[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fChMawPLxvitOhuPMdUEyKyUVcQFxobHkpb43pJjIRxE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":53,"analysis":132,"fingerprints":311},"ultra-companion","Ultra Companion – Companion plugin for WPoperation Themes","1.2.0","wpoperations","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpoperations\u002F","\u003Cp>This is the companion plugin for WPoperation themes. This plugin will add extra features to the theme theme by adding social share, shortcodes, post views, metafields etc.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>Adds Extra features to the WPoperation Themes\u003Cbr \u002F>\nTranslation Ready\u003Cbr \u002F>\nLifetime Free support\u003Cbr \u002F>\nConstant updates\u003C\u002Fp>\n","This is the companion plugin for WPoperation themes. This plugin will add extra features to the theme theme by adding social share, shortcodes, post v …",1000,99187,0,"2024-04-12T07:43:00.000Z","6.5.8","5.6","7.4",[19,20,21,22,23],"blogs","companion","magazine","ultra-seven","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultra-companion.1.2.0.zip",92,1,"2024-01-31 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2024-24803","ultra-companion-authenticated-contributor-stored-cross-site-scripting","Ultra Companion \u003C= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Ultra Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.9","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-04-16 21:06:49",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3639d0a6-6d9f-4f3e-bb25-85d4eb40b547?source=api-prod",77,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},9,16600,87,349,70,"2026-04-04T14:44:18.663Z",[54,73,94,107,121],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":24,"tags":67,"homepage":70,"download_link":71,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"publishers","Publishers","1.0.1","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fsupport\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Companion plugin for the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpublishers\u002F\" rel=\"ugc\">Publishers theme\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Includes: shortcodes, profile and post editor enhancements, membership control, and other features for improved editing and management of multi-author teams.\u003C\u002Fp>\n\u003Cp>\u003Cem>Note: There are some cool features here that will work in other themes too, but they’ve been designed specially for the Publishers theme.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add SEO, social media, and schema tags\u003C\u002Fli>\n\u003Cli>If you would like to enable the dark mode feature, simply add a new menu item to any of your menus (and give it the class \u003Cem>lights\u003C\u002Fem> and \u003Ccode>#\u003C\u002Fcode> for the URL)\u003C\u002Fli>\n\u003Cli>You can also add the dark\u002Flight mode switcher as a button anywhere you like and style it with \u003Ccode>\u003Cspan class=\"lights\">\u003Ca href=\"#\" class=\"button black\">Lights\u003C\u002Fa>\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Use the shortcode \u003Ccode>[non-member]...[\u002Fnon-member]\u003C\u002Fcode> to show content to logged-out visitors only\u003C\u002Fli>\n\u003Cli>Use the shortcode \u003Ccode>[member]...[\u002Fmember]\u003C\u002Fcode> to show content to logged-in members only\u003C\u002Fli>\n\u003Cli>Use the shortcode \u003Ccode>[access capability=\"read\"]...[\u002Faccess]\u003C\u002Fcode> to show content to users with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Froles-and-capabilities\u002F\" rel=\"ugc\">specific capabilities\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Use the shortcode \u003Ccode>[share]\u003C\u002Fcode> to add share buttons to posts\u003C\u002Fli>\n\u003Cli>You’ll find new optional profile fields: Public Email, Facebook, Twitter, Instagram, Pinterest, YouTube, and Twitch\u003C\u002Fli>\n\u003Cli>Add a body class for the logged-in user role\u003C\u002Fli>\n\u003Cli>Improved post editor tools\u002Fbuttons\u003C\u002Fli>\n\u003Cli>Add subtitles\u002Fsub-headers to posts\u003C\u002Fli>\n\u003Cli>Feature posts on homepage\u003C\u002Fli>\n\u003Cli>Show a link to editor notes and guidelines in the post editor\u003C\u002Fli>\n\u003Cli>Uploaded images automatically have titles and alts generated\u003C\u002Fli>\n\u003Cli>Stop contributors from being able to delete files\u003C\u002Fli>\n\u003Cli>Receive an email for guest post submissions, and guests receive a follow-up email based on whether you published or deleted their submission\u003C\u002Fli>\n\u003Cli>Uncluttered admin and post editor screens for authors\u003C\u002Fli>\n\u003Cli>The \u002Fauthor\u002F slug in URLs is rewritten to \u002Fwriter\u002F\u003C\u002Fli>\n\u003Cli>New users are automatically logged in when they register\u003C\u002Fli>\n\u003Cli>Improved images handling: unnecessary files sizes aren’t generated, thumbnails are generated for RSS feeds\u003C\u002Fli>\n\u003Cli>Users are sortable by registration date\u003C\u002Fli>\n\u003Cli>Records user IPs to assist with anti-spam measures and security whitelisting\u003C\u002Fli>\n\u003Cli>More to come…\u003C\u002Fli>\n\u003C\u002Ful>\n","Companion plugin for the Publishers theme: https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpublishers\u002F.",10,1685,"2026-01-21T13:41:00.000Z","6.8.5","5.0",[19,68,69,55],"companion-plugin","magazines","https:\u002F\u002Fwebguy.io\u002Fpublishers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublishers.zip",100,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":65,"requires_at_least":86,"requires_php":24,"tags":87,"homepage":91,"download_link":92,"security_score":72,"vuln_count":27,"unpatched_count":13,"last_vuln_date":93,"fetched_at":29},"shapely-companion","Shapely Companion","1.2.10","colorlibplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcolorlibplugins\u002F","\u003Cp>Shapely Companion is a companion for Shapely One Page WordPress theme by Colorlib.com. This plugin won’t do anything for other free or premium WordPress themes and you need to download and install \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Fshapely\u002F\" rel=\"nofollow ugc\">Shapely\u003C\u002Fa>. If you are having problems with Shapely theme or its companion plugin the fastest way to receive help is via our theme \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fforums\" rel=\"nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin will add necessary WordPress widgets and allow to import demo content which will help you to with website setup.\u003C\u002Fp>\n\u003Cp>While Shapely is a great one page WordPress theme it might not be for everyone therefore you might want to check other free \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002F\" rel=\"nofollow ugc\">WordPress themes\u003C\u002Fa> that are created by Colorlib.\u003C\u002Fp>\n\u003Ch4>Plugin Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creates required WordPress widgets to be used in theme\u003C\u002Fli>\n\u003Cli>Creates demo(dummy) content for widgets to make them easier to use and understand how they work\u003C\u002Fli>\n\u003Cli>Provides an option to import demo(dummy) content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About Colorlib\u003C\u002Fh4>\n\u003Cp>Colorlib is the best and by far the most popular source for free and premium WordPress themes. Our themes has been downloaded over 1,5 million times and are used by developers, webmasters and regular users all over the world. We believe in open source and that’s why we have made our themes free to use for private and commercial use.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>If you are new to WordPress but are dedicated to \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">make a website\u003C\u002Fa> on your own Colorlib is the right place to start. Usually the trickiest part is to choose the right hosting because all hosting providers are not equal. We have outlined the best \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fwordpress-hosting\u002F\" rel=\"nofollow ugc\"> WordPress hosting\u003C\u002Fa> providers and we hope you’ll find them useful.\u003C\u002Fp>\n","Shapely Companion is a companion plugin for Shapely WordPress theme by Colorlib.com.",10000,710545,40,2,"2025-04-30T08:48:00.000Z","6.4",[20,88,89,90,23],"demo","one-page","widgets","https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Fshapely\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshapely-companion.1.2.10.zip","2022-05-24 00:00:00",{"slug":95,"name":96,"version":57,"author":77,"author_profile":78,"description":97,"short_description":98,"active_installs":62,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":24,"tags":103,"homepage":104,"download_link":105,"security_score":106,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"blesk-companion","Blesk Companion","\u003Cp>Blesk Companion is a companion for Blesk One Page WordPress theme by Colorlib.com. This plugin won’t do anything for other free or premium WordPress themes and you need to download and install \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002FBlesk\u002F\" rel=\"friend nofollow ugc\">Blesk\u003C\u002Fa>. If you are having problems with Blesk theme or its companion plugin the fastest way to receive help is via our theme \u003Ca href=\"http:\u002F\u002Fcolorlib.com\u002Fwp\u002Fforums\" rel=\"friend nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin will add necessary WordPress widgets and allow to import demo content which will help you to with website setup.\u003C\u002Fp>\n\u003Cp>While Blesk is a great one page WordPress theme it might not be for everyone therefore you might want to check other free \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002F\" rel=\"friend nofollow ugc\">WordPress themes\u003C\u002Fa> that are created by Colorlib.\u003C\u002Fp>\n\u003Ch4>Plugin Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creates required WordPress widgets to be used in theme\u003C\u002Fli>\n\u003Cli>Creates demo(dummy) content for widgets to make them easier to use and understand how they work\u003C\u002Fli>\n\u003Cli>Provides an option to import demo(dummy) content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About Colorlib\u003C\u002Fh4>\n\u003Cp>Colorlib is the best and by far the most popular source for free and premium WordPress themes. Our themes has been downloaded over 1,5 million times and are used by developers, webmasters and regular users all over the world. We believe in open source and that’s why we have made our themes free to use for private and commercial use.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>If you are new to WordPress but are dedicated to \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fhow-to-make-a-website\u002F\" rel=\"friend nofollow ugc\">make a website\u003C\u002Fa> on your own Colorlib is the right place to start. Usually the trickiest part is to choose the right hosting because all hosting providers are not equal. We have outlined the \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fwordpress-hosting\u002F\" rel=\"friend nofollow ugc\">best WordPress hosting\u003C\u002Fa> providers and we hope you’ll find them useful. We can also help with WordPress related \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Ffix-error-establishing-database-connection-wordpress\u002F\" rel=\"friend nofollow ugc\">errors\u003C\u002Fa> and problems.\u003C\u002Fp>\n","Blesk Companion is a companion plugin for Blesk WordPress theme by Colorlib.com.",3754,"2016-09-28T14:40:00.000Z","4.6.30","3.8",[20,88,90,23],"http:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Fblesk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblesk-companion.zip",85,{"slug":108,"name":109,"version":110,"author":77,"author_profile":78,"description":111,"short_description":112,"active_installs":62,"downloaded":113,"rating":13,"num_ratings":13,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":16,"tags":117,"homepage":119,"download_link":120,"security_score":106,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"mosh-companion","Mosh Companion","1.0","\u003Cp>Companion Companion is a companion for Companion One Page WordPress theme by Colorlib.com. This plugin won’t do anything for other free or premium WordPress themes and you need to download and install \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Fmosh\u002F\" rel=\"nofollow ugc\">Companion\u003C\u002Fa>. If you are having problems with Companion theme or its companion plugin the fastest way to receive help is via our theme \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fforums\" rel=\"nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin will add necessary WordPress widgets and allow to import demo content which will help you to with website setup.\u003C\u002Fp>\n\u003Cp>While Companion is a great one page WordPress theme it might not be for everyone therefore you might want to check other free \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002F\" rel=\"nofollow ugc\">WordPress themes\u003C\u002Fa> that are created by Colorlib.\u003C\u002Fp>\n\u003Ch4>Plugin Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creates required WordPress widgets to be used in theme\u003C\u002Fli>\n\u003Cli>Creates demo(dummy) content for widgets to make them easier to use and understand how they work\u003C\u002Fli>\n\u003Cli>Provides an option to import demo(dummy) content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About Colorlib\u003C\u002Fh4>\n\u003Cp>Colorlib is the best and by far the most popular source for free and premium WordPress themes. Our themes has been downloaded over 1,5 million times and are used by developers, webmasters and regular users all over the world. We believe in open source and that’s why we have made our themes free to use for private and commercial use.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>If you are new to WordPress but are dedicated to \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">make a website\u003C\u002Fa> on your own Colorlib is the right place to start. Usually the trickiest part is to choose the right hosting because all hosting providers are not equal. We have outlined the best \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fwordpress-hosting\u002F\" rel=\"nofollow ugc\"> WordPress hosting\u003C\u002Fa> providers and we hope you’ll find them useful.\u003C\u002Fp>\n","Mosh Companion is a companion plugin for Companion WordPress theme by Colorlib.com.",2318,"2019-02-15T10:31:00.000Z","5.1.22","4.6",[20,88,118,90,23],"home-page","https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Fmosh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmosh-companion.zip",{"slug":122,"name":123,"version":124,"author":77,"author_profile":78,"description":125,"short_description":126,"active_installs":13,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":115,"requires_at_least":116,"requires_php":16,"tags":129,"homepage":130,"download_link":131,"security_score":106,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"fashe-companion","Fashe Companion","1.2","\u003Cp>Fashe Companion is a companion for Fashe One Page WordPress theme by Colorlib.com. This plugin won’t do anything for other free or premium WordPress themes and you need to download and install \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002FFashe\u002F\" rel=\"nofollow ugc\">Fashe\u003C\u002Fa>. If you are having problems with Fashe theme or its companion plugin the fastest way to receive help is via our theme \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fforums\" rel=\"nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin will add necessary WordPress options and allow to import demo content which will help you to with website setup.\u003C\u002Fp>\n\u003Cp>While Fashe is a great one page WordPress theme it might not be for everyone therefore you might want to check other free \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002F\" rel=\"nofollow ugc\">WordPress themes\u003C\u002Fa> that are created by Colorlib.\u003C\u002Fp>\n\u003Ch4>Plugin Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creates required WordPress options to be used in theme\u003C\u002Fli>\n\u003Cli>Creates demo(dummy) content for options to make them easier to use and understand how they work\u003C\u002Fli>\n\u003Cli>Provides an option to import demo(dummy) content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About Colorlib\u003C\u002Fh4>\n\u003Cp>Colorlib is the best and by far the most popular source for free and premium WordPress themes. Our themes has been downloaded over 1,5 million times and are used by developers, webmasters and regular users all over the world. We believe in open source and that’s why we have made our themes free to use for private and commercial use.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>If you are new to WordPress but are dedicated to \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">make a website\u003C\u002Fa> on your own Colorlib is the right place to start. Usually the trickiest part is to choose the right hosting because all hosting providers are not equal. We have outlined the best \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fwordpress-hosting\u002F\" rel=\"nofollow ugc\"> WordPress hosting\u003C\u002Fa> providers and we hope you’ll find them useful.\u003C\u002Fp>\n","Fashe Companion is a companion plugin for Fashe WordPress theme by Colorlib.com.",1931,"2019-02-15T10:33:00.000Z",[20,88,118,90,23],"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Ffashe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffashe-companion.zip",{"attackSurface":133,"codeSignals":273,"taintFlows":301,"riskAssessment":302,"analyzedAt":310},{"hooks":134,"ajaxHandlers":261,"restRoutes":270,"shortcodes":271,"cronEvents":272,"entryPointCount":84,"unprotectedCount":27},[135,142,145,150,154,158,162,166,172,178,181,185,188,191,194,196,199,202,206,210,213,217,223,226,227,228,231,235,237,241,244,248,251,255,259],{"type":136,"name":137,"callback":138,"priority":139,"file":140,"line":141},"action","load-widgets.php","load_assets",5,"inc\\dynamic-sidebar\\sidebar.php",57,{"type":136,"name":137,"callback":143,"file":140,"line":144},"create_sidebar",60,{"type":136,"name":146,"callback":147,"priority":148,"file":140,"line":149},"widgets_init","register_sidebars",999,63,{"type":136,"name":151,"callback":152,"file":140,"line":153},"admin_enqueue_scripts","enqueue_widget_scripts",73,{"type":136,"name":155,"callback":156,"file":140,"line":157},"admin_print_scripts","widgets_template",76,{"type":136,"name":159,"callback":160,"file":161,"line":62},"add_meta_boxes","ultra_companion_post_metabox","inc\\meta\\ultra-post-meta.php",{"type":136,"name":163,"callback":164,"file":161,"line":165},"save_post","ultra_companion_save_post_settings",140,{"type":136,"name":167,"callback":168,"priority":169,"file":170,"line":171},"init","butterbean_loader_100",9999,"inc\\metabox\\butterbean\\butterbean.php",19,{"type":136,"name":173,"callback":174,"priority":175,"file":176,"line":177},"load-post.php","register",95,"inc\\metabox\\butterbean\\class-butterbean.php",203,{"type":136,"name":179,"callback":174,"priority":175,"file":176,"line":180},"load-post-new.php",204,{"type":136,"name":182,"callback":183,"file":176,"line":184},"butterbean_register","register_manager_types",207,{"type":136,"name":182,"callback":186,"file":176,"line":187},"register_section_types",208,{"type":136,"name":182,"callback":189,"file":176,"line":190},"register_control_types",209,{"type":136,"name":182,"callback":192,"file":176,"line":193},"register_setting_types",210,{"type":136,"name":159,"callback":159,"priority":139,"file":176,"line":195},252,{"type":136,"name":163,"callback":197,"file":176,"line":198},"update",255,{"type":136,"name":151,"callback":200,"file":176,"line":201},"enqueue_scripts",258,{"type":136,"name":203,"callback":204,"file":176,"line":205},"butterbean_enqueue_scripts","enqueue",259,{"type":136,"name":207,"callback":208,"file":176,"line":209},"admin_footer","localize_scripts",262,{"type":136,"name":207,"callback":211,"file":176,"line":212},"print_templates",263,{"type":136,"name":214,"callback":215,"priority":175,"file":176,"line":216},"admin_print_footer_scripts","render_views",266,{"type":218,"name":219,"callback":220,"priority":62,"file":221,"line":222},"filter","butterbean_pre_control_template","default_control_templates","inc\\metabox\\metabox.php",54,{"type":218,"name":224,"callback":225,"priority":62,"file":221,"line":141},"butterbean_control_template","custom_control_templates",{"type":136,"name":182,"callback":189,"priority":62,"file":221,"line":144},{"type":136,"name":151,"callback":200,"file":221,"line":149},{"type":136,"name":182,"callback":229,"priority":62,"file":221,"line":230},"ultra_companion_meta_register",65,{"type":218,"name":232,"callback":233,"file":234,"line":47},"user_contactmethods","ultra_companion_author_meta_contact","inc\\theme-functions.php",{"type":218,"name":232,"callback":236,"file":234,"line":62},"ultra_companion_author_designation",{"type":218,"name":238,"callback":239,"file":234,"line":240},"gutenberg_use_widgets_block_editor","__return_false",181,{"type":218,"name":242,"callback":239,"file":234,"line":243},"use_widgets_block_editor",182,{"type":136,"name":167,"callback":245,"file":246,"line":247},"load_text_domain","ultra-companion.php",29,{"type":136,"name":167,"callback":249,"file":246,"line":250},"add_theme_functions",32,{"type":136,"name":252,"callback":253,"file":246,"line":254},"admin_notices","wpop_admin_notice",34,{"type":136,"name":256,"callback":257,"file":246,"line":258},"wp_enqueue_scripts","enqueue_styles_and_scripts",38,{"type":136,"name":151,"callback":260,"file":246,"line":83},"enqueue_admin_styles",[262,267],{"action":263,"nopriv":264,"callback":263,"hasNonce":265,"hasCapCheck":264,"file":140,"line":266},"delete_sidebar",false,true,66,{"action":268,"nopriv":264,"callback":268,"hasNonce":264,"hasCapCheck":264,"file":246,"line":269},"wpop_nag_ignore",35,[],[],[],{"dangerousFunctions":274,"sqlUsage":275,"outputEscaping":277,"fileOperations":13,"externalRequests":13,"nonceChecks":296,"capabilityChecks":296,"bundledLibraries":297},[],{"prepared":84,"raw":13,"locations":276},[],{"escaped":278,"rawEcho":279,"locations":280},83,7,[281,284,286,288,290,292,294],{"file":140,"line":282,"context":283},197,"raw output",{"file":234,"line":285,"context":283},168,{"file":234,"line":287,"context":283},169,{"file":234,"line":289,"context":283},170,{"file":234,"line":291,"context":283},171,{"file":234,"line":293,"context":283},172,{"file":246,"line":295,"context":283},94,3,[298],{"name":299,"version":36,"knownCves":300},"Select2",[],[],{"summary":303,"deductions":304},"The \"ultra-companion\" plugin version 1.2.0 presents a mixed security posture. On the positive side, the code exhibits good practices with 100% of SQL queries using prepared statements and a high rate of output escaping (92%). It also demonstrates a reasonable number of nonce and capability checks, with no critical or high-severity taint flows identified. However, a significant concern arises from the attack surface, which includes two AJAX handlers, with one entirely lacking authentication checks. This single unprotected entry point is a critical vulnerability that could be exploited to execute unauthorized actions.\n\nThe plugin's vulnerability history, while currently showing no unpatched vulnerabilities, does reveal a past medium-severity Cross-Site Scripting (XSS) issue, last recorded in early 2024. This indicates a historical propensity for input sanitization weaknesses, even though the current static analysis didn't flag direct XSS issues. The absence of unpatched CVEs is a strong positive, but the presence of an unprotected AJAX handler combined with the past XSS vulnerability suggests that careful review and hardening of all entry points are crucial.\n\nIn conclusion, while the plugin has strengths in its handling of SQL and output escaping, the unprotected AJAX handler represents a direct and exploitable security risk. The historical XSS vulnerability, though patched, warrants continued vigilance regarding input validation. A balanced assessment suggests that the plugin is moderately secure but requires immediate attention to its unprotected entry point to mitigate potential exploitation.",[305,308],{"reason":306,"points":307},"Unprotected AJAX handler",8,{"reason":309,"points":62},"Past medium severity CVE (XSS)","2026-03-16T18:51:02.353Z",{"wat":312,"direct":324},{"assetPaths":313,"generatorPatterns":319,"scriptPaths":320,"versionParams":322},[314,315,316,317,318],"\u002Fwp-content\u002Fplugins\u002Fultra-companion\u002Fassets\u002Fslick\u002Fslick.css","\u002Fwp-content\u002Fplugins\u002Fultra-companion\u002Fassets\u002Fslick\u002Fslick-theme.css","\u002Fwp-content\u002Fplugins\u002Fultra-companion\u002Fassets\u002Fjs\u002Fmedia-uploader.js","\u002Fwp-content\u002Fplugins\u002Fultra-companion\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fultra-companion\u002Fassets\u002Fcss\u002Fadmin.css",[],[321],"\u002Fwp-content\u002Fplugins\u002Fultra-companion\u002Fassets\u002Fslick\u002Fslick.js",[323],"ultra-companion\u002Fassets\u002Fslick\u002Fslick.js?ver=1.2.0",{"cssClasses":325,"htmlComments":333,"htmlAttributes":334,"restEndpoints":336,"jsGlobals":337,"shortcodeOutput":343},[253,326,327,328,329,330,331,332],"wpop_notice_img","wpop_notice_right_content","wpop_notice_content","wpop_no_thanks","wpop_notice_after_content","wpop_notice_content_wrap","wpop_button",[],[335],"data-user",[],[338,339,340,341,342],"ULC_VERSION","ULC_TD","ULC_PATH","ULC_URL","UIMAGE_PATH",[]]