[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqwIkG-_bz8NTC_FGl7kX8Xt01Jej25zRNF3DC1ay5-c":3,"$fjbMTsexPJNWtnZk5YIvW6CoFGY0d6QmCfOyUUUAaLsI":693,"$fZ2gptkUqRfhh4gXvcMoQ_Gw0inWVmr73QsuUV1qtauA":697},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":69,"analysis":171,"fingerprints":655},"tz-plus-gallery","TZ Plus Gallery","1.5.5","tuyennv","https:\u002F\u002Fprofiles.wordpress.org\u002Ftuyennv\u002F","\u003Cp>TZ Plus Gallery display all your albums from social source Facebook, Flickr, Instagram, Google+ and WordPress on your site.\u003Cbr \u002F>\n You can post your photos every where, every time from your mobile device to Facebook, Flickr, Instagram and Google+. it will auto added on your website.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display your albums from online source like Facebook, Instagram, Google + or Flickr to your site’s gallery.\u003C\u002Fli>\n\u003Cli>Supported WordPress albums.\u003C\u002Fli>\n\u003Cli>Manage gallery by including\u002Fexcluding albums, limit the number of pictures to be display in each album.\u003C\u002Fli>\n\u003Cli>Unlimited gallery display on your site.\u003C\u002Fli>\n\u003Cli>Display multiple albums in one page or post.\u003C\u002Fli>\n\u003Cli>Compatible with Tablet, Smart phone.\u003C\u002Fli>\n\u003Cli>Compatible with Visual Composer plugin.\u003C\u002Fli>\n\u003Cli>Options choose number of columns.\u003C\u002Fli>\n\u003Cli>Options choose color style.\u003C\u002Fli>\n\u003Cli>Options padding of albums or photos.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fplusgallery.templaza.net\u002Fcoffee-grid-facebook\u002F\" title=\"Facebook Fanpage Albums\" rel=\"nofollow ugc\">Facebook Fanpage Albums\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fplusgallery.templaza.net\u002Fcoffee-grid-google\u002F\" title=\"Google+ Albums\" rel=\"nofollow ugc\">Google+ Albums\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fplusgallery.templaza.net\u002Fcoffee-grid-instagram\u002F\" title=\"Instagram Albums\" rel=\"nofollow ugc\">Instagram Albums\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fplusgallery.templaza.net\u002Fcoffee-grid-flickr\u002F\" title=\"Flickr Albums\" rel=\"nofollow ugc\">Flickr Albums\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fplusgallery.templaza.net\u002F\" title=\"Pro Version\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>\u003C\u002Fp>\n","TZ Plus Gallery - Display WordPress albums, social gallery like Facebook, Flickr, Instagram and Google+.",300,15614,92,10,"2020-10-18T05:15:00.000Z","5.4.19","3.0.1","",[20,21,22,23,24],"gallery","plugins","social-gallery","social-plugin","wordpress-albums","http:\u002F\u002Fwww.templaza.com\u002Ftz-plus-gallery\u002F593.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.zip",42,2,"2025-09-22 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33,50],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-57974","tz-plusgallery-authenticated-editor-stored-cross-site-scripting","TZ PlusGallery \u003C= 1.5.5 - Authenticated (Editor+) Stored Cross-Site Scripting","The TZ PlusGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.5.5","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 16:09:01",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8e1ede84-05f5-4eae-97de-63b32b62bad3?source=api-prod",[],false,0,{"id":51,"url_slug":52,"title":53,"description":54,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":38,"patch_diff_files":62,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-31756","tz-plusgallery-cross-site-request-forgery","TZ PlusGallery \u003C= 1.5.5 - Cross-Site Request Forgery","The TZ Plus Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-01 00:00:00","2025-04-08 18:31:43",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8141f6c1-f5f3-465e-94e8-f1df9b36ecf0?source=api-prod",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":66,"computed_at":68},7,1270,80,30,"2026-05-20T04:04:06.358Z",[70,95,120,139,157],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":13,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":18,"tags":84,"homepage":90,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":49,"last_vuln_date":94,"fetched_at":30},"slideshow-gallery","Slideshow Gallery LITE","1.8.5","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>Feature content in beautiful and fast JavaScript powered slideshow gallery showcases on your WordPress website.\u003C\u002Fp>\n\u003Cp>You can easily display multiple galleries throughout your WordPress website displaying your custom added slides, slide galleries or showing slides from WordPress posts\u002Fpages.\u003C\u002Fp>\n\u003Cp>The slideshow is flexible, all aspects can easily be configured and embedding\u002Fhardcoding the slideshow gallery is a breeze.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Ftribulant.net\u002Fslideshowgallery\u002F\" rel=\"nofollow ugc\">online demonstration\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here are several ways to display a slideshow:\u003C\u002Fp>\n\u003Ch4>Shortcode for all slides\u003C\u002Fh4>\n\u003Cp>To embed a slideshow with all slides under \u003Cstrong>Slideshow > Manage Slides\u003C\u002Fstrong> in the plugin, simply insert the shortcode below into the content of a post\u002Fpage.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode for featured posts\u003C\u002Fh4>\n\u003Cp>You can create a slideshow from featured posts, each post being a slide and it’s featured image used as the slide image. The link of the slide will be the link of the post so clicking on the slide will take users to that post.\u003C\u002Fp>\n\u003Cp>Here is a sample shortcode that you can use for this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow featured=\"true\" featurednumber=\"10\" featuredtype=\"post\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode for a gallery’s slides\u003C\u002Fh4>\n\u003Cp>To embed a slideshow with slides from a specific gallery under \u003Cstrong>Slideshow > Manage Galleries\u003C\u002Fstrong> in the plugin, simply insert the shortcode below (where X is the ID value of the gallery) into the content of a post\u002Fpage.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow gallery_id=\"X\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode for the images of a WordPress post\u002Fpage\u003C\u002Fh4>\n\u003Cp>To embed a slideshow with the images uploaded to a WordPress post\u002Fpage through it’s media gallery, simply insert the shortcode below (where X is the ID value of the post). Whether you want to display the images from a post or a page, the parameter remains \u003Ccode>post_id\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow post_id=\"X\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode for latest\u002Ffeatured products\u003C\u002Fh4>\n\u003Cp>In order to display latest or featured products in a slideshow, you need the \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F10\u002F\" title=\"WordPress Shopping Cart\" rel=\"nofollow ugc\">Shopping Cart plugin\u003C\u002Fa> from Tribulant. Once you have this installed and activated, you can easily display recent or featured products. To display recent products use the shortcode below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow products=\"latest\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And to display featured products, use the one below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow products=\"featured\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For both, you can use the \u003Ccode>productsnumber\u003C\u002Fcode> parameter to limit the number of products eg.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tribulant_slideshow products=\"latest\" productsnumber=\"5\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Hardcode into any plugin\u002Ftheme with PHP\u003C\u002Fh4>\n\u003Cp>To hardcode into any PHP file of your WordPress theme, simply use\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php if (function_exists('slideshow')) { slideshow($output = true, $gallery_id = false, $post_id = false, $params = array()); } ?>.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Parameters for shortcode\u002Fhardcode to customize each slideshow\u003C\u002Fh4>\n\u003Cp>You can use any of the following parameters with both the hardcoding and shortcode to customize each slideshow gallery:\u003C\u002Fp>\n\u003Cp>Shortcode example 1:\u003Cbr \u002F>\n    [tribulant_slideshow layout=”responsive” gallery_id=”3″ auto=”true” navopacity=”0″ showthumbs=”true”]\u003C\u002Fp>\n\u003Cp>Shortcode example 2:\u003Cbr \u002F>\n    [tribulant_slideshow layout=”specific” post_id=”379″ width=”600″ height=”300″ auto=”false” showinfo=”false”]\u003C\u002Fp>\n\u003Cp>Hardcode example 1:\u003Cbr \u002F>\n     “responsive”, ‘auto’ => “true”, ‘navopacity’ => “0”, ‘showthumbs’ => “true”)); ?>\u003C\u002Fp>\n\u003Cp>Hardcode example 2:\u003Cbr \u002F>\n     “specific”, ‘width’ => “600”, ‘height’ => “300”, ‘auto’ => “false”, ‘showinfo’ => “false”)); ?>\u003C\u002Fp>\n\u003Cp>This way you can customize each slideshow you embed or hardcode, despite the settings you saved under \u003Cstrong>Slideshow > Settings\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>effect\u003C\u002Fcode> [ fade | slide ] = Choose the transition effect of the slideshow. Either fade or slide\u003C\u002Fli>\n\u003Cli>\u003Ccode>slide_direction\u003C\u002Fcode> [ lr | tb ] = If you’re using \u003Ccode>slide\u003C\u002Fcode> for the \u003Ccode>effect\u003C\u002Fcode>, you can choose left\u002Fright or top\u002Fbottom sliding\u003C\u002Fli>\n\u003Cli>\u003Ccode>easing\u003C\u002Fcode> [ swing ] = Choose the easing effect you’d like. The default is \u003Ccode>swing\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>products\u003C\u002Fcode> [ latest | featured ] = String “latest” or “featured” to display products from the \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F10\u002F\" rel=\"nofollow ugc\">Checkout plugin\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>productsnumber\u003C\u002Fcode> [ productsnumber ] = Numeric\u002Finteger to limit the number of products to display.\u003C\u002Fli>\n\u003Cli>\u003Ccode>featured\u003C\u002Fcode> [ true | false ] = Show posts with their featured images \u003C\u002Fli>\n\u003Cli>\u003Ccode>featurednumber\u003C\u002Fcode> [ number ] = A numeric\u002Finteger value. The default is 10\u003C\u002Fli>\n\u003Cli>\u003Ccode>featuredtype\u003C\u002Fcode> [ post_type ] = A post type slug like ‘post’, ‘page’, etc. The default is ‘post’\u003C\u002Fli>\n\u003Cli>\u003Ccode>gallery_id\u003C\u002Fcode> [ gallery_id ] = Numeric\u002Finteger ID of a gallery to display images from.\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_id\u003C\u002Fcode> [ post_id ] = Numeric\u002Finteger ID of a post to take images from it, uploaded through it’s “Add Media” button.\u003C\u002Fli>\n\u003Cli>\u003Ccode>numberposts\u003C\u002Fcode> [ numberposts ] = Numeric value of the number of images to take from the post\u002Fpage. “-1” for unlimited\u002Fall\u003C\u002Fli>\n\u003Cli>\u003Ccode>layout\u003C\u002Fcode> [ responsive | specific ] = Set to ‘responsive’ for mobile\u002Ftablet compatible theme and ‘specific’ for fixed width\u002Fheight.\u003C\u002Fli>\n\u003Cli>\u003Ccode>resizeimages\u003C\u002Fcode> [ true | false ] = Set to ‘true’ to resize images to fit the slideshow dimensions.\u003C\u002Fli>\n\u003Cli>\u003Ccode>imagesoverlay\u003C\u002Fcode> [ true | false ] (default: setting) = Set to ‘true’ to display links of slides that are images in a Colorbox overlay on the page.\u003C\u002Fli>\n\u003Cli>\u003Ccode>orderby\u003C\u002Fcode> [ random ] = Set to ‘random’ to randomly order the slides. Leave this shortcode parameter to order by the order set on the slides.\u003C\u002Fli>\n\u003Cli>\u003Ccode>width\u003C\u002Fcode> [ width | auto ] = (only with layout=”specific”) Width of the slideshow in pixels. Don’t specify ‘px’ part, just the numeric value for the height.\u003C\u002Fli>\n\u003Cli>\u003Ccode>resheight\u003C\u002Fcode> [ resheight ] = (only with layout=”responsive”) Numeric\u002Finteger value such as “30” to be used with ‘resheighttype’ below\u003C\u002Fli>\n\u003Cli>`resheighttype [ resheighttype ] = (only with layout=”responsive”) “px” (pixels) or “%” (percent) as the value e.g., resheighttype=”%”\u003C\u002Fli>\n\u003Cli>\u003Ccode>height\u003C\u002Fcode> [ height ] (only with layout=”specific”; default: setting) = Height of the slideshow in pixels. Don’t specify the ‘px’ part, just the numeric value for the height.\u003C\u002Fli>\n\u003Cli>\u003Ccode>autoheight\u003C\u002Fcode> [ true | false ] = Should the gallery adjust it’s height for each slide?\u003C\u002Fli>\n\u003Cli>\u003Ccode>auto\u003C\u002Fcode> [ true | false ] (default: setting) = Set this to ‘true’ to automatically slide the slides in the slideshow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>autospeed\u003C\u002Fcode> [ speed ] (default: setting) = Speed of the auto sliding. 10 is normal. Lower number is faster. Between 5 and 15 is recommended.\u003C\u002Fli>\n\u003Cli>\u003Ccode>fadespeed\u003C\u002Fcode> [ speed ] (default: setting) = Speed of the fading of images. 10 is normal. Lower number is faster. Between 1 and 20 is recommended.\u003C\u002Fli>\n\u003Cli>\u003Ccode>shownav\u003C\u002Fcode> [ true | false ] (default: setting) = Set to ‘true’ to show the next\u002Fprevious image navigation buttons.\u003C\u002Fli>\n\u003Cli>\u003Ccode>navopacity\u003C\u002Fcode> [ opacity ] (default: setting) = The opacity of the next\u002Fprevious buttons. Between 0 and 100 with 0 being transparent and 100 being fully opaque.\u003C\u002Fli>\n\u003Cli>\u003Ccode>navhoveropacity\u003C\u002Fcode> [ opacity ] (default: setting) = The opacity of the next\u002Fprevious buttons on hovering. Between 0 and 100 with 0 being transparent and 100 being fully opaque.\u003C\u002Fli>\n\u003Cli>\u003Ccode>showinfo\u003C\u002Fcode> [ true | false ] (default: setting) = Set to ‘true’ to show the information bar for each slide.\u003C\u002Fli>\n\u003Cli>\u003Ccode>infospeed\u003C\u002Fcode> [ speed ] (default: setting) = Speed at which the information bar will slide up. Between 5 and 15 is recommended.\u003C\u002Fli>\n\u003Cli>\u003Ccode>showthumbs\u003C\u002Fcode> [ true | false ] (default: setting) = Set to ‘true’ to show the thumbnails for the slides.\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumbsposition\u003C\u002Fcode> [ top | bottom ] (default: setting) = Set to “top” to show above the slideshow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumbsborder\u003C\u002Fcode> [ hexidecimal color ] (default: setting) = Hex color of the active thumb border. For example #333333.\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumbsspeed\u003C\u002Fcode> [ speed> ] (default: setting) = Speed of the thumbnail bar scrolling. Lower is slower. Between 1 and 20 is recommended.\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumbsspacing\u003C\u002Fcode> [ spacing ] (default: setting) = An integer value in pixels to space the thumbnails apart. Don’t include the ‘px’ part, just the number. Between 0 and 10 is recommended.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>Thank you to these wonderful people who contributed to translating the Slideshow Gallery plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Afrikaans (af_ZA) by \u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Antonie Potgieter | Tribulant\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Slovak (sk_SK) by Branco Radenovich\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa> to submit your language file and be mentioned here!\u003C\u002Fp>\n","Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website.",6000,776561,742,"2025-10-29T17:16:00.000Z","6.8.5","3.1",[85,86,87,88,89],"image-gallery","slides","slideshow","wordpress-plugins","wordpress-slideshow-gallery","https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F13\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslideshow-gallery.1.8.5.zip",90,17,"2024-09-30 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":28,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":18,"tags":109,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":49,"last_vuln_date":119,"fetched_at":30},"og-tags","OG Tags","2.0.2","Mário Valney","https:\u002F\u002Fprofiles.wordpress.org\u002Fmariovalney\u002F","\u003Cp>Features of “OG Tags”:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Include type of object to Open Graph API (“website” for home and “article” for posts).\u003C\u002Fli>\n\u003Cli>Include the tags with properties in the page according with Open Graph API documentation.\u003C\u002Fli>\n\u003Cli>Include your ID as administrator for Social Plugins like Comments.\u003C\u002Fli>\n\u003Cli>Include your Page as publisher for Open Graph’s object.\u003C\u002Fli>\n\u003Cli>Include a default image to Home and posts without Featured Image.\u003C\u002Fli>\n\u003Cli>Use Featured Image how og:image (i.e. it will appear on Facebook’ Feed).\u003C\u002Fli>\n\u003Cli>Simple page with less configurations. We want to be simple! Automatic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Language:\u003C\u002Fp>\n\u003Cp>Open Graph does not make difference about languages, but the Documentation and the Options Page are in Brazilian Portuguese.\u003Cbr \u002F>\nPlease! Help translating to English.\u003C\u002Fp>\n","OG Tags includes the tags necessary to integrate your website to Facebook with almost no configuration. Automatic. Simple.",2000,59597,100,"2025-09-06T21:22:00.000Z","5.8.13","3.5",[110,111,112,113,114],"facebook","open-graph","social","social-plugins","tags","http:\u002F\u002Fprojetos.mariovalney.com\u002Fog-tags","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fog-tags.2.0.2.zip",99,1,"2021-09-28 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":105,"downloaded":128,"rating":105,"num_ratings":28,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":18,"download_link":137,"security_score":138,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"nextgen-gallery-colorboxer","NextGEN Gallery ColorBoxer","1.0","Mark Jeldi","https:\u002F\u002Fprofiles.wordpress.org\u002Fmark-jeldi\u002F","\u003Ch4>NextGEN Gallery ColorBoxer\u003C\u002Fh4>\n\u003Cp>NextGEN Gallery ColorBoxer automatically integrates the cool ColorBox lightbox effect with your NextGEN galleries, and only loads ColorBox’s scripts and styles when a gallery shortcode is present, improving your site’s page load speed.\u003C\u002Fp>\n\u003Cp>Note: For optimization of NextGEN Gallery’s scripts and styles, please see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnextgen-gallery-optimizer\u002F\" rel=\"ugc\">NextGEN Gallery Optimizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you have any questions, suggestions, ideas or feedback, please email me at mark@markstechnologynews.com\u003C\u002Fp>\n\u003Ch4>Key features:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>One-click install of the ColorBox lightbox to display your images in style.\u003C\u002Fli>\n\u003Cli>Only loads ColorBox’s scripts and styles when a gallery shortcode is present.\u003C\u002Fli>\n\u003Cli>Helps improve your site’s page load speed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>NextGEN Gallery Fancyboxer also includes a couple of compatibility fixes right off the bat, including:\u003C\u002Fp>\n\u003Col>\n\u003Cli>ColorBox not working in IE6\u003C\u002Fli>\n\u003Cli>Conflicts with the jQuery $ selector in ColorBox’s invocation code\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>WordPress version 3.1 or later\u003C\u002Fli>\n\u003Cli>NextGEN Gallery version 1.6.2 or later\u003C\u002Fli>\n\u003C\u002Fol>\n","One-click ColorBox lightbox integration with NextGEN Gallery. Only loads when a gallery shortcode is present.",24949,"2012-05-25T22:42:00.000Z","3.3.2","3.1.2",[133,134,135,121,136],"nextgen","nextgen-gallery","nextgen-gallery-addons","nextgen-gallery-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnextgen-gallery-colorboxer.1.0.zip",85,{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":105,"downloaded":147,"rating":105,"num_ratings":148,"last_updated":149,"tested_up_to":150,"requires_at_least":131,"requires_php":18,"tags":151,"homepage":153,"download_link":154,"security_score":155,"vuln_count":118,"unpatched_count":118,"last_vuln_date":156,"fetched_at":30},"nextgen-gallery-search-galleries","NextGEN Gallery Search","2.12","Koen Schuit","https:\u002F\u002Fprofiles.wordpress.org\u002Fkoelio\u002F","\u003Ch4>NextGEN Gallery – Search Galleries\u003C\u002Fh4>\n\u003Cp>NextGEN Gallery – Search Galleries adds a search option to the existing NextGEN Gallery menu.\u003C\u002Fp>\n\u003Cp>With this search option you can quickly and easily search through your galleries so you don’t have to go through a whole listst of galleries.\u003Cbr \u002F>\nThe output of the search will show in a table similar to the manage galleries page and will provide a link to that gallery.\u003C\u002Fp>\n\u003Cp>NextGEN Gallery – Search Galleries even adds an option to search in the description which can be helpfull if you don’t remember the name.\u003C\u002Fp>\n\u003Cp>And NextGEN Gallery – Search Galleries also has the ability to search for part of the name or description.\u003Cbr \u002F>\nFor instance: \u003Cstrong>int\u003C\u002Fstrong> will find \u003Cstrong>int\u003C\u002Fstrong>ernet, but also w\u003Cstrong>int\u003C\u002Fstrong>er, ballpo\u003Cstrong>int\u003C\u002Fstrong>, sa\u003Cstrong>int\u003C\u002Fstrong>s etc.\u003C\u002Fp>\n\u003Cp>Please note: this plugin requires NextGEN Gallery installed.\u003C\u002Fp>\n\u003Ch4>Key features:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Find galleries easily!\u003C\u002Fli>\n\u003Cli>Search for name or description.\u003C\u002Fli>\n\u003Cli>Outputs a link to the gallery.\u003C\u002Fli>\n\u003C\u002Fol>\n","Search a gallery within the NextGEN galleries including description search.",18800,5,"2015-08-10T15:06:00.000Z","4.2.39",[133,134,135,136,152],"nextgen-gallery-search","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnextgen-gallery-search-galleries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnextgen-gallery-search-galleries.zip",63,"2025-08-25 00:00:00",{"slug":158,"name":159,"version":123,"author":160,"author_profile":161,"description":162,"short_description":163,"active_installs":67,"downloaded":164,"rating":165,"num_ratings":148,"last_updated":166,"tested_up_to":167,"requires_at_least":131,"requires_php":18,"tags":168,"homepage":18,"download_link":170,"security_score":138,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"ng-gallery-optimizer-modified","NG Gallery Optimizer Modified","Kiran Antony","https:\u002F\u002Fprofiles.wordpress.org\u002Fkiranantony\u002F","\u003Ch4>Ng Gallery Optimizer Modified\u003C\u002Fh4>\n\u003Cp>It is a modified version of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnextgen-gallery-optimizer\u002F\" rel=\"ugc\">Nextgen Gallery optimizer plugin\u003C\u002Fa> ,which only gives support for “nggallery” shortcode for free.\u003C\u002Fp>\n\u003Cp>It improves your site’s page load speed by ensuring NextGEN Gallery’s scripts and styles ONLY load on posts with the nextgen galley shortcode.\u003C\u002Fp>\n\u003Cp>It also includes and \u003Cem>automatically\u003C\u002Fem>-integrates the fantastic \u003Ca href=\"http:\u002F\u002Ffancybox.net\" rel=\"nofollow ugc\">Fancybox\u003C\u002Fa> lightbox script, so now you can have gorgeous galleries AND a speedy site! *Requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnextgen-gallery\" rel=\"ugc\">NextGEN Gallery\u003C\u002Fa> 1.6.2 and up.\u003C\u002Fp>\n\u003Cp>Supports all ten shortcodes of Nextgen Gallery  [nggallery id=x], [slideshow id=x], [album id=x], [thumb id=x], [singlepic id=x], [imagebrowser id=x], [nggtags gallery|album=mytag], [random max=x], [recent max=x] and [tagcloud].\u003C\u002Fp>\n\u003Cp>It also adds support for the [Show as slideshow] link (loading slideshow scripts only after a user clicks-through)\u003C\u002Fp>\n","Improves your site's page load speed by preventing NextGEN's scripts & css from loading on posts and pages without galleries.",4233,84,"2013-01-21T17:51:00.000Z","3.5.2",[133,134,135,169,136],"nextgen-gallery-optimizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fng-gallery-optimizer-modified.zip",{"attackSurface":172,"codeSignals":208,"taintFlows":389,"riskAssessment":642,"analyzedAt":654},{"hooks":173,"ajaxHandlers":200,"restRoutes":201,"shortcodes":202,"cronEvents":207,"entryPointCount":118,"unprotectedCount":49},[174,180,184,188,192,195],{"type":175,"name":176,"callback":177,"file":178,"line":179},"action","media_buttons_context","add_tz_gallery_custom_button","tz_gallery.php",13,{"type":175,"name":181,"callback":182,"file":178,"line":183},"init","tz_gallery_do_output_buffer",29,{"type":175,"name":185,"callback":186,"file":178,"line":187},"admin_menu","tz_gallery_options_panel",34,{"type":175,"name":189,"callback":190,"file":178,"line":191},"wp_head","tz_gallery_addto_header",53,{"type":175,"name":189,"callback":193,"file":178,"line":194},"head_css",675,{"type":175,"name":196,"callback":197,"file":198,"line":199},"admin_enqueue_scripts","load_media_scripts","tz_plusgallery.html.php",159,[],[],[203],{"tag":204,"callback":205,"file":178,"line":206},"tz_plusgallery","tz_plusgallery_list_shotrcode",634,[],{"dangerousFunctions":209,"sqlUsage":210,"outputEscaping":216,"fileOperations":49,"externalRequests":49,"nonceChecks":49,"capabilityChecks":28,"bundledLibraries":388},[],{"prepared":211,"raw":118,"locations":212},81,[213],{"file":178,"line":214,"context":215},107,"$wpdb->get_var() with variable interpolation",{"escaped":217,"rawEcho":13,"locations":218},137,[219,222,224,226,228,230,232,234,235,237,239,241,243,245,247,249,251,252,254,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,339,341,343,345,346,347,349,351,352,353,355,356,357,359,360,361,363,364,366,368,369,371,373,374,376,377,379,381,384,386],{"file":178,"line":220,"context":221},49,"raw output",{"file":178,"line":223,"context":221},160,{"file":178,"line":225,"context":221},733,{"file":198,"line":227,"context":221},26,{"file":198,"line":229,"context":221},40,{"file":198,"line":231,"context":221},43,{"file":198,"line":233,"context":221},46,{"file":198,"line":220,"context":221},{"file":198,"line":236,"context":221},52,{"file":198,"line":238,"context":221},56,{"file":198,"line":240,"context":221},68,{"file":198,"line":242,"context":221},71,{"file":198,"line":244,"context":221},76,{"file":198,"line":246,"context":221},83,{"file":198,"line":248,"context":221},88,{"file":198,"line":250,"context":221},89,{"file":198,"line":92,"context":221},{"file":198,"line":253,"context":221},91,{"file":198,"line":13,"context":221},{"file":198,"line":256,"context":221},93,{"file":198,"line":258,"context":221},102,{"file":198,"line":260,"context":221},105,{"file":198,"line":262,"context":221},108,{"file":198,"line":264,"context":221},111,{"file":198,"line":266,"context":221},114,{"file":198,"line":268,"context":221},120,{"file":198,"line":270,"context":221},121,{"file":198,"line":272,"context":221},232,{"file":198,"line":274,"context":221},250,{"file":198,"line":276,"context":221},253,{"file":198,"line":278,"context":221},256,{"file":198,"line":280,"context":221},259,{"file":198,"line":282,"context":221},262,{"file":198,"line":284,"context":221},266,{"file":198,"line":286,"context":221},280,{"file":198,"line":288,"context":221},283,{"file":198,"line":290,"context":221},288,{"file":198,"line":292,"context":221},294,{"file":198,"line":294,"context":221},316,{"file":198,"line":294,"context":221},{"file":198,"line":297,"context":221},321,{"file":198,"line":299,"context":221},346,{"file":198,"line":301,"context":221},359,{"file":198,"line":303,"context":221},371,{"file":198,"line":305,"context":221},375,{"file":198,"line":307,"context":221},386,{"file":198,"line":309,"context":221},395,{"file":198,"line":311,"context":221},408,{"file":198,"line":313,"context":221},411,{"file":198,"line":315,"context":221},421,{"file":198,"line":317,"context":221},427,{"file":198,"line":319,"context":221},430,{"file":198,"line":321,"context":221},440,{"file":198,"line":323,"context":221},446,{"file":198,"line":325,"context":221},449,{"file":198,"line":327,"context":221},459,{"file":198,"line":329,"context":221},466,{"file":198,"line":331,"context":221},474,{"file":198,"line":333,"context":221},487,{"file":198,"line":335,"context":221},495,{"file":198,"line":337,"context":221},512,{"file":198,"line":337,"context":221},{"file":198,"line":340,"context":221},514,{"file":198,"line":342,"context":221},521,{"file":198,"line":344,"context":221},544,{"file":198,"line":344,"context":221},{"file":198,"line":344,"context":221},{"file":198,"line":348,"context":221},546,{"file":198,"line":350,"context":221},547,{"file":198,"line":350,"context":221},{"file":198,"line":350,"context":221},{"file":198,"line":354,"context":221},552,{"file":198,"line":354,"context":221},{"file":198,"line":354,"context":221},{"file":198,"line":358,"context":221},553,{"file":198,"line":358,"context":221},{"file":198,"line":358,"context":221},{"file":198,"line":362,"context":221},554,{"file":198,"line":362,"context":221},{"file":198,"line":365,"context":221},555,{"file":198,"line":367,"context":221},556,{"file":198,"line":367,"context":221},{"file":198,"line":370,"context":221},557,{"file":198,"line":372,"context":221},560,{"file":198,"line":372,"context":221},{"file":198,"line":375,"context":221},573,{"file":198,"line":375,"context":221},{"file":198,"line":378,"context":221},714,{"file":198,"line":380,"context":221},719,{"file":382,"line":383,"context":221},"wp_album_front_end.html.php",38,{"file":382,"line":385,"context":221},47,{"file":382,"line":387,"context":221},51,[],[390,439,466,560,577,588,597],{"entryPoint":391,"graph":392,"unsanitizedCount":118,"severity":40},"tz_plusgallery (tz_gallery.php:79)",{"nodes":393,"edges":431},[394,398,402,409,412,415,420,423,426],{"id":395,"type":396,"label":397,"file":178,"line":260},"n0","source","$_GET (x2)",{"id":399,"type":400,"label":401,"file":178,"line":260},"n1","transform","→ edits_tzplusgallery()",{"id":403,"type":404,"label":405,"file":406,"line":407,"wp_function":408},"n2","sink","get_results() [SQLi]","gallery.php",140,"get_results",{"id":410,"type":396,"label":411,"file":178,"line":266},"n3","$_GET",{"id":413,"type":400,"label":414,"file":178,"line":266},"n4","→ tz_gallery_apply()",{"id":416,"type":404,"label":417,"file":406,"line":418,"wp_function":419},"n5","header() [Header Injection]",214,"header",{"id":421,"type":396,"label":411,"file":178,"line":422},"n6",119,{"id":424,"type":400,"label":425,"file":178,"line":422},"n7","→ tz_gallery_remove()",{"id":427,"type":404,"label":428,"file":406,"line":429,"wp_function":430},"n8","query() [SQLi]",224,"query",[432,433,435,436,437,438],{"from":395,"to":399,"sanitized":48},{"from":399,"to":403,"sanitized":434},true,{"from":410,"to":413,"sanitized":48},{"from":413,"to":416,"sanitized":48},{"from":421,"to":424,"sanitized":48},{"from":424,"to":427,"sanitized":434},{"entryPoint":440,"graph":441,"unsanitizedCount":118,"severity":40},"\u003Ctz_gallery> (tz_gallery.php:0)",{"nodes":442,"edges":458},[443,445,447,448,449,450,451,452,453,454,456],{"id":395,"type":396,"label":444,"file":178,"line":92},"$_GET (x3)",{"id":399,"type":404,"label":405,"file":178,"line":446,"wp_function":408},644,{"id":403,"type":396,"label":397,"file":178,"line":260},{"id":410,"type":400,"label":401,"file":178,"line":260},{"id":413,"type":404,"label":405,"file":406,"line":407,"wp_function":408},{"id":416,"type":396,"label":411,"file":178,"line":266},{"id":421,"type":400,"label":414,"file":178,"line":266},{"id":424,"type":404,"label":417,"file":406,"line":418,"wp_function":419},{"id":427,"type":396,"label":411,"file":178,"line":422},{"id":455,"type":400,"label":425,"file":178,"line":422},"n9",{"id":457,"type":404,"label":428,"file":406,"line":429,"wp_function":430},"n10",[459,460,461,462,463,464,465],{"from":395,"to":399,"sanitized":434},{"from":403,"to":410,"sanitized":48},{"from":410,"to":413,"sanitized":434},{"from":416,"to":421,"sanitized":48},{"from":421,"to":424,"sanitized":48},{"from":427,"to":455,"sanitized":48},{"from":455,"to":457,"sanitized":434},{"entryPoint":467,"graph":468,"unsanitizedCount":49,"severity":559},"\u003Cgallery> (gallery.php:0)",{"nodes":469,"edges":544},[470,473,474,477,478,481,482,485,486,489,490,493,496,500,502,506,508,512,514,518,520,524,526,530,532,536,538,542],{"id":395,"type":396,"label":471,"file":406,"line":472},"$_GET['removeimage']",128,{"id":399,"type":404,"label":428,"file":406,"line":472,"wp_function":430},{"id":403,"type":396,"label":475,"file":406,"line":476},"$_POST['name']",161,{"id":410,"type":404,"label":428,"file":406,"line":476,"wp_function":430},{"id":413,"type":396,"label":479,"file":406,"line":480},"$_POST['data_userid']",162,{"id":416,"type":404,"label":428,"file":406,"line":480,"wp_function":430},{"id":421,"type":396,"label":483,"file":406,"line":484},"$_POST['album_type']",163,{"id":424,"type":404,"label":428,"file":406,"line":484,"wp_function":430},{"id":427,"type":396,"label":487,"file":406,"line":488},"$_POST['album_id']",164,{"id":455,"type":404,"label":428,"file":406,"line":488,"wp_function":430},{"id":457,"type":396,"label":491,"file":406,"line":492},"$_POST (x2)",158,{"id":494,"type":404,"label":428,"file":406,"line":495,"wp_function":430},"n11",165,{"id":497,"type":396,"label":498,"file":406,"line":499},"n12","$_POST['data_api_key']",167,{"id":501,"type":404,"label":428,"file":406,"line":499,"wp_function":430},"n13",{"id":503,"type":396,"label":504,"file":406,"line":505},"n14","$_POST['data_limit']",168,{"id":507,"type":404,"label":428,"file":406,"line":505,"wp_function":430},"n15",{"id":509,"type":396,"label":510,"file":406,"line":511},"n16","$_POST['album_limit']",169,{"id":513,"type":404,"label":428,"file":406,"line":511,"wp_function":430},"n17",{"id":515,"type":396,"label":516,"file":406,"line":517},"n18","$_POST['description']",170,{"id":519,"type":404,"label":428,"file":406,"line":517,"wp_function":430},"n19",{"id":521,"type":396,"label":522,"file":406,"line":523},"n20","$_POST['options_color']",172,{"id":525,"type":404,"label":428,"file":406,"line":523,"wp_function":430},"n21",{"id":527,"type":396,"label":528,"file":406,"line":529},"n22","$_POST['options_columns']",173,{"id":531,"type":404,"label":428,"file":406,"line":529,"wp_function":430},"n23",{"id":533,"type":396,"label":534,"file":406,"line":535},"n24","$_POST['options_padding']",174,{"id":537,"type":404,"label":428,"file":406,"line":535,"wp_function":430},"n25",{"id":539,"type":396,"label":540,"file":406,"line":541},"n26","$_POST[?] (x6)",182,{"id":543,"type":404,"label":428,"file":406,"line":541,"wp_function":430},"n27",[545,546,547,548,549,550,551,552,553,554,555,556,557,558],{"from":395,"to":399,"sanitized":434},{"from":403,"to":410,"sanitized":434},{"from":413,"to":416,"sanitized":434},{"from":421,"to":424,"sanitized":434},{"from":427,"to":455,"sanitized":434},{"from":457,"to":494,"sanitized":434},{"from":497,"to":501,"sanitized":434},{"from":503,"to":507,"sanitized":434},{"from":509,"to":513,"sanitized":434},{"from":515,"to":519,"sanitized":434},{"from":521,"to":525,"sanitized":434},{"from":527,"to":531,"sanitized":434},{"from":533,"to":537,"sanitized":434},{"from":539,"to":543,"sanitized":434},"low",{"entryPoint":561,"graph":562,"unsanitizedCount":49,"severity":559},"html_showgallery (tz_plusgallery.html.php:12)",{"nodes":563,"edges":574},[564,567,570,573],{"id":395,"type":396,"label":565,"file":198,"line":566},"$_POST['asc_or_desc']",131,{"id":399,"type":404,"label":568,"file":198,"line":566,"wp_function":569},"echo() [XSS]","echo",{"id":403,"type":396,"label":571,"file":198,"line":572},"$_POST['order_by']",132,{"id":410,"type":404,"label":568,"file":198,"line":572,"wp_function":569},[575,576],{"from":395,"to":399,"sanitized":434},{"from":403,"to":410,"sanitized":434},{"entryPoint":578,"graph":579,"unsanitizedCount":49,"severity":559},"\u003Ctz_plusgallery.html> (tz_plusgallery.html.php:0)",{"nodes":580,"edges":585},[581,582,583,584],{"id":395,"type":396,"label":565,"file":198,"line":566},{"id":399,"type":404,"label":568,"file":198,"line":566,"wp_function":569},{"id":403,"type":396,"label":571,"file":198,"line":572},{"id":410,"type":404,"label":568,"file":198,"line":572,"wp_function":569},[586,587],{"from":395,"to":399,"sanitized":434},{"from":403,"to":410,"sanitized":434},{"entryPoint":589,"graph":590,"unsanitizedCount":118,"severity":596},"edits_tzplusgallery (gallery.php:120)",{"nodes":591,"edges":594},[592,593],{"id":395,"type":396,"label":471,"file":406,"line":472},{"id":399,"type":404,"label":428,"file":406,"line":472,"wp_function":430},[595],{"from":395,"to":399,"sanitized":48},"high",{"entryPoint":598,"graph":599,"unsanitizedCount":641,"severity":596},"tz_gallery_apply (gallery.php:150)",{"nodes":600,"edges":627},[601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626],{"id":395,"type":396,"label":475,"file":406,"line":476},{"id":399,"type":404,"label":428,"file":406,"line":476,"wp_function":430},{"id":403,"type":396,"label":479,"file":406,"line":480},{"id":410,"type":404,"label":428,"file":406,"line":480,"wp_function":430},{"id":413,"type":396,"label":483,"file":406,"line":484},{"id":416,"type":404,"label":428,"file":406,"line":484,"wp_function":430},{"id":421,"type":396,"label":487,"file":406,"line":488},{"id":424,"type":404,"label":428,"file":406,"line":488,"wp_function":430},{"id":427,"type":396,"label":491,"file":406,"line":492},{"id":455,"type":404,"label":428,"file":406,"line":495,"wp_function":430},{"id":457,"type":396,"label":498,"file":406,"line":499},{"id":494,"type":404,"label":428,"file":406,"line":499,"wp_function":430},{"id":497,"type":396,"label":504,"file":406,"line":505},{"id":501,"type":404,"label":428,"file":406,"line":505,"wp_function":430},{"id":503,"type":396,"label":510,"file":406,"line":511},{"id":507,"type":404,"label":428,"file":406,"line":511,"wp_function":430},{"id":509,"type":396,"label":516,"file":406,"line":517},{"id":513,"type":404,"label":428,"file":406,"line":517,"wp_function":430},{"id":515,"type":396,"label":522,"file":406,"line":523},{"id":519,"type":404,"label":428,"file":406,"line":523,"wp_function":430},{"id":521,"type":396,"label":528,"file":406,"line":529},{"id":525,"type":404,"label":428,"file":406,"line":529,"wp_function":430},{"id":527,"type":396,"label":534,"file":406,"line":535},{"id":531,"type":404,"label":428,"file":406,"line":535,"wp_function":430},{"id":533,"type":396,"label":540,"file":406,"line":541},{"id":537,"type":404,"label":428,"file":406,"line":541,"wp_function":430},[628,629,630,631,632,633,634,635,636,637,638,639,640],{"from":395,"to":399,"sanitized":48},{"from":403,"to":410,"sanitized":48},{"from":413,"to":416,"sanitized":48},{"from":421,"to":424,"sanitized":48},{"from":427,"to":455,"sanitized":48},{"from":457,"to":494,"sanitized":48},{"from":497,"to":501,"sanitized":48},{"from":503,"to":507,"sanitized":48},{"from":509,"to":513,"sanitized":48},{"from":515,"to":519,"sanitized":48},{"from":521,"to":525,"sanitized":48},{"from":527,"to":531,"sanitized":48},{"from":533,"to":537,"sanitized":48},19,{"summary":643,"deductions":644},"The tz-plus-gallery plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for nearly all SQL queries and a limited attack surface, significant concerns arise from its vulnerability history and code analysis signals. The presence of two unpatched medium severity CVEs, specifically Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), coupled with a recent vulnerability discovery date, suggests a pattern of introducing exploitable flaws.  The taint analysis further highlights potential risks with two high-severity flows exhibiting unsanitized paths, indicating that user-supplied data could potentially be processed in an unsafe manner, although the specific impact is not detailed as critical.\n\nWhile the plugin has a small attack surface with no direct unprotected entry points and a decent percentage of output escaping, the high-severity taint flows and the existing CVEs are significant red flags. The fact that capability checks are present on only two instances and there are no nonce checks on the identified entry points (even though they are currently protected by authorization) could become a problem if authorization mechanisms are bypassed or changed in future versions. The plugin's strengths lie in its SQL handling and limited attack surface, but these are overshadowed by the active, unpatched vulnerabilities and the potential for XSS and CSRF attacks indicated by the vulnerability history and taint analysis.  A cautious approach is recommended until these vulnerabilities are addressed.",[645,648,650,652],{"reason":646,"points":647},"2 Unpatched Medium CVEs",20,{"reason":649,"points":647},"2 High Severity Taint Flows",{"reason":651,"points":14},"No Nonce Checks on Entry Points",{"reason":653,"points":148},"Only 2 Capability Checks","2026-03-16T19:54:04.585Z",{"wat":656,"direct":679},{"assetPaths":657,"generatorPatterns":667,"scriptPaths":668,"versionParams":669},[658,659,660,661,662,663,664,665,666],"\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fcss\u002Fadmin.style.css","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fcss\u002Ftz_gallery_admin.css","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fcss\u002Fcomponent.css","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fjs\u002Fmodernizr.custom.js","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fjs\u002Fclassie.js","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fjs\u002FmodalEffects.js","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fjs\u002Ftz_gallery_custom.js","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fcss\u002Fbootstrap-tabs.css","\u002Fwp-content\u002Fplugins\u002Ftz-plus-gallery\u002Fjs\u002Fbootstrap-tab.js",[],[661,662,663,664,666],[670,671,672,673,674,675,676,677,678],"tz-plus-gallery\u002Fcss\u002Fadmin.style.css?ver=","tz-plus-gallery\u002Fcss\u002Ftz_gallery_admin.css?ver=","tz-plus-gallery\u002Fcss\u002Fcomponent.css?ver=","tz-plus-gallery\u002Fjs\u002Fmodernizr.custom.js?ver=","tz-plus-gallery\u002Fjs\u002Fclassie.js?ver=","tz-plus-gallery\u002Fjs\u002FmodalEffects.js?ver=","tz-plus-gallery\u002Fjs\u002Ftz_gallery_custom.js?ver=","tz-plus-gallery\u002Fcss\u002Fbootstrap-tabs.css?ver=","tz-plus-gallery\u002Fjs\u002Fbootstrap-tab.js?ver=",{"cssClasses":680,"htmlComments":685,"htmlAttributes":686,"restEndpoints":689,"jsGlobals":690,"shortcodeOutput":692},[681,682,683,684],"tz-tabs","tz_support","tz_document","go-pro",[],[687,688],"data-toggle","inlineId",[],[691],"imgpath",[],{"error":434,"url":694,"statusCode":695,"statusMessage":696,"message":696},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ftz-plus-gallery\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":698,"versions":699},11,[700,708,717,726,735,744,753,762,771,780,789],{"version":6,"download_url":701,"svn_tag_url":702,"released_at":38,"has_diff":48,"diff_files_changed":703,"diff_lines":38,"trac_diff_url":704,"vulnerabilities":705,"is_current":434},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.5.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.5.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.5.3&new_path=%2Ftz-plus-gallery%2Ftags%2F1.5.5",[706,707],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":709,"download_url":710,"svn_tag_url":711,"released_at":38,"has_diff":48,"diff_files_changed":712,"diff_lines":38,"trac_diff_url":713,"vulnerabilities":714,"is_current":48},"1.5.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.5.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.5.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.5.2&new_path=%2Ftz-plus-gallery%2Ftags%2F1.5.3",[715,716],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":718,"download_url":719,"svn_tag_url":720,"released_at":38,"has_diff":48,"diff_files_changed":721,"diff_lines":38,"trac_diff_url":722,"vulnerabilities":723,"is_current":48},"1.5.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.5.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.5.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.5.1&new_path=%2Ftz-plus-gallery%2Ftags%2F1.5.2",[724,725],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":727,"download_url":728,"svn_tag_url":729,"released_at":38,"has_diff":48,"diff_files_changed":730,"diff_lines":38,"trac_diff_url":731,"vulnerabilities":732,"is_current":48},"1.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.5&new_path=%2Ftz-plus-gallery%2Ftags%2F1.5.1",[733,734],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":736,"download_url":737,"svn_tag_url":738,"released_at":38,"has_diff":48,"diff_files_changed":739,"diff_lines":38,"trac_diff_url":740,"vulnerabilities":741,"is_current":48},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.1.3&new_path=%2Ftz-plus-gallery%2Ftags%2F1.5",[742,743],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":745,"download_url":746,"svn_tag_url":747,"released_at":38,"has_diff":48,"diff_files_changed":748,"diff_lines":38,"trac_diff_url":749,"vulnerabilities":750,"is_current":48},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.1.2&new_path=%2Ftz-plus-gallery%2Ftags%2F1.1.3",[751,752],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":754,"download_url":755,"svn_tag_url":756,"released_at":38,"has_diff":48,"diff_files_changed":757,"diff_lines":38,"trac_diff_url":758,"vulnerabilities":759,"is_current":48},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.1.1&new_path=%2Ftz-plus-gallery%2Ftags%2F1.1.2",[760,761],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":763,"download_url":764,"svn_tag_url":765,"released_at":38,"has_diff":48,"diff_files_changed":766,"diff_lines":38,"trac_diff_url":767,"vulnerabilities":768,"is_current":48},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.1.0&new_path=%2Ftz-plus-gallery%2Ftags%2F1.1.1",[769,770],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":772,"download_url":773,"svn_tag_url":774,"released_at":38,"has_diff":48,"diff_files_changed":775,"diff_lines":38,"trac_diff_url":776,"vulnerabilities":777,"is_current":48},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.0.1&new_path=%2Ftz-plus-gallery%2Ftags%2F1.1.0",[778,779],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":781,"download_url":782,"svn_tag_url":783,"released_at":38,"has_diff":48,"diff_files_changed":784,"diff_lines":38,"trac_diff_url":785,"vulnerabilities":786,"is_current":48},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftz-plus-gallery%2Ftags%2F1.0.0&new_path=%2Ftz-plus-gallery%2Ftags%2F1.0.1",[787,788],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":790,"download_url":791,"svn_tag_url":792,"released_at":38,"has_diff":48,"diff_files_changed":793,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":794,"is_current":48},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftz-plus-gallery.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftz-plus-gallery\u002Ftags\u002F1.0.0\u002F",[],[795,796],{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":55,"vuln_type":57,"patched_in_version":38},{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38}]