[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f23TaJF3k1p-QkMh2A1-mRFEmEgCnZLckfCwg_twKu5U":3,"$fAWxG2B037NIIokZvfMnCUpLiLfgiTIPWmuQ76o4QGIU":277,"$fwUJ9r_O3HK_TFlq45ustZZO05erPG2dD3l5OuV37pFs":282},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":48,"crawl_stats":35,"alternatives":54,"analysis":115,"fingerprints":241},"wds-multisite-aggregate","WDS Multisite Aggregate","1.0.2","webdevstudios","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdevstudios\u002F","\u003Cp>Creates a new site where all the most recent posts\u002Fpages\u002Fetc on a WordPress network may be collected (much like http:\u002F\u002Fwordpress.com\u002Ftags\u002F).\u003C\u002Fp>\n\u003Cp>For performance reasons the number of posts is limited to a user configurable amount, and the blog itself can be made indexable by search engines or not.\u003C\u002Fp>\n\u003Cp>Based on and forked from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-mu-sitewide-tags\u002F\" rel=\"ugc\">WordPress MU Sitewide Tags Pages\u003C\u002Fa> plugin by Donncha O Caoimh.\u003C\u002Fp>\n\u003Cp>WPCLI is supported:\u003Cbr \u002F>\n    wp multisite_aggregate –help.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpluginize.com\u002F?utm_source=wds-multisite-agg&utm_medium=text&utm_campaign=wporg\" rel=\"nofollow ugc\">Pluginize\u003C\u002Fa> was launched in 2016 by \u003Ca href=\"https:\u002F\u002Fwebdevstudios.com\u002F\" rel=\"nofollow ugc\">WebDevStudios\u003C\u002Fa> to promote, support, and house all of their \u003Ca href=\"https:\u002F\u002Fpluginize.com\u002Fshop\u002F?utm_source=wds-multisite-agg&utm_medium=text&utm_campaign=wporg\" rel=\"nofollow ugc\">WordPress products\u003C\u002Fa>. Pluginize is not only creating new products for WordPress all the time, but also provides \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-post-type-ui\u002F\" rel=\"ugc\">ongoing support and development for WordPress community favorites like CPTUI\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcmb2\u002F\" rel=\"ugc\">CMB2\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Ch3>Install\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install in your plugins directory in the usual way and network activate the plugin. There is no need to put it in mu-plugins.\u003C\u002Fli>\n\u003Cli>Login as a site administrator and go to Super Admin->Sitewide Tags.\n\u003Col>\n\u003Cli>Aggregate site defaults to “Network Posts” but can be anything. This is the blog where your sitewide posts will live. It will be created if it doesn’t exist.\u003C\u002Fli>\n\u003Cli>Check “Post to main blog” to use your main blog as the aggregate blog.\u003C\u002Fli>\n\u003Cli>“Max posts” defaults to 5000. Older posts will be deleted if this threshold is broken.\u003C\u002Fli>\n\u003Cli>Check “Include Pages” to include both posts and pages, handy for making a sitewide search.\u003C\u002Fli>\n\u003Cli>“Privacy” defaults to public, pages can be indexed by search engines.\u003C\u002Fli>\n\u003Cli>When “Privacy” is not public, check “Non-Public Blogs” to include blogs not indexed by search engines.\u003C\u002Fli>\n\u003Cli>Add “Post Meta” custom fields to be copied with posts\u002Fpages.\u003C\u002Fli>\n\u003Cli>“Populate Posts” allows you to fill in posts from an existing blog.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","A central area where all the posts on a WordPress MS network can be collected.",10,2960,100,2,"2016-12-10T21:33:00.000Z","4.7.33","3.0","",[20],"wordpressmu","https:\u002F\u002Fgithub.com\u002FWebDevStudios\u002FWDS-Multisite-Aggregate","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwds-multisite-aggregate.zip",85,1,0,"2023-07-10 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":26,"updated_date":42,"references":43,"days_to_patch":45,"patch_diff_files":46,"patch_trac_url":35,"research_status":35,"research_verified":47,"research_rounds_completed":25,"research_plan":35,"research_summary":35,"research_vulnerable_code":35,"research_fix_diff":35,"research_exploit_outline":35,"research_model_used":35,"research_started_at":35,"research_completed_at":35,"research_error":35,"poc_status":35,"poc_video_id":35,"poc_summary":35,"poc_steps":35,"poc_tested_at":35,"poc_wp_version":35,"poc_php_version":35,"poc_playwright_script":35,"poc_exploit_code":35,"poc_has_trace":47,"poc_model_used":35,"poc_verification_depth":35},"CVE-2015-10120","wds-multisite-aggregate-reflected-cross-site-scripting","WDS Multisite Aggregate \u003C= 1.0.0 - Reflected Cross-Site Scripting","The WDS Multisite Aggregate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the use of add_query_arg in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.0.0","1.0.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdad12b10-2e04-4bc2-b5ad-c00cb287e456?source=api-prod",197,[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},1017200,92,642,73,"2026-05-20T02:54:38.022Z",[55,74,89,102],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":13,"downloaded":63,"rating":13,"num_ratings":24,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":72,"download_link":73,"security_score":23,"vuln_count":25,"unpatched_count":25,"last_vuln_date":35,"fetched_at":27},"gravatar-favicon","Gravatar Favicon","3.1","Patrick Chia","https:\u002F\u002Fprofiles.wordpress.org\u002Fmypatricks\u002F","\u003Cp>This plugin allows you to generate a \u003Ccode>gravatar favicon\u003C\u002Fcode> for your blog and admin logo included Apple touch icon. Just activate the plugin, and it will add gravatars to your blog template and admin panel automatically, no setting and nothing. But you must enable your avatar(Discussion Settings). (W6A4N4-L26P6-WSH)\u003C\u002Fp>\n","This plugin allows you to generate a gravatar favicon for your blog and admin logo included Apple touch icon.",21924,"2012-06-10T07:13:00.000Z","3.3.2","2.5",[68,69,70,20,71],"avatar","avatars","images","wpmu","http:\u002F\u002Fpatrick.bloggles.info\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-favicon.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":25,"num_ratings":25,"last_updated":83,"tested_up_to":84,"requires_at_least":17,"requires_php":18,"tags":85,"homepage":86,"download_link":87,"security_score":23,"vuln_count":25,"unpatched_count":25,"last_vuln_date":35,"fetched_at":88},"mu-post-to-multiple-blogs","MU Post to Multiple Blogs","1.0","bdombro","https:\u002F\u002Fprofiles.wordpress.org\u002Fbdombro\u002F","\u003Cp>Creates a metabox on post edit pages, which allows you to select other blogs to post to within a WordPress multisite.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Must be logged in as an network admin to see the box.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For performance reasons the number of posts is limited to a user configurable amount, and the blog itself can be made indexable by search engines or not.\u003C\u002Fp>\n\u003Cp>This plugin was based on another WP plugin:  https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-mu-sitewide-tags\u002F\u003C\u002Fp>\n\u003Ch3>Install\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install in your plugins directory in the usual way and network activate the plugin. There is no need to put it in mu-plugins.\u003C\u002Fli>\n\u003Cli>Login as a site administrator and go to Super Admin->Sitewide Tags.\n\u003Col>\n\u003Cli>“Max posts” defaults to 5000. Older posts will be deleted if this threshold is broken.\u003C\u002Fli>\n\u003Cli>Check “Include Pages” to include both posts and pages, handy for making a sitewide search.\u003C\u002Fli>\n\u003Cli>“Privacy” defaults to public, pages can be indexed by search engines.\u003C\u002Fli>\n\u003Cli>When “Privacy” is not public, check “Non-Public Blogs” to include blogs not indexed by search engines.\u003C\u002Fli>\n\u003Cli>Add “Post Meta” custom fields to be copied with posts\u002Fpages.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Allows the posting to multiple blogs at a time, bubble-out style.",2779,"2014-01-08T21:06:00.000Z","3.7.41",[20],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmu-post-to-multiple-blogs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmu-post-to-multiple-blogs.zip","2026-04-06T09:54:40.288Z",{"slug":90,"name":91,"version":77,"author":59,"author_profile":60,"description":92,"short_description":93,"active_installs":11,"downloaded":94,"rating":25,"num_ratings":25,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":72,"download_link":101,"security_score":23,"vuln_count":25,"unpatched_count":25,"last_vuln_date":35,"fetched_at":27},"multiple-twitter-widgets","Multiple Twitter Widgets","\u003Cp>Allows for multiple twitter widgets to be displayed.\u003C\u002Fp>\n","Allows for multiple twitter widgets to be displayed.",4451,"2009-07-04T17:36:00.000Z","2.8","2.7",[99,100,20,71],"twitter","widgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-twitter-widgets.zip",{"slug":103,"name":104,"version":105,"author":59,"author_profile":60,"description":106,"short_description":107,"active_installs":11,"downloaded":108,"rating":25,"num_ratings":25,"last_updated":109,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":110,"homepage":72,"download_link":114,"security_score":23,"vuln_count":25,"unpatched_count":25,"last_vuln_date":35,"fetched_at":27},"wpmu-admin-interface-language","WPMU Admin Interface Language","1.1","\u003Cp>Lets WPMU user to select language in backend administration panel.\u003C\u002Fp>\n","Lets WPMU user to select language in backend administration panel.",4656,"2009-07-05T04:38:00.000Z",[111,112,113,20,71],"i18n","translation","translations","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpmu-admin-interface-language.zip",{"attackSurface":116,"codeSignals":207,"taintFlows":232,"riskAssessment":233,"analyzedAt":240},{"hooks":117,"ajaxHandlers":203,"restRoutes":204,"shortcodes":205,"cronEvents":206,"entryPointCount":25,"unprotectedCount":25},[118,124,128,133,138,141,145,150,154,157,159,162,165,168,171,176,180,184,188,191,195,199],{"type":119,"name":120,"callback":121,"file":122,"line":123},"action","network_admin_menu","network_add_pages","includes\u002FWDS_Multisite_Aggregate_Admin.php",18,{"type":119,"name":125,"callback":126,"file":122,"line":127},"init","text_domain",19,{"type":119,"name":129,"callback":130,"file":131,"line":132},"post_submitbox_start","test","includes\u002FWDS_Multisite_Aggregate_Debug.php",11,{"type":134,"name":135,"callback":135,"priority":11,"file":136,"line":137},"filter","post_link","includes\u002FWDS_Multisite_Aggregate_Frontend.php",15,{"type":134,"name":139,"callback":135,"priority":11,"file":136,"line":140},"page_link",16,{"type":134,"name":142,"callback":143,"priority":11,"file":136,"line":144},"post_thumbnail_html","thumbnail_link",17,{"type":134,"name":146,"callback":147,"file":148,"line":149},"sitewide_tags_allowed_post_types","pages_filter","includes\u002FWDS_Multisite_Aggregate_Options.php",47,{"type":119,"name":151,"callback":152,"priority":11,"file":153,"line":137},"update_option_blog_public","maybe_remove_blogs_posts","includes\u002FWDS_Multisite_Aggregate_Remove.php",{"type":119,"name":155,"callback":156,"priority":11,"file":153,"line":123},"delete_blog","remove_blogs_posts",{"type":119,"name":158,"callback":156,"priority":11,"file":153,"line":127},"archive_blog",{"type":119,"name":160,"callback":156,"priority":11,"file":153,"line":161},"deactivate_blog",20,{"type":119,"name":163,"callback":156,"priority":11,"file":153,"line":164},"make_spam_blog",21,{"type":119,"name":166,"callback":156,"priority":11,"file":153,"line":167},"mature_blog",22,{"type":119,"name":169,"callback":156,"file":153,"line":170},"transition_post_status",24,{"type":119,"name":172,"callback":173,"priority":11,"file":174,"line":175},"save_post","do_post_sync","wds-multisite-aggregate.php",79,{"type":119,"name":177,"callback":178,"priority":11,"file":174,"line":179},"wds_multisite_aggregate_post_sync","save_meta_fields",80,{"type":119,"name":181,"callback":182,"file":174,"line":183},"wp_update_comment_count","do_comment_sync",81,{"type":119,"name":185,"callback":186,"file":174,"line":187},"trash_post","sync_post_delete",83,{"type":119,"name":189,"callback":186,"file":174,"line":190},"delete_post",84,{"type":119,"name":125,"callback":192,"priority":193,"file":174,"line":194},"populate_posts_from_blog",8,88,{"type":119,"name":196,"callback":197,"file":174,"line":198},"admin_init","context_hooks",91,{"type":119,"name":200,"callback":201,"file":174,"line":202},"all_admin_notices","user_notice",98,[],[],[],[],{"dangerousFunctions":208,"sqlUsage":209,"outputEscaping":216,"fileOperations":25,"externalRequests":24,"nonceChecks":24,"capabilityChecks":25,"bundledLibraries":231},[],{"prepared":132,"raw":14,"locations":210},[211,213],{"file":153,"line":190,"context":212},"$wpdb->get_col() with unsafe: $blog_id",{"file":153,"line":214,"context":215},109,"$wpdb->get_results() with unsafe: $max_to_del",{"escaped":217,"rawEcho":218,"locations":219},13,5,[220,223,225,227,229],{"file":221,"line":218,"context":222},"includes\u002Fadmin-page.php","raw output",{"file":221,"line":224,"context":222},7,{"file":221,"line":226,"context":222},25,{"file":174,"line":228,"context":222},360,{"file":174,"line":230,"context":222},361,[],[],{"summary":234,"deductions":235},"The wds-multisite-aggregate plugin v1.0.2 exhibits a generally positive security posture with several strengths. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events without authentication or permission checks indicates a limited attack surface, which is a good practice. The code also demonstrates a strong adherence to secure coding practices regarding SQL queries, with 85% utilizing prepared statements, and a reasonable 72% of output escaping being properly implemented. The fact that there are no taint analysis findings further suggests that complex vulnerabilities like arbitrary code execution or data leakage are unlikely within the current version's analyzed flows.\n\nHowever, a significant concern remains the plugin's historical vulnerability record. It has a known medium severity CVE related to Cross-site Scripting, which was last patched relatively recently (July 2023). While currently unpatched CVEs are zero, this indicates a past tendency for vulnerabilities of this nature. The presence of a single external HTTP request, while not inherently bad, could be a vector for certain types of attacks if not handled with extreme care, though it is not flagged as a specific concern in the static analysis.\n\nIn conclusion, the plugin has made strides in reducing its immediate attack surface and implementing some secure coding practices. The primary weakness lies in its vulnerability history, suggesting a need for continued vigilance and thorough auditing. The lack of capability checks, while not leading to immediate deductions based on the provided data, could be a potential area for future security review if the plugin's functionality expands.",[236,238],{"reason":237,"points":11},"Past medium severity CVE for XSS",{"reason":239,"points":218},"No capability checks identified","2026-04-16T12:59:11.078Z",{"wat":242,"direct":251},{"assetPaths":243,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[244,245],"\u002Fwp-content\u002Fplugins\u002Fwds-multisite-aggregate\u002Fassets\u002Fcss\u002Fwds-multisite-aggregate.css","\u002Fwp-content\u002Fplugins\u002Fwds-multisite-aggregate\u002Fassets\u002Fjs\u002Fwds-multisite-aggregate.js",[],[245],[249,250],"wds-multisite-aggregate\u002Fassets\u002Fcss\u002Fwds-multisite-aggregate.css?ver=","wds-multisite-aggregate\u002Fassets\u002Fjs\u002Fwds-multisite-aggregate.js?ver=",{"cssClasses":252,"htmlComments":256,"htmlAttributes":270,"restEndpoints":272,"jsGlobals":273,"shortcodeOutput":276},[253,254,255],"wds-multisite-aggregate-notice","wds-multisite-aggregate-notice-description","wds-multisite-aggregate-redirect",[257,258,259,260,261,262,263,264,265,266,267,268,269],"Copyright 2008 Donncha O Caoimh (http:\u002F\u002Focaoimh.ie\u002F)","With contributions by Ron Rennick(http:\u002F\u002Fwpmututorials.com\u002F), Thomas Schneider(http:\u002F\u002Fwww.im-web-gefunden.de\u002F) and others.","This program is free software; you can redistribute it and\u002For modify","it under the terms of the GNU General Public License as published by","the Free Software Foundation; either version 2 of the License, or","(at your option) any later version.","This program is distributed in the hope that it will be useful,","but WITHOUT ANY WARRANTY; without even the implied warranty of","MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the","GNU General Public License for more details.","You should have received a copy of the GNU General Public License","along with this program; if not, write to the","Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA",[271],"data-wds-aggregate-debug",[],[274,275],"WDS_Multisite_Aggregate","wds_ma_autoload_classes",[],{"error":278,"url":279,"statusCode":280,"statusMessage":281,"message":281},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwds-multisite-aggregate\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":25,"versions":283},[]]