[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnK-o8avfFFy5T73EyLRPF2CKv_Imno2aVRBnG2en63I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":144,"fingerprints":546},"vernissaria-qr","Vernissaria QR","1.3.6","Paul Wasicsek","https:\u002F\u002Fprofiles.wordpress.org\u002Fvernissaria\u002F","\u003Cp>Vernissaria QR is a powerful WordPress plugin designed for artisans, art galleries, museums, and exhibitions. It automatically generates QR codes for your in WordPress documented artworks and provides visitor analytics to track engagement.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic QR Code Generation\u003C\u002Fstrong>: Automatically creates QR codes when posts\u002Fpages are published\u003C\u002Fli>\n\u003Cli>\u003Cstrong>QR Code Printing\u003C\u002Fstrong>: Generate printable PDFs containing all QR codes for your domain\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Record Artwork Details\u003C\u002Fstrong>: Document Dimensions and Year\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visitor Analytics\u003C\u002Fstrong>: Track scans, unique visitors, devices and browsers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Type Support\u003C\u002Fstrong>: Enable QR codes for any post type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard Widgets\u003C\u002Fstrong>: View QR code statistics directly in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong>: Display detailed analytics on any page using shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dark Mode\u003C\u002Fstrong>: Beautiful dark mode for statistics display\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: Works perfectly on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Focused\u003C\u002Fstrong>: No personal visitor data is collected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Artists monitoring interest in their work\u003C\u002Fli>\n\u003Cli>Art galleries tracking visitor engagement with artworks\u003C\u002Fli>\n\u003Cli>Museums providing additional information via QR codes\u003C\u002Fli>\n\u003Cli>Exhibitions analyzing visitor patterns\u003C\u002Fli>\n\u003Cli>Digital catalogs with scan analytics\u003C\u002Fli>\n\u003Cli>Printing QR codes for physical artwork labels\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode Usage\u003C\u002Fh4>\n\u003Cp>Display QR code statistics on any page:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[vernissaria_qr_stats redirect_key=\"YOUR_KEY\" show_chart=\"yes\" show_recent=\"yes\" style=\"default\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>Vernissaria QR API access\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cp>For more information about Vernissaria QR, please visit \u003Ca href=\"https:\u002F\u002Fvernissaria.de\" rel=\"nofollow ugc\">vernissaria.de\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support questions, please contact support@vernissaria.de\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developed by Vernissaria\u003C\u002Fli>\n\u003Cli>Uses Chart.js for data visualization\u003C\u002Fli>\n\u003Cli>QR code generation powered by Vernissaria API\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate QR codes for artworks and track visitor engagement with detailed analytics.",0,339,"2025-11-30T22:00:00.000Z","6.9.4","5.0","7.2",[18,19,20,21,22],"analytics","art","exhibition","gallery","qr-code","https:\u002F\u002Fgithub.com\u002FClustmart\u002Fvernissaria-qr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvernissaria-qr.1.3.6.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"vernissaria",2,30,94,"2026-04-04T14:20:21.013Z",[36,58,80,100,125],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":56,"download_link":57,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"web-worker-offloading","Web Worker Offloading","0.2.1","WordPress Performance Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fperformanceteam\u002F","\u003Cp>This plugin offloads JavaScript execution to a Web Worker, improving performance by freeing up the main thread. This should translate into improved \u003Ca href=\"https:\u002F\u002Fweb.dev\u002Farticles\u002Finp\" rel=\"nofollow ugc\">Interaction to Next Paint\u003C\u002Fa> (INP) scores.\u003C\u002Fp>\n\u003Cp>⚠ \u003Cem>This functionality is experimental, and \u003Cstrong>it is now \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Fissues\u002F2284\" rel=\"nofollow ugc\">intended to be sunset\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fem> ⚠\u003C\u002Fp>\n\u003Cp>In order to opt in a script to be loaded in a worker, simply add \u003Ccode>worker\u003C\u002Fcode> script data to a registered script. For example,\u003Cbr \u002F>\nif you have a script registered with the handle of \u003Ccode>foo\u003C\u002Fcode>, opt-in to offload it to a web worker by doing:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>wp_script_add_data( 'foo', 'worker', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Unlike with the script loading strategies (async\u002Fdefer), any inline before\u002Fafter scripts associated with the worker-offloaded registered script will also be offloaded to the worker, whereas with the script strategies an inline after script would block the script from being delayed.\u003C\u002Fp>\n\u003Cp>Otherwise, the plugin currently ships with built-in integrations to offload Google Analytics to a web worker for the following plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fseo-by-rank-math\u002F\" rel=\"ugc\">Rank Math SEO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-site-kit\u002F\" rel=\"ugc\">Site Kit by Google\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please monitor your analytics once activating to ensure all the expected events are being logged. At the same time, monitor your INP scores to check for improvement.\u003C\u002Fp>\n\u003Cp>This plugin relies on the \u003Ca href=\"https:\u002F\u002Fpartytown.builder.io\u002F\" rel=\"nofollow ugc\">Partytown 🎉\u003C\u002Fa> library by Builder.io, released under the MIT license. This library is in beta and there are quite a few \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FBuilderIO\u002Fpartytown\u002Fissues?q=is%3Aopen+is%3Aissue+label%3Abug\" rel=\"nofollow ugc\">open bugs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fpartytown.builder.io\u002Fconfiguration\" rel=\"nofollow ugc\">Partytown configuration\u003C\u002Fa> can be modified via the \u003Ccode>plwwo_configuration\u003C\u002Fcode> filter. For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nadd_filter( 'plwwo_configuration', function ( $config ) {\n    $config['mainWindowAccessors'][] = 'wp'; \u002F\u002F Make the wp global available in the worker (e.g. wp.i18n and wp.hooks).\n    return $config;\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>However, not all of the configuration options can be serialized to JSON in this way, for example the \u003Ccode>resolveUrl\u003C\u002Fcode> configuration is a function. To specify this, you can add an inline script as follows.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nadd_action(\n    'wp_enqueue_scripts',\n    function () {\n        wp_add_inline_script(\n            'web-worker-offloading',\n            \u003C\u003C\u003CJS\n            window.partytown = {\n                ...(window.partytown || {}),\n                resolveUrl: (url, location, type) => {\n                    if (type === 'script') {\n                        const proxyUrl = new URL('https:\u002F\u002Fmy-reverse-proxy.example.com\u002F');\n                        proxyUrl.searchParams.append('url', url.href);\n                        return proxyUrl;\n                    }\n                    return url;\n                },\n            };\n            JS,\n            'before'\n        );\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>There are also many configuration options which are not documented, so refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FBuilderIO\u002Fpartytown\u002Fblob\u002Fb292a14047a0c12ca05ba97df1833935d42fdb66\u002Fsrc\u002Flib\u002Ftypes.ts#L393-L548\" rel=\"nofollow ugc\">TypeScript definitions\u003C\u002Fa>.\u003C\u002Fp>\n","Offloads select JavaScript execution to a Web Worker to reduce work on the main thread and improve the Interaction to Next Paint (INP) metric.",20000,75473,60,3,"2026-02-27T20:19:00.000Z","7.0","6.6",[18,52,53,54,55],"javascript","partytown","performance","web-worker","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Fissues\u002F176","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-worker-offloading.0.2.1.zip",{"slug":59,"name":60,"version":61,"author":60,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":31,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":78,"last_vuln_date":79,"fetched_at":27},"chartbeat","Chartbeat","2.0.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fchartbeat\u002F","\u003Cp>Chartbeat for Publishing shows you live audience and traffic data for your websites and apps, and helps you track important trends over time. If you have a Chartbeat subscription, you can use this plugin to automatically add Chartbeat’s JavaScript to your WordPress site. After installing, you’ll see your site’s traffic and audience data visualized in real time, all within WordPress.\u003C\u002Fp>\n\u003Cp>Questions? Problems? Need more info? Email us at \u003Ca href=\"support@chartbeat.com\" rel=\"nofollow ugc\">support@chartbeat.com\u003C\u002Fa>.\u003C\u002Fp>\n","The Chartbeat plugin automatically adds real-time data and a top pages widget to your blog. See who’s on your site, what they’re doing - right now",1000,584418,50,"2020-07-01T21:11:00.000Z","4.7.32","2.8","",[73,18,59,74],"amp","instant-articles","http:\u002F\u002Fchartbeat.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchartbeat.2.0.7.zip",63,1,"2025-08-26 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":11,"num_ratings":11,"last_updated":90,"tested_up_to":91,"requires_at_least":50,"requires_php":92,"tags":93,"homepage":71,"download_link":98,"security_score":25,"vuln_count":78,"unpatched_count":11,"last_vuln_date":99,"fetched_at":27},"kitestudio-core","core plugin for kitestudio themes","2.9.3","kitestudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkitestudio\u002F","\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cp>Useful plugin that extends functionality of Kitestudio Themes by adding woocommerce shortcodes and widgets\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Woocommerce Ajax\u003C\u002Fli>\n\u003Cli>Elementor Page builder support\u003C\u002Fli>\n\u003Cli>Modern Bannner\u003C\u002Fli>\n\u003Cli>Page builder Elements\u003C\u002Fli>\n\u003Cli>Exclusive Shortcodes\u003C\u002Fli>\n\u003Cli>Kitestudio Exclusive Wocommerce Widgets\u003C\u002Fli>\n\u003Cli>Free Shipping Threshold Notice\u003C\u002Fli>\n\u003Cli>Custom CSS and Javascript fields\u003C\u002Fli>\n\u003Cli>Multiple Header layout\u003C\u002Fli>\n\u003Cli>Mega Menu\u003C\u002Fli>\n\u003Cli>Various Blog Page templates\u003C\u002Fli>\n\u003Cli>Sticky Header\u003C\u002Fli>\n\u003Cli>Promo Header\u003C\u002Fli>\n\u003Cli>Fully Responsive\u003C\u002Fli>\n\u003Cli>Cross Browser\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatible Browsers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Firefox\u003C\u002Fli>\n\u003Cli>Safari\u003C\u002Fli>\n\u003Cli>Opera\u003C\u002Fli>\n\u003Cli>Chrome\u003C\u002Fli>\n\u003Cli>iOS browser\u003C\u002Fli>\n\u003Cli>Android browser\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentations\u003C\u002Fh4>\n\u003Cp>If you have any question about working with Kitestudio Themes you can take a look at \u003Ca href=\"https:\u002F\u002Fkitestudio.help\u002Fknowledge-base\u002F\" rel=\"nofollow ugc\">online documentations\u003C\u002Fa>\u003C\u002Fp>\n","Useful plugin that extends functionality of Kitestudio Themes by adding woocommerce shortcodes and widgets",600,56456,"2025-09-02T06:01:00.000Z","6.8.5","7.4",[94,95,21,96,97],"ajax-woocommerce","elementor","pinkmart","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkitestudio-core.2.9.3.zip","2022-06-02 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":91,"requires_at_least":113,"requires_php":49,"tags":114,"homepage":120,"download_link":121,"security_score":122,"vuln_count":123,"unpatched_count":78,"last_vuln_date":124,"fetched_at":27},"ngg-smart-image-search","NGG Smart Image Search","3.4.3","wpo-HR","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpo-hr\u002F","\u003Cp>NGG Smart Image Search will provide a highly customizable search and display functionality for images in NextGEN Galleries. Search results can be displayed in various layouts including all original NextGEN galleries.\u003C\u002Fp>\n\u003Cp>You find more infos and examples on the \u003Ca href=\"https:\u002F\u002Fr-fotos.de\u002Fwordpress-plugins\u002Fnextgen-galleries-smart-image-search\u002F\" rel=\"nofollow ugc\">plugin website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>An image search will be carried out across title, description, filename and tags (as configured per widget or shortcode) of all images in arbitary selectable NextGEN search galleries. There are two search modes available. The basic search mode will look for images which satisfy at least one of the search terms (logical or). The extended search mode will look for images which satisfy all search terms (logical and).\u003C\u002Fp>\n\u003Cp>The search result list can be displayed in various ways.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>you can use any of the native NextGEN Galleries to display the search result list. \u003C\u002Fli>\n\u003Cli>you can also use any of the NextGEN Pro \u002F Plus Galleries with all their features including ecommerce.\u003C\u002Fli>\n\u003Cli>you can use any available NextGEN Gallery settings.\u003C\u002Fli>\n\u003Cli>you can use single image lists and linked image lists providing additional image meta data.\u003C\u002Fli>\n\u003Cli>you can use an advanced thumbnail list which is independant of NextGEN Gallery code.\u003C\u002Fli>\n\u003Cli>you can use fancybox v5 for image display and show exifdata and\u002For use NextGEN backup files\u003C\u002Fli>\n\u003Cli>you can sort the search result list in various ways.\u003C\u002Fli>\n\u003Cli>you can use paging for long search result lists.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can enter search strings via widgets or shortcodes. You can use complex predefined searches to display an almost arbitrary collection of NextGEN Gallery images. You can dynamically switch the search mode or the display mode between searches. Searches can be configured differently for public users or for logged in (private) users.\u003C\u002Fp>\n\u003Cp>For an extended documentation see \u003Ca href=\"https:\u002F\u002Fr-fotos.de\u002Fwordpress-plugins\u002Fnextgen-galleries-smart-image-search\u002Fqualified-search-examples\u002F\" rel=\"nofollow ugc\">qualified search examples\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fr-fotos.de\u002Fwordpress-plugins\u002Fnextgen-galleries-smart-image-search\u002Fdisplay-search-result-list\u002F\" rel=\"nofollow ugc\">display search result list\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The new \u003Ca href=\"https:\u002F\u002Fr-fotos.de\u002Fwordpress-plugins\u002Fnextgen-galleries-smart-image-search\u002Fnew-functionalities\u002F\" rel=\"nofollow ugc\">version 3\u003C\u002Fa> of this plugin is a major update of version 2 with many new functionalities and some optimization and error corrections.\u003C\u002Fp>\n","NGG Smart Image Search provides a smart search and display functionality for images in selectable arbitary collections of NextGEN galleries.",400,11413,98,13,"2025-06-18T01:44:00.000Z","5.5.4",[115,116,117,118,119],"frontend-search","gallery-displays","image-search","nextgen-gallery","smart-search","https:\u002F\u002Fr-fotos.de\u002Fwordpress-plugins\u002Fngg-smart-image-search","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fngg-smart-image-search.3.4.3.zip",71,4,"2025-09-22 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":47,"last_updated":136,"tested_up_to":91,"requires_at_least":137,"requires_php":71,"tags":138,"homepage":141,"download_link":142,"security_score":110,"vuln_count":31,"unpatched_count":11,"last_vuln_date":143,"fetched_at":27},"cart-tracking-for-woocommerce","Cart tracking for WooCommerce","1.0.19","wpdever","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdever\u002F","\u003Cp>This plugin gives you a better insight into what people are adding or removing to\u002Ffrom their cart.\u003Cbr \u002F>\nYou can see all recorded carts in a table, as well as which products were added or removed most often.\u003Cbr \u002F>\nComparing cart data with your sales data can be helpful in \u003Cstrong>understanding what your customers want\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Seeing actively removed products can also help you increase your sales by giving you the possibility to offer discounts for these products as an example.\u003Cbr \u002F>\nKnowing what’s happening on the customers side can be valuable in making data-informed decisions to boost your sales.\u003C\u002Fp>\n\u003Cp>This plugin records customers carts as long as it’s activated.\u003C\u002Fp>\n\u003Ch4>Pro Features Available\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Most added and removed products lists twice longer\u003C\u002Fli>\n\u003Cli>User cart detailed history, with every event recorded\u003C\u002Fli>\n\u003Cli>User cart and order data (most added\u002Fpurchased product, total carts, total orders, total orders completed, on hold, cancelled….)\u003C\u002Fli>\n\u003C\u002Ful>\n","Keep track of what people are adding or removing from their cart. See most added\u002Fremoved products lists.",200,4006,74,"2025-08-12T19:42:00.000Z","4.0",[139,18,140,97],"abandoned-carts","reports","https:\u002F\u002Fwpsimpleplugins.wordpress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcart-tracking-for-woocommerce.zip","2025-05-07 00:00:00",{"attackSurface":145,"codeSignals":252,"taintFlows":449,"riskAssessment":535,"analyzedAt":545},{"hooks":146,"ajaxHandlers":235,"restRoutes":245,"shortcodes":246,"cronEvents":251,"entryPointCount":47,"unprotectedCount":11},[147,154,158,162,166,170,173,178,181,185,188,192,195,199,202,205,208,212,216,220,223,228,233],{"type":148,"name":149,"callback":150,"priority":151,"file":152,"line":153},"action","transition_post_status","vernissaria_generate_qr_on_status_change",10,"includes\\qr-generator.php",88,{"type":148,"name":155,"callback":156,"priority":32,"file":152,"line":157},"save_post","vernissaria_update_on_save",188,{"type":148,"name":155,"callback":159,"priority":160,"file":152,"line":161},"vernissaria_attach_redirect_key",20,216,{"type":148,"name":163,"callback":164,"file":152,"line":165},"admin_init","vernissaria_register_qr_columns",290,{"type":148,"name":167,"callback":168,"file":152,"line":169},"pre_get_posts","vernissaria_columns_orderby",330,{"type":148,"name":163,"callback":171,"file":152,"line":172},"vernissaria_register_sortable_columns",332,{"type":148,"name":174,"callback":175,"file":176,"line":177},"admin_enqueue_scripts","vernissaria_register_metabox_assets","includes\\qr-metabox.php",29,{"type":148,"name":174,"callback":179,"file":176,"line":180},"vernissaria_enqueue_metabox_scripts",62,{"type":148,"name":182,"callback":183,"file":176,"line":184},"add_meta_boxes","vernissaria_add_custom_box",78,{"type":148,"name":155,"callback":186,"file":176,"line":187},"vernissaria_save_postdata",347,{"type":148,"name":189,"callback":190,"file":176,"line":191},"admin_menu","vernissaria_add_list_page",412,{"type":148,"name":155,"callback":193,"priority":151,"file":176,"line":194},"vernissaria_set_qr_defaults",552,{"type":148,"name":174,"callback":196,"file":197,"line":198},"vernissaria_register_admin_assets","includes\\qr-settings.php",54,{"type":148,"name":174,"callback":200,"file":197,"line":201},"vernissaria_enqueue_print_assets",84,{"type":148,"name":189,"callback":203,"file":197,"line":204},"vernissaria_add_settings_page",269,{"type":148,"name":163,"callback":206,"file":197,"line":207},"vernissaria_register_settings",367,{"type":148,"name":209,"callback":210,"file":197,"line":211},"wp_dashboard_setup","vernissaria_add_dashboard_widgets",877,{"type":148,"name":213,"callback":214,"file":197,"line":215},"admin_footer","closure",888,{"type":148,"name":217,"callback":218,"file":197,"line":219},"current_screen","vernissaria_debug_chartjs",909,{"type":148,"name":174,"callback":221,"file":197,"line":222},"vernissaria_enqueue_admin_assets",923,{"type":148,"name":224,"callback":225,"file":226,"line":227},"wp_enqueue_scripts","vernissaria_register_frontend_assets","includes\\qr-stats.php",37,{"type":148,"name":229,"callback":230,"file":231,"line":232},"init","vernissaria_qr_init","vernissaria-qr.php",38,{"type":148,"name":174,"callback":234,"file":231,"line":201},"vernissaria_qr_admin_styles",[236,241],{"action":237,"nopriv":238,"callback":237,"hasNonce":239,"hasCapCheck":239,"file":176,"line":240},"vernissaria_update_qr_ajax",false,true,397,{"action":242,"nopriv":238,"callback":243,"hasNonce":239,"hasCapCheck":239,"file":197,"line":244},"generate_qr_pdf","vernissaria_handle_pdf_generation",135,[],[247],{"tag":248,"callback":249,"file":226,"line":250},"vernissaria_qr_stats","vernissaria_qr_stats_shortcode",42,[],{"dangerousFunctions":253,"sqlUsage":254,"outputEscaping":261,"fileOperations":123,"externalRequests":446,"nonceChecks":123,"capabilityChecks":447,"bundledLibraries":448},[],{"prepared":11,"raw":31,"locations":255},[256,260],{"file":257,"line":258,"context":259},"uninstall.php",17,"$wpdb->query() with variable interpolation",{"file":257,"line":32,"context":259},{"escaped":262,"rawEcho":263,"locations":264},83,96,[265,268,270,272,274,276,278,280,282,284,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,343,345,347,349,351,353,355,357,359,360,362,364,366,368,369,371,372,373,375,376,377,379,380,381,383,385,386,388,390,391,393,395,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444],{"file":152,"line":266,"context":267},251,"raw output",{"file":152,"line":269,"context":267},274,{"file":176,"line":271,"context":267},178,{"file":176,"line":273,"context":267},181,{"file":176,"line":275,"context":267},182,{"file":176,"line":277,"context":267},186,{"file":176,"line":279,"context":267},189,{"file":176,"line":281,"context":267},190,{"file":176,"line":283,"context":267},194,{"file":176,"line":133,"context":267},{"file":176,"line":286,"context":267},206,{"file":176,"line":288,"context":267},214,{"file":176,"line":290,"context":267},218,{"file":176,"line":292,"context":267},221,{"file":176,"line":294,"context":267},232,{"file":176,"line":296,"context":267},239,{"file":176,"line":298,"context":267},246,{"file":176,"line":300,"context":267},253,{"file":176,"line":302,"context":267},254,{"file":176,"line":304,"context":267},257,{"file":176,"line":306,"context":267},263,{"file":176,"line":308,"context":267},418,{"file":176,"line":310,"context":267},419,{"file":176,"line":312,"context":267},445,{"file":176,"line":314,"context":267},446,{"file":176,"line":316,"context":267},447,{"file":176,"line":318,"context":267},448,{"file":176,"line":320,"context":267},449,{"file":176,"line":322,"context":267},450,{"file":176,"line":324,"context":267},451,{"file":176,"line":326,"context":267},488,{"file":176,"line":328,"context":267},492,{"file":176,"line":330,"context":267},493,{"file":176,"line":332,"context":267},505,{"file":176,"line":334,"context":267},509,{"file":176,"line":336,"context":267},510,{"file":176,"line":338,"context":267},511,{"file":176,"line":340,"context":267},512,{"file":197,"line":342,"context":267},389,{"file":197,"line":344,"context":267},396,{"file":197,"line":346,"context":267},409,{"file":197,"line":348,"context":267},414,{"file":197,"line":350,"context":267},427,{"file":197,"line":352,"context":267},428,{"file":197,"line":354,"context":267},432,{"file":197,"line":356,"context":267},433,{"file":197,"line":358,"context":267},444,{"file":197,"line":312,"context":267},{"file":197,"line":361,"context":267},454,{"file":197,"line":363,"context":267},455,{"file":197,"line":365,"context":267},458,{"file":197,"line":367,"context":267},462,{"file":197,"line":367,"context":267},{"file":197,"line":370,"context":267},466,{"file":197,"line":370,"context":267},{"file":197,"line":370,"context":267},{"file":197,"line":374,"context":267},470,{"file":197,"line":374,"context":267},{"file":197,"line":374,"context":267},{"file":197,"line":378,"context":267},474,{"file":197,"line":378,"context":267},{"file":197,"line":378,"context":267},{"file":197,"line":382,"context":267},478,{"file":197,"line":384,"context":267},481,{"file":197,"line":330,"context":267},{"file":197,"line":387,"context":267},494,{"file":197,"line":389,"context":267},502,{"file":197,"line":332,"context":267},{"file":197,"line":392,"context":267},506,{"file":197,"line":394,"context":267},507,{"file":197,"line":334,"context":267},{"file":197,"line":397,"context":267},513,{"file":197,"line":399,"context":267},516,{"file":197,"line":401,"context":267},517,{"file":197,"line":403,"context":267},519,{"file":197,"line":405,"context":267},526,{"file":197,"line":407,"context":267},533,{"file":197,"line":409,"context":267},534,{"file":197,"line":411,"context":267},536,{"file":197,"line":413,"context":267},537,{"file":197,"line":415,"context":267},538,{"file":197,"line":417,"context":267},542,{"file":197,"line":419,"context":267},545,{"file":197,"line":421,"context":267},592,{"file":197,"line":423,"context":267},596,{"file":197,"line":425,"context":267},653,{"file":197,"line":427,"context":267},658,{"file":197,"line":429,"context":267},674,{"file":197,"line":431,"context":267},695,{"file":197,"line":433,"context":267},702,{"file":197,"line":435,"context":267},710,{"file":197,"line":437,"context":267},734,{"file":197,"line":439,"context":267},736,{"file":197,"line":441,"context":267},737,{"file":197,"line":443,"context":267},853,{"file":197,"line":445,"context":267},893,8,5,[],[450,472,504,519],{"entryPoint":451,"graph":452,"unsanitizedCount":78,"severity":471},"vernissaria_update_qr_ajax (includes\\qr-metabox.php:352)",{"nodes":453,"edges":468},[454,458,462],{"id":455,"type":456,"label":457,"file":176,"line":342},"n0","source","$_POST",{"id":459,"type":460,"label":461,"file":176,"line":342},"n1","transform","→ vernissaria_update_qr_metadata()",{"id":463,"type":464,"label":465,"file":152,"line":466,"wp_function":467},"n2","sink","wp_remote_request() [SSRF]",130,"wp_remote_request",[469,470],{"from":455,"to":459,"sanitized":238},{"from":459,"to":463,"sanitized":238},"medium",{"entryPoint":473,"graph":474,"unsanitizedCount":31,"severity":471},"\u003Cqr-metabox> (includes\\qr-metabox.php:0)",{"nodes":475,"edges":498},[476,479,483,484,486,488,491,494],{"id":455,"type":456,"label":477,"file":176,"line":478},"$_POST (x2)",360,{"id":459,"type":464,"label":480,"file":176,"line":481,"wp_function":482},"echo() [XSS]",486,"echo",{"id":463,"type":456,"label":457,"file":176,"line":342},{"id":485,"type":460,"label":461,"file":176,"line":342},"n3",{"id":487,"type":464,"label":465,"file":152,"line":466,"wp_function":467},"n4",{"id":489,"type":456,"label":457,"file":176,"line":490},"n5",471,{"id":492,"type":460,"label":493,"file":176,"line":490},"n6","→ vernissaria_get_qr_scan_count()",{"id":495,"type":464,"label":496,"file":176,"line":25,"wp_function":497},"n7","wp_remote_get() [SSRF]","wp_remote_get",[499,500,501,502,503],{"from":455,"to":459,"sanitized":239},{"from":463,"to":485,"sanitized":238},{"from":485,"to":487,"sanitized":238},{"from":489,"to":492,"sanitized":238},{"from":492,"to":495,"sanitized":238},{"entryPoint":505,"graph":506,"unsanitizedCount":78,"severity":471},"vernissaria_handle_pdf_generation (includes\\qr-settings.php:89)",{"nodes":507,"edges":516},[508,510,512],{"id":455,"type":456,"label":457,"file":197,"line":509},123,{"id":459,"type":460,"label":511,"file":197,"line":509},"→ vernissaria_download_and_save_pdf()",{"id":463,"type":464,"label":513,"file":197,"line":514,"wp_function":515},"file_put_contents() [File Write]",215,"file_put_contents",[517,518],{"from":455,"to":459,"sanitized":238},{"from":459,"to":463,"sanitized":238},{"entryPoint":520,"graph":521,"unsanitizedCount":78,"severity":471},"\u003Cqr-settings> (includes\\qr-settings.php:0)",{"nodes":522,"edges":530},[523,524,525,526,527,528,529],{"id":455,"type":456,"label":457,"file":197,"line":25},{"id":459,"type":464,"label":513,"file":197,"line":514,"wp_function":515},{"id":463,"type":456,"label":457,"file":197,"line":25},{"id":485,"type":464,"label":480,"file":197,"line":433,"wp_function":482},{"id":487,"type":456,"label":457,"file":197,"line":509},{"id":489,"type":460,"label":511,"file":197,"line":509},{"id":492,"type":464,"label":513,"file":197,"line":514,"wp_function":515},[531,532,533,534],{"from":455,"to":459,"sanitized":239},{"from":463,"to":485,"sanitized":239},{"from":487,"to":489,"sanitized":238},{"from":489,"to":492,"sanitized":238},{"summary":536,"deductions":537},"The \"vernissaria-qr\" plugin v1.3.6 presents a mixed security posture. On the positive side, there are no known historical vulnerabilities (CVEs), and the static analysis shows a well-defined attack surface with all identified entry points (AJAX handlers and shortcodes) appearing to have authentication checks. The presence of capability checks and nonces further bolsters this. However, significant concerns arise from the code signals. The plugin uses raw SQL queries for all its database interactions, which is a major security risk, especially if the data originates from user input. Additionally, a substantial portion of output escaping is missing, potentially leading to cross-site scripting (XSS) vulnerabilities.  The taint analysis, while not reporting critical or high severity flows, did find unsanitized paths, which, when combined with the lack of prepared statements and insufficient output escaping, could still lead to exploitable conditions.",[538,541,543],{"reason":539,"points":540},"All SQL queries lack prepared statements",15,{"reason":542,"points":446},"Nearly half of output escaping is missing",{"reason":544,"points":151},"Taint analysis shows unsanitized paths","2026-03-17T07:20:03.196Z",{"wat":547,"direct":556},{"assetPaths":548,"generatorPatterns":551,"scriptPaths":552,"versionParams":553},[549,550],"\u002Fwp-content\u002Fplugins\u002Fvernissaria-qr\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fvernissaria-qr\u002Fassets\u002Fjs\u002Fmetabox.js",[],[550],[554,555],"vernissaria-qr\u002Fassets\u002Fcss\u002Fadmin.css?ver=","vernissaria-qr\u002Fassets\u002Fjs\u002Fmetabox.js?ver=",{"cssClasses":557,"htmlComments":558,"htmlAttributes":567,"restEndpoints":574,"jsGlobals":578,"shortcodeOutput":580},[],[559,560,561,562,563,564,565,566],"\u003C!-- Generated by Vernissaria QR -->","\u003C!-- QR Code Image -->","\u003C!-- QR Code Link -->","\u003C!-- QR Code Scan Count -->","\u003C!-- QR Code Dimensions -->","\u003C!-- QR Code Year -->","\u003C!-- QR Code Label -->","\u003C!-- QR Code Campaign -->",[568,569,570,571,572,573],"data-qr-code-redirect-key","data-qr-code-url","data-qr-code-label","data-qr-code-campaign","data-qr-code-dimensions","data-qr-code-year",[575,576,577],"\u002Fwp-json\u002Fvernissaria-qr\u002Fv1\u002Fgenerate-qr","\u002Fwp-json\u002Fvernissaria-qr\u002Fv1\u002Fupdate-qr","\u002Fwp-json\u002Fvernissaria-qr\u002Fv1\u002Fdelete-qr",[579],"vernissariaMetabox",[581,582],"[vernissaria_qr_code]","[vernissaria_qr_details]"]