[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyxW57uXf7uTcQ5AU2zKXhrCfLTvkN79ZEiVGTLadbFY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":54,"analysis":147,"fingerprints":287},"videos-on-admin-dashboard","Videos on Admin Dashboard","2.1.31","WordPress Hilfe & Support Nahiro.net","https:\u002F\u002Fprofiles.wordpress.org\u002Fnahiro\u002F","\u003Cp>Videos on Admin Dashboard allow you to embed Youtube and Vimeo tutorials, help or support videos quickly and easily into the dashboard of your WordPress website. You just install the plugin and copy the video link on the administration page and you have clear access to your videos, support YouTube and or Vimeo videos. In the Administration section, you can specify which users can see the videos, in addition you can enter the title of your widget, and it’s also perfect for helping your customers or website users by using help or support videos.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Include Youtube, Vimeo or Google Drive tutorials and support videos for your customers or for your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Fast and light.\u003C\u002Fli>\n\u003Cli>Control which user role can watch the videos on the dashboard.\u003C\u002Fli>\n\u003Cli>Active languages: English, German,Spanish.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnahiro.net\u002Fen\u002Fwordpress-help\u002F\" rel=\"nofollow ugc\">WordPress Hilfe & Support – Nahiro.net\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Videos on Admin Dashboard Pro\u003C\u002Fh4>\n\u003Cp>With the premium version of this plugin you can have unlimited videos and widgets.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnahiro.net\u002Fen\u002Fvideos-on-admin-dashboard\u002F\" rel=\"nofollow ugc\">Videos on Admin Dashboard Pro\u003C\u002Fa>\u003C\u002Fp>\n","Include Youtube or Vimeo tutorials and support videos for your customers or for your Wordpress dashboard.",100,21044,1,"2026-03-03T16:16:00.000Z","6.7.5","3.0.1","5.6",[19,20,21,22,23],"dashboard","embed","vimeo","wordpress-hilfe","youtube","http:\u002F\u002Fwordpress.org\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideos-on-admin-dashboard.2.1.31.zip",99,0,"2020-01-12 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"WF-aae57fed-1003-4b3a-8489-cfc85c250a04-videos-on-admin-dashboard","videos-on-admin-dashboard-cross-site-scripting","Videos on Admin Dashboard \u003C 1.1.4 - Cross-Site Scripting","The Videos on Admin Dashboard plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.",null,"\u003C1.1.4","1.1.4","high",7.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faae57fed-1003-4b3a-8489-cfc85c250a04?source=api-prod",1472,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":46,"trust_score":52,"computed_at":53},"nahiro",4,110,96,76,"2026-04-04T16:12:38.690Z",[55,77,95,110,130],{"slug":56,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":27,"last_vuln_date":76,"fetched_at":29},"iframe","6.0","webvitaly","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebvitaly\u002F","\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fr.freemius.com\u002F13759\u002F8047958\u002F\" title=\"Advanced iFrame\" rel=\"nofollow ugc\">Advanced iFrame\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002Fiframe\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">iframe\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fdonate\u002F\" title=\"Support the development\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebvitalii\u002Fiframe\" title=\"Fork\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[iframe src=”http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7_nAZQt9qu0″ width=”100%” height=”500″] shortcode\u003Cbr \u002F>\nshould show something like this:\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7_nAZQt9qu0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>WordPress removes iframe html tags because of security reasons.\u003Cbr \u002F>\nIframe shortcode is the replacement of the iframe html tag and accepts the same params as iframe html tag does.\u003Cbr \u002F>\nYou may use iframe shortcode to embed content from YouTube, Vimeo, Google Maps or from any external page.\u003C\u002Fp>\n\u003Cp>If you need to embed content from YouTube, Vimeo, SlideShare, SoundCloud, Twitter via direct link, you may use \u003Ccode>[embed]http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=7_nAZQt9qu0[\u002Fembed]\u003C\u002Fcode> shortcode.\u003Cbr \u002F>\n[embed] shortcode is a core WordPress feature and can \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FEmbeds\" rel=\"nofollow ugc\">embed content from many resources via direct link\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: You can not embed HTTP pages into HTTPS pages and vice versa.\u003Cbr \u002F>\nSo the protocol (http or httpS) for parent and embedded page should match.\u003C\u002Fp>\n\u003Ch4>iframe params:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>src\u003C\u002Fstrong> – source of the iframe: \u003Ccode>[iframe src=\"http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7_nAZQt9qu0\"]\u003C\u002Fcode>; by default src=”http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7_nAZQt9qu0″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>width\u003C\u002Fstrong> – width in pixels or in percents: \u003Ccode>[iframe width=\"100%\"]\u003C\u002Fcode> or \u003Ccode>[iframe width=\"600\"]\u003C\u002Fcode>; by default width=”100%”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>height\u003C\u002Fstrong> – height in pixels: \u003Ccode>[iframe height=\"500\"]\u003C\u002Fcode>; by default height=”500″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>scrolling\u003C\u002Fstrong> – with or without the scrollbar: \u003Ccode>[iframe scrolling=\"no\"]\u003C\u002Fcode>; by default scrolling=”yes”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>frameborder\u003C\u002Fstrong> – with or without the frame border: \u003Ccode>[iframe frameborder=\"0\"]\u003C\u002Fcode>; by default frameborder=”0″;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>marginheight\u003C\u002Fstrong> – height of the margin: \u003Ccode>[iframe marginheight=\"0\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>marginwidth\u003C\u002Fstrong> – width of the margin: \u003Ccode>[iframe marginwidth=\"0\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>allowtransparency\u003C\u002Fstrong> – allows to set transparency of the iframe: \u003Ccode>[iframe allowtransparency=\"true\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>id\u003C\u002Fstrong> – allows to add the id of the iframe: \u003Ccode>[iframe id=\"custom_id\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>class\u003C\u002Fstrong> – allows to add the class of the iframe: \u003Ccode>[iframe class=\"custom_class\"]\u003C\u002Fcode>; by default class=”iframe-class”;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>style\u003C\u002Fstrong> – allows to add the css styles of the iframe: \u003Ccode>[iframe style=\"margin-left:-30px;\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>same_height_as\u003C\u002Fstrong> – allows to set the height of iframe same as target element: \u003Ccode>[iframe same_height_as=\"div.sidebar\"]\u003C\u002Fcode>, \u003Ccode>[iframe same_height_as=\"div#content\"]\u003C\u002Fcode>, \u003Ccode>[iframe same_height_as=\"body\"]\u003C\u002Fcode>, \u003Ccode>[iframe same_height_as=\"html\"]\u003C\u002Fcode>; removed by default;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>any_other_param\u003C\u002Fstrong> – allows to add new parameter of the iframe \u003Ccode>[iframe any_other_param=\"any_value\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003Cli>\u003Cstrong>any_other_empty_param\u003C\u002Fstrong> – allows to add new empty parameter of the iframe (like “allowfullscreen” on youtube) \u003Ccode>[iframe any_other_empty_param=\"\"]\u003C\u002Fcode>;\u003C\u002Fli>\n\u003C\u002Ful>\n","[iframe src=\"http:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7_nAZQt9qu0\" width=\"100%\" height=\"500\"] shortcode",70000,1902698,88,56,"2025-12-18T21:54:00.000Z","6.9.4","3.0","",[20,71,56,21,23],"google-maps","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fiframe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiframe.6.0.zip",97,6,"2024-05-22 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":51,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":16,"requires_php":69,"tags":90,"homepage":69,"download_link":93,"security_score":26,"vuln_count":13,"unpatched_count":27,"last_vuln_date":94,"fetched_at":29},"responsive-video-embed","Responsive video embed","0.5.2","lepileppanen","https:\u002F\u002Fprofiles.wordpress.org\u002Flepileppanen\u002F","\u003Cp>Responsive video embed plugin is a lightweight and simple video embedding plugin that will create responsive video embeds to your site.\u003C\u002Fp>\n\u003Cp>It is possible to create responsive video embed by:\u003C\u002Fp>\n\u003Cp>1) Simply copy pasting embed video URL into editor\u003C\u002Fp>\n\u003Cp>2) Using a shortcode manually\u003C\u002Fp>\n\u003Cp>[rve src=”embed video url” ratio=”video aspect ratio”]\u003C\u002Fp>\n\u003Cp>src = URL of the embedded video\u003C\u002Fp>\n\u003Cp>ratio = either ’16by9′ \u002F ‘4by3′ \u002F ’21by9’ \u002F ‘1by1’ (optional), 16by9 is by default\u003C\u002Fp>\n\u003Cp>3) Using the shortcode automatically by clicking on Embed video button and typing in video embed URL and selecting aspect ratio.\u003C\u002Fp>\n","Enables you three simple ways to embed responsive video into your content.",900,12856,5,"2025-08-16T07:14:00.000Z","6.8.5",[20,91,92,21,23],"responsive","video","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-video-embed.0.5.2.zip","2024-05-30 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":11,"num_ratings":75,"last_updated":105,"tested_up_to":67,"requires_at_least":16,"requires_php":69,"tags":106,"homepage":108,"download_link":109,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"video-dashboard","Video Dashboard","1.2.1.1","brianjohnsondesign","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrianjohnsondesign\u002F","\u003Cp>Video Dashboard allows you to quickly and easily embed YouTube or Vimeo videos in the dashboard of your WordPress site. A settings area allows you to specify up to 50 YouTube or Vimeo video URLs that you would like to show up in the backend of your website. You can then choose the minimum role that is able to see it in their dashboard. If you only want Administrators to see them, you can do that!\u003C\u002Fp>\n\u003Cp>Possible future upgrades will include more precise role control and more robust video embedding options.\u003C\u002Fp>\n\u003Cp>For more info, please \u003Ca href=\"https:\u002F\u002Fpagecrafter.com\u002Fembed-videos-in-dashboard-plugin\u002F\" rel=\"nofollow ugc\">visit our site\u003C\u002Fa>.\u003C\u002Fp>\n","Easily embed YouTube videos in your admin dashboard area with Video Dashboard.",500,7569,"2026-03-11T17:52:00.000Z",[107,19,92,21,23],"admin","https:\u002F\u002Fpagecrafter.com\u002Fembed-videos-in-dashboard-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-dashboard.1.2.1.1.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":69,"tags":125,"homepage":127,"download_link":128,"security_score":129,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"embed-video-thumbnail","Embed Video Thumbnail","2.0.3","ikanaweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fikanaweb\u002F","\u003Cp>Activate this plugin and reduce you page weight by nearly 1mo !\u003C\u002Fp>\n\u003Cp>Because embed videos can dramatically increase your page weight and loading time, Embed Video Thumbnail\u003Cbr \u002F>\nautomatically replace them by their corresponding thumbnail. Videos will then only be loaded after click on thumbnails.\u003C\u002Fp>\n\u003Cp>This plugin fixes part of the following “defer parsing of javascript” error in GTmetrix :\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>xxxx MiB of JavaScript is parsed during initial page load. Defer parsing JavaScript to reduce blocking of page rendering.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Currently supported video hosting services :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Youtube\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>Dailymotion\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Optional settings :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Toggle activation on each hosting services\u003C\u002Fli>\n\u003Cli>Toggle activation by device (desktop, tablet, mobile)\u003C\u002Fli>\n\u003Cli>Copy thumbnail on local server for performance improvements\u003C\u002Fli>\n\u003Cli>Display video title over the thumbnail\u003C\u002Fli>\n\u003Cli>Toggle video loop on Vimeo and Youtube\u003C\u002Fli>\n\u003Cli>Import\u002Fexport settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Widget :\u003C\u002Fp>\n\u003Cp>You can use our Embed Video Thumbnail widget to transform your videos in sidebars.\u003C\u002Fp>\n\u003Cp>Custom hosting services can be added with the \u003Ccode>ikevt_extension_providers\u003C\u002Fcode> hook.\u003Cbr \u002F>\nEach hosting service extension must implement \u003Ccode>Ikana\\EmbedVideoThumbnail\\Provider\\ProviderInterface\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Requirements :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>php 5.6+\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically replace embed videos everywhere with their thumbnail to reduce page load time and improve your GTmetrix score.",300,27542,80,13,"2020-05-02T10:09:00.000Z","5.4.19","4.5",[20,126,92,21,23],"thumbnail","https:\u002F\u002Fwww.ikanaweb.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-video-thumbnail.2.0.3.zip",85,{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":11,"num_ratings":140,"last_updated":141,"tested_up_to":89,"requires_at_least":57,"requires_php":142,"tags":143,"homepage":69,"download_link":146,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"better-core-video-embeds","Better Core Video Embeds","1.3.8","Highrise Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Fhighrisedigital\u002F","\u003Cp>This plugin provides page optimisations for pages and posts which have embedded Youtube, Vimeo or Daily Motion videos which have been added using the core embed block.\u003C\u002Fp>\n\u003Cp>Without this plugin, when using the core embed block, when your page loads, lots of external scripts and styles are loaded from the embed service, regardless of whether a visitor actually interacts with the embedded video.\u003C\u002Fp>\n\u003Cp>This plugin prevents these scripts and styles from loading until the user actually interacts with the video. It does this by replacing the video embed, on page load with the video thumbnail image (added on Youtube, Vimeo or Daily Motion). When a user clicks the thumbnail the embedded video, along with associated scripts and styles are loaded.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fk7A2kZWUb9Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","A plugin which enhances the core embed block for Youtube, Daily Motion and Vimeo videos by not loading unnecessary scripts until they are needed.",200,15784,11,"2025-06-02T10:52:00.000Z","7.0",[20,144,145,21,23],"oembed","performance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-core-video-embeds.1.3.8.zip",{"attackSurface":148,"codeSignals":193,"taintFlows":272,"riskAssessment":273,"analyzedAt":286},{"hooks":149,"ajaxHandlers":189,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":27,"unprotectedCount":27},[150,156,160,164,167,171,176,180,183,186],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_menu","voad_add_options_link","includes\\admin-page.php",307,{"type":151,"name":157,"callback":158,"file":154,"line":159},"admin_init","voad_register_settings",313,{"type":151,"name":161,"callback":162,"file":154,"line":163},"admin_enqueue_scripts","voad_load_js",322,{"type":151,"name":161,"callback":165,"file":154,"line":166},"voad_load_css",341,{"type":151,"name":168,"callback":169,"file":154,"line":170},"admin_notices","voad_notice_pro_version",351,{"type":151,"name":172,"callback":173,"file":174,"line":175},"init","voad_load_textdomain","video-on-admin-dashboard.php",29,{"type":151,"name":177,"callback":178,"file":174,"line":179},"wp_dashboard_setup","voad_dashboard",36,{"type":151,"name":152,"callback":181,"file":174,"line":182},"voad_add_products_plugin_submenu",72,{"type":151,"name":161,"callback":184,"file":174,"line":185},"voad_load_scripts",107,{"type":151,"name":161,"callback":187,"file":174,"line":188},"voad_load_general_scripts",133,[],[],[],[],{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":197,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":271},[],{"prepared":27,"raw":27,"locations":196},[],{"escaped":198,"rawEcho":199,"locations":200},63,38,[201,204,205,206,207,208,210,212,214,216,218,219,220,221,223,225,227,229,230,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269],{"file":154,"line":202,"context":203},103,"raw output",{"file":154,"line":202,"context":203},{"file":154,"line":202,"context":203},{"file":154,"line":202,"context":203},{"file":154,"line":202,"context":203},{"file":154,"line":209,"context":203},104,{"file":154,"line":211,"context":203},105,{"file":154,"line":213,"context":203},106,{"file":154,"line":215,"context":203},124,{"file":154,"line":217,"context":203},139,{"file":154,"line":217,"context":203},{"file":154,"line":217,"context":203},{"file":154,"line":217,"context":203},{"file":154,"line":222,"context":203},140,{"file":154,"line":224,"context":203},141,{"file":154,"line":226,"context":203},143,{"file":154,"line":228,"context":203},160,{"file":154,"line":118,"context":203},{"file":231,"line":232,"context":203},"includes\\list-plugins.php",563,{"file":231,"line":234,"context":203},576,{"file":231,"line":236,"context":203},632,{"file":231,"line":238,"context":203},634,{"file":231,"line":240,"context":203},636,{"file":231,"line":242,"context":203},638,{"file":231,"line":244,"context":203},652,{"file":231,"line":246,"context":203},684,{"file":231,"line":248,"context":203},687,{"file":231,"line":250,"context":203},688,{"file":231,"line":252,"context":203},716,{"file":231,"line":254,"context":203},724,{"file":174,"line":256,"context":203},249,{"file":174,"line":258,"context":203},251,{"file":174,"line":260,"context":203},261,{"file":174,"line":262,"context":203},263,{"file":174,"line":264,"context":203},269,{"file":174,"line":266,"context":203},280,{"file":174,"line":268,"context":203},282,{"file":174,"line":270,"context":203},298,[],[],{"summary":274,"deductions":275},"The 'videos-on-admin-dashboard' plugin v2.1.31 exhibits a mixed security posture. On the positive side, static analysis reveals no identified dangerous functions, external HTTP requests, file operations, or cron events. All SQL queries are properly prepared, and there are no identified taint flows or vulnerabilities in that area. The absence of direct entry points like AJAX handlers, REST API routes, or shortcodes with authentication checks is a strength, minimizing the plugin's direct attack surface. However, a significant concern is the output escaping, with only 62% of outputs being properly escaped. This leaves a considerable portion of output potentially vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the plugin has a history of one high-severity vulnerability, specifically XSS, last identified in 2020. While this vulnerability is currently patched, its historical occurrence suggests a potential for such issues within the codebase. The lack of nonce and capability checks, while not directly exploitable due to the limited entry points, is a missed opportunity for robust security practices.",[276,279,282,284],{"reason":277,"points":278},"Insufficient output escaping (38% unescaped)",8,{"reason":280,"points":281},"Historical high-severity XSS vulnerability",15,{"reason":283,"points":87},"Missing nonce checks",{"reason":285,"points":87},"Missing capability checks","2026-03-16T20:40:04.453Z",{"wat":288,"direct":299},{"assetPaths":289,"generatorPatterns":292,"scriptPaths":293,"versionParams":295},[290,291],"wp-content\u002Fplugins\u002Fvideos-on-admin-dashboard\u002Fincludes\u002Fcss\u002Fvideo-on-admin-dashboard.css","wp-content\u002Fplugins\u002Fvideos-on-admin-dashboard\u002Fincludes\u002Fcss\u002Fnhfont.css",[],[294],"wp-content\u002Fplugins\u002Fvideos-on-admin-dashboard\u002Fjs\u002Fvoad-admin-dashboard.js",[296,297,298],"videos-on-admin-dashboard\u002Fincludes\u002Fcss\u002Fvideo-on-admin-dashboard.css?ver=","videos-on-admin-dashboard\u002Fincludes\u002Fcss\u002Fnhfont.css?ver=","videos-on-admin-dashboard\u002Fjs\u002Fvoad-admin-dashboard.js?ver=",{"cssClasses":300,"htmlComments":302,"htmlAttributes":304,"restEndpoints":307,"jsGlobals":308,"shortcodeOutput":310},[301],"voad-video-container",[303],"\u003C!-- Plugin: Videos on Admin Dashboard -->",[305,306],"data-voad-id","data-voad-source",[],[309],"voad_dashboard_options",[]]