[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuya9rdY5rJjAzfBt5rPOU41KQGQWm_XaUoSHNjwLOMA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":147,"fingerprints":311},"tp-gallery-slider","T&P Gallery Slider","1.2","pey22","https:\u002F\u002Fprofiles.wordpress.org\u002Fpey22\u002F","\u003Cp>This simple plugin shows a large size image in the page and below a scrollable row of thumbnails without scrollbar. You can scroll the thumbs while mouseover or mouseclick and choose an image for the big view.\u003Cbr \u002F>\nyou can also add each image a short description that displaying on the big image (the description is the images alt).\u003Cbr \u002F>\nyou can display slider from another post\u002Fpage by passing his ID to the short code [tp_gallery post_id=”id”].\u003Cbr \u002F>\nalso there is a setting page with beautiful preview box.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New!!! from T&P plugins: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftp-navigation-menu\" rel=\"ugc\">T&P Navigation Menu\u003C\u002Fa> – sticky navigation menu when scroll down the page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Create Images\u003C\u002Fh3>\n\u003Cp>You need all images of your gallery in the same size and have to upload them in the same aspect ratio.\u003Cbr \u002F>\n1. The size of the big image is the size of the first in the gallery. You should have all images in the gallery in the same width and heigth to avoid scaling.\u003Cbr \u002F>\n2. When putting the mouse over the big image will change.\u003C\u002Fp>\n","T&P Gallery Slider for WordPress is an image hover\u002Fclick gallery as a WordPress plugin.",50,14487,100,5,"2013-08-23T08:46:00.000Z","3.5.2","3.0","",[20,21,22,23,24],"gallery","image","images","jquery","pictures","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftp-gallery-slider\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftp-gallery-slider.1.2.zip",61,1,"2025-04-14 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-32527","tp-gallery-slider-unauthenticated-stored-cross-site-scripting","T&P Gallery Slider \u003C= 1.2 - Unauthenticated Stored Cross-Site Scripting","The T&P Gallery Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-22 18:21:00",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc37bbb3b-5ef4-4604-9b0e-256dde546b4b?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},2,60,73,30,75,"2026-04-04T09:12:06.087Z",[54,73,92,114,131],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":13,"num_ratings":28,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":69,"download_link":70,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"jquery-googleslides","jQuery googleslides","1.3","brady.holt","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradyholt\u002F","\u003Cp>jquery.googleslides is a simply jQuery plugin that displays your Google Photos, including Picasa and Google+ albums.  Visit the \u003Ca href=\"http:\u002F\u002Fbradyholt.github.com\u002Fjquery-googleslides\" rel=\"nofollow ugc\">jquery-googleslides project site\u003C\u002Fa> for more information.\u003C\u002Fp>\n","Integrates the googleslides jQuery plugin to display your Google Photos, including Picasa and Google+ albums.",20,3836,"2012-06-15T20:59:00.000Z","3.3.2","2.0.2",[20,22,23,24,68],"slideshow","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjquery-googleslides\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjquery-googleslides.1.3.zip",85,0,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":18,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":90,"download_link":91,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"cleaner-gallery","Cleaner Gallery","1.1.0","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>This plugin was written to take care of the invalid HTML that WordPress produces when using the \u003Ccode>[gallery]\u003C\u002Fcode> shortcode.\u003C\u002Fp>\n\u003Cp>It does a bit more than that though.  It will integrate with many Lightbox-type scripts and allow you to do much cooler things with your galleries.  Plus, it has a couple of extra options that you can play around with.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Uses HTML5 \u003Ccode>\u003Cfig>\u003C\u002Fcode> and \u003Ccode>\u003Cfigcaption>\u003C\u002Fcode> elements.\u003C\u002Fli>\n\u003Cli>Integrates with \u003Ca href=\"http:\u002F\u002Fschema.org\" rel=\"nofollow ugc\">Schema.org microdata\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Uses the \u003Ccode>aria-describedby\u003C\u002Fcode> attribute to make images + captions more accessible to users with disabilities.\u003C\u002Fli>\n\u003Cli>Validates the invalid code that WordPress spits out.\u003C\u002Fli>\n\u003Cli>Several options on how you want your gallery images.\u003C\u002Fli>\n\u003Cli>Allows multiple galleries in a single post.\u003C\u002Fli>\n\u003Cli>Ability to set the number of images shown in each gallery.\u003C\u002Fli>\n\u003Cli>Ability to exclude or include any images from your gallery.\u003C\u002Fli>\n\u003Cli>Doesn’t load any extra CSS or JavaScript unless you choose to do so.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Integrates with 18 different Lightbox-type scripts\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.huddletogether.com\u002Fprojects\u002Flightbox2\u002F\" rel=\"nofollow ugc\">Lightbox 2\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.digitalia.be\u002Fsoftware\u002Fslimbox\" rel=\"nofollow ugc\">Slimbox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.digitalia.be\u002Fsoftware\u002Fslimbox2\" rel=\"nofollow ugc\">Slimbox 2\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fjquery.com\u002Fdemo\u002Fthickbox\u002F\" rel=\"nofollow ugc\">Thickbox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdolem.com\u002Flytebox\u002F\" rel=\"nofollow ugc\">Lytebox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Forangoo.com\u002Flabs\u002FGreyBox\u002F\" rel=\"nofollow ugc\">Greybox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.nickstakenburg.com\u002Fprojects\u002Flightview\u002F\" rel=\"nofollow ugc\">Lightview\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.balupton.com\u002Fsandbox\u002Fjquery_lightbox\u002F\" rel=\"nofollow ugc\">jQuery Lightbox Plugin\u003C\u002Fa> (balupton edition)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fleandrovieira.com\u002Fprojects\u002Fjquery\u002Flightbox\u002F\" rel=\"nofollow ugc\">jQuery Lightbox Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.laptoptips.ca\u002Fprojects\u002Fwp-shutter-reloaded\u002F\" rel=\"nofollow ugc\">Shutter Reloaded\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fmjijackson.com\u002Fshadowbox\u002Findex.html\" rel=\"nofollow ugc\">Shadowbox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ffancy.klade.lv\" rel=\"nofollow ugc\">FancyBox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fkrewenki\u002Fjquery-lightbox\u002Ftree\u002Fmaster\" rel=\"nofollow ugc\">jQuery Lightbox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.stickmanlabs.com\u002Flightwindow\" rel=\"nofollow ugc\">LightWindow\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.cabel.name\u002F2008\u002F02\u002Ffancyzoom-10.html\" rel=\"nofollow ugc\">FancyZoom\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Frandomous.com\u002Ffloatbox\u002Fhome\" rel=\"nofollow ugc\">Floatbox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fcolorpowered.com\u002Fcolorbox\" rel=\"nofollow ugc\">Colorbox\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.no-margin-for-errors.com\u002Fprojects\u002Fprettyphoto-jquery-lightbox-clone\" rel=\"nofollow ugc\">prettyPhoto\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cp>If you need professional plugin support from me, the plugin author, you can access the support forums at \u003Ca href=\"http:\u002F\u002Fthemehybrid.com\u002Fsupport\" rel=\"nofollow ugc\">Theme Hybrid\u003C\u002Fa>, which is a professional WordPress help\u002Fsupport site where I handle support for all my plugins and themes for a community of 40,000+ users (and growing).\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustintadlock\u002Fcleaner-gallery\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Yes, I do accept donations.  If you want to buy me a beer or whatever, you can do so from my \u003Ca href=\"http:\u002F\u002Fthemehybrid.com\u002Fdonate\" rel=\"nofollow ugc\">donations page\u003C\u002Fa>.  I appreciate all donations, no matter the size.  Further development of this plugin is not contingent on donations, but they are always a nice incentive.\u003C\u002Fp>\n","A cleaner WordPress [gallery] that integrates with multiple Lightbox-type scripts.",2000,216255,96,23,"2017-11-28T16:13:00.000Z","3.9",[20,22,23,88,89],"lightbox","slimbox","http:\u002F\u002Fthemehybrid.com\u002Fplugins\u002Fcleaner-gallery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcleaner-gallery.1.1.0.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":110,"download_link":111,"security_score":112,"vuln_count":28,"unpatched_count":28,"last_vuln_date":113,"fetched_at":30},"facebook-photo-fetcher","Social Photo Fetcher","3.0.4","JK","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustin_k\u002F","\u003Cp>Social Photo Fetcher (previously called “Facebook Photo Fetcher”) allows you to quickly and easily generate WordPress photo galleries from Facebook albums.\u003C\u002Fp>\n\u003Cp>The idea was inspired by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffotobook\u002F\" rel=\"ugc\">Fotobook\u003C\u002Fa>, though its approach is fundamentally different: while Fotobook’s emphasis is on automation, this plugin allows a great deal of customization.  With it you can create galleries in any Post or Page you like, right alongside your regular content. You do this simply by putting a “magic HTML tag” in the post’s content – much like \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FGallery_Shortcode\" rel=\"nofollow ugc\">WordPress Shortcode\u003C\u002Fa>. Upon saving, the tag will instantly be populated with the Facebook album content. Presentation is fully customizable via parameters to the “magic tag” – you can choose to show only a subset of an album’s photos, change the number of photos per column, show photo captions, and more.  Plus, Social Photo Fetcher doesn’t limit you to just your own albums: it can create galleries from fanpages as well.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses Facebook’s API to instantly create WordPress photo galleries from Facebook albums.\u003C\u002Fli>\n\u003Cli>Galleries are fully customizable: you can import complete albums, select excerpts, random excerpts, album descriptions, photo captions, and more.\u003C\u002Fli>\n\u003Cli>Galleries can be organized however you like: in any post or page, alone or alongside your other content.\u003C\u002Fli>\n\u003Cli>Simple PHP template function allows programmers to manually embed albums in any template or widget.\u003C\u002Fli>\n\u003Cli>Built-in LightBox: Photos appear in attractive pop-up overlays without the need for any other plugins.\u003C\u002Fli>\n\u003Cli>Admin panel handles all the setup for you: Just login and you’re ready to start making albums.\u003C\u002Fli>\n\u003Cli>No custom database tables required; galleries live in regular post content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a Demo Gallery, see the \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher\" rel=\"nofollow ugc\">plugin’s homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Many hours have gone into developing & maintaining this plugin, far beyond my own personal needs. If you find it useful, please consider \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher\u002F#donate\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> to help support its continued development.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses the Facebook API to fetch photo albums from Facebook. Facebook’s security rules require that apps must authorize from one specific, known location. In order comply with this requirement, when you first authorize the plugin from its admin panel, a Facebook dialog will be initiated via my own authentication server. The dialog itself is shown directly by Facebook, and Facebook handles the entire login process – no personal information will be transferred via my server, as Facebook only supplies a single-use token which I then hand back to your site to be stored. This is what the plugin uses in order to fetch the photos. For more information about how the Facebook authorization process works, please see \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fdocs\u002Ffacebook-login\u002Fweb\" rel=\"nofollow ugc\">Facebook’s documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Usage of this plugin means the site administrator is consenting to \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php\" rel=\"nofollow ugc\">Facebook’s data policy\u003C\u002Fa>. Fetched album data will be stored in your WordPress database, in posts or pages of your choosing. It can be removed by deleting those posts or pages. You are solely responsible for the security and protection of the fetched data, as it resides on and is hosted within your own WordPress site.\u003C\u002Fp>\n\u003Cp>I do not store or process any of your data.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please direct all support requests \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher#feedback\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Allows you to automatically create Wordpress photo galleries from Facebook albums.  Simple to use and highly customizable.",1000,258658,74,12,"2024-04-04T23:45:00.000Z","6.5.8","2.5",[108,20,22,109,24],"facebook","photos","https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-photo-fetcher.3.0.4.zip",70,"2025-12-08 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":14,"last_updated":125,"tested_up_to":126,"requires_at_least":106,"requires_php":18,"tags":127,"homepage":129,"download_link":130,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"thickbox","ThickBox","1.6.1","Christian Schenk","https:\u002F\u002Fprofiles.wordpress.org\u002Fchschenk\u002F","\u003Cp>Allows you to embed ThickBox into your blog. Simply insert ThickBox compliant markup\u003Cbr \u002F>\nwhere ever you want and you’re all set. It is a pretty lightweight plugin but here\u003Cbr \u002F>\nare some of its features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>comes with an expert mode that allows you include the JavaScript and CSS for ThickBox only on those pages that actually need it\u003C\u002Fli>\n\u003Cli>you can opt to use the script and style already bundled with WordPress\u003C\u002Fli>\n\u003Cli>automatically adds the correct class attribute when using the gallery shortcode\u003C\u002Fli>\n\u003Cli>and also contains SmoothBox\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL.\u003C\u002Fp>\n","Embed ThickBox into your posts and pages.",200,97645,52,"2014-06-21T10:43:00.000Z","3.9.40",[20,22,24,128,115],"smoothbox","http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-thickbox-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthickbox.1.6.1.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":13,"downloaded":139,"rating":140,"num_ratings":47,"last_updated":141,"tested_up_to":142,"requires_at_least":17,"requires_php":18,"tags":143,"homepage":18,"download_link":146,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"easy-gallery-slider","Easy Gallery Slider","0.6.6","iNexi","https:\u002F\u002Fprofiles.wordpress.org\u002Finexi\u002F","\u003Cp>This slider is easy to use, but powerful. It is designed to be responsive, and works perfectly with mobile devices. It can be automatically displayed on posts and pages, inserted by shortcode or PHP. The slides are pulled on each post from the attached images (gallery).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically display slider for every post and\u002For page\u003C\u002Fli>\n\u003Cli>Slides are created from images attached to the post\u002Fpage it is displayed on (WordPress Gallery)\u003C\u002Fli>\n\u003Cli>Responsive slider performs the same on every platform (desktop or mobile)\u003C\u002Fli>\n\u003Cli>Fade or slide effects\u003C\u002Fli>\n\u003Cli>Navigation with buttons, “dots”, keyboard, scroll-wheel, automatic timer\u003C\u002Fli>\n\u003Cli>Show titles and descriptions with an overlay\u003C\u002Fli>\n\u003Cli>Link individual slides to any URL\u003C\u002Fli>\n\u003Cli>Show a “zoom” button to integrate with a Lightbox plugin\u003C\u002Fli>\n\u003Cli>Many options available through an easy to use admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please visit my homepage to submit bug reports and feature requests.\u003C\u002Fp>\n\u003Cp>Plugin Homepage: \u003Ca href=\"http:\u002F\u002Finexi.com\u002Fwordpress\" title=\"iNexi: WordPress Plugins\" rel=\"nofollow ugc\">iNexi.com\u003C\u002Fa>\u003C\u002Fp>\n","Responsive slider uses the images attached to a post or page. Simple to customize and configure.",36461,80,"2012-09-26T06:32:00.000Z","3.4.2",[20,22,24,144,145],"responsive","slider","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-gallery-slider.0.6.6.zip",{"attackSurface":148,"codeSignals":179,"taintFlows":227,"riskAssessment":294,"analyzedAt":310},{"hooks":149,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":178,"entryPointCount":28,"unprotectedCount":72},[150,156,160,164,167],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_menu","tp_gallery_settings","tp_gallery_slider.php",284,{"type":151,"name":157,"callback":158,"file":154,"line":159},"init","tp_gallery_update",285,{"type":151,"name":161,"callback":162,"file":154,"line":163},"wp_footer","tp_gallery_slider_footer",295,{"type":151,"name":157,"callback":165,"file":154,"line":166},"tp_enqueue_scripts",296,{"type":151,"name":168,"callback":169,"file":154,"line":170},"wp_head","tp_stylesheet",302,[],[],[174],{"tag":175,"callback":176,"file":154,"line":177},"tp_gallery","tp_gallery_slider",293,[],{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":72,"externalRequests":72,"nonceChecks":72,"capabilityChecks":72,"bundledLibraries":226},[],{"prepared":72,"raw":72,"locations":182},[],{"escaped":72,"rawEcho":62,"locations":184},[185,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224],{"file":154,"line":186,"context":187},101,"raw output",{"file":154,"line":189,"context":187},105,{"file":154,"line":191,"context":187},144,{"file":154,"line":193,"context":187},155,{"file":154,"line":195,"context":187},156,{"file":154,"line":197,"context":187},176,{"file":154,"line":199,"context":187},178,{"file":154,"line":201,"context":187},183,{"file":154,"line":203,"context":187},198,{"file":154,"line":205,"context":187},234,{"file":154,"line":207,"context":187},244,{"file":154,"line":209,"context":187},245,{"file":154,"line":211,"context":187},246,{"file":154,"line":213,"context":187},247,{"file":154,"line":215,"context":187},248,{"file":154,"line":217,"context":187},252,{"file":154,"line":219,"context":187},334,{"file":154,"line":221,"context":187},345,{"file":154,"line":223,"context":187},346,{"file":154,"line":225,"context":187},383,[],[228,274],{"entryPoint":229,"graph":230,"unsanitizedCount":14,"severity":273},"tp_gallery_update (tp_gallery_slider.php:270)",{"nodes":231,"edges":266},[232,237,242,246,248,252,254,258,260,264],{"id":233,"type":234,"label":235,"file":154,"line":236},"n0","source","$_POST['tp_width']",274,{"id":238,"type":239,"label":240,"file":154,"line":236,"wp_function":241},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":243,"type":234,"label":244,"file":154,"line":245},"n2","$_POST['tp_height']",275,{"id":247,"type":239,"label":240,"file":154,"line":245,"wp_function":241},"n3",{"id":249,"type":234,"label":250,"file":154,"line":251},"n4","$_POST['tp_select_change']",276,{"id":253,"type":239,"label":240,"file":154,"line":251,"wp_function":241},"n5",{"id":255,"type":234,"label":256,"file":154,"line":257},"n6","$_POST['tp_display_alt']",277,{"id":259,"type":239,"label":240,"file":154,"line":257,"wp_function":241},"n7",{"id":261,"type":234,"label":262,"file":154,"line":263},"n8","$_POST['tp_description_position']",278,{"id":265,"type":239,"label":240,"file":154,"line":263,"wp_function":241},"n9",[267,269,270,271,272],{"from":233,"to":238,"sanitized":268},false,{"from":243,"to":247,"sanitized":268},{"from":249,"to":253,"sanitized":268},{"from":255,"to":259,"sanitized":268},{"from":261,"to":265,"sanitized":268},"low",{"entryPoint":275,"graph":276,"unsanitizedCount":14,"severity":273},"\u003Ctp_gallery_slider> (tp_gallery_slider.php:0)",{"nodes":277,"edges":288},[278,279,280,281,282,283,284,285,286,287],{"id":233,"type":234,"label":235,"file":154,"line":236},{"id":238,"type":239,"label":240,"file":154,"line":236,"wp_function":241},{"id":243,"type":234,"label":244,"file":154,"line":245},{"id":247,"type":239,"label":240,"file":154,"line":245,"wp_function":241},{"id":249,"type":234,"label":250,"file":154,"line":251},{"id":253,"type":239,"label":240,"file":154,"line":251,"wp_function":241},{"id":255,"type":234,"label":256,"file":154,"line":257},{"id":259,"type":239,"label":240,"file":154,"line":257,"wp_function":241},{"id":261,"type":234,"label":262,"file":154,"line":263},{"id":265,"type":239,"label":240,"file":154,"line":263,"wp_function":241},[289,290,291,292,293],{"from":233,"to":238,"sanitized":268},{"from":243,"to":247,"sanitized":268},{"from":249,"to":253,"sanitized":268},{"from":255,"to":259,"sanitized":268},{"from":261,"to":265,"sanitized":268},{"summary":295,"deductions":296},"The tp-gallery-slider plugin version 1.2 exhibits a mixed security posture. While it avoids dangerous functions, raw SQL, file operations, and external HTTP requests, significant concerns arise from its output handling and vulnerability history.  The static analysis reveals that 100% of outputs are not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.  This is further supported by the plugin's vulnerability history, which shows one unpatched high-severity CVE specifically related to XSS.  The presence of unsanitized paths in taint flows, although not classified as critical or high, adds to the potential for insecure data handling.  The absence of nonce checks and capability checks on its single shortcode entry point is also a weakness.  In conclusion, despite some good practices in preventing certain types of vulnerabilities, the critical issue of unescaped output and the historical pattern of XSS vulnerabilities represent a substantial risk that needs immediate attention.",[297,300,303,305,307],{"reason":298,"points":299},"Unpatched High Severity CVE",18,{"reason":301,"points":302},"100% of outputs are not properly escaped",7,{"reason":304,"points":14},"No nonce checks on entry points",{"reason":306,"points":14},"No capability checks on entry points",{"reason":308,"points":309},"Taint flows with unsanitized paths",4,"2026-03-16T21:53:19.709Z",{"wat":312,"direct":325},{"assetPaths":313,"generatorPatterns":322,"scriptPaths":323,"versionParams":324},[314,315,316,317,318,319,320,321],"\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Fimages\u002Fimage_01_large.jpg","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Fimages\u002Fimage_01_thumb.jpg","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Fimages\u002Fimage_02_thumb.jpg","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Fimages\u002Fimage_03_thumb.jpg","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Fimages\u002Fimage_04_thumb.jpg","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Fimages\u002Fimage_05_thumb.jpg","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Ficons\u002Fcut.png","\u002Fwp-content\u002Fplugins\u002Ftp-gallery-slider\u002Ficons\u002Fpic.png",[],[],[],{"cssClasses":326,"htmlComments":330,"htmlAttributes":333,"restEndpoints":345,"jsGlobals":346,"shortcodeOutput":347},[327,176,328,329],"tp_change","tp_preview","tp_panel",[331,332],"\u003C!-- icon32 -->","\u003C!-- description -->",[334,335,336,337,338,339,340,341,342,343,344],"id=\"tp_width\"","id=\"tp_height\"","id=\"tp_thumbs\"","id=\"largeImage\"","id=\"description\"","id=\"tp_panel\"","class=\"tp_change\"","class=\"tp_gallery_slider\"","class=\"tp_preview\"","name=\"tp_gallery_form_submit\"","value=\"true\"",[],[],[348,349],"[tp_gallery]","[tp_gallery post_id=\"id\"]"]