[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuixP25YpQ-Tg00K7cbsLz6hORJqMtetgoqeyh5aN1ks":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":62,"crawl_stats":38,"alternatives":69,"analysis":162,"fingerprints":655},"ux-flat","UX Flat","5.4.0","COP","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpvncom\u002F","\u003Cp>❤ This plugin will create new elements for Flatsome. Awesome !!! Minimum required Flatsome v3.19.2\u003C\u002Fp>\n\u003Ch3>LOADER IMAGE\u003C\u002Fh3>\n\u003Cp>✅ Site Loader overlay when loading the site\u003C\u002Fp>\n\u003Ch3>TYPING ANIMATION\u003C\u002Fh3>\n\u003Cp>✅ Change the search multiple field placeholder\u003C\u002Fp>\n\u003Ch3>[UXF ELEMENTS] PRE-DESIGNED TEMPLATES\u003C\u002Fh3>\n\u003Cp>✅ Section \u002F Banner \u002F Title \u002F Button \u002F Gallery \u002F Slider \u002F Image \u002F Blog Posts \u002F Portfolio \u002F Google Maps\u003Cbr \u002F>\n✅ Blog Categories \u002F More \u002F Menu \u002F   Icon \u002F Lightbox \u002F Table \u002F Module\u003C\u002Fp>\n\u003Ch3>FL ICONS\u003C\u002Fh3>\n\u003Cp>✅ Enable customize icons\u003C\u002Fp>\n\u003Ch3>BACK TO TOP\u003C\u002Fh3>\n\u003Cp>✅ Custom Background & Icon back to top\u003C\u002Fp>\n\u003Ch3>BLOG GLOBAL\u003C\u002Fh3>\n\u003Cp>✅ Remove Category Archives Title\u003C\u002Fp>\n\u003Ch3>PERFORMANCE\u003C\u002Fh3>\n\u003Cp>✅ Blog Categories\u003Cbr \u002F>\n✅ CDN jsDelivr\u003C\u002Fp>\n\u003Cp>and more…\u003C\u002Fp>\n","Enhance user experience with the sleek and modern design provided by the UX Flat plugin for WordPress websites.",1000,24880,94,13,"2025-06-29T07:24:00.000Z","6.7.5","6.2","7.4",[20,21,22,23,24],"element-flatsome","flatsome","flatux","ux-flatsome","uxflat","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fux-flat.5.4.0.zip",73,2,1,"2026-01-20 00:00:00","2026-03-15T15:16:48.613Z",[33,47],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2026-24576","ux-flat-authenticated-contributor-stored-cross-site-scripting","UX Flat \u003C= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=5.4.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-27 19:15:04",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7ddf167e-f436-4150-87e2-69c970952cd9?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-2459","ux-flat-authenticatedcontributor-stored-cross-site-scripting-via-shortcode","UX Flat \u003C= 4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode","The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.4","4.5","high",7.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:L","2024-03-19 00:00:00","2024-07-11 18:43:20",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=api-prod",115,{"slug":63,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":64,"avg_security_score":65,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},"wpvncom",8000,86,92,69,"2026-04-04T03:39:20.588Z",[70,90,108,126,144],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":25,"tags":84,"homepage":87,"download_link":88,"security_score":89,"vuln_count":80,"unpatched_count":80,"last_vuln_date":38,"fetched_at":31},"ux-ultimate","UX Ultimate","1.2","OnemanCoding","https:\u002F\u002Fprofiles.wordpress.org\u002Fuxultimate\u002F","\u003Cp>UX Ultimate is a plug-in for WordPress that website using Flatsome theme.\u003C\u002Fp>\n\u003Cp>UX Ultimate works by creating new elements that specialize in producing beautiful Flatsome element\u003C\u002Fp>\n\u003Cp>Beyond elements Flatsome, UX Ultimate also has created beautiful theme which provide our customers with a streamlined\u003C\u002Fp>\n\u003Ch3>Special Thanks\u003C\u002Fh3>\n\u003Cp>Special thanks to: @onemancoding for the contributions!\u003C\u002Fp>\n\u003Ch3>From WordPress Dashboard\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to ‘Plugins -> Add New’ from your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Search for \u003Ccode>UX Ultimate\u003C\u002Fcode> and install it.\u003C\u002Fli>\n\u003Cli>Activate the plugin from Plugins menu.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manual Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin file: \u003Ccode>ux-ultimate.zip\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Unzip the file\u003C\u002Fli>\n\u003Cli>Upload the\u003Ccode>ux-ultimate.zip\u003C\u002Fcode> folder to your \u003Ccode>\u002Fwp-content\u002Fplugins\u003C\u002Fcode> directory (do not rename the folder)\u003C\u002Fli>\n\u003Cli>Activate the plugin from Plugins menu.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>VERSION 1.0 – SEPTEMBER 27TH, 2022\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>First install of the plugin\u003C\u002Fli>\n\u003Cli>Initial release\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>VERSION 1.1 – OCTOBER 28TH, 2022\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add Marquee Text\u003C\u002Fli>\n\u003Cli>Add stroke-text class that is use by .stroke-text for text element\u003C\u002Fli>\n\u003Cli>Add Pricing Table V1 Element\u003C\u002Fli>\n\u003Cli>Add Drop Caps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>VERSION 1.2 – November 7TH, 2022\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add Blob Image\u003C\u002Fli>\n\u003Cli>Add Accordion Image\u003C\u002Fli>\n\u003C\u002Ful>\n","UX Ultimate is a plug-in for WordPress that website using Flatsome theme.",70,1913,0,"2022-11-13T02:25:00.000Z","6.1.10","4.8",[20,21,85,23,86],"flatsome-support","uxu","https:\u002F\u002Fuxultimate.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fux-ultimate.1.2.zip",85,{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":25,"tags":104,"homepage":106,"download_link":107,"security_score":89,"vuln_count":80,"unpatched_count":80,"last_vuln_date":38,"fetched_at":31},"ot-flatsome-vertical-menu","OT Flatsome Vertical Menu","1.2.3","thinhbg59","https:\u002F\u002Fprofiles.wordpress.org\u002Fthinhbg59\u002F","\u003Cp>Vertical Menu for Flatsome Woocommerce theme.\u003Cbr \u002F>\nDonate link: https:\u002F\u002Fpaypal.me\u002Fthinhbg59\u003Cbr \u002F>\nPro version please contact Facebook: https:\u002F\u002Ffb.com\u002Fthinh59 – Email : thinhbg59@gmail.com\u003Cbr \u002F>\nThank for using.\u003Cbr \u002F>\nVideo setup :\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_k4qxWQMeoU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Vertical Menu for Flatsome Woocommerce theme.",10000,78956,22,"2020-06-17T13:30:00.000Z","5.2.24","4.0",[21,105],"vertical-menu","https:\u002F\u002Fthinhdev.com\u002Fplugins\u002Fot-flatsome-vertical-menu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fot-flatsome-vertical-menu.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":98,"downloaded":116,"rating":117,"num_ratings":28,"last_updated":118,"tested_up_to":119,"requires_at_least":103,"requires_php":120,"tags":121,"homepage":124,"download_link":125,"security_score":89,"vuln_count":80,"unpatched_count":80,"last_vuln_date":38,"fetched_at":31},"related-posts-flatsome","Related Posts Flatsome","1.0.1","Minh Tiến","https:\u002F\u002Fprofiles.wordpress.org\u002Fminhtien94\u002F","\u003Cp>Plugin for adding related articles to posts for Flatsome theme.\u003Cbr \u002F>\nYou can customize the display style with the customize theme.\u003C\u002Fp>\n\u003Cp>Note: Only works on Flatsome theme.\u003C\u002Fp>\n","Plugin for adding related articles to posts for Flatsome theme.",13322,100,"2022-08-22T14:34:00.000Z","6.0.11","5.3",[122,21,123,109],"atweb-vn","related-posts","https:\u002F\u002Fatweb.vn\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frelated-posts-flatsome.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":117,"num_ratings":29,"last_updated":136,"tested_up_to":102,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":142,"download_link":143,"security_score":89,"vuln_count":80,"unpatched_count":80,"last_vuln_date":38,"fetched_at":31},"mino-flatsome-title-with-category","Mino Flatsome Title With Category","1.0.0","Mino","https:\u002F\u002Fprofiles.wordpress.org\u002Fminoteam\u002F","\u003Cp>Plugin add add title with product category element for flatsome theme.\u003Cbr \u002F>\nPlease install and active flatsome theme (or child theme) before active plugin.\u003C\u002Fp>\n","Add title with product category element for flatsome theme.",300,2334,"2019-05-23T02:48:00.000Z","4.7","5.6",[21,140,141],"mino","title","https:\u002F\u002Fmino.vn\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmino-flatsome-title-with-category.1.0.0.zip",{"slug":145,"name":146,"version":129,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":117,"downloaded":151,"rating":80,"num_ratings":80,"last_updated":152,"tested_up_to":153,"requires_at_least":137,"requires_php":154,"tags":155,"homepage":160,"download_link":161,"security_score":89,"vuln_count":80,"unpatched_count":80,"last_vuln_date":38,"fetched_at":31},"pop-up-element-for-flatsome-theme","Flatsome pop-up element","Freelancerviet.net","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreelancerviet\u002F","\u003Cp>Add custom pop-up element for Flatsome theme for advertisment\u003C\u002Fp>\n\u003Ch4>Main Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show up on UX builder mode\u003C\u002Fli>\n\u003Cli>Add custom content inside pop-up\u003C\u002Fli>\n\u003Cli>Support custom css class for customize css\u003C\u002Fli>\n\u003C\u002Ful>\n","Add custom pop-up element for Flatsome theme for advertisment",3714,"2019-05-03T17:30:00.000Z","5.1.22","7.0",[156,21,157,158,159],"advertisment","flatsome-popup","pop-up","popup","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpop-up-element-for-flatsome-theme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpop-up-element-for-flatsome-theme.zip",{"attackSurface":163,"codeSignals":480,"taintFlows":641,"riskAssessment":642,"analyzedAt":654},{"hooks":164,"ajaxHandlers":387,"restRoutes":388,"shortcodes":389,"cronEvents":478,"entryPointCount":479,"unprotectedCount":80},[165,171,175,179,185,189,192,196,199,203,205,208,210,214,217,221,224,227,229,233,237,239,241,243,245,249,253,257,262,266,269,273,277,281,285,288,292,296,299,300,304,308,312,316,319,322,326,330,333,337,340,343,347,350,352,356,359,364,369,373,378,381,384],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","admin_notices","uxf_warning","inc\\core.php",30,{"type":166,"name":172,"callback":173,"file":169,"line":174},"plugins_loaded","uxf_textdomain",38,{"type":166,"name":176,"callback":177,"file":169,"line":178},"activated_plugin","uxf_plugin_redirect",49,{"type":180,"name":181,"callback":182,"priority":183,"file":169,"line":184},"filter","plugin_row_meta","uxf_plugin_row_meta",10,83,{"type":166,"name":186,"callback":187,"priority":29,"file":188,"line":100},"show_user_profile","add_profile_fields","inc\\helpers\\class.author.php",{"type":166,"name":190,"callback":187,"priority":29,"file":188,"line":191},"edit_user_profile",23,{"type":166,"name":193,"callback":194,"priority":29,"file":188,"line":195},"personal_options_update","save_profile_fields",24,{"type":166,"name":197,"callback":194,"priority":29,"file":188,"line":198},"edit_user_profile_update",25,{"type":166,"name":186,"callback":200,"file":201,"line":202},"add_avatar_field","inc\\helpers\\class.avatar.php",5,{"type":166,"name":190,"callback":200,"file":201,"line":204},6,{"type":166,"name":193,"callback":206,"file":201,"line":207},"save_avatar_field",7,{"type":166,"name":197,"callback":206,"file":201,"line":209},8,{"type":166,"name":211,"callback":212,"priority":183,"file":201,"line":213},"delete_user","delete_avatar_on_user_delete",9,{"type":180,"name":215,"callback":216,"priority":183,"file":201,"line":183},"get_avatar","filter_avatar",{"type":166,"name":218,"callback":219,"file":220,"line":207},"category_add_form_fields","add_layout_field","inc\\helpers\\class.categories-layout.php",{"type":166,"name":222,"callback":223,"file":220,"line":209},"category_edit_form_fields","update_layout_field",{"type":166,"name":225,"callback":226,"file":220,"line":213},"created_category","save_layout",{"type":166,"name":228,"callback":226,"file":220,"line":183},"edited_category",{"type":180,"name":230,"callback":231,"file":220,"line":232},"category_template","category_layout",11,{"type":166,"name":234,"callback":235,"file":236,"line":207},"admin_enqueue_scripts","load_wp_media_files","inc\\helpers\\class.categories.php",{"type":166,"name":218,"callback":238,"file":236,"line":209},"add_category_image",{"type":166,"name":225,"callback":240,"file":236,"line":213},"save_category_image",{"type":166,"name":222,"callback":242,"file":236,"line":183},"update_category_image",{"type":166,"name":228,"callback":244,"file":236,"line":232},"updated_category_image",{"type":166,"name":246,"callback":247,"file":236,"line":248},"admin_footer","add_script",12,{"type":166,"name":250,"callback":251,"file":252,"line":202},"init","closure","inc\\helpers\\helpers-icons.php",{"type":166,"name":254,"callback":255,"file":252,"line":256},"after_setup_theme","flatsome_remove_icons",17,{"type":166,"name":258,"callback":259,"priority":260,"file":252,"line":261},"wp_enqueue_scripts","flatsome_custom_icons",150,45,{"type":180,"name":263,"callback":264,"priority":183,"file":252,"line":265},"flatsome_follow_links","custom_icons",79,{"type":180,"name":267,"callback":264,"priority":183,"file":252,"line":268},"flatsome_share_links",80,{"type":166,"name":254,"callback":270,"priority":202,"file":271,"line":272},"uxf_shortcode","inc\\init.php",63,{"type":166,"name":274,"callback":275,"file":271,"line":276},"ux_builder_setup","uxf_builder_setup",96,{"type":166,"name":278,"callback":279,"file":271,"line":280},"flatsome_footer","uxf_go_to_top",101,{"type":166,"name":282,"callback":283,"priority":183,"file":271,"line":284},"flatsome_before_blog","get_breadcrumbs",110,{"type":166,"name":258,"callback":286,"priority":260,"file":271,"line":287},"uxflat_scripts",258,{"type":166,"name":289,"callback":290,"file":271,"line":291},"wp_footer","add_shortcode_search_typing",271,{"type":166,"name":293,"callback":294,"file":271,"line":295},"flatsome_before_header","title_front_page",275,{"type":180,"name":263,"callback":297,"priority":183,"file":271,"line":298},"remove_tooltip_from_links",299,{"type":180,"name":267,"callback":297,"priority":183,"file":271,"line":134},{"type":166,"name":301,"callback":302,"priority":213,"file":271,"line":303},"woocommerce_shop_loop_item_title","uxf_woo_template_loop_product_title",305,{"type":180,"name":305,"callback":306,"priority":183,"file":271,"line":307},"gettext","flatsome_translation",320,{"type":180,"name":309,"callback":310,"file":271,"line":311},"wpseo_breadcrumb_links","remove_last_crumb_blog",348,{"type":180,"name":313,"callback":314,"file":271,"line":315},"the_title","do_shortcode",413,{"type":180,"name":317,"callback":251,"file":271,"line":318},"rank_math\u002Ffrontend\u002Ftitle",417,{"type":180,"name":320,"callback":251,"file":271,"line":321},"rank_math\u002Ffrontend\u002Fdescription",421,{"type":180,"name":323,"callback":324,"file":271,"line":325},"template_include","custom_archive_layout",447,{"type":166,"name":327,"callback":328,"priority":183,"file":271,"line":329},"flatsome_before_comments","custom_blog_author_box",451,{"type":166,"name":282,"callback":331,"priority":183,"file":271,"line":332},"custom_flatsome_archive_title",479,{"type":166,"name":334,"callback":335,"file":271,"line":336},"flatsome_after_blog","custom_flatsome_archive_description",487,{"type":166,"name":282,"callback":338,"file":271,"line":339},"custom_flatsome_blog_featured",507,{"type":166,"name":250,"callback":341,"file":271,"line":342},"flatsome_nag",523,{"type":166,"name":344,"callback":345,"priority":29,"file":271,"line":346},"wp_head","meta_post_refresh",530,{"type":166,"name":334,"callback":348,"file":271,"line":349},"uxf_post_after_blog",631,{"type":166,"name":327,"callback":348,"file":271,"line":351},633,{"type":180,"name":353,"callback":354,"file":271,"line":355},"flatsome_lightbox_close_btn_inside","__return_true",638,{"type":180,"name":357,"callback":251,"file":271,"line":358},"flatsome_lightbox_close_button",639,{"type":180,"name":360,"callback":361,"priority":362,"file":271,"line":363},"tiny_mce_before_init","fs_mce_text_sizes",99,657,{"type":180,"name":365,"callback":366,"priority":367,"file":271,"line":368},"posts_search","search_only_title",500,683,{"type":166,"name":250,"callback":370,"priority":371,"file":372,"line":204},"uxf_of_options",20,"inc\\of_options.php",{"type":180,"name":374,"callback":375,"priority":29,"file":376,"line":377},"found_posts","anonymous","inc\\shortcodes\\blog_posts.php",239,{"type":166,"name":258,"callback":379,"file":380,"line":232},"uxf_button_scripts","inc\\shortcodes\\button.php",{"type":166,"name":258,"callback":382,"file":383,"line":204},"uxf_section_scripts","inc\\shortcodes\\sections.php",{"type":166,"name":258,"callback":385,"file":386,"line":207},"uxf_typed_scripts","inc\\shortcodes\\ux_typed.php",[],[],[390,394,398,402,405,408,412,417,422,427,432,437,442,446,449,452,456,461,465,470,475],{"tag":391,"callback":392,"file":188,"line":393},"social","render_author_box",26,{"tag":395,"callback":396,"file":271,"line":397},"post-reads","time_to_read",409,{"tag":399,"callback":399,"file":400,"line":401},"blog_categories","inc\\shortcodes\\blog_categories.php",259,{"tag":403,"callback":399,"file":400,"line":404},"blog_categories_grid",260,{"tag":406,"callback":407,"file":376,"line":346},"blog_posts","shortcode_latest_from_uxf_blog",{"tag":409,"callback":410,"file":380,"line":411},"button","uxf_button_shortcode",214,{"tag":413,"callback":414,"file":415,"line":416},"divider","uxf_divider_shortcode","inc\\shortcodes\\divider.php",105,{"tag":418,"callback":419,"file":420,"line":421},"follow","uxf_flatsome_follow","inc\\shortcodes\\follow.php",449,{"tag":423,"callback":424,"file":425,"line":426},"map","uxf_flatsome_shortcode_map","inc\\shortcodes\\google_maps.php",106,{"tag":428,"callback":429,"file":430,"line":431},"lightbox","uxf_lightbox","inc\\shortcodes\\lightbox.php",78,{"tag":433,"callback":434,"file":435,"line":436},"menu","uxf_menu_item","inc\\shortcodes\\menu.php",71,{"tag":438,"callback":439,"file":440,"line":441},"module","ux_module","inc\\shortcodes\\module.php",118,{"tag":443,"callback":444,"file":383,"line":445},"background","uxf_section",294,{"tag":447,"callback":444,"file":383,"line":448},"section",295,{"tag":450,"callback":444,"file":383,"line":451},"section_inner",296,{"tag":141,"callback":453,"file":454,"line":455},"uxf_title_shortcode","inc\\shortcodes\\title.php",183,{"tag":457,"callback":458,"file":459,"line":460},"ux_gallery","uxf_gallery_att","inc\\shortcodes\\ux_gallery.php",248,{"tag":462,"callback":463,"file":459,"line":464},"gallery","fs_gallery_shortcode",267,{"tag":466,"callback":467,"file":468,"line":469},"ux_menu_link","uxf_render_ux_menu_link_shortcode","inc\\shortcodes\\ux_menu_link.php",116,{"tag":471,"callback":472,"file":473,"line":474},"ux_slider","shortcode_uxf_slider","inc\\shortcodes\\ux_slider.php",293,{"tag":476,"callback":477,"file":386,"line":184},"ux_typed","flatsome_render_ux_typed_shortcode",[],21,{"dangerousFunctions":481,"sqlUsage":482,"outputEscaping":484,"fileOperations":80,"externalRequests":80,"nonceChecks":639,"capabilityChecks":28,"bundledLibraries":640},[],{"prepared":80,"raw":80,"locations":483},[],{"escaped":485,"rawEcho":268,"locations":486},371,[487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,524,526,528,530,532,534,536,538,540,542,544,546,548,550,552,554,555,557,559,560,562,564,566,568,570,572,574,576,578,580,581,583,585,586,588,590,592,594,596,598,600,602,604,606,608,609,610,611,612,614,616,618,620,622,624,626,629,632,634,635,637],{"file":169,"line":191,"context":488},"raw output",{"file":169,"line":490,"context":488},27,{"file":188,"line":492,"context":488},93,{"file":220,"line":494,"context":488},19,{"file":220,"line":496,"context":488},40,{"file":271,"line":498,"context":488},269,{"file":271,"line":500,"context":488},309,{"file":271,"line":502,"context":488},313,{"file":271,"line":504,"context":488},364,{"file":271,"line":506,"context":488},373,{"file":271,"line":508,"context":488},378,{"file":271,"line":510,"context":488},383,{"file":271,"line":512,"context":488},390,{"file":271,"line":514,"context":488},395,{"file":271,"line":516,"context":488},399,{"file":271,"line":518,"context":488},459,{"file":271,"line":520,"context":488},460,{"file":271,"line":522,"context":488},464,{"file":271,"line":522,"context":488},{"file":271,"line":525,"context":488},466,{"file":271,"line":527,"context":488},493,{"file":271,"line":529,"context":488},498,{"file":271,"line":531,"context":488},515,{"file":271,"line":533,"context":488},560,{"file":271,"line":535,"context":488},623,{"file":400,"line":537,"context":488},216,{"file":400,"line":539,"context":488},217,{"file":400,"line":541,"context":488},223,{"file":400,"line":543,"context":488},232,{"file":400,"line":545,"context":488},242,{"file":376,"line":547,"context":488},357,{"file":376,"line":549,"context":488},360,{"file":376,"line":551,"context":488},361,{"file":376,"line":553,"context":488},391,{"file":376,"line":514,"context":488},{"file":376,"line":556,"context":488},406,{"file":376,"line":558,"context":488},429,{"file":376,"line":421,"context":488},{"file":376,"line":561,"context":488},472,{"file":376,"line":563,"context":488},482,{"file":376,"line":565,"context":488},499,{"file":380,"line":567,"context":488},146,{"file":380,"line":569,"context":488},148,{"file":380,"line":571,"context":488},152,{"file":380,"line":573,"context":488},200,{"file":415,"line":575,"context":488},102,{"file":420,"line":577,"context":488},428,{"file":420,"line":579,"context":488},438,{"file":425,"line":67,"context":488},{"file":425,"line":582,"context":488},77,{"file":425,"line":584,"context":488},97,{"file":430,"line":191,"context":488},{"file":435,"line":587,"context":488},68,{"file":440,"line":589,"context":488},81,{"file":440,"line":591,"context":488},104,{"file":383,"line":593,"context":488},159,{"file":383,"line":595,"context":488},160,{"file":383,"line":597,"context":488},173,{"file":383,"line":599,"context":488},187,{"file":383,"line":601,"context":488},283,{"file":454,"line":603,"context":488},180,{"file":459,"line":605,"context":488},208,{"file":459,"line":607,"context":488},209,{"file":459,"line":543,"context":488},{"file":468,"line":362,"context":488},{"file":468,"line":117,"context":488},{"file":468,"line":426,"context":488},{"file":473,"line":613,"context":488},144,{"file":473,"line":615,"context":488},168,{"file":473,"line":617,"context":488},287,{"file":386,"line":619,"context":488},53,{"file":386,"line":621,"context":488},59,{"file":386,"line":623,"context":488},60,{"file":386,"line":625,"context":488},66,{"file":627,"line":628,"context":488},"template-parts\\footer\\back-to-top.php",29,{"file":630,"line":631,"context":488},"template-parts\\posts\\archive-layout.php",41,{"file":633,"line":191,"context":488},"template-parts\\posts\\partials\\archive-title.php",{"file":633,"line":191,"context":488},{"file":633,"line":636,"context":488},107,{"file":633,"line":638,"context":488},112,4,[],[],{"summary":643,"deductions":644},"The 'ux-flat' plugin v5.4.0 presents a mixed security picture. On the positive side, the static analysis shows no critical vulnerabilities in terms of dangerous functions, SQL queries are consistently prepared, and a high percentage of output is properly escaped. The absence of file operations and external HTTP requests is also a strength. However, the plugin's attack surface is entirely composed of shortcodes, with a total of 21 entry points, and while no unprotected entry points were found, this reliance solely on shortcodes for user interaction warrants careful consideration.\n\nThe vulnerability history is a significant concern, with two known CVEs, one of which remains unpatched and is rated as high severity. The common vulnerability type being Cross-site Scripting (XSS) suggests potential issues with how user input is handled within the shortcodes, despite the generally good output escaping rates. The fact that the last vulnerability was in the future (2026-01-20) is an anomaly in the data, but assuming it refers to a past event, it indicates a recurring pattern of security weaknesses that require attention.\n\nOverall, while the code itself exhibits some good security practices like prepared statements and a decent escaping rate, the unpatched high-severity vulnerability and the reliance on shortcodes as the sole entry point are critical risks. The plugin's past security incidents, particularly XSS, suggest that its input sanitization and handling mechanisms may not be consistently robust, even with the reported output escaping percentages. Users should exercise caution and prioritize patching or migrating away from this plugin.",[645,648,650,652],{"reason":646,"points":647},"Unpatched high severity CVE",18,{"reason":649,"points":209},"Known medium severity CVE",{"reason":651,"points":202},"All entry points are shortcodes",{"reason":653,"points":639},"High percentage of outputs not escaped","2026-03-16T18:52:31.123Z",{"wat":656,"direct":663},{"assetPaths":657,"generatorPatterns":660,"scriptPaths":661,"versionParams":662},[658,659],"\u002Fwp-content\u002Fplugins\u002Fux-flat\u002Fassets\u002Fcss\u002Ficons.min.css","\u002Fwp-content\u002Fplugins\u002Fux-flat\u002Fassets\u002Fcss\u002Ffas.min.css",[],[],[],{"cssClasses":664,"htmlComments":666,"htmlAttributes":667,"restEndpoints":669,"jsGlobals":670,"shortcodeOutput":675},[665],"icon-zalo",[],[668],"data-uxf-typed-strings",[],[671,672,673,674],"UXF_VERSION","UXF_FILE","UXF_DIR","UXF_URL",[676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691],"[ux_menu_link","[follow","[ux_gallery","[ux_slider","[blog_posts","[lightbox","[module","[ux_typed","[menu","[background","[section","[section_inner","[title","[divider","[button","[map"]