[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFScVw2zz87WvrfgiIxhfDqcaqg0px5iUgnaodRIxhI0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":45,"crawl_stats":34,"alternatives":52,"analysis":147,"fingerprints":234},"unlimited-page-sidebars","Unlimited Page Sidebars","0.2.8","Ederson Peka","https:\u002F\u002Fprofiles.wordpress.org\u002Federsonpeka\u002F","\u003Cp>With this plugin, you can create as much “sidebars” (widget areas) as you need, and assign them in a per-page basis. (It’s only useful if your theme supports “sidebars”.)\u003C\u002Fp>\n\u003Cp>WARNING: Updating from versions prior to 0.2.5 requires new set up.\u003C\u002Fp>\n","Assign one specific widget area (sidebar) to each page.",100,8931,5,"","6.9.4","5.0",[18,19,20],"cms","pages","sidebars","https:\u002F\u002Federson.ferreira.tec.br","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funlimited-page-sidebars.0.2.8.zip",99,1,0,"2025-01-31 00:00:00","2026-03-15T10:48:56.248Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":36,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2025-22688","unlimited-page-sidebars-cross-site-request-forgery-to-stored-cross-site-scripting","Unlimited Page Sidebars \u003C= 0.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Unlimited Page Sidebars plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=0.2.6","0.2.7","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-02-03 14:43:56",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc9c1039e-759f-420a-87a7-6a106640ff60?source=api-prod",4,{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":23,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"edersonpeka",6,540,742,78,"2026-04-04T16:12:39.958Z",[53,74,93,112,132],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":11,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":14,"tags":67,"homepage":69,"download_link":70,"security_score":71,"vuln_count":24,"unpatched_count":24,"last_vuln_date":72,"fetched_at":73},"next-page-not-next-post","Next Page, Not Next Post","0.3.0","Matt McInvale","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcinvale\u002F","\u003Cp>\u003Cstrong>Next Page, Not Next Post\u003C\u002Fstrong> is a very simple plugin that creates navigation between sibling pages.\u003C\u002Fp>\n\u003Cp>This plugin gives you two new functions, \u003Ccode>next_page_not_post($anchor_text, $loop, $sort)\u003C\u002Fcode> & \u003Ccode>previous_page_not_post($anchor_text, $loop, $sort)\u003C\u002Fcode>. Each function has three simple options.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Anchor Text\u003C\u002Fstrong> – Either set the anchor text manually or use the page title. Use %title to use page title with other strings. Defaults to page title, just leave blank for that.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Looping\u003C\u002Fstrong> – Link the first element to the last and the last to the first, or not. Defaults to not looping. Set to true for looping, cousins for cousin based navigation and cousinsloop for cousins navigation that loops.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Get Pages\u003C\u002Fstrong> – This is used to determine how to sort your results. Use the documentation at \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fget_pages\" rel=\"nofollow ugc\">Get Pages\u003C\u002Fa> to find all available options here. Defaults to menu_order ascending.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>SHORTCODES\u003C\u002Fstrong> You can use [next_page] and [previous_page] shortcodes within your page content. Supported options are ‘anchor’, ‘loop’ and ‘getPagesQuery’.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fbinarym.com\u002F2009\u002Fnext-page-not-next-post\u002F\" rel=\"nofollow ugc\">More documentation for Next Page, Not Next Post on BinaryM.com\u003C\u002Fa>\u003C\u002Fp>\n","Easily create navigation to sibling pages. Similar to next_post_link() and previous_post_link() but for pages.",1000,33829,12,"2014-09-04T22:30:00.000Z","4.0.38","2.7",[68,18,19],"awesome","http:\u002F\u002Fbinarym.com\u002F2009\u002Fnext-page-not-next-post\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnext-page-not-next-post.zip",63,"2025-10-10 00:00:00","2026-03-15T15:16:48.613Z",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":14,"short_description":80,"active_installs":61,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":14,"tags":87,"homepage":90,"download_link":91,"security_score":92,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":73},"per-page-sidebars","Per Page Sidebars","2.0.3","Brian Layman","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrianlayman\u002F","The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.",67740,84,10,"2018-03-14T19:32:00.000Z","4.9.29","3.1",[19,88,20,89],"posts","widgets","http:\u002F\u002FTheCodeCave.com\u002Fplugins\u002Fper-page-sidebars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-sidebars.zip",85,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":11,"num_ratings":44,"last_updated":103,"tested_up_to":15,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":14,"download_link":110,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":111,"fetched_at":73},"better-section-navigation","Better Section Navigation","1.7.0","cornershop","https:\u002F\u002Fprofiles.wordpress.org\u002Fcornershop\u002F","\u003Cp>Adds a new widget type you can deploy in your sidebar regions (and\u002For elsewhere) to display section-based navigation, along with the ability to exclude certain pages from showing up.\u003C\u002Fp>\n\u003Cp>The title of the widget is the top level page within the current section. The widget then can show all of the page’s published siblings (except on the top level page), all parents and grandparents (and higher), the siblings of all parents and grandparents (up to top level page), and any immediate children of the current page. It can also be called by a function inside template files.\u003C\u002Fp>\n\u003Cp>It includes a simple widget configuration panel. From this panel you can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Determine whether the widget should appear on the home page\u003C\u002Fli>\n\u003Cli>Override standard behavior and have the widget show all pages in the current section\u003C\u002Fli>\n\u003Cli>Determine whether the widget should appear even if the section only has one page (the top level)\u003C\u002Fli>\n\u003Cli>Provide a list of pages to exclude from the output\u003C\u002Fli>\n\u003Cli>Determine whether the section navigation should still appear when viewing excluded pages\u003C\u002Fli>\n\u003Cli>Use a specific widget title (i.e. In This Section), or just use the top level page title\u003C\u002Fli>\n\u003Cli>Determine whether the section title should be linked\u003C\u002Fli>\n\u003Cli>Determine page sort order (defaults to menu order)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The widget uses standard WordPress navigation classes, in addition to a unique class around the widget, for easy styling. The UL of the page list also has a custom class, \u003Ccode>bsn-list\u003C\u002Fcode>, that can be altered via the \u003Ccode>bsn_list_class\u003C\u002Fcode> filter.\u003C\u002Fp>\n\u003Cp>Beginning with version 1.5, Better Section Navigation also incorporates the features of the defunct \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexclude-pages\u002F\" rel=\"ugc\">Exclude Pages\u003C\u002Fa> plugin, giving you the ability to selectively exclude specific pages from appearing in the widget generated by Better Section Navigation. This per-page control is managed via a metabox on the post edit screen. Note: On activation, BSN will automatically import the list of “excluded pages” set via that plugin, so you don’t have to manually re-assign excludes pages before deactivating the old one.\u003C\u002Fp>\n\u003Cp>Compatible with WordPress Multisite.\u003C\u002Fp>\n\u003Cp>This plugin started life as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-section-navigation\u002F\" rel=\"ugc\">Simple Section Navigation Widget\u003C\u002Fa>, but since that plugin hasn’t been updated in a while, we’ve taken up the reins with the goal of keeping it up to date with the latest WordPress conventions (i.e. getting rid of deprecation warnings) and adding a few nice-to-have features while retaining some of the simplicity of the original plugin.\u003C\u002Fp>\n\u003Cp>Simple Section Navigation Widget is incompatible with PHP 8.x, so as of October 2022, Better Section Navigation is now a drop-in replacement for Simple Section Navigation Widget. If you’ve been using Simple Section Navigation, you can now use this one instead without changing any settings! \u003Cem>NOTE: Deactivate Simple Section Navigation Widget\u003C\u002Fem> before activating Better Section Navigation.\u003C\u002Fp>\n","Creates a new widget for listing section-based navigation -- essential for contextual navigation. Also implements a template function and a shortcode.",700,15641,"2025-12-03T19:09:00.000Z","2.8","5.6",[18,107,108,19,109],"hierarchy","navigation","section","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-section-navigation.1.7.0.zip","2025-03-28 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":24,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":14,"tags":126,"homepage":130,"download_link":131,"security_score":92,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":73},"content-management-system-dashboard","CMS Dashboard","2.0","3pointross","https:\u002F\u002Fprofiles.wordpress.org\u002F3pointross\u002F","\u003Cp>Improve the usability of your WordPress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common tasks one would perform when using wordpress as a content management system.\u003C\u002Fp>\n\u003Cp>I have found that particularly when handing a WordPress CMS over to less than tech-savvy clients, there is often confusion on how to perform some of the more simple tasks simply because the WordPress side menu can be overwhelming. This plugin creates a simple to use dashboard interface that will let clients easily post, edit, manage users and change widgets with out having to do any hunting or searching.\u003C\u002Fp>\n","Improve the usability of your Wordpress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common task …",300,23105,80,"2010-09-07T19:39:00.000Z","3.0.5","3.0",[127,128,129,18,19],"admin","administration","client","http:\u002F\u002Fworkshop.37designs.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-management-system-dashboard.zip",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":120,"downloaded":140,"rating":122,"num_ratings":141,"last_updated":142,"tested_up_to":85,"requires_at_least":125,"requires_php":14,"tags":143,"homepage":145,"download_link":146,"security_score":92,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":73},"lock-pages","Lock Pages","0.3.1","Steve Taylor","https:\u002F\u002Fprofiles.wordpress.org\u002Fgyrus\u002F","\u003Cp>NOTE: This plugin is not tested with Gutenberg, and we have no near-term plans to do so. If using WP > 5.0, use the Classic Editor if there are problems.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin was originally designed to only lock pages, and only later added custom post type functionality. Hence the name, and sometimes the terminology will say “pages” when it means “any post type”.\u003C\u002Fp>\n\u003Cp>Sometimes some pages or other posts are too important to allow them to be casually moved about or deleted by site editors. An editor may think nothing of renaming a page’s slug, or deleting a page to replace it with something similar, perhaps unaware of effects on SEO. Also, certain pages might be essential to keep in place because of a site’s structure, or because of aspects of a custom theme.\u003C\u002Fp>\n\u003Cp>This plugin lets administrators “lock” any or all pages, and any post of any post type. “Locking” here basically means preventing non-admins from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Editing the item’s slug\u003C\u002Fli>\n\u003Cli>Changing the item’s parent\u003C\u002Fli>\n\u003Cli>Changing the item’s template\u003C\u002Fli>\n\u003Cli>Deleting the item\u003C\u002Fli>\n\u003Cli>Changing the item’s status\u003C\u002Fli>\n\u003Cli>Changing the item’s password protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Locking is implemented by preventing the actual database update being performed as well as, where possible, having the interface element for that field removed. Where possible interface elements are removed via WP filters on the server; otherwise, jQuery is used on the client.\u003C\u002Fp>\n\u003Cp>NOTE: Currently, I’ve been unable to get this working with the Quick Edit functionality. As a stop-gap measure, which is only in place because it seems to be better than nothing, the Quick Edit link is removed for users who can’t edit locked pages. I know, it’s not great. But until I work out how to selectively block Quick Editing, I’m assuming a locked page should be locked. Users can always edit the other fields via the normal edit page.\u003C\u002Fp>\n\u003Cp>Go to GitHub for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgyrus\u002FLock-Pages\" rel=\"nofollow ugc\">development code\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgyrus\u002FLock-Pages\u002Fissues\" rel=\"nofollow ugc\">issue tracking\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Quick Edit presents problems. I’ve worked out how to create hidden fields in the Quick Edit box, and to put the values in the hidden div, but I can’t work out how to dynamically populate the fields with the values, so the old values can be used if necessary on saving. For now Quick Edit is blocked for users who can’t edit locked pages.\u003C\u002Fli>\n\u003Cli>Although I’ve fixed the lock_parent function so it allows uploaded files to be attached to a locked page, it still prevents media already in the library from being attached when inserted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Ideas\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Include the locking checkbox for admins in the Quick Edit form.\u003C\u002Fli>\n\u003Cli>On the settings screen, use a drop-down for selecting which capability is needed for editing locked page elements.\u003C\u002Fli>\n\u003Cli>Implement a system to deal with descendants, e.g. an option to lock all descendants of a locked page or not.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lock Pages prevents specified pages (or all pages), posts, or custom post types from having their slug, parent, status or password edited, or from bei …",17843,2,"2018-12-19T15:28:00.000Z",[127,128,18,144,19],"page","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flock-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flock-pages.0.3.1.zip",{"attackSurface":148,"codeSignals":197,"taintFlows":224,"riskAssessment":225,"analyzedAt":233},{"hooks":149,"ajaxHandlers":177,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":44,"unprotectedCount":25},[150,156,160,163,166,170,174],{"type":151,"name":152,"callback":153,"priority":83,"file":154,"line":155},"filter","plugin_action_links","settings_link","unlimited-page-sidebars.php",23,{"type":157,"name":158,"callback":158,"file":154,"line":159},"action","admin_init",25,{"type":157,"name":161,"callback":161,"file":154,"line":162},"admin_menu",27,{"type":157,"name":161,"callback":164,"file":154,"line":165},"add_custom_box",29,{"type":157,"name":167,"callback":168,"file":154,"line":169},"save_post","save_postdata",31,{"type":151,"name":171,"callback":172,"file":154,"line":173},"sidebars_widgets","overwrite_widgets",33,{"type":157,"name":175,"callback":175,"file":154,"line":176},"init",546,[178,184,187,190],{"action":179,"nopriv":180,"callback":181,"hasNonce":182,"hasCapCheck":182,"file":154,"line":183},"custom_sidebar_add",false,"ajax_sidebar_add",true,98,{"action":185,"nopriv":180,"callback":186,"hasNonce":182,"hasCapCheck":182,"file":154,"line":23},"custom_sidebar_rename","ajax_sidebar_rename",{"action":188,"nopriv":180,"callback":189,"hasNonce":182,"hasCapCheck":182,"file":154,"line":11},"custom_sidebar_remove","ajax_sidebar_remove",{"action":191,"nopriv":180,"callback":192,"hasNonce":180,"hasCapCheck":182,"file":154,"line":193},"custom_sidebar_list","ajax_sidebar_list",101,[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":25,"externalRequests":25,"nonceChecks":44,"capabilityChecks":47,"bundledLibraries":223},[],{"prepared":25,"raw":25,"locations":200},[],{"escaped":202,"rawEcho":83,"locations":203},11,[204,207,209,210,211,213,215,217,219,221],{"file":154,"line":205,"context":206},329,"raw output",{"file":154,"line":208,"context":206},352,{"file":154,"line":208,"context":206},{"file":154,"line":208,"context":206},{"file":154,"line":212,"context":206},365,{"file":154,"line":214,"context":206},452,{"file":154,"line":216,"context":206},467,{"file":154,"line":218,"context":206},468,{"file":154,"line":220,"context":206},471,{"file":154,"line":222,"context":206},474,[],[],{"summary":226,"deductions":227},"The 'unlimited-page-sidebars' plugin, version 0.2.8, exhibits a mixed security posture. On the positive side, the static analysis reveals a commendable lack of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and file operations. Crucially, all identified AJAX entry points have associated nonce checks and capability checks, which is a strong indicator of good development practice in preventing unauthorized actions. The absence of direct REST API routes, shortcodes, and cron events also contributes to a reduced attack surface. However, a significant concern arises from the output escaping. With only 52% of outputs being properly escaped, there is a notable risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site. The plugin's vulnerability history shows one known CVE, which was a Cross-Site Request Forgery (CSRF) vulnerability. While this CVE is reported as patched, the presence of past vulnerabilities, even if medium severity, suggests a history of security oversight. The lack of critical or high severity taint flows in the current analysis is a positive sign, but the unpatched CVE and the high percentage of unescaped output are areas requiring immediate attention. Overall, while the plugin demonstrates solid fundamental security practices in handling sensitive operations like database queries and authentication for entry points, the insufficient output escaping presents a tangible risk of XSS, and the past CVE indicates a need for continued vigilance.",[228,231],{"reason":229,"points":230},"Significant portion of output not properly escaped",8,{"reason":232,"points":13},"Previous CSRF vulnerability recorded","2026-03-16T20:31:21.020Z",{"wat":235,"direct":244},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Funlimited-page-sidebars\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Funlimited-page-sidebars\u002Fjs\u002Fadmin.js",[],[238],[242,243],"unlimited-page-sidebars\u002Fcss\u002Fadmin.css","unlimited-page-sidebars\u002Fjs\u002Fadmin.js",{"cssClasses":245,"htmlComments":247,"htmlAttributes":248,"restEndpoints":249,"jsGlobals":250,"shortcodeOutput":252},[246],"custom_sidebar",[],[],[],[251],"unlimited_page_sidebars",[]]