[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9JVvFRVRYDnnxf5wdLYh3vmD3qv4o0_2-tBmkfOzJhM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":57,"crawl_stats":38,"alternatives":65,"analysis":66,"fingerprints":669},"video-grid","Video Grid","1.24","Nks","https:\u002F\u002Fprofiles.wordpress.org\u002Fnik00726\u002F","\u003Cp>This is a beautiful responsive video grid with responsive lightbox for WordPress blogs and sites. Admin can manage any number of videos into the grid.\u003Cbr \u002F>\nAdmin can add, edit and delete videos.admin can set video title to lightbox. Before add grid, to WordPress blog, admin can preview a video grid. Admin can set video background. Admin can also set if you want to play video into a lightbox or redirect to the respective site. The free version only supports youtube and Dailymotion. Pro version can support Youtube, Vimeo, Metacafe, DailyMotion, and custom HTML 5 Video\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Find WordPress Video Grid Pro Plugin (Unlimited Video Grids+Much more fatures) at \u003Ca href=\"https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-responsive-video-grid-pro\u002F\" rel=\"nofollow ugc\">WordPress Video Grid Pro Plugin\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fblog.i13websolution.com\u002Flive-preview-wordpress-video-grid\u002F\" rel=\"nofollow ugc\">Live Demo WordPress Video Grid \u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=SbQEswn2JBY\" rel=\"nofollow ugc\">WordPress Video Grid Pro Video\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FSbQEswn2JBY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please rate this plugin if you find it useful\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>=Features=\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Add any number of video to grid.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>grid and lightbox both are responsive\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Edit video.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Preview your video grid before use it.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>grid installation into theme is simple just add shortcode to theme or pages\u002Fposts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>changes to video backgroud.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>play video into lightbox or redirect.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>grid can have caption.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>10.WordPress capebilities feature.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>=Pro Version Features=\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Unlimited Video Grids and lightbox(Multiple Video Grids).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom height width of thumbnail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support video types Youtube,Vimeo,Metacafe,DailyMotion, Support custom html 5 videos.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use custome video thumbnail Or oneclick video thumbnail image download.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display video description into lightbox.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On\u002FOff Video thumbnail captions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Set pagination size and use ajax pagination.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin can display video gallery according video order.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Mass video order updates.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Sort by random videos\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Open video into lightbox or new browser tab.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Responsive Admin Layout.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No advertisements.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress capebilities feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.i13websolution.com\u002Fcontacts\" rel=\"nofollow ugc\">Get Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But you can make some donations if you realy find it useful.\u003C\u002Fp>\n","This is a beautiful responsive video grid with responsive lightbox for WordPress blogs and sites. Admin can manage any number of videos into the grid.",1000,60847,88,15,"2025-12-08T12:27:00.000Z","6.9.4","3.5","",[20,21,22,23,24],"wordpress-lightbox-video-gallery","wordpress-responsive-vimeo-grid","wordpress-video-grid","wordpress-video-grid-lightbox","wordpress-youtube-grid","https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-responsive-video-grid-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-grid.1.24.zip",99,2,0,"2023-04-18 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-30785","video-grid-reflected-cross-site-scripting","Video Grid \u003C= 1.21 - Reflected Cross-Site Scripting","The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.21","1.22","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc92e166d-2ede-4280-a875-d30c0cf6f467?source=api-prod",280,{"id":50,"url_slug":51,"title":36,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":53,"references":54,"days_to_patch":56},"CVE-2023-7295","video-grid-reflected-cross-site-scripting-2","The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","2024-10-16 07:31:53",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdb5247ad-dbbf-4d8e-92f5-3a673b97d080?source=api-prod",547,{"slug":58,"display_name":7,"profile_url":8,"plugin_count":59,"total_installs":60,"avg_security_score":61,"avg_patch_time_days":62,"trust_score":63,"computed_at":64},"nik00726",19,22900,97,350,77,"2026-04-04T04:19:09.417Z",[],{"attackSurface":67,"codeSignals":131,"taintFlows":512,"riskAssessment":658,"analyzedAt":668},{"hooks":68,"ajaxHandlers":113,"restRoutes":124,"shortcodes":125,"cronEvents":129,"entryPointCount":130,"unprotectedCount":29},[69,75,80,84,88,92,97,101,106,109],{"type":70,"name":71,"callback":72,"file":73,"line":74},"filter","widget_text","do_shortcode","wp-video-grid.php",12,{"type":76,"name":77,"callback":78,"file":73,"line":79},"action","admin_menu","responsive_video_grid_add_admin_menu",13,{"type":76,"name":81,"callback":82,"file":73,"line":83},"wp_enqueue_scripts","responsive_video_grid_load_styles_and_js",18,{"type":76,"name":85,"callback":86,"file":73,"line":87},"admin_notices","responsive_video_grid_admin_notices",20,{"type":76,"name":89,"callback":90,"file":73,"line":91},"plugins_loaded","vg_load_lang_for_responsive_video_grid",25,{"type":70,"name":93,"callback":94,"priority":95,"file":73,"line":96},"user_has_cap","rvg_video_grid_admin_cap_list",10,26,{"type":70,"name":98,"callback":99,"priority":95,"file":73,"line":100},"map_meta_cap","map_rvg_video_grid_meta_caps",31,{"type":70,"name":102,"callback":103,"priority":104,"file":73,"line":105},"widget_text_content","prvg_remove_extra_p_tags",999,2701,{"type":70,"name":107,"callback":103,"priority":104,"file":73,"line":108},"the_content",2702,{"type":70,"name":110,"callback":111,"priority":95,"file":73,"line":112},"render_block","i13_video_grid_pro_render_block_defaults",2713,[114,120],{"action":115,"nopriv":116,"callback":117,"hasNonce":118,"hasCapCheck":116,"file":73,"line":119},"check_file_exist_grid",false,"check_file_exist_grid_callback",true,22,{"action":121,"nopriv":116,"callback":122,"hasNonce":118,"hasCapCheck":116,"file":73,"line":123},"get_youtube_info_grid","get_youtube_info_grid_callback",23,[],[126],{"tag":127,"callback":128,"file":73,"line":59},"print_responsive_video_grid","print_responsive_video_grid_func",[],3,{"dangerousFunctions":132,"sqlUsage":133,"outputEscaping":136,"fileOperations":74,"externalRequests":508,"nonceChecks":509,"capabilityChecks":510,"bundledLibraries":511},[],{"prepared":134,"raw":29,"locations":135},11,[],{"escaped":137,"rawEcho":138,"locations":139},37,211,[140,143,145,147,149,151,152,153,154,156,158,160,162,164,166,168,170,172,174,176,177,179,181,183,185,187,189,191,193,194,196,198,200,202,204,206,208,210,212,214,215,216,217,219,220,221,222,224,225,226,228,229,230,231,233,234,235,236,238,239,240,242,243,244,245,247,248,249,250,252,253,254,256,257,258,259,261,262,263,264,266,267,268,270,272,274,276,278,279,281,283,285,287,289,291,292,294,296,297,299,301,303,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,379,380,382,384,386,388,389,391,393,395,397,399,401,403,405,407,409,411,412,414,416,418,420,422,424,426,428,430,432,434,436,437,439,441,443,445,446,447,449,450,452,454,456,457,459,461,463,465,467,469,471,473,475,476,478,480,482,483,484,486,487,489,491,493,494,496,498,500,502,504,506],{"file":73,"line":141,"context":142},270,"raw output",{"file":73,"line":144,"context":142},309,{"file":73,"line":146,"context":142},329,{"file":73,"line":148,"context":142},335,{"file":73,"line":150,"context":142},520,{"file":73,"line":150,"context":142},{"file":73,"line":150,"context":142},{"file":73,"line":150,"context":142},{"file":73,"line":155,"context":142},525,{"file":73,"line":157,"context":142},538,{"file":73,"line":159,"context":142},539,{"file":73,"line":161,"context":142},545,{"file":73,"line":163,"context":142},553,{"file":73,"line":165,"context":142},569,{"file":73,"line":167,"context":142},574,{"file":73,"line":169,"context":142},587,{"file":73,"line":171,"context":142},598,{"file":73,"line":173,"context":142},605,{"file":73,"line":175,"context":142},614,{"file":73,"line":175,"context":142},{"file":73,"line":178,"context":142},651,{"file":73,"line":180,"context":142},654,{"file":73,"line":182,"context":142},662,{"file":73,"line":184,"context":142},665,{"file":73,"line":186,"context":142},722,{"file":73,"line":188,"context":142},723,{"file":73,"line":190,"context":142},732,{"file":73,"line":192,"context":142},739,{"file":73,"line":192,"context":142},{"file":73,"line":195,"context":142},746,{"file":73,"line":197,"context":142},747,{"file":73,"line":199,"context":142},749,{"file":73,"line":201,"context":142},822,{"file":73,"line":203,"context":142},823,{"file":73,"line":205,"context":142},824,{"file":73,"line":207,"context":142},825,{"file":73,"line":209,"context":142},835,{"file":73,"line":211,"context":142},842,{"file":73,"line":213,"context":142},856,{"file":73,"line":213,"context":142},{"file":73,"line":213,"context":142},{"file":73,"line":213,"context":142},{"file":73,"line":218,"context":142},859,{"file":73,"line":218,"context":142},{"file":73,"line":218,"context":142},{"file":73,"line":218,"context":142},{"file":73,"line":223,"context":142},861,{"file":73,"line":223,"context":142},{"file":73,"line":223,"context":142},{"file":73,"line":227,"context":142},865,{"file":73,"line":227,"context":142},{"file":73,"line":227,"context":142},{"file":73,"line":227,"context":142},{"file":73,"line":232,"context":142},868,{"file":73,"line":232,"context":142},{"file":73,"line":232,"context":142},{"file":73,"line":232,"context":142},{"file":73,"line":237,"context":142},870,{"file":73,"line":237,"context":142},{"file":73,"line":237,"context":142},{"file":73,"line":241,"context":142},874,{"file":73,"line":241,"context":142},{"file":73,"line":241,"context":142},{"file":73,"line":241,"context":142},{"file":73,"line":246,"context":142},877,{"file":73,"line":246,"context":142},{"file":73,"line":246,"context":142},{"file":73,"line":246,"context":142},{"file":73,"line":251,"context":142},879,{"file":73,"line":251,"context":142},{"file":73,"line":251,"context":142},{"file":73,"line":255,"context":142},884,{"file":73,"line":255,"context":142},{"file":73,"line":255,"context":142},{"file":73,"line":255,"context":142},{"file":73,"line":260,"context":142},887,{"file":73,"line":260,"context":142},{"file":73,"line":260,"context":142},{"file":73,"line":260,"context":142},{"file":73,"line":265,"context":142},889,{"file":73,"line":265,"context":142},{"file":73,"line":265,"context":142},{"file":73,"line":269,"context":142},892,{"file":73,"line":271,"context":142},893,{"file":73,"line":273,"context":142},928,{"file":73,"line":275,"context":142},929,{"file":73,"line":277,"context":142},931,{"file":73,"line":277,"context":142},{"file":73,"line":280,"context":142},932,{"file":73,"line":282,"context":142},934,{"file":73,"line":284,"context":142},937,{"file":73,"line":286,"context":142},939,{"file":73,"line":288,"context":142},943,{"file":73,"line":290,"context":142},945,{"file":73,"line":290,"context":142},{"file":73,"line":293,"context":142},946,{"file":73,"line":295,"context":142},948,{"file":73,"line":295,"context":142},{"file":73,"line":298,"context":142},949,{"file":73,"line":300,"context":142},953,{"file":73,"line":302,"context":142},955,{"file":73,"line":302,"context":142},{"file":73,"line":305,"context":142},956,{"file":73,"line":307,"context":142},967,{"file":73,"line":309,"context":142},969,{"file":73,"line":311,"context":142},982,{"file":73,"line":313,"context":142},990,{"file":73,"line":315,"context":142},993,{"file":73,"line":317,"context":142},997,{"file":73,"line":319,"context":142},1010,{"file":73,"line":321,"context":142},1018,{"file":73,"line":323,"context":142},1033,{"file":73,"line":325,"context":142},1036,{"file":73,"line":327,"context":142},1040,{"file":73,"line":329,"context":142},1047,{"file":73,"line":331,"context":142},1050,{"file":73,"line":333,"context":142},1058,{"file":73,"line":335,"context":142},1061,{"file":73,"line":337,"context":142},1161,{"file":73,"line":339,"context":142},1230,{"file":73,"line":341,"context":142},1243,{"file":73,"line":343,"context":142},1308,{"file":73,"line":345,"context":142},1335,{"file":73,"line":347,"context":142},1361,{"file":73,"line":349,"context":142},1387,{"file":73,"line":351,"context":142},1396,{"file":73,"line":353,"context":142},1400,{"file":73,"line":355,"context":142},1409,{"file":73,"line":357,"context":142},1410,{"file":73,"line":359,"context":142},1415,{"file":73,"line":361,"context":142},1416,{"file":73,"line":363,"context":142},1423,{"file":73,"line":365,"context":142},1424,{"file":73,"line":367,"context":142},1430,{"file":73,"line":369,"context":142},1437,{"file":73,"line":371,"context":142},1442,{"file":73,"line":373,"context":142},1444,{"file":73,"line":375,"context":142},1447,{"file":73,"line":377,"context":142},1450,{"file":73,"line":377,"context":142},{"file":73,"line":377,"context":142},{"file":73,"line":381,"context":142},1451,{"file":73,"line":383,"context":142},1457,{"file":73,"line":385,"context":142},1460,{"file":73,"line":387,"context":142},1538,{"file":73,"line":387,"context":142},{"file":73,"line":390,"context":142},1574,{"file":73,"line":392,"context":142},1586,{"file":73,"line":394,"context":142},1625,{"file":73,"line":396,"context":142},1729,{"file":73,"line":398,"context":142},1765,{"file":73,"line":400,"context":142},1766,{"file":73,"line":402,"context":142},1771,{"file":73,"line":404,"context":142},1780,{"file":73,"line":406,"context":142},1781,{"file":73,"line":408,"context":142},1786,{"file":73,"line":410,"context":142},1802,{"file":73,"line":410,"context":142},{"file":73,"line":413,"context":142},1844,{"file":73,"line":415,"context":142},1877,{"file":73,"line":417,"context":142},1880,{"file":73,"line":419,"context":142},1888,{"file":73,"line":421,"context":142},1891,{"file":73,"line":423,"context":142},1926,{"file":73,"line":425,"context":142},1982,{"file":73,"line":427,"context":142},2000,{"file":73,"line":429,"context":142},2064,{"file":73,"line":431,"context":142},2068,{"file":73,"line":433,"context":142},2073,{"file":73,"line":435,"context":142},2108,{"file":73,"line":435,"context":142},{"file":73,"line":438,"context":142},2131,{"file":73,"line":440,"context":142},2140,{"file":73,"line":442,"context":142},2141,{"file":73,"line":444,"context":142},2265,{"file":73,"line":444,"context":142},{"file":73,"line":444,"context":142},{"file":73,"line":448,"context":142},2266,{"file":73,"line":448,"context":142},{"file":73,"line":451,"context":142},2268,{"file":73,"line":453,"context":142},2272,{"file":73,"line":455,"context":142},2273,{"file":73,"line":455,"context":142},{"file":73,"line":458,"context":142},2275,{"file":73,"line":460,"context":142},2288,{"file":73,"line":462,"context":142},2292,{"file":73,"line":464,"context":142},2308,{"file":73,"line":466,"context":142},2336,{"file":73,"line":468,"context":142},2355,{"file":73,"line":470,"context":142},2358,{"file":73,"line":472,"context":142},2362,{"file":73,"line":474,"context":142},2399,{"file":73,"line":474,"context":142},{"file":73,"line":477,"context":142},2421,{"file":73,"line":479,"context":142},2423,{"file":73,"line":481,"context":142},2546,{"file":73,"line":481,"context":142},{"file":73,"line":481,"context":142},{"file":73,"line":485,"context":142},2547,{"file":73,"line":485,"context":142},{"file":73,"line":488,"context":142},2549,{"file":73,"line":490,"context":142},2553,{"file":73,"line":492,"context":142},2554,{"file":73,"line":492,"context":142},{"file":73,"line":495,"context":142},2556,{"file":73,"line":497,"context":142},2572,{"file":73,"line":499,"context":142},2576,{"file":73,"line":501,"context":142},2578,{"file":73,"line":503,"context":142},2581,{"file":73,"line":505,"context":142},2597,{"file":73,"line":507,"context":142},2622,4,6,9,[],[513,587,640,650],{"entryPoint":514,"graph":515,"unsanitizedCount":508,"severity":41},"video_grid_with_lightbox_video_management_func (wp-video-grid.php:681)",{"nodes":516,"edges":577},[517,522,527,531,536,539,544,547,549,553,555,559,563,568,570,572],{"id":518,"type":519,"label":520,"file":73,"line":521},"n0","source","$_GET (x27)",772,{"id":523,"type":524,"label":525,"file":73,"line":203,"wp_function":526},"n1","sink","echo() [XSS]","echo",{"id":528,"type":519,"label":529,"file":73,"line":530},"n2","$_POST (x4)",1090,{"id":532,"type":524,"label":533,"file":73,"line":534,"wp_function":535},"n3","query() [SQLi]",1213,"query",{"id":537,"type":519,"label":538,"file":73,"line":530},"n4","$_POST (x3)",{"id":540,"type":524,"label":541,"file":73,"line":542,"wp_function":543},"n5","get_row() [SQLi]",1344,"get_row",{"id":545,"type":519,"label":546,"file":73,"line":530},"n6","$_POST (x6)",{"id":548,"type":524,"label":525,"file":73,"line":365,"wp_function":526},"n7",{"id":550,"type":519,"label":551,"file":73,"line":552},"n8","$_GET['id']",1797,{"id":554,"type":524,"label":525,"file":73,"line":552,"wp_function":526},"n9",{"id":556,"type":519,"label":557,"file":73,"line":558},"n10","$_POST (x2)",1198,{"id":560,"type":561,"label":562,"file":73,"line":558},"n11","transform","→ vg_save_image()",{"id":564,"type":524,"label":565,"file":73,"line":566,"wp_function":567},"n12","wp_remote_get() [SSRF]",278,"wp_remote_get",{"id":569,"type":519,"label":557,"file":73,"line":558},"n13",{"id":571,"type":561,"label":562,"file":73,"line":558},"n14",{"id":573,"type":524,"label":574,"file":73,"line":575,"wp_function":576},"n15","fopen() [File Access]",283,"fopen",[578,579,580,581,582,583,584,585,586],{"from":518,"to":523,"sanitized":118},{"from":528,"to":532,"sanitized":118},{"from":537,"to":540,"sanitized":118},{"from":545,"to":548,"sanitized":118},{"from":550,"to":554,"sanitized":118},{"from":556,"to":560,"sanitized":116},{"from":560,"to":564,"sanitized":116},{"from":569,"to":571,"sanitized":116},{"from":571,"to":573,"sanitized":116},{"entryPoint":588,"graph":589,"unsanitizedCount":508,"severity":41},"\u003Cwp-video-grid> (wp-video-grid.php:0)",{"nodes":590,"edges":627},[591,593,595,598,599,600,601,602,603,604,605,607,608,609,610,611,615,617,619,621,623,625],{"id":518,"type":519,"label":557,"file":73,"line":592},234,{"id":523,"type":524,"label":565,"file":73,"line":594,"wp_function":567},235,{"id":528,"type":519,"label":596,"file":73,"line":597},"$_POST['url']",306,{"id":532,"type":524,"label":565,"file":73,"line":597,"wp_function":567},{"id":537,"type":519,"label":520,"file":73,"line":521},{"id":540,"type":524,"label":525,"file":73,"line":203,"wp_function":526},{"id":545,"type":519,"label":529,"file":73,"line":530},{"id":548,"type":524,"label":533,"file":73,"line":534,"wp_function":535},{"id":550,"type":519,"label":538,"file":73,"line":530},{"id":554,"type":524,"label":541,"file":73,"line":542,"wp_function":543},{"id":556,"type":519,"label":606,"file":73,"line":530},"$_POST (x14)",{"id":560,"type":524,"label":525,"file":73,"line":365,"wp_function":526},{"id":564,"type":519,"label":551,"file":73,"line":552},{"id":569,"type":524,"label":525,"file":73,"line":552,"wp_function":526},{"id":571,"type":519,"label":557,"file":73,"line":530},{"id":573,"type":524,"label":612,"file":73,"line":613,"wp_function":614},"get_results() [SQLi]",2148,"get_results",{"id":616,"type":519,"label":557,"file":73,"line":558},"n16",{"id":618,"type":561,"label":562,"file":73,"line":558},"n17",{"id":620,"type":524,"label":565,"file":73,"line":566,"wp_function":567},"n18",{"id":622,"type":519,"label":557,"file":73,"line":558},"n19",{"id":624,"type":561,"label":562,"file":73,"line":558},"n20",{"id":626,"type":524,"label":574,"file":73,"line":575,"wp_function":576},"n21",[628,629,630,631,632,633,634,635,636,637,638,639],{"from":518,"to":523,"sanitized":118},{"from":528,"to":532,"sanitized":118},{"from":537,"to":540,"sanitized":118},{"from":545,"to":548,"sanitized":118},{"from":550,"to":554,"sanitized":118},{"from":556,"to":560,"sanitized":118},{"from":564,"to":569,"sanitized":118},{"from":571,"to":573,"sanitized":118},{"from":616,"to":618,"sanitized":116},{"from":618,"to":620,"sanitized":116},{"from":622,"to":624,"sanitized":116},{"from":624,"to":626,"sanitized":116},{"entryPoint":641,"graph":642,"unsanitizedCount":29,"severity":649},"get_youtube_info_grid_callback (wp-video-grid.php:215)",{"nodes":643,"edges":647},[644,646],{"id":518,"type":519,"label":645,"file":73,"line":592},"$_POST",{"id":523,"type":524,"label":565,"file":73,"line":594,"wp_function":567},[648],{"from":518,"to":523,"sanitized":118},"low",{"entryPoint":651,"graph":652,"unsanitizedCount":29,"severity":649},"check_file_exist_grid_callback (wp-video-grid.php:289)",{"nodes":653,"edges":656},[654,655],{"id":518,"type":519,"label":596,"file":73,"line":597},{"id":523,"type":524,"label":565,"file":73,"line":597,"wp_function":567},[657],{"from":518,"to":523,"sanitized":118},{"summary":659,"deductions":660},"The \"video-grid\" plugin v1.24 exhibits a mixed security posture.  On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating a decent number of nonce and capability checks.  The absence of critical or high-severity taint flows and dangerous functions is also reassuring. However, significant concerns arise from the output escaping, where only 15% of outputs are properly escaped, indicating a strong potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the presence of two flows with unsanitized paths, although not resulting in critical or high-severity taint issues, still represents a potential risk. The plugin's history of two medium-severity XSS vulnerabilities, with the last one occurring in April 2023, suggests a recurring weakness in input validation and output sanitization, even though these are currently patched.  Overall, while the plugin has some solid security foundations, the high rate of unescaped output and historical XSS issues point to a need for significant improvement in handling user-provided data to prevent potential client-side attacks.",[661,663,666],{"reason":662,"points":14},"Low percentage of properly escaped outputs",{"reason":664,"points":665},"Flows with unsanitized paths detected",7,{"reason":667,"points":95},"History of medium severity XSS vulnerabilities","2026-03-16T19:02:01.692Z",{"wat":670,"direct":695},{"assetPaths":671,"generatorPatterns":682,"scriptPaths":683,"versionParams":684},[672,673,674,675,676,677,678,679,680,681],"\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Fvideo-grid.css","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Ffont-awesome.css","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Fresponsive-slider.css","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fjquery.flexisel.js","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fvideo-grid.js","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fowl.carousel.js","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fresponsive-slider.js","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fjquery.prettyPhoto.js","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002FprettyPhoto.css",[],[676,677,678,679,680],[685,686,687,688,689,690,691,692,693,694],"\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Fvideo-grid.css?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Fbootstrap.min.css?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Ffont-awesome.css?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002Fresponsive-slider.css?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fjquery.flexisel.js?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fvideo-grid.js?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fowl.carousel.js?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fresponsive-slider.js?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fjs\u002Fjquery.prettyPhoto.js?ver=","\u002Fwp-content\u002Fplugins\u002Fvideo-grid\u002Fcss\u002FprettyPhoto.css?ver=",{"cssClasses":696,"htmlComments":700,"htmlAttributes":703,"restEndpoints":706,"jsGlobals":709,"shortcodeOutput":712},[697,698,699],"video-grid-container","responsive-video-grid","rvg-video-item",[701,702],"\u003C!-- Responsive Video Grid Pro -->","\u003C!-- Start Responsive Video Grid Pro -->",[704,705],"data-video-id","data-grid-id",[707,708],"\u002Fwp-json\u002Fvideo-grid\u002Fv1\u002Fcheck_file_exist","\u002Fwp-json\u002Fvideo-grid\u002Fv1\u002Fget_youtube_info",[710,711],"video_grid_obj","responsive_video_grid_slider",[713,714],"\u003Cdiv class='video-grid-container'","\u003Cdiv class='responsive-video-grid'"]