[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0Wb4Z5y5vQhyAcg4n5dtEq05NA10EZDgnrh1hzFuxwk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":149,"fingerprints":217},"theme-switcher-reloaded","Theme Switcher Reloaded","1.1","undoIT","https:\u002F\u002Fprofiles.wordpress.org\u002Fundoit\u002F","\u003Cp>Theme Switcher Reloaded is sponsored by Themebot for use with the demos in the \u003Ca href=\"http:\u002F\u002Fthemebot.com\u002Fwordpress-themes\" title=\"WordPress Themes\" rel=\"nofollow ugc\">WordPress Themes\u003C\u002Fa> section on themebot.com. Coding was done by kingler of \u003Ca href=\"http:\u002F\u002Fcode.72pines.org\u002F\" title=\"72pines\" rel=\"nofollow ugc\">72pines\u003C\u002Fa>. This is an updated version of the venerable themeswitcher by Ryan Boren and Theme Switcher Widget by Jared Bangs. Theme Switcher Reloaded adds new features and enhancements.\u003C\u002Fp>\n","Theme Switcher Reloaded is an updated and much improved version of the original Theme Switcher. Comes with a widget and can also switch themes via URL …",100,26275,46,3,"2014-10-20T22:20:00.000Z","4.0.38","2.9.2","",[20,21,22,23,24],"changer","presentation","preview","preview-theme","selector","http:\u002F\u002Fthemebot.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-switcher-reloaded.1.1.zip",63,1,"2025-08-25 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-53223","theme-switcher-reloaded-reflected-cross-site-scripting","Theme Switcher Reloaded \u003C= 1.1 - Reflected Cross-Site Scripting","The Theme Switcher Reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-03 20:15:45",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F48173a09-302c-49a1-8c6c-ac4ecacea080?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"undoit",30,68,"2026-04-04T05:28:32.772Z",[52,70,89,106,124],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":11,"num_ratings":14,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":66,"download_link":67,"security_score":68,"vuln_count":69,"unpatched_count":69,"last_vuln_date":37,"fetched_at":30},"pwd-theme-switcher","PWD Theme Switcher","1.2.2","NicolasKulka","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolaskulka\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Change theme to see your changes without saving it just for your session\u003C\u002Fp>\n\u003Cp>If you love the plugin, please consider rating it and clicking on “it works” button.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Switcher facilement de thème pour voir vos modifications sans le changer en backoffice et l’enregistrer.\u003C\u002Fp>\n\u003Cp>Si vous aimez le plugin, laisser une évaluation et cliquer sur ​​le bouton «it works».\u003C\u002Fp>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>My Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Twitter @\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fplateformewp\" rel=\"nofollow ugc\">plateformewp\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Facebook \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fplateformewpdigital\" rel=\"nofollow ugc\">Plateforme WP Digital\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Google+ \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002Fu\u002F0\u002F101743421589257173603\u002F\" rel=\"nofollow ugc\">Plateforme WP Digital\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Twitter @\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FKulkaNicolas\" rel=\"nofollow ugc\">KulkaNicolas\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Google+ \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002Fu\u002F0\u002F105181416749428983955\u002F\" rel=\"nofollow ugc\">Nicolas Kulka\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.plateformewpdigital.fr\u002F\" rel=\"nofollow ugc\">Plateforme WP digital\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Change theme to see your changes without saving it just for your session.",60,4352,"2023-08-24T08:06:00.000Z","6.3.8","3.2",[20,21,22,23,24],"http:\u002F\u002Fwww.plateformewpdigital.fr\u002Fplugins\u002Fpwd-theme-switcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpwd-theme-switcher.1.2.2.zip",85,0,{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":11,"num_ratings":28,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":18,"tags":83,"homepage":87,"download_link":88,"security_score":68,"vuln_count":69,"unpatched_count":69,"last_vuln_date":37,"fetched_at":30},"theme-preview","Theme Preview","1.4","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>By default, the only way to see how a new theme looks on your site is to\u003Cbr \u002F>\nactivate it, making it visible to everyone who visits. With this plugin, it\u003Cbr \u002F>\nis possible to view how a new theme looks without activating it.\u003C\u002Fp>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cp>Possible future enhancements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add an options screen.\u003C\u002Fli>\n\u003Cli>Allow choice of theme to preview from a known list of installed themes.\u003C\u002Fli>\n\u003Cli>Provide persistent previews by setting a cookie.\u003C\u002Fli>\n\u003Cli>Restrict preview ability by user Roles\u002FCapabilities.\u003C\u002Fli>\n\u003Cli>Child-theme friendliness.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>May not work properly with child themes. This is because it will not be able\u003Cbr \u002F>\nto inherit from the parent theme as it normally would.\u003C\u002Fp>\n","Allows you test how a theme looks on your site without activating it.",300,41450,"2016-02-17T16:20:00.000Z","4.4.34","2.6.0",[84,21,22,85,86],"css","testing","themes","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Ftheme-preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-preview.1.4.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":69,"num_ratings":69,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":18,"tags":102,"homepage":104,"download_link":105,"security_score":68,"vuln_count":69,"unpatched_count":69,"last_vuln_date":37,"fetched_at":30},"preview-themes","Preview Themes","0.1","Abinav Thakuri","https:\u002F\u002Fprofiles.wordpress.org\u002Fabinav\u002F","\u003Cp>The Preview Themes plugin allows wordpress users to preview all installed themes without having to activate and deactivate them simultaneously.An updated version is likely to come up soon as this is the initial development release.\u003C\u002Fp>\n\u003Cp>Note:The docs will be available at http:\u002F\u002Fdreamsdeveloped.com pretty soon.\u003C\u002Fp>\n","The Preview Themes plugin allows wordpress users to preview all installed themes without having to activate and deactivate them simultaneously.",10,4103,"2011-06-24T11:52:00.000Z","3.1.4","2.5.1",[103,23,71,86],"layout","http:\u002F\u002Fabinavsblog.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreview-themes.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":97,"downloaded":114,"rating":69,"num_ratings":69,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":122,"download_link":123,"security_score":68,"vuln_count":69,"unpatched_count":69,"last_vuln_date":37,"fetched_at":30},"wave-your-theme","Wave Your Theme","1.2.1","qiqiboy","https:\u002F\u002Fprofiles.wordpress.org\u002Fqiqiboy\u002F","\u003Cp>*A cool, beautiful method that allows themes to be previewed without activation.\u003Cbr \u002F>\n*It will generate a button on the page link, when clicked, will Xianchu theme switch panel\u003Cbr \u002F>\n*Ajax way through to get all of your theme, and then displayed on the screen, then you can switch the theme of free choice. \u003Cbr \u002F>\n*After the switch there will be cookie records. \u003Cbr \u002F>\n*You can customize the cookie is valid. \u003Cbr \u002F>\n*You can also customize the display of the link button location.\u003C\u002Fp>\n\u003Cp>*If you have questions, Please contact [imqiqiboy#gmail.com] or leave a message in my blog(http:\u002F\u002Fwww.qiqiboy.com).\u003Cbr \u002F>\n*这是一种很酷的，奇妙的主题切换预览方式\u003Cbr \u002F>\n*插件将会在你的页面上生成一个按钮链接（你也可以自定义，不用插件自己生成），点击后将会弹出一个面板\u003Cbr \u002F>\n*通过ajax请求，插件会获取到你当前主机上的所有可用主题，然后按顺序将这些主题显示在弹出的面板上。\u003Cbr \u002F>\n*你此时可以点击任意主题，就可以切换到你所选择的主题了。当你点击时，插件又会发送一条ajax请求，主题设置切换好后，页面将自动刷新，然后你就能看到一个全新的主题了\u003Cbr \u002F>\n*主题切换会记录cookie，你可以自定义cookie的有效期，在有效期内将会一直显示所切换的主题\u003Cbr \u002F>\n*你也可以自定义按钮连接的显示位置、显示样式。\u003Cbr \u002F>\n*提供技术支持及咨询，联系邮件请发【imqiqiboy#gmail.com】或者在我博客【http:\u002F\u002Fwww.qiqiboy.com】留言\u003C\u002Fp>\n\u003Cp>注意：请最好不要勾选“自定义显示位置”，那样会很麻烦，容易出错。一切都交给插件吧！\u003Cbr \u002F>\n你可以直接将要作为按钮的图片放到插件的“img”目录中，然后在后台就可以选择你添加的这张图片了。\u003Cbr \u002F>\n但是还要注意，如果你选择的图片的宽度和高度不是默认的22，那么你还需要在图片的宽度和高度选项中填写你的这张图片的宽度和高度，否则图片将无法完整显示。\u003C\u002Fp>\n","A cool, beautiful method that allows themes to be previewed without activation. It will generate a button on the page link, when clicked, will show th …",3243,"2010-09-24T11:06:00.000Z","3.0.5","2.7",[119,23,120,121],"ajax","switch-theme","theme","http:\u002F\u002Fwww.qiqiboy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwave-your-theme.1.2.1.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":18,"tags":139,"homepage":144,"download_link":145,"security_score":146,"vuln_count":147,"unpatched_count":69,"last_vuln_date":148,"fetched_at":30},"mw-wp-form","MW WP Form","5.1.0","Takashi Kitajima","https:\u002F\u002Fprofiles.wordpress.org\u002Finc2734\u002F","\u003Cp>\u003Cstrong>This plugin currently has only the minimum required maintenance releases.\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Main maintainer has been handed over from @inc2734 to @websoudan.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>MW WP Form can create mail form with a confirmation screen using shortcode.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Form created using shortcodes\u003C\u002Fli>\n\u003Cli>Using confirmation page is possible.\u003C\u002Fli>\n\u003Cli>The page changes by the same URL or individual URL are possible.\u003C\u002Fli>\n\u003Cli>Many validation rules\u003C\u002Fli>\n\u003Cli>Saving inquiry data is possible.\u003C\u002Fli>\n\u003Cli>Displaying Chart using saved inquiry data is possible.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Official\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fmw-wp-form.web-soudan.co.jp\u003C\u002Fp>\n\u003Ch4>GitHub\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fweb-soudan\u002Fmw-wp-form\u003C\u002Fp>\n\u003Ch4>The following third-party resources\u003C\u002Fh4>\n\u003Cp>Google Charts\u003Cbr \u002F>\nSource: https:\u002F\u002Fdevelopers.google.com\u002Fchart\u002F\u003C\u002Fp>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F2inc.org\" rel=\"nofollow ugc\">Takashi Kitajima\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Finc2734\" rel=\"nofollow ugc\">inc2734\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebcre-archive.com\" rel=\"nofollow ugc\">Ryujiro Yamamoto\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fryu263\" rel=\"nofollow ugc\">ryu263\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkee-non.com\" rel=\"nofollow ugc\">Tsujimoto Tomoyuki\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Ftomothumb\" rel=\"nofollow ugc\">tomothumb\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>[Naoyuki Ohata] ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnanniku\" rel=\"nofollow ugc\">nanniku\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmt8.biz\u002F\" rel=\"nofollow ugc\">Kazuto Takeshita\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmt8biz\u002F\" rel=\"nofollow ugc\">moto hachi\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.next-season.net\u002F\" rel=\"nofollow ugc\">Atsushi Ando\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnext-season\u002F\" rel=\"nofollow ugc\">NExt-Season\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvisualive.jp\u002F\" rel=\"nofollow ugc\">Kazuki Tomiyasu\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fkuck1u\u002F\" rel=\"nofollow ugc\">KUCKLU\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmypacecreator.net\u002F\" rel=\"nofollow ugc\">Kei Nomura\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmypacecreator\u002F\" rel=\"nofollow ugc\">mypacecreator\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmh35\" rel=\"nofollow ugc\">mh35\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnojimage\" rel=\"nofollow ugc\">Takashi Nojima\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fherikutu\" rel=\"nofollow ugc\">herikutu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftsucharoku\" rel=\"nofollow ugc\">tsucharoku\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ft-hamano\" rel=\"nofollow ugc\">Tetsuaki Hamano\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwildworks\u002F\" rel=\"nofollow ugc\">t-hamano\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmusus\" rel=\"nofollow ugc\">Susumu Seino\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmusus\u002F\" rel=\"nofollow ugc\">Susumu Seino\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flikr\" rel=\"nofollow ugc\">Yosuke Onoue\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Flikr\u002F\" rel=\"nofollow ugc\">likr\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyudai524\" rel=\"nofollow ugc\">Yudai Konishi\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fyudai524\u002F\" rel=\"nofollow ugc\">Yudai Konishi\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnoldorinfo\" rel=\"nofollow ugc\">takekoshi\u003C\u002Fa> ( \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnoldorinfo\u002F\" rel=\"nofollow ugc\">takekoshi\u003C\u002Fa> )\u003C\u002Fli>\n\u003C\u002Ful>\n","MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving,  …",200000,1771027,86,22,"2024-03-13T02:48:00.000Z","6.4.8","6.0",[140,141,142,22,143],"confirm","form","mail","shortcode","https:\u002F\u002Fmw-wp-form.web-soudan.co.jp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmw-wp-form.5.1.0.zip",81,5,"2024-01-31 00:00:00",{"attackSurface":150,"codeSignals":171,"taintFlows":202,"riskAssessment":203,"analyzedAt":216},{"hooks":151,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":69,"unprotectedCount":69},[152,158,162],{"type":153,"name":154,"callback":155,"file":156,"line":157},"filter","template","ts_get_template","theme-switcher-reloaded.php",108,{"type":153,"name":159,"callback":160,"file":156,"line":161},"stylesheet","ts_get_stylesheet",109,{"type":163,"name":164,"callback":165,"file":156,"line":166},"action","plugins_loaded","widget_themeswitcher_init",178,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":69,"externalRequests":69,"nonceChecks":69,"capabilityChecks":69,"bundledLibraries":201},[],{"prepared":69,"raw":69,"locations":174},[],{"escaped":69,"rawEcho":176,"locations":177},11,[178,181,183,185,187,189,191,193,195,197,199],{"file":156,"line":179,"context":180},105,"raw output",{"file":156,"line":182,"context":180},119,{"file":156,"line":184,"context":180},126,{"file":156,"line":186,"context":180},146,{"file":156,"line":188,"context":180},147,{"file":156,"line":190,"context":180},148,{"file":156,"line":192,"context":180},153,{"file":156,"line":194,"context":180},158,{"file":156,"line":196,"context":180},159,{"file":156,"line":198,"context":180},164,{"file":156,"line":200,"context":180},169,[],[],{"summary":204,"deductions":205},"The 'theme-switcher-reloaded' plugin v1.1 presents a mixed security picture. On the positive side, the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests. This suggests a deliberate effort to minimize direct interaction points and secure data handling.\n\nHowever, significant concerns arise from the complete lack of output escaping and the absence of nonce and capability checks. While the attack surface is small, any entry point that does exist is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities due to unescaped output. The history of vulnerabilities, particularly a recent medium severity XSS issue, reinforces this weakness. The presence of an unpatched CVE indicates a critical need for immediate attention, as it represents a known, exploitable flaw that could be leveraged by attackers.\n\nIn conclusion, while the plugin demonstrates good practices in areas like SQL handling and minimizing attack vectors, the fundamental lack of output escaping and security checks, coupled with a past and present unpatched vulnerability, creates a significant security risk. Users should proceed with extreme caution and prioritize updating or discontinuing use of this plugin until these issues are addressed.",[206,209,212,214],{"reason":207,"points":208},"Unpatched CVE exists",18,{"reason":210,"points":211},"0% output escaping",8,{"reason":213,"points":147},"0 capability checks",{"reason":215,"points":147},"0 nonce checks","2026-03-16T21:06:28.458Z",{"wat":218,"direct":224},{"assetPaths":219,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[220],"\u002Fwp-content\u002Fplugins\u002Ftheme-switcher-reloaded\u002Flanguages\u002Fts_theme_switcher.pot",[],[],[],{"cssClasses":225,"htmlComments":226,"htmlAttributes":227,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":236},[],[],[228,229,230,231,232,233],"name=\"themeswitcher-display\"","value=\"list\"","value=\"dropdown\"","name=\"themeswitcher-name\"","value=\"full\"","value=\"short\"",[],[],[]]