callback":174,"priority":116,"file":171,"line":175},"save_post","tjtc_meta_boxes_save",16,{"type":146,"name":177,"callback":178,"priority":179,"file":180,"line":150},"init","tjtc_remove_theme_support_metabox",11,"inc\\functions.php",{"type":152,"name":182,"callback":183,"file":184,"line":150},"post_updated_messages","tjtc_updated_messages","inc\\messages.php",{"type":146,"name":177,"callback":186,"file":187,"line":188},"tjtc_register_post_type","inc\\post-type.php",14,{"type":146,"name":190,"callback":191,"priority":27,"file":192,"line":193},"plugins_loaded","constants","tj-team-content.php",41,{"type":146,"name":190,"callback":195,"priority":196,"file":192,"line":197},"i18n",2,44,{"type":146,"name":190,"callback":199,"priority":83,"file":192,"line":200},"admin",47,{"type":146,"name":190,"callback":202,"priority":203,"file":192,"line":204},"includes",4,50,{"type":146,"name":206,"callback":207,"file":192,"line":208},"admin_enqueue_scripts","admin_scripts",53,[],[],[],[],{"dangerousFunctions":214,"sqlUsage":215,"outputEscaping":217,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":203,"bundledLibraries":225},[],{"prepared":13,"raw":13,"locations":216},[],{"escaped":218,"rawEcho":196,"locations":219},43,[220,223],{"file":149,"line":221,"context":222},99,"raw output",{"file":149,"line":224,"context":222},106,[],[],{"summary":228,"deductions":229},"The plugin 'theme-junkie-team-content' version 0.1.1 presents a mixed security posture. While the static analysis reveals a relatively clean codebase with excellent output escaping (96%), a good number of capability checks (4), and a single nonce check, the presence of a known, unpatched medium severity vulnerability is a significant concern. The static analysis shows no obvious flaws like dangerous functions, raw SQL queries, or file operations, and the attack surface appears limited with no reported AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. Taint analysis also shows no critical or high severity unsanitized flows.\n\nHowever, the vulnerability history is a critical red flag. A medium severity Cross-site Scripting (XSS) vulnerability was last reported on 2025-06-27 and remains unpatched. This indicates a potential for attackers to inject malicious scripts into the application, which could lead to session hijacking, defacement, or redirection to malicious sites. The fact that this vulnerability is recent and unaddressed significantly outweighs the positive aspects of the static analysis, suggesting a lack of prompt security patching by the developers. While the code itself seems to follow good practices in many areas, the failure to address known vulnerabilities creates a substantial risk for users.",[230],{"reason":231,"points":232},"Unpatched medium severity CVE",15,"2026-03-16T19:53:31.972Z",{"wat":235,"direct":242},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Ftheme-junkie-team-content\u002Fassets\u002Fcss\u002Ftjtc-admin.css","\u002Fwp-content\u002Fplugins\u002Ftheme-junkie-team-content\u002Fassets\u002Fjs\u002Fmedia.js",[],[238],[],{"cssClasses":243,"htmlComments":244,"htmlAttributes":245,"restEndpoints":246,"jsGlobals":247,"shortcodeOutput":249},[],[],[],[],[248],"tjtc_media",[]]