[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnvMgi6uRSGZNFTwU7rn9X877KcAok6vF5C-ezc8YUHQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":55,"analysis":146,"fingerprints":179},"validated","Validated","2.1.2","Allan Collins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollinsinternet\u002F","\u003Cp>Is your website up to W3C HTML coding standards?  This plugin will allow you to test each page or post on your site against the W3C Validator.\u003C\u002Fp>\n\u003Cp>Want to contribute? Fork it: https:\u002F\u002Fgithub.com\u002Fallan23\u002Fvalidated\u003C\u002Fp>\n","This plugin will allow you to check your pages\u002Fposts HTML against the W3C Validator.",700,25451,80,5,"2019-12-04T00:15:00.000Z","5.3.21","3.7","",[20,21,22,23,24],"code","html","validation","w3c","xhtml","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvalidated\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvalidated.zip",85,1,0,"2014-05-28 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2014-4564","validated-cross-site-scripting","Validated \u003C= 1.0.2 - Cross-Site Scripting","Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter.",null,"\u003C=1.0.2","2.0.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbf808fec-8d84-43ab-85bc-b3b60ab4df31?source=api-prod",3527,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":53,"computed_at":54},"collinsinternet",4,830,69,"2026-04-04T11:01:33.501Z",[56,73,92,108,128],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":28,"last_updated":18,"tested_up_to":66,"requires_at_least":18,"requires_php":18,"tags":67,"homepage":18,"download_link":70,"security_score":71,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":72},"xhtml-easy-validator","(x)html easy validator","0.4","Nikoya","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolas-andre\u002F","\u003Cp>Check the doctype validity using W3c validator (html , xhtml , … ) when creating or updating  page \u002F post \u002F custom post type and show the result in backend\u003Cbr \u002F>\nIt show the result in back-end in sortable column, a link is add to the w3c for all file to help you to correct html error.\u003C\u002Fp>\n\u003Cp>Very easy to see if a post \u002F page is valid or not.\u003C\u002Fp>\n\u003Cp>This plugin can check the W3C validity of your page \u002F post or custom post type even if the site is not accessible from the Internet (if you work on local system for example)\u003C\u002Fp>\n","Check the doctype validity using W3c validator (html , xhtml , ... ) when creating or updating  page \u002F post \u002F custom post type and show the result in  …",20,5538,"3.2.1",[21,68,23,69,24],"html5","w3c-validation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxhtml-easy-validator.0.4.zip",100,"2026-03-15T10:48:56.248Z",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":29,"num_ratings":29,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":89,"download_link":90,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":91},"batch-validator","Batch Validator","1.2","Roland Rust","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdprx\u002F","\u003Cp>It functions as a frontend for the Markup Validator Web Service API on http:\u002F\u002Fvalidator.w3.org. Stylesheets are checked as well.\u003C\u002Fp>\n\u003Cp>Languages available:\u003Cbr \u002F>\n+ english\u003Cbr \u002F>\n+ deutsch(german)\u003C\u002Fp>\n","This plugin performs a batch markup validation check over your entire WordPress website.",10,3311,"2007-09-02T23:46:00.000Z","2.2.2","2.1",[21,87,88,23,24],"markup-validation","validator","http:\u002F\u002Fwordpress.designpraxis.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbatch-validator.zip","2026-03-15T14:54:45.397Z",{"slug":93,"name":94,"version":95,"author":18,"author_profile":96,"description":97,"short_description":98,"active_installs":81,"downloaded":99,"rating":29,"num_ratings":29,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":18,"tags":103,"homepage":106,"download_link":107,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-validator","WP-Validate","1.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamierumbelow\u002F","\u003Cp>WP-Validate indexes your site, collecting all the blog posts, pages and other published content, and submits it to the W3C’s HTML Validator, which then returns the response.\u003C\u002Fp>\n\u003Cp>WP-Validate then lists the valid pages, and the invalid pages, with a link to the specific validator URL.\u003C\u002Fp>\n","WP-Validate collects all the pages on your site and runs them through the W3C's HTML Validator.",3187,"2009-01-30T23:33:00.000Z","2.7","2.5",[104,105,22,23,24],"automatic","css","http:\u002F\u002Fwww.jamierumbelow.net\u002Fphp\u002Fwp-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-validator.1.03.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":64,"num_ratings":28,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":126,"download_link":127,"security_score":71,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"html-validation","HTML Validation","1.0.17","seshelby","https:\u002F\u002Fprofiles.wordpress.org\u002Fseshelby\u002F","\u003Cp>The HTML Validation Plugin runs in the background, identifies and reports HTML validation errors on your website. Once activated, the HTML Validation plugin uses WordPress cron to scan your website content in the background. A progress bar on the report screen indicates scan progress. HTML Validation is provided by \u003Ca href=\"https:\u002F\u002Fabout.validator.nu\u002F\" rel=\"nofollow ugc\">Validator.nu\u003C\u002Fa>. Please refer to the provided \u003Ca href=\"https:\u002F\u002Fabout.validator.nu\u002F#tos\" rel=\"nofollow ugc\">privacy policy and terms of use\u003C\u002Fa>. Posts may also be scanned using the Validate HTML link provided on the “All Posts” screen.\u003C\u002Fp>\n\u003Cp>The HTML Validation Pro extension adds options to automatically correct many HTML Validation issues. This one of a kind plugin could save you hundreds of hours of work finding and correcting HTML validation issues. \u003Ca href=\"https:\u002F\u002Fwww.alumnionlineservices.com\u002Fphp-scripts\u002Fhtml-validation\u002F#proext\" rel=\"nofollow ugc\">Visit our website to learn more and add the Pro Extension\u003C\u002Fa>\u003C\u002Fp>\n","The HTML Validation Plugin runs in the background, identifies and reports HTML validation errors on your website. Once activated, the HTML Validation  …",400,9075,"2025-11-16T12:47:00.000Z","6.8.5","4.6","5.5",[123,124,109,125,87],"accessibility","code-validation","html-validator","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhtml-validation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-validation.1.0.17.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":71,"downloaded":136,"rating":71,"num_ratings":28,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":18,"tags":140,"homepage":144,"download_link":145,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"gallery-shortcode-style-to-head","Gallery Shortcode Style to Head","2.4","Matt Martz","https:\u002F\u002Fprofiles.wordpress.org\u002Fsivel\u002F","\u003Cp>Moves the gallery shortcode styles to the head so it doesn’t break XHTML\u003Cbr \u002F>\nvalidation; allows disabling or modifying the default gallery styles.\u003C\u002Fp>\n\u003Cp>By default when using the WordPress gallery, the styles are placed into the\u003Cbr \u002F>\npost content which breaks XHTML validation. This plugin moves the style into\u003Cbr \u002F>\nthe head of the page using a look-ahead to determine if the [gallery]\u003Cbr \u002F>\nshortcode is used in any posts.\u003C\u002Fp>\n\u003Cp>This plugin also gives you the option to modify the default gallery style\u003Cbr \u002F>\nCSS or disable the gallery styles entirely (so you can control it from your\u003Cbr \u002F>\ntemplate CSS files).\u003C\u002Fp>\n\u003Cp>This plugin uses ideas recommended in a patch located at\u003Cbr \u002F>\nhttps:\u002F\u002Ftrac.wordpress.org\u002Fattachment\u002Fticket\u002F6380\u002F6380-style.diff\u003C\u002Fp>\n\u003Cp>Special thanks to\u003Cbr \u002F>\n* The original author: Matt Martz, http:\u002F\u002Fsivel.net\u003Cbr \u002F>\n* Serbo-Croatian (sr_RS) translation: Borisa Djuraskovic, http:\u002F\u002Fwww.webhostinghub.com\u003Cbr \u002F>\n* Spanish (es_ES) translation: Ogi Djuraskovic, http:\u002F\u002Fwww.webhostinghub.com\u002F\u003C\u002Fp>\n","Moves the gallery shortcode styles to the head so it doesn't break XHTML validation; allows disabling or modifying the default gallery styles.",11493,"2015-04-02T16:12:00.000Z","4.1.42","3.3",[105,141,142,143,24],"gallery","shortcode","style","http:\u002F\u002Fwww.intersanity.com\u002Fsoftware\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgallery-shortcode-style-to-head.2.4.zip",{"attackSurface":147,"codeSignals":159,"taintFlows":167,"riskAssessment":168,"analyzedAt":178},{"hooks":148,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":29,"unprotectedCount":29},[149],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","plugins_loaded","get_instance","validated.php",30,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":166},[],{"prepared":29,"raw":29,"locations":162},[],{"escaped":164,"rawEcho":29,"locations":165},12,[],[],[],{"summary":169,"deductions":170},"The static analysis of 'validated' v2.1.2 reveals a strong adherence to secure coding practices. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, indicating a minimal attack surface. Furthermore, the code demonstrates excellent security by avoiding dangerous functions, ensuring all SQL queries use prepared statements, and properly escaping all output. File operations and external HTTP requests are also absent, which further reduces potential vulnerabilities.\n\nDespite these strong internal code practices, the plugin has a history of vulnerabilities, including one documented CVE. The presence of a past medium severity Cross-Site Scripting (XSS) vulnerability, although last seen in 2014 and currently unpatched, raises a flag. The absence of nonce checks and capability checks, while not directly exploited in the current static analysis due to the lack of entry points, represents potential weaknesses if the attack surface were to expand or if the plugin's functionality changed in future versions.\n\nIn conclusion, 'validated' v2.1.2 exhibits a very secure internal code structure with best practices in place for SQL, output, and avoiding dangerous functions. However, the past vulnerability history, specifically an XSS issue, and the lack of certain security checks like nonces and capability checks on what is currently a zero-attack-surface, suggest a need for ongoing vigilance and a potential risk if the plugin's design evolves.",[171,174,176],{"reason":172,"points":173},"Past medium vulnerability (XSS)",8,{"reason":175,"points":14},"0 Nonce checks",{"reason":177,"points":14},"0 Capability checks","2026-03-16T19:23:08.255Z",{"wat":180,"direct":189},{"assetPaths":181,"generatorPatterns":184,"scriptPaths":185,"versionParams":186},[182,183],"\u002Fwp-content\u002Fplugins\u002Fvalidated\u002Fcss\u002Fvalidated.css","\u002Fwp-content\u002Fplugins\u002Fvalidated\u002Fjs\u002Fvalidated.js",[],[183],[187,188],"validated\u002Fcss\u002Fvalidated.css?ver=","validated\u002Fjs\u002Fvalidated.js?ver=",{"cssClasses":190,"htmlComments":192,"htmlAttributes":193,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":196},[191],"validated-form",[],[],[],[],[]]