[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4jwYpSHfY79qHS43XkzbPy5FXYXsKalVRSixxdM7Di0":3,"$fOkSwhG0St2cxXQXs3EqtfUxJo5ctQyAA8Zc2qfDx15I":338,"$fijg88HSmBBx4hgtJbKJQ_z137d76eN6qZ79Jyj4stNM":342},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":40,"analysis":136,"fingerprints":301},"velocity","Velocity – Video Lazy Loading for YouTube, Twitch and Vimeo","1.2.1","connekthq","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnekthq\u002F","\u003Cp>Velocity is an alternative loading method to the standard to YouTube, Vimeo, Twitch and Soundcloud iframe embeds.\u003C\u002Fp>\n\u003Cp>With Velocity you will decrease the loading time and increase overall performance of your website by lazy loading media on-demand instead of on initial page load.\u003C\u002Fp>\n\u003Cp>To add Velocity to your site, simply create a Velocity shortcode by selecting a preview image and media type using the intuitive shortcode builder then add the generated snippet to your page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Fvelocity\u002F\" rel=\"nofollow ugc\">Get More Information\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>type\u003C\u002Fstrong> – Choose a media type [youtube, vimeo, twitch, soundcloud].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>id\u003C\u002Fstrong> – The ID of the media item.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>options\u003C\u002Fstrong> – Add optional styling and display parameters for the embedded media – e.g. rel=0&controls=0&showinfo=0.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>playlist\u003C\u002Fstrong> – Is this a Soundcloud playlist [true\u002Ffalse].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>img\u003C\u002Fstrong> – The path to the preview image.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>alt\u003C\u002Fstrong> – The alternative text to be attached to the preview image.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>color\u003C\u002Fstrong> – Play button arrow color.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bkg_color\u003C\u002Fstrong> – Play button background color.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Example Shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[velocity type=\"youtube\" id=\"239793212\" img=\"http:\u002F\u002Fyourwebsite.com\u002Fwp-content\u002Fuploads\u002F2016\u002F01\u002Fimage-1263626715.jpg\" alt=\"Play Video\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Tested Browsers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Firefox (Mac, PC)\u003C\u002Fli>\n\u003Cli>Chrome (Mac, PC, iOS, Android)\u003C\u002Fli>\n\u003Cli>Safari (Mac, iOS)\u003C\u002Fli>\n\u003Cli>IE10+\u003C\u002Fli>\n\u003Cli>Android (Native)\u003C\u002Fli>\n\u003Cli>BB10 (Native)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Website\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Fvelocity\u002F\u003C\u002Fp>\n","Improve website performance by lazy loading and customizing your YouTube, Vimeo, Twitch and SoundCloud media embeds.",300,8783,96,6,"2020-01-04T16:19:00.000Z","5.3.21","4.0","",[20,21,22,23,24],"performance","soundcloud","twitch","vimeo","youtube","https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Fvelocity\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvelocity.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},3,200310,89,467,71,"2026-05-19T22:12:16.859Z",[41,65,83,100,118],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":56,"tags":57,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":28,"last_vuln_date":64,"fetched_at":30},"lazy-load-for-videos","Lazy Load for Videos","2.18.9","kevinweber","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinweber\u002F","\u003Cp>This plugin improves page load time and increases your Google PageSpeed Score. It works with oEmbed and replaces embedded Youtube and Vimeo videos with a clickable preview image.\u003Cbr \u002F>\nBy loading videos only when the user clicks on the preview image, no unnecessary JavaScript is loaded. Especially on sites with many embedded videos this will make your visitors happy. Additionally, all Youtube videos are loaded in a privacy-enhanced mode using the “https:\u002F\u002Fwww.youtube-nocookie.com” embed URL.\u003C\u002Fp>\n\u003Cp>This plugin works for your existing YouTube and Vimeo blocks. No vendor lock-in and no custom shortcodes: Easily turn the plugin on and off anytime.\u003C\u002Fp>\n\u003Cp>Plugin review with speed test results \u003Ca href=\"https:\u002F\u002Fwptavern.com\u002Fspeed-up-wordpress-with-lazy-load-for-videos\" rel=\"nofollow ugc\">on WP Tavern\u003C\u002Fa>.\u003Cbr \u002F>\nDevelopers can contribute \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkevinweber\u002Flazy-load-for-videos\" rel=\"nofollow ugc\">on Github\u003C\u002Fa>.\u003Cbr \u002F>\nMore about the author: \u003Ca href=\"https:\u002F\u002Fwww.kweber.com\" rel=\"nofollow ugc\">on kweber.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Some additional features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display video titles on preview images\u003C\u002Fli>\n\u003Cli>Display privacy disclaimer on top of preview images (e.g. for GDPR compliance)\u003C\u002Fli>\n\u003Cli>Pre-roll and post-roll advertisements: Convert all videos into a playlist and automatically add your corporate video, product teaser or another video advertisement to every video. (Great for branding and video ads!)\u003C\u002Fli>\n\u003Cli>Hide annotations such as “subscribe to channel” to avoid distractions\u003C\u002Fli>\n\u003Cli>Add custom CSS via the plugin’s admin panel\u003C\u002Fli>\n\u003Cli>Choose custom colour for your Vimeo player\u003C\u002Fli>\n\u003Cli>Hide controls from Youtube player\u003C\u002Fli>\n\u003Cli>Hide information like the video title and uploader when the video starts playing\u003C\u002Fli>\n\u003Cli>Even lazy load videos in text widgets (Youtube only)\u003C\u002Fli>\n\u003Cli>Choose between thumbnail sizes (standard or cover)\u003C\u002Fli>\n\u003Cli>Choose from several play button styles\u003C\u002Fli>\n\u003Cli>Choose the traditional red or the alternative white progress bar for the Youtube video player\u003C\u002Fli>\n\u003Cli>Don’t show related videos at the end of your videos\u003C\u002Fli>\n\u003Cli>Works with WordPress Multisite and many plugins such as TablePress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Future features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set a custom preview image per video\u003C\u002Fli>\n\u003Cli>Track how often the videos have been loaded with Google Analytics\u003C\u002Fli>\n\u003Cli>… YOU want a new feature RIGHT NOW? Please implement it yourself and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkevinweber\u002Flazy-load-for-videos\" rel=\"nofollow ugc\">contribute on Github\u003C\u002Fa>, and I’ll publish your enhancements to the official WordPress directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Serbian (sr_RS) – \u003Ca href=\"\u002F\u002Ffirstsiteguide.com\u002F\" rel=\"nofollow ugc\">Ogi Djuraskovic\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) – \u003Ca href=\"http:\u002F\u002Fpo5i.github.io\u002F\" rel=\"nofollow ugc\">Carlos Villavicencio\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can \u003Ca href=\"https:\u002F\u002Fwww.kweber.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">send me\u003C\u002Fa> your gettext PO and MO so that I can bundle it into my plugin. You can download the latest POT file \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-load-for-videos\u002Ftrunk\u002Flanguages\u002Flazy-load-for-videos.pot\" rel=\"nofollow ugc\">from here\u003C\u002Fa>.\u003C\u002Fp>\n","Boost page speed by replacing embedded YouTube and Vimeo videos with a clickable preview image. Video scripts only load on click.",10000,448363,88,105,"2025-08-23T09:05:00.000Z","6.8.5","5.6","7.2",[58,20,59,23,24],"lazy-load","privacy","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flazy-load-for-videos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-load-for-videos.2.18.9.zip",98,2,"2025-08-26 12:22:01",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":11,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":54,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":18,"download_link":82,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"better-core-video-embeds","Better Core Video Embeds","1.3.8","Highrise Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Fhighrisedigital\u002F","\u003Cp>This plugin provides page optimisations for pages and posts which have embedded Youtube, Vimeo or Daily Motion videos which have been added using the core embed block.\u003C\u002Fp>\n\u003Cp>Without this plugin, when using the core embed block, when your page loads, lots of external scripts and styles are loaded from the embed service, regardless of whether a visitor actually interacts with the embedded video.\u003C\u002Fp>\n\u003Cp>This plugin prevents these scripts and styles from loading until the user actually interacts with the video. It does this by replacing the video embed, on page load with the video thumbnail image (added on Youtube, Vimeo or Daily Motion). When a user clicks the thumbnail the embedded video, along with associated scripts and styles are loaded.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fk7A2kZWUb9Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","A plugin which enhances the core embed block for Youtube, Daily Motion and Vimeo videos by not loading unnecessary scripts until they are needed.",15894,100,11,"2025-06-02T10:52:00.000Z","6.0","7.0",[80,81,20,23,24],"embed","oembed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-core-video-embeds.1.3.8.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":74,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":55,"tags":96,"homepage":98,"download_link":99,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-lazy-load-videos","Simple Lazy Load Videos","1.7.2","Valerii Bohdanov","https:\u002F\u002Fprofiles.wordpress.org\u002Frad_\u002F","\u003Cp>The plugin reduces page load time and increases your Google PageSpeed score.\u003C\u002Fp>\n\u003Cp>It replaces the embedded YouTube and Vimeo videos with a video preview image, third-party CSS & JS are downloaded only after a click.\u003C\u002Fp>\n","Simple Lazy Load for embedded video from YouTube and Vimeo",14359,5,"2026-01-04T19:34:00.000Z","6.9.4","4.9",[20,97,23,24],"video","https:\u002F\u002Fgithub.com\u002Fradkill\u002Fsimple-lazy-load-videos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-lazy-load-videos.1.7.2.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":74,"downloaded":108,"rating":74,"num_ratings":63,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":115,"download_link":116,"security_score":117,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lazy-embed","Lazy Embed","1.6.3","beleaf","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeleaf\u002F","\u003Cp>Videos are one of the largest assets that can be loaded on a webpage, and as such are one of the largest contributors to slow performance and high carbon emissions.\u003C\u002Fp>\n\u003Cp>In fact, adding a Youtube embed to a page using the latest default WordPress theme, increased the page transfer size from 21 kb to 973 kb, and loaded an additional 27 resources. That’s an increase in transfer size of 4533%. Adding a Vimeo video increased the transfer from 21 kb to 276 kb, an increase in transfer size of 1214%, and loaded an additional 7 resources.\u003C\u002Fp>\n\u003Cp>The Lazy Embed plugin defers the loading of any resource required for playing the video until the video is requested to be played. It does this by adding a srcdoc attribute to the iframe which shows in place of the normal iframe content.\u003C\u002Fp>\n\u003Cp>Currently the following third parties are supported\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Youtube\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>Dailymotion\u003C\u002Fli>\n\u003C\u002Ful>\n","Improves the performance and reduces the emissions of your website by only loading embeds (youtube, vimeo, etc) when they are clicked.",3020,"2024-05-22T00:13:00.000Z","6.5.8","6.2.0","7.1",[80,20,114,23,24],"sustainability","https:\u002F\u002Fbitbucket.org\u002Fbeleaf-au\u002Flazy-embed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-embed.1.6.3.zip",92,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":74,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":134,"download_link":135,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ninja-embed-plugin","Ninja Embed Plugin","2.2","gerhard","https:\u002F\u002Fprofiles.wordpress.org\u002Fgerhard\u002F","\u003Cp>a WordPress plugin that would not only allow the user to easily embed media from YouTube, Vimeo, Yahoo Video and Soundcloud into their posts, but also allow us as developers to use it as a function in the our WordPress template files to embed videos in custom content types and other filters. The plugin also comes with a widget to allow you to easily embed media in your sidebar.\u003C\u002Fp>\n\u003Cp>The plugin currently supports YouTube, Vimeo, Yahoo Video and Soundcloud. We hope to be able to add more online media services soon.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>How do users use it?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To embed a piece of media in a post or page you simply need to add the following shortcode to you post or page content:\u003C\u002Fp>\n\u003Cp>\u003Cem>[media link=”http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4″]\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>You can also set a custom width and height to your media by adding the width and height parameters to the shortcode:\u003C\u002Fp>\n\u003Cp>\u003Cem>[media width=”800″ height=”600″ link=”http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4″]\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>As of version 1.3 you can now remove the container around the embed code by setting the container to false(default is true):\u003C\u002Fp>\n\u003Cp>\u003Cem>[media container=”false” link=”http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4″]\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How do developers use it?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Don’t worry, we did not forget about the developers.\u003C\u002Fp>\n\u003Cp>To embed a piece of media somewhere in the code you simply need to add the following function to the template:\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ccode>\u003C?php media_embed('http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4'); ?>\u003C\u002Fcode>\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>You can also set a custom width and height to the media by adding arguments for width and height respectively:\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ccode>\u003C?php media_embed('http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4', 800, 600); ?>\u003C\u002Fcode>\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>As of version 1.3 it is now possible to remove the container around the embed code you can set the container to false(default is true):\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ccode>\u003C?php media_embed('http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4', 800, 600, false); ?>\u003C\u002Fcode>\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR if you don’t want to set the width and height and just remove the container:\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ccode>\u003C?php media_embed('http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=EojN6r2VSR4', '', '', false); ?>\u003C\u002Fcode>\u003C\u002Fem>\u003C\u002Fp>\n","Easily embed media from YouTube, Vimeo, Yahoo Video and Soundcloud into your posts, pages and templates.",60,9321,1,"2012-12-12T13:30:00.000Z","3.5.2","3.2.1",[80,133,21,23,24],"media","http:\u002F\u002Fblog.ninjasforhire.co.za\u002F65\u002Fninja-embed-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninja-embed-plugin.zip",{"attackSurface":137,"codeSignals":197,"taintFlows":241,"riskAssessment":295,"analyzedAt":300},{"hooks":138,"ajaxHandlers":176,"restRoutes":191,"shortcodes":192,"cronEvents":196,"entryPointCount":92,"unprotectedCount":28},[139,144,148,153,157,162,165,169,172],{"type":140,"name":141,"callback":142,"file":143,"line":63},"action","admin_head","velocity_admin_editor_head","admin\\builder\\builder.php",{"type":140,"name":145,"callback":146,"file":143,"line":147},"after_setup_theme","velocity_add_editor_style",4,{"type":149,"name":150,"callback":151,"file":143,"line":152},"filter","mce_external_plugins","velocity_mce_external_plugins",50,{"type":149,"name":154,"callback":155,"file":143,"line":156},"mce_buttons","velocity_mce_buttons",51,{"type":140,"name":158,"callback":159,"file":160,"line":161},"admin_menu","velocity_admin_menu","velocity.php",49,{"type":140,"name":163,"callback":164,"file":160,"line":156},"wp_enqueue_scripts","velocity_enqueue_scripts",{"type":140,"name":166,"callback":167,"file":160,"line":168},"admin_enqueue_scripts","velocity_enqueue_admin_scripts",52,{"type":140,"name":141,"callback":170,"file":160,"line":171},"velocity_admin_vars",53,{"type":149,"name":173,"callback":174,"file":160,"line":175},"admin_footer_text","velocity_filter_admin_footer_text",56,[177,182,185,188],{"action":178,"nopriv":179,"callback":180,"hasNonce":179,"hasCapCheck":181,"file":143,"line":34},"velocity_lightbox",false,"velocity_ajax_tinymce",true,{"action":183,"nopriv":179,"callback":183,"hasNonce":181,"hasCapCheck":181,"file":160,"line":184},"velocity_get_image",54,{"action":186,"nopriv":179,"callback":186,"hasNonce":181,"hasCapCheck":181,"file":160,"line":187},"velocity_get_service_image",55,{"action":189,"nopriv":179,"callback":189,"hasNonce":181,"hasCapCheck":181,"file":160,"line":190},"velocity_save_options",57,[],[193],{"tag":4,"callback":194,"file":160,"line":195},"velocity_shortcode",58,[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":63,"externalRequests":128,"nonceChecks":34,"capabilityChecks":216,"bundledLibraries":240},[],{"prepared":28,"raw":28,"locations":200},[],{"escaped":202,"rawEcho":203,"locations":204},30,16,[205,209,211,213,215,217,220,222,224,226,228,230,232,234,236,238],{"file":206,"line":207,"context":208},"admin\\builder\\elements.php",115,"raw output",{"file":206,"line":210,"context":208},117,{"file":206,"line":212,"context":208},119,{"file":214,"line":92,"context":208},"admin\\builder\\popup.php",{"file":214,"line":216,"context":208},9,{"file":218,"line":219,"context":208},"admin\\views\\settings.php",25,{"file":218,"line":221,"context":208},26,{"file":218,"line":223,"context":208},45,{"file":218,"line":225,"context":208},114,{"file":218,"line":227,"context":208},121,{"file":218,"line":229,"context":208},128,{"file":218,"line":231,"context":208},138,{"file":160,"line":233,"context":208},203,{"file":160,"line":235,"context":208},244,{"file":160,"line":237,"context":208},310,{"file":160,"line":239,"context":208},374,[],[242,259,268,281],{"entryPoint":243,"graph":244,"unsanitizedCount":28,"severity":258},"velocity_get_image (velocity.php:189)",{"nodes":245,"edges":256},[246,251],{"id":247,"type":248,"label":249,"file":160,"line":250},"n0","source","$_GET",193,{"id":252,"type":253,"label":254,"file":160,"line":233,"wp_function":255},"n1","sink","echo() [XSS]","echo",[257],{"from":247,"to":252,"sanitized":181},"low",{"entryPoint":260,"graph":261,"unsanitizedCount":28,"severity":258},"velocity_get_service_image (velocity.php:216)",{"nodes":262,"edges":266},[263,265],{"id":247,"type":248,"label":249,"file":160,"line":264},220,{"id":252,"type":253,"label":254,"file":160,"line":235,"wp_function":255},[267],{"from":247,"to":252,"sanitized":181},{"entryPoint":269,"graph":270,"unsanitizedCount":28,"severity":258},"velocity_save_options (velocity.php:362)",{"nodes":271,"edges":279},[272,275],{"id":247,"type":248,"label":273,"file":160,"line":274},"$_POST",366,{"id":252,"type":253,"label":276,"file":160,"line":277,"wp_function":278},"update_option() [Settings Manipulation]",372,"update_option",[280],{"from":247,"to":252,"sanitized":181},{"entryPoint":282,"graph":283,"unsanitizedCount":28,"severity":258},"\u003Cvelocity> (velocity.php:0)",{"nodes":284,"edges":292},[285,287,288,290],{"id":247,"type":248,"label":286,"file":160,"line":250},"$_GET (x2)",{"id":252,"type":253,"label":254,"file":160,"line":233,"wp_function":255},{"id":289,"type":248,"label":273,"file":160,"line":274},"n2",{"id":291,"type":253,"label":276,"file":160,"line":277,"wp_function":278},"n3",[293,294],{"from":247,"to":252,"sanitized":181},{"from":289,"to":291,"sanitized":181},{"summary":296,"deductions":297},"The Velocity plugin v1.2.1 exhibits a generally good security posture based on the static analysis. All identified entry points (AJAX handlers and shortcodes) are protected by authentication checks. The plugin also demonstrates strong practices by exclusively using prepared statements for its SQL queries and including a reasonable number of nonce and capability checks.  There are no recorded vulnerabilities in its history, suggesting a history of secure development. \n\nHowever, there are a few areas that could be improved. A notable concern is the output escaping, where 65% of outputs are properly escaped, leaving 35% potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is directly reflected in the output. The presence of file operations and an external HTTP request, while not explicitly flagged as dangerous, warrants careful review to ensure these functions do not introduce unforeseen risks. \n\nOverall, Velocity v1.2.1 appears to be a relatively secure plugin, with its main weakness being the incomplete output escaping. The lack of known vulnerabilities and the use of secure coding practices for critical areas like SQL are significant strengths. Addressing the output escaping would further bolster its security.",[298],{"reason":299,"points":92},"Insufficient output escaping","2026-03-16T20:01:08.853Z",{"wat":302,"direct":312},{"assetPaths":303,"generatorPatterns":307,"scriptPaths":308,"versionParams":309},[304,305,306],"\u002Fwp-content\u002Fplugins\u002Fvelocity\u002Fcore\u002Fcss\u002Fvelocity.css","\u002Fwp-content\u002Fplugins\u002Fvelocity\u002Fcore\u002Fjs\u002Fvelocity.js","\u002Fwp-content\u002Fplugins\u002Fvelocity\u002Fcore\u002Fimg\u002Fplaceholder.gif",[],[305],[310,311],"velocity\u002Fstyle.css?ver=","velocity.js?ver=",{"cssClasses":313,"htmlComments":319,"htmlAttributes":320,"restEndpoints":326,"jsGlobals":328,"shortcodeOutput":331},[314,315,316,317,318],"velocity-embed","velocity-img","velocity-play-btn","velocity-arrow","velocity-target",[],[321,322,323,324,325],"data-video-type","data-video-id","data-video-options","data-soundcloud-type","data-event",[327],"\u002Fwp-json\u002Fvelocity\u002Fv1\u002Fsettings",[329,330],"velocity_ajax_object","velocity_frontend_params",[332,333,334,335,336,337],"\u003Cdiv class=\"velocity-embed\">","\u003Ca href=\"#\" data-video-type=","\u003Cimg class=\"velocity-img","\u003Cspan class=\"velocity-play-btn\"","\u003Cspan class=\"velocity-arrow\"","\u003Cspan class=\"velocity-target\">",{"error":181,"url":339,"statusCode":340,"statusMessage":341,"message":341},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fvelocity\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":63,"versions":343},[344,351],{"version":345,"download_url":346,"svn_tag_url":347,"released_at":29,"has_diff":179,"diff_files_changed":348,"diff_lines":29,"trac_diff_url":349,"vulnerabilities":350,"is_current":179},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvelocity.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvelocity\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvelocity%2Ftags%2F1.0.1&new_path=%2Fvelocity%2Ftags%2F1.1.1",[],{"version":352,"download_url":353,"svn_tag_url":354,"released_at":29,"has_diff":179,"diff_files_changed":355,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":356,"is_current":179},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvelocity.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvelocity\u002Ftags\u002F1.0.1\u002F",[],[]]