[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNYOwbDX9HaK5L7pIxe1-Mpu7v0LEmZzUjPRLoTowzoQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":73,"crawl_stats":37,"alternatives":80,"analysis":180,"fingerprints":829},"themify-event-post","Themify Event Post","1.3.5","themifyme","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemifyme\u002F","\u003Cp>Have an upcoming event or an interesting sale you’d like to share on your WordPress website? The Themify Event Post Type plugin allows users to create an event specific post type. Here’s what it can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Event Details Area: you can input the day, start & end time, and location\u003C\u002Fli>\n\u003Cli>Map Input Field: you can input an address to display a Google Map\u003C\u002Fli>\n\u003Cli>Buy Button Link: you can enter a link to a ticket buying page\u003C\u002Fli>\n\u003Cli>Repeat Option: you can opt to automatically replicate the event weekly or even daily\u003C\u002Fli>\n\u003Cli>When used with the \u003Ca href=\"https:\u002F\u002Fthemify.me\u002Fbuilder\" rel=\"nofollow ugc\">Themify Builder\u003C\u002Fa> plugin it’ll also come with its own Event Post module.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will add Event post type.",3000,84872,100,2,"2026-02-27T00:13:00.000Z","6.9.4","5.2","7.2",[20,21,22,23],"date","event","post","post-type","https:\u002F\u002Fthemify.me\u002Fevent-post","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemify-event-post.1.3.5.zip",97,3,0,"2025-03-27 00:00:00","2026-03-15T15:16:48.613Z",[32,48,60],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-30832","themify-event-post-authenticated-contributor-stored-cross-site-scripting","Themify Event Post \u003C= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Themify Event Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3.2","1.3.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-02 20:48:43",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2b8ad348-80b2-47d8-96d5-a0f043ce0297?source=api-prod",7,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":29,"updated_date":57,"references":58,"days_to_patch":47},"CVE-2025-30831","themify-event-post-authenticated-contributor-local-file-inclusion","Themify Event Post \u003C= 1.3.2 - Authenticated (Contributor+) Local File Inclusion","The Themify Event Post plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-04-02 20:49:03",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F40d76d20-44fb-4cd7-89e1-bd912d6d35e3?source=api-prod",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":37,"affected_versions":65,"patched_in_version":66,"severity":40,"cvss_score":67,"cvss_vector":68,"vuln_type":43,"published_date":69,"updated_date":70,"references":71,"days_to_patch":47},"CVE-2024-30440","themify-event-post-authenticated-administrator-stored-cross-site-scripting","Themify Event Post \u003C= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Themify Event Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.2.7","1.2.8",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-03-28 00:00:00","2024-04-03 23:59:41",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9aa5247a-b85b-4a0d-ac3e-4b4ef8ccd8ed?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":74,"total_installs":75,"avg_security_score":76,"avg_patch_time_days":77,"trust_score":78,"computed_at":79},10,139500,96,145,76,"2026-04-04T01:01:06.122Z",[81,106,127,146,163],{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":16,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":101,"download_link":102,"security_score":103,"vuln_count":104,"unpatched_count":28,"last_vuln_date":105,"fetched_at":30},"same-category-posts","Same Category Posts","1.1.20","Daniel Floeter","https:\u002F\u002Fprofiles.wordpress.org\u002Fkometschuh\u002F","\u003Cp>Same Category Posts shows a list of related posts with a same Post Type to the current post. The widget is only shown on single post pages. Forked from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-widget\" rel=\"ugc\">Related Posts Widget\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Tip Top Press\u003C\u002Fh4>\n\u003Cp>We’re \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002F\" rel=\"nofollow ugc\">Tip Top Press\u003C\u002Fa> and create widgets for WordPress. If you want to know about what we’re working on and you are interested in backgrounds then you can read all newes storys on our \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002Fblog\u002F?utm_source=wp.org&utm_medium=readme.txt&utm_campaign=same+category+posts\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Shows a list of related posts.\u003C\u002Fli>\n\u003Cli>Option which Post Type should be related to the current post.\u003C\u002Fli>\n\u003Cli>Custom Post Types support.\u003C\u002Fli>\n\u003Cli>Child category and terms support.\u003C\u002Fli>\n\u003Cli>Archive page support.\u003C\u002Fli>\n\u003Cli>Option exclude one or multi categories or terms.\u003C\u002Fli>\n\u003Cli>Option to filter by popular posts (by comment count).\u003C\u002Fli>\n\u003Cli>Option \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002Fnew-dynamic-layout-feature-separate-categories\u002F\" rel=\"nofollow ugc\">separate categories\u003C\u002Fa> if more than one is assigned.\u003C\u002Fli>\n\u003Cli>Set how many posts to show (overall and by category).\u003C\u002Fli>\n\u003Cli>Option exclude current post, sticky posts or children.\u003C\u002Fli>\n\u003Cli>Option exclude categories and terms without exclude their children.\u003C\u002Fli>\n\u003Cli>Placeholders in title string (e.g. “There are a lot of %cat%-News.” -> “There are a lot of Tech-News.”).\u003C\u002Fli>\n\u003Cli>Filter hook for the post titles ‘widget_title’.\u003C\u002Fli>\n\u003Cli>Option to show post thumbnail and set width & height.\u003C\u002Fli>\n\u003Cli>Option to \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002Fcss-image-crop\u002F\" rel=\"nofollow ugc\">crop thumbnails dimensions with CSS\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Option to put thumbnail on top.\u003C\u002Fli>\n\u003Cli>Option to make the widget title link to the category page.\u003C\u002Fli>\n\u003Cli>Option to show\u002Fhide the title.\u003C\u002Fli>\n\u003Cli>Option to show the post excerpt and how long (in words).\u003C\u002Fli>\n\u003Cli>Option change excerpt ‘more’ text.\u003C\u002Fli>\n\u003Cli>Option to show the post date, author and comment count.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Placeholder\u003C\u002Fh4>\n\u003Cp>In text boxes \u003Cstrong>%cat%\u003C\u002Fstrong> will replaced with the (first assigned) category name, e.g. “There are a lot of %cat%-News.” -> “There are a lot of Tech-News.”\u003C\u002Fp>\n\u003Cp>And \u003Cstrong>%cat-all%\u003C\u002Fstrong> will replaced with all assigned category name, e.g. “Special offers for %cat-all%!” -> “Special offers for houses, flats, apartments.”\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>While using this plugin if you find any bug or any conflict, please submit an issue at\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielFloeter\u002Fsame-category-posts\" rel=\"nofollow ugc\">Github\u003C\u002Fa> (If possible with a pull request).\u003C\u002Fp>\n","Show posts related to the current category or other custom post types.",71571,94,13,"2026-01-21T22:07:00.000Z","3.0","",[96,97,98,99,100],"custom-post-type","events","products","related","related-posts","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsame-category-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsame-category-posts.1.1.20.zip",99,1,"2026-01-23 19:17:25",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":28,"num_ratings":28,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":94,"download_link":125,"security_score":126,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bulk-post-status-update","Bulk Post Status Update","1.0.1","Chetan Vaghela","https:\u002F\u002Fprofiles.wordpress.org\u002Fthechetanvaghela\u002F","\u003Cp>The users can change the status of posts and custom posts to draft and publish them in bulk.\u003C\u002Fp>\n\u003Ch3>Features And Options:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>User can change status of posts in bulk.\u003C\u002Fli>\n\u003Cli>Custom Post Type Supported.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress multisite network\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Keywords\u003C\u002Fh3>\n\u003Cp>update status, draft, publish, bulk, Custom post type, post\u003C\u002Fp>\n","The users can change the status of posts and custom posts to draft and publish them in bulk.",200,3154,"2024-08-29T16:00:00.000Z","6.6.5","3.0.1","5.6",[121,96,122,123,124],"bulk","draft","publish","update-status","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-post-status-update.zip",92,{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":13,"downloaded":135,"rating":13,"num_ratings":27,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":94,"tags":139,"homepage":143,"download_link":144,"security_score":145,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"last-updated","last updated","2.1","hobbeshunter","https:\u002F\u002Fprofiles.wordpress.org\u002Fwudi96\u002F","\u003Cp>EN:\u003C\u002Fp>\n\u003Cp>Provides a widget that displays posts (all post-types supported, custom as well) marked as significantly updated with the date of the update (optionally).\u003C\u002Fp>\n\u003Cp>Settings:\u003Cbr \u002F>\n* Widget Title\u003Cbr \u002F>\n* Amount\u003Cbr \u002F>\n* Post-Types\u003Cbr \u002F>\n* Whether the date of the update should be displayed or not.\u003C\u002Fp>\n\u003Cp>DE:\u003C\u002Fp>\n\u003Cp>Dieses Plugin stellt ein Widget zur Verfügung, das zuletzt aktualisierte Beiträge (alle Veröffentlichungsarten werden unterstützt, auch custom post-types) mit dem dazugehörigen Datumm der Aktualisierung (optional) anzeigt.\u003C\u002Fp>\n\u003Cp>Einstellungen:\u003Cbr \u002F>\n* Widget Titel\u003Cbr \u002F>\n* Anzahl\u003Cbr \u002F>\n* Veröffentlichungsarten\u003Cbr \u002F>\n* Ob das Datum der Veröffentlichung angezeigt werden soll oder nicht.\u003C\u002Fp>\n\u003Cp>Sehen Sie auch hier vorbei: http:\u002F\u002Fwww.martin.wudenka.de\u002Fwordpress-widget-zuletzt-aktualisierte-posts-anzeigen\u003C\u002Fp>\n","Mark posts as significantly updated an display them in a widget.",10661,"2015-10-18T13:46:00.000Z","4.4.34","3.8",[96,128,140,141,142],"sidebar","simple","widget","http:\u002F\u002Fwww.martin.wudenka.de\u002Fwordpress-widget-zuletzt-aktualisierte-posts-anzeigen\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-updated.2.1.zip",85,{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":28,"num_ratings":28,"last_updated":156,"tested_up_to":157,"requires_at_least":158,"requires_php":94,"tags":159,"homepage":94,"download_link":162,"security_score":145,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"press-news-events","Press, News, Events","1.1","mattdeclaire","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattdeclaire\u002F","\u003Cp>This plugin creates custom post types for Press Releases, Events and New Stories, three things a standard PR site needs.\u003C\u002Fp>\n","Create custom post types for press releases, references to external news stories, and events.",60,9750,"2012-12-04T01:38:00.000Z","3.3.2","3.3.1",[96,97,160,161],"news","press-releases","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-news-events.zip",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":171,"downloaded":172,"rating":78,"num_ratings":173,"last_updated":174,"tested_up_to":175,"requires_at_least":138,"requires_php":94,"tags":176,"homepage":178,"download_link":179,"security_score":145,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"super-simple-events","Super Simple Events","1.0.4","Jonny Harris","https:\u002F\u002Fprofiles.wordpress.org\u002Fspacedmonkey\u002F","\u003Cp>Super Simple Events is an events plugin for WordPress, built to be easy to use and manage.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add events, set start \u002F end dates, time and location. \u003C\u002Fli>\n\u003Cli>Show event date before content in front end. \u003C\u002Fli>\n\u003Cli>Assign event into event types\u003C\u002Fli>\n\u003Cli>Hide past events \u003C\u002Fli>\n\u003Cli>Widget to show upcoming events\u003C\u002Fli>\n\u003Cli>Admin panel to configure settings \u003C\u002Fli>\n\u003Cli>Shortcodes to display event meta\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is built using the WordPress coding standards, is designed to be very lite weight on system resources.\u003C\u002Fp>\n\u003Cp>If you wish to follow the development of this plugin, view the code on\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fspacedmonkey\u002Fsuper-simple-events\u002F\" title=\"github\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> or the official plugin \u003Ca href=\"http:\u002F\u002Fwww.jonathandavidharris.co.uk\u002Fscripts\u002Fsuper-simple-events\u002F\" title=\"website\" rel=\"nofollow ugc\">website\u003C\u002Fa>.\u003C\u002Fp>\n","Super Simple Events is an events plugin for WordPress, built to be easy to use and manage.",30,4479,4,"2015-02-22T13:55:00.000Z","4.1.42",[96,97,177,142],"events-list","http:\u002F\u002Fwww.jonathandavidharris.co.uk\u002Fscripts\u002Fsuper-simple-events\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsuper-simple-events.1.0.4.zip",{"attackSurface":181,"codeSignals":426,"taintFlows":701,"riskAssessment":813,"analyzedAt":828},{"hooks":182,"ajaxHandlers":397,"restRoutes":420,"shortcodes":421,"cronEvents":425,"entryPointCount":47,"unprotectedCount":14},[183,189,192,195,200,204,208,213,218,223,226,230,233,237,240,243,246,250,254,259,263,267,271,275,278,280,285,288,290,294,297,301,305,308,311,315,319,322,326,329,332,335,338,341,344,348,350,352,356,359,363,367,370,372,377,379,384,388,392,394],{"type":184,"name":185,"callback":186,"priority":13,"file":187,"line":188},"action","admin_menu","setup_options_page","includes\\admin.php",12,{"type":184,"name":190,"callback":191,"file":187,"line":91},"admin_init","page_init",{"type":184,"name":193,"callback":193,"priority":74,"file":187,"line":194},"updated_option",14,{"type":196,"name":197,"callback":198,"priority":74,"file":187,"line":199},"filter","manage_edit-event_columns","type_column_header",15,{"type":184,"name":201,"callback":202,"priority":74,"file":187,"line":203},"manage_event_posts_custom_column","type_column",16,{"type":184,"name":205,"callback":206,"file":187,"line":207},"restrict_manage_posts","get_select",17,{"type":196,"name":209,"callback":210,"priority":74,"file":211,"line":212},"image_resize_dimensions","themify_events_img_resize_dimensions","includes\\functions.php",808,{"type":184,"name":214,"callback":215,"file":216,"line":217},"init","themify_event_post_register_post_type","includes\\post-type.php",77,{"type":184,"name":219,"callback":220,"file":221,"line":222},"admin_enqueue_scripts","enqueue_admin_script","includes\\system.php",41,{"type":184,"name":224,"callback":224,"file":221,"line":225},"pre_get_posts",45,{"type":184,"name":227,"callback":228,"priority":199,"file":221,"line":229},"after_setup_theme","load_themify_library",48,{"type":184,"name":214,"callback":231,"file":221,"line":232},"i18n",49,{"type":196,"name":234,"callback":235,"priority":74,"file":221,"line":236},"themify_metabox\u002Ffields\u002Fthemify-meta-boxes","themify_do_metaboxes",51,{"type":184,"name":238,"callback":238,"file":221,"line":239},"wp_enqueue_scripts",52,{"type":196,"name":241,"callback":241,"file":221,"line":242},"template_include",53,{"type":196,"name":244,"callback":244,"file":221,"line":245},"post_class",54,{"type":184,"name":247,"callback":248,"file":221,"line":249},"themify_builder_setup_modules","register_module",61,{"type":196,"name":251,"callback":252,"file":221,"line":253},"themify_search_args","add_event_to_search_result",63,{"type":196,"name":255,"callback":256,"priority":257,"file":221,"line":258},"the_content","single_template",999,93,{"type":196,"name":260,"callback":261,"file":262,"line":171},"themify_metaboxes","themify_metabox_example_meta_box","includes\\themify-metabox\\example-functions.php",{"type":196,"name":264,"callback":265,"priority":74,"file":262,"line":266},"themify_metabox\u002Ffields\u002Ftm-example","themify_metabox_example_meta_box_fields",229,{"type":196,"name":268,"callback":269,"file":262,"line":270},"themify_metabox\u002Fuser\u002Ffields","themify_metabox_example_user_fields",259,{"type":196,"name":272,"callback":273,"priority":74,"file":262,"line":274},"themify_metabox\u002Ftaxonomy\u002Fcategory\u002Ffields","themify_metabox_example_category_fields",280,{"type":184,"name":214,"callback":276,"priority":13,"file":277,"line":207},"hooks","includes\\themify-metabox\\includes\\themify-metabox-core.php",{"type":184,"name":185,"callback":185,"file":277,"line":279},27,{"type":184,"name":281,"callback":282,"priority":283,"file":277,"line":284},"pre_post_update","save_postdata",101,28,{"type":184,"name":286,"callback":282,"priority":283,"file":277,"line":287},"save_post",29,{"type":184,"name":219,"callback":219,"priority":289,"file":277,"line":171},11,{"type":196,"name":291,"callback":292,"priority":74,"file":277,"line":293},"is_protected_meta","protected_meta",31,{"type":184,"name":190,"callback":295,"priority":74,"file":277,"line":296},"themify_export_colors",35,{"type":196,"name":286,"callback":298,"priority":299,"file":277,"line":300},"page_options_updated",102,40,{"type":184,"name":302,"callback":303,"priority":103,"file":277,"line":304},"add_meta_boxes","remove_extra_meta_boxes",44,{"type":184,"name":306,"callback":307,"priority":103,"file":277,"line":225},"admin_head","remove_help",{"type":184,"name":219,"callback":309,"priority":13,"file":277,"line":310},"dequeue_scripts",46,{"type":184,"name":312,"callback":313,"priority":74,"file":277,"line":314},"template_redirect","page_options_init",50,{"type":184,"name":316,"callback":317,"priority":74,"file":277,"line":318},"wp_before_admin_bar_render","add_meta_options_menu",697,{"type":184,"name":238,"callback":320,"priority":74,"file":277,"line":321},"page_options_enqueue",698,{"type":196,"name":323,"callback":324,"file":277,"line":325},"use_block_editor_for_post","__return_false",728,{"type":196,"name":327,"callback":324,"file":277,"line":328},"screen_options_show_screen",730,{"type":184,"name":214,"callback":330,"priority":74,"file":277,"line":331},"get_instance",772,{"type":184,"name":214,"callback":214,"priority":13,"file":333,"line":334},"includes\\themify-metabox\\includes\\themify-term-fields.php",22,{"type":184,"name":219,"callback":336,"file":333,"line":337},"enqueue",23,{"type":184,"name":339,"callback":340,"priority":74,"file":333,"line":296},"created_term","save_fields",{"type":184,"name":342,"callback":340,"priority":74,"file":333,"line":343},"edited_term",36,{"type":184,"name":345,"callback":346,"file":347,"line":334},"show_user_profile","user_fields","includes\\themify-metabox\\includes\\themify-user-fields.php",{"type":184,"name":349,"callback":346,"file":347,"line":337},"edit_user_profile",{"type":184,"name":219,"callback":336,"file":347,"line":351},24,{"type":184,"name":353,"callback":354,"file":347,"line":355},"personal_options_update","save_user_field",25,{"type":184,"name":357,"callback":354,"file":347,"line":358},"edit_user_profile_update",26,{"type":184,"name":227,"callback":360,"priority":361,"file":362,"line":296},"themify_metabox_bootstrap",20,"includes\\themify-metabox\\themify-metabox.php",{"type":196,"name":364,"callback":365,"file":366,"line":188},"mce_external_plugins","add_plugin","includes\\tinymce.php",{"type":196,"name":368,"callback":369,"file":366,"line":91},"mce_buttons","add_button",{"type":184,"name":371,"callback":371,"file":366,"line":194},"wp_enqueue_editor",{"type":184,"name":373,"callback":374,"file":375,"line":376},"widgets_init","register","includes\\widgets.php",117,{"type":184,"name":373,"callback":374,"file":375,"line":378},260,{"type":196,"name":380,"callback":381,"file":382,"line":383},"themify_builder_active_vars","builder_active_enqueue","modules\\module-event-posts.php",18,{"type":184,"name":190,"callback":385,"file":386,"line":387},"themify_event_deactivate","themify-event-post.php",37,{"type":184,"name":389,"callback":390,"file":386,"line":391},"admin_notices","themify_event_admin_notice",38,{"type":184,"name":227,"callback":393,"file":386,"line":314},"themify_event_post_setup",{"type":196,"name":395,"callback":396,"priority":74,"file":386,"line":236},"plugin_row_meta","themify_event_post_plugin_meta",[398,404,408,411,414,417],{"action":399,"nopriv":400,"callback":399,"hasNonce":401,"hasCapCheck":401,"file":402,"line":403},"themify_metabox_media_lib_browse",false,true,"includes\\themify-metabox\\includes\\themify-field-types.php",8,{"action":405,"nopriv":400,"callback":406,"hasNonce":401,"hasCapCheck":401,"file":402,"line":407},"themify_plupload","themify_wp_ajax_plupload_image",9,{"action":409,"nopriv":400,"callback":410,"hasNonce":400,"hasCapCheck":400,"file":402,"line":74},"themify_create_inner_popup_page","themify_ajax_create_inner_page",{"action":412,"nopriv":400,"callback":413,"hasNonce":400,"hasCapCheck":400,"file":402,"line":289},"themify_create_popup_page_pagination","themify_ajax_create_page_pagination",{"action":415,"nopriv":400,"callback":415,"hasNonce":401,"hasCapCheck":400,"file":277,"line":416},"themify_import_colors",33,{"action":418,"nopriv":400,"callback":418,"hasNonce":401,"hasCapCheck":400,"file":277,"line":419},"themify_save_colors",34,[],[422],{"tag":423,"callback":424,"file":221,"line":314},"themify_event_post","shortcode",[],{"dangerousFunctions":427,"sqlUsage":435,"outputEscaping":437,"fileOperations":28,"externalRequests":28,"nonceChecks":696,"capabilityChecks":403,"bundledLibraries":697},[428,432],{"fn":429,"file":277,"line":430,"context":431},"unserialize",562,"$new_data = unserialize( $fileContent , ['allowed_classes' => false] );",{"fn":429,"file":277,"line":433,"context":434},572,"$currentSwatches = unserialize( get_option( 'themify_saved_' . $type, serialize( array() ) ) );",{"prepared":173,"raw":28,"locations":436},[],{"escaped":438,"rawEcho":439,"locations":440},270,144,[441,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,479,480,482,483,484,485,487,488,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,574,576,578,580,582,584,586,588,590,591,593,594,595,596,598,600,601,603,604,605,607,608,609,610,612,613,615,616,618,620,622,624,626,628,630,632,634,636,638,640,642,644,646,648,649,651,652,654,657,659,660,661,663,664,665,667,669,670,671,672,673,675,676,678,680,682,684,685,686,687,688,690,692,694,695],{"file":187,"line":442,"context":443},161,"raw output",{"file":187,"line":445,"context":443},174,{"file":187,"line":447,"context":443},189,{"file":187,"line":449,"context":443},203,{"file":187,"line":451,"context":443},251,{"file":187,"line":453,"context":443},294,{"file":187,"line":455,"context":443},336,{"file":211,"line":457,"context":443},111,{"file":211,"line":459,"context":443},131,{"file":211,"line":461,"context":443},133,{"file":211,"line":463,"context":443},147,{"file":211,"line":465,"context":443},149,{"file":211,"line":467,"context":443},171,{"file":211,"line":469,"context":443},192,{"file":211,"line":471,"context":443},194,{"file":211,"line":473,"context":443},219,{"file":211,"line":475,"context":443},462,{"file":211,"line":477,"context":443},1021,{"file":211,"line":477,"context":443},{"file":211,"line":477,"context":443},{"file":402,"line":481,"context":443},32,{"file":402,"line":90,"context":443},{"file":402,"line":376,"context":443},{"file":402,"line":439,"context":443},{"file":402,"line":486,"context":443},167,{"file":402,"line":471,"context":443},{"file":402,"line":489,"context":443},243,{"file":402,"line":491,"context":443},274,{"file":402,"line":493,"context":443},326,{"file":402,"line":495,"context":443},419,{"file":402,"line":497,"context":443},461,{"file":402,"line":499,"context":443},499,{"file":402,"line":501,"context":443},528,{"file":402,"line":503,"context":443},560,{"file":402,"line":505,"context":443},599,{"file":402,"line":507,"context":443},632,{"file":402,"line":509,"context":443},660,{"file":402,"line":511,"context":443},700,{"file":402,"line":513,"context":443},720,{"file":402,"line":515,"context":443},740,{"file":402,"line":517,"context":443},804,{"file":402,"line":519,"context":443},1084,{"file":402,"line":521,"context":443},1153,{"file":402,"line":523,"context":443},1157,{"file":402,"line":525,"context":443},1200,{"file":402,"line":527,"context":443},1201,{"file":402,"line":529,"context":443},1221,{"file":402,"line":531,"context":443},1241,{"file":402,"line":533,"context":443},1286,{"file":402,"line":535,"context":443},1312,{"file":402,"line":537,"context":443},1362,{"file":402,"line":539,"context":443},1365,{"file":402,"line":541,"context":443},1383,{"file":402,"line":543,"context":443},1444,{"file":402,"line":545,"context":443},1463,{"file":402,"line":547,"context":443},1466,{"file":402,"line":549,"context":443},1507,{"file":402,"line":551,"context":443},1510,{"file":402,"line":553,"context":443},1571,{"file":402,"line":555,"context":443},1586,{"file":277,"line":557,"context":443},258,{"file":277,"line":559,"context":443},269,{"file":277,"line":561,"context":443},335,{"file":277,"line":563,"context":443},344,{"file":277,"line":565,"context":443},346,{"file":277,"line":567,"context":443},379,{"file":277,"line":569,"context":443},385,{"file":277,"line":571,"context":443},387,{"file":277,"line":573,"context":443},679,{"file":333,"line":575,"context":443},70,{"file":333,"line":577,"context":443},71,{"file":333,"line":579,"context":443},127,{"file":333,"line":581,"context":443},129,{"file":347,"line":583,"context":443},55,{"file":347,"line":585,"context":443},56,{"file":347,"line":587,"context":443},58,{"file":347,"line":589,"context":443},89,{"file":375,"line":284,"context":443},{"file":375,"line":592,"context":443},75,{"file":375,"line":78,"context":443},{"file":375,"line":78,"context":443},{"file":375,"line":78,"context":443},{"file":375,"line":597,"context":443},80,{"file":375,"line":599,"context":443},82,{"file":375,"line":599,"context":443},{"file":375,"line":602,"context":443},86,{"file":375,"line":589,"context":443},{"file":375,"line":26,"context":443},{"file":375,"line":606,"context":443},98,{"file":375,"line":606,"context":443},{"file":375,"line":606,"context":443},{"file":375,"line":299,"context":443},{"file":375,"line":611,"context":443},103,{"file":375,"line":611,"context":443},{"file":375,"line":614,"context":443},139,{"file":375,"line":469,"context":443},{"file":375,"line":617,"context":443},193,{"file":375,"line":619,"context":443},197,{"file":375,"line":621,"context":443},212,{"file":375,"line":623,"context":443},213,{"file":375,"line":625,"context":443},223,{"file":375,"line":627,"context":443},224,{"file":375,"line":629,"context":443},233,{"file":375,"line":631,"context":443},234,{"file":375,"line":633,"context":443},239,{"file":375,"line":635,"context":443},240,{"file":375,"line":637,"context":443},244,{"file":375,"line":639,"context":443},245,{"file":375,"line":641,"context":443},249,{"file":375,"line":643,"context":443},250,{"file":645,"line":361,"context":443},"templates\\archive.php",{"file":647,"line":481,"context":443},"templates\\content.php",{"file":647,"line":217,"context":443},{"file":647,"line":650,"context":443},81,{"file":647,"line":606,"context":443},{"file":647,"line":653,"context":443},109,{"file":655,"line":656,"context":443},"templates\\shortcode.php",78,{"file":655,"line":658,"context":443},79,{"file":655,"line":650,"context":443},{"file":655,"line":599,"context":443},{"file":655,"line":662,"context":443},84,{"file":655,"line":145,"context":443},{"file":655,"line":258,"context":443},{"file":655,"line":666,"context":443},95,{"file":668,"line":194,"context":443},"templates\\single.php",{"file":668,"line":361,"context":443},{"file":668,"line":343,"context":443},{"file":668,"line":229,"context":443},{"file":668,"line":239,"context":443},{"file":668,"line":674,"context":443},64,{"file":668,"line":575,"context":443},{"file":677,"line":587,"context":443},"templates\\template-event-posts.php",{"file":677,"line":679,"context":443},62,{"file":677,"line":681,"context":443},66,{"file":683,"line":358,"context":443},"templates\\widget-categories.php",{"file":683,"line":171,"context":443},{"file":683,"line":171,"context":443},{"file":683,"line":171,"context":443},{"file":683,"line":585,"context":443},{"file":683,"line":689,"context":443},73,{"file":691,"line":253,"context":443},"templates\\widget-posts.php",{"file":691,"line":693,"context":443},67,{"file":691,"line":602,"context":443},{"file":386,"line":26,"context":443},5,[698],{"name":699,"version":37,"knownCves":700},"TinyMCE",[],[702,718,728,737,746,756,771,782,797],{"entryPoint":703,"graph":704,"unsanitizedCount":104,"severity":40},"get_select (includes\\admin.php:319)",{"nodes":705,"edges":716},[706,711],{"id":707,"type":708,"label":709,"file":187,"line":710},"n0","source","$_GET",332,{"id":712,"type":713,"label":714,"file":187,"line":455,"wp_function":715},"n1","sink","echo() [XSS]","echo",[717],{"from":707,"to":712,"sanitized":400},{"entryPoint":719,"graph":720,"unsanitizedCount":104,"severity":40},"themify_ajax_create_page_pagination (includes\\themify-metabox\\includes\\themify-field-types.php:737)",{"nodes":721,"edges":726},[722,725],{"id":707,"type":708,"label":723,"file":402,"line":724},"$_POST",738,{"id":712,"type":713,"label":714,"file":402,"line":515,"wp_function":715},[727],{"from":707,"to":712,"sanitized":400},{"entryPoint":729,"graph":730,"unsanitizedCount":104,"severity":40},"themify_ajax_create_inner_page (includes\\themify-metabox\\includes\\themify-field-types.php:797)",{"nodes":731,"edges":735},[732,734],{"id":707,"type":708,"label":723,"file":402,"line":733},803,{"id":712,"type":713,"label":714,"file":402,"line":517,"wp_function":715},[736],{"from":707,"to":712,"sanitized":400},{"entryPoint":738,"graph":739,"unsanitizedCount":104,"severity":745},"\u003Cadmin> (includes\\admin.php:0)",{"nodes":740,"edges":743},[741,742],{"id":707,"type":708,"label":709,"file":187,"line":710},{"id":712,"type":713,"label":714,"file":187,"line":455,"wp_function":715},[744],{"from":707,"to":712,"sanitized":400},"low",{"entryPoint":747,"graph":748,"unsanitizedCount":28,"severity":745},"themify_wp_ajax_plupload_image (includes\\themify-metabox\\includes\\themify-field-types.php:1224)",{"nodes":749,"edges":754},[750,753],{"id":707,"type":708,"label":751,"file":402,"line":752},"$_FILES (x2)",1237,{"id":712,"type":713,"label":714,"file":402,"line":531,"wp_function":715},[755],{"from":707,"to":712,"sanitized":401},{"entryPoint":757,"graph":758,"unsanitizedCount":28,"severity":745},"\u003Cthemify-field-types> (includes\\themify-metabox\\includes\\themify-field-types.php:0)",{"nodes":759,"edges":768},[760,762,763,766],{"id":707,"type":708,"label":761,"file":402,"line":724},"$_POST (x3)",{"id":712,"type":713,"label":714,"file":402,"line":515,"wp_function":715},{"id":764,"type":708,"label":765,"file":402,"line":752},"n2","$_FILES (x3)",{"id":767,"type":713,"label":714,"file":402,"line":531,"wp_function":715},"n3",[769,770],{"from":707,"to":712,"sanitized":401},{"from":764,"to":767,"sanitized":401},{"entryPoint":772,"graph":773,"unsanitizedCount":28,"severity":745},"themify_import_colors (includes\\themify-metabox\\includes\\themify-metabox-core.php:556)",{"nodes":774,"edges":780},[775,778],{"id":707,"type":708,"label":776,"file":277,"line":777},"$_FILES",561,{"id":712,"type":713,"label":779,"file":277,"line":430,"wp_function":429},"unserialize() [Object Injection]",[781],{"from":707,"to":712,"sanitized":401},{"entryPoint":783,"graph":784,"unsanitizedCount":28,"severity":745},"themify_export_colors (includes\\themify-metabox\\includes\\themify-metabox-core.php:663)",{"nodes":785,"edges":794},[786,788,792,793],{"id":707,"type":708,"label":709,"file":277,"line":787},668,{"id":712,"type":713,"label":789,"file":277,"line":790,"wp_function":791},"header() [Header Injection]",675,"header",{"id":764,"type":708,"label":709,"file":277,"line":787},{"id":767,"type":713,"label":714,"file":277,"line":573,"wp_function":715},[795,796],{"from":707,"to":712,"sanitized":401},{"from":764,"to":767,"sanitized":401},{"entryPoint":798,"graph":799,"unsanitizedCount":28,"severity":745},"\u003Cthemify-metabox-core> (includes\\themify-metabox\\includes\\themify-metabox-core.php:0)",{"nodes":800,"edges":809},[801,802,803,804,805,807],{"id":707,"type":708,"label":776,"file":277,"line":777},{"id":712,"type":713,"label":779,"file":277,"line":430,"wp_function":429},{"id":764,"type":708,"label":709,"file":277,"line":787},{"id":767,"type":713,"label":789,"file":277,"line":790,"wp_function":791},{"id":806,"type":708,"label":709,"file":277,"line":787},"n4",{"id":808,"type":713,"label":714,"file":277,"line":573,"wp_function":715},"n5",[810,811,812],{"from":707,"to":712,"sanitized":401},{"from":764,"to":767,"sanitized":401},{"from":806,"to":808,"sanitized":401},{"summary":814,"deductions":815},"The \"themify-event-post\" v1.3.5 plugin presents a mixed security posture.  On the positive side, it demonstrates good practices with 100% of SQL queries utilizing prepared statements and a substantial number of capability checks (8).  The absence of file operations and external HTTP requests further strengthens its security.  However, there are significant areas of concern.  The presence of two AJAX handlers without authentication checks creates a direct attack vector.  Furthermore, the use of `unserialize` is a dangerous function that, if not handled with extreme care and input validation, can lead to remote code execution vulnerabilities.  The taint analysis, while reporting no critical or high severity flows, does indicate 4 flows with unsanitized paths, which warrants attention.  The plugin's vulnerability history is also a notable red flag, with 3 known CVEs, including one high severity and two medium severity.  The historical prevalence of Cross-site Scripting and PHP Remote File Inclusion vulnerabilities suggests recurring security weaknesses that attackers could potentially exploit.  While there are no currently unpatched vulnerabilities, the past patterns indicate a need for vigilant monitoring and prompt patching when new issues arise. The plugin shows strengths in its database query security and capability checks, but the unprotected entry points, dangerous function usage, and historical vulnerability patterns indicate a notable risk.",[816,818,820,822,824,826],{"reason":817,"points":74},"Unprotected AJAX handlers",{"reason":819,"points":199},"Use of dangerous function (unserialize)",{"reason":821,"points":403},"Flows with unsanitized paths (taint analysis)",{"reason":823,"points":361},"Known high severity CVE (unpatched)",{"reason":825,"points":74},"Known medium severity CVEs (unpatched)",{"reason":827,"points":696},"Output escaping not fully proper (65%)","2026-03-16T18:24:02.998Z",{"wat":830,"direct":851},{"assetPaths":831,"generatorPatterns":840,"scriptPaths":841,"versionParams":842},[832,833,834,835,836,837,838,839],"\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fcss\u002Fevent-styles.css","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fjs\u002Fthemify-event-post.js","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fassets\u002Fjs\u002Ffrontend.js","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fassets\u002Fcss\u002Fcalendar.css","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fassets\u002Fjs\u002Fcalendar.js","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fcss\u002Fthemify-metabox.css","\u002Fwp-content\u002Fplugins\u002Fthemify-event-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fjs\u002Fthemify-metabox.js",[],[833,835,837,839],[843,844,845,846,847,848,849,850],"themify-event-post\u002Fcss\u002Fevent-styles.css?ver=","themify-event-post\u002Fjs\u002Fthemify-event-post.js?ver=","themify-event-post\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","themify-event-post\u002Fassets\u002Fjs\u002Ffrontend.js?ver=","themify-event-post\u002Fassets\u002Fcss\u002Fcalendar.css?ver=","themify-event-post\u002Fassets\u002Fjs\u002Fcalendar.js?ver=","themify-event-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fcss\u002Fthemify-metabox.css?ver=","themify-event-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fjs\u002Fthemify-metabox.js?ver=",{"cssClasses":852,"htmlComments":856,"htmlAttributes":857,"restEndpoints":859,"jsGlobals":860,"shortcodeOutput":863},[853,854,855],"themify_event_post_wrap","themify_event_archive","themify_event_single",[],[858],"data-post-type=\"event\"",[],[861,862],"ThemifyEventPost","ThemifyCalendar",[864,423],"[themify_event_post"]