[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1zsJiWbhx43ip60bIb2tOtuRXS8V-lIczp-bMZEyEJY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":74,"crawl_stats":36,"alternatives":81,"analysis":189,"fingerprints":714},"weaverx-theme-support","Weaver Xtreme Theme Support","6.5.1","wpweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpweaver\u002F","\u003Cp>This is the theme support for the Weaver Xtreme Theme. This plugin provides a collection of useful shortcodes and widgets designed to complement the Weaver Xtreme theme. These shortcodes have been selected and developed based on requests and feedback from thousands of users of the Weaver Xtreme and previous versions of Weaver.\u003C\u002Fp>\n\u003Cp>This plugin also provides the Legacy Weaver Xtreme Admin Dashboard interface. The Legacy Admin is an old style interface alternative to the Customizer interface. The Legacy Interface has been updated for compatibility with Weaver Xtreme Version 5, and will automatically update and convert .wxt settings files from Weaver Xtreme 4.\u003C\u002Fp>\n\u003Cp>Includes complete documentation help file. Instructions for using the shortcodes and widgets are in the help file.\u003C\u002Fp>\n\u003Ch4>Shortcodes included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>[tab_group]\u003C\u002Fstrong> – Display content in a tabbed box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!--YouTube Error: bad URL entered-->\u003C\u002Fstrong> – Show your YouTube videos responsively, and with the capability to use any of the YouTube custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!-- vimeo error: not a vimeo video -->\u003C\u002Fstrong> –  Show your Vimeo videos responsively, and with the capability to use any of the Vimeo custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[iframe]\u003C\u002Fstrong> – Quick and easy display of content in an iframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[div]\u003C\u002Fstrong>, \u003Cstrong>[span]\u003C\u002Fstrong>, \u003Cstrong>[html]\u003C\u002Fstrong> – Add div, span, and other html to pages\u002Fposts without the need to switch to Text view.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[hide\u002Fshow_if]\u003C\u002Fstrong> – Show or hide content depending upon options: device, page ID, user capability, logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[bloginfo]\u003C\u002Fstrong> – Display any information available from WordPress bloginfo function.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[user_can]\u003C\u002Fstrong> – Display content base on logged-in user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_title]\u003C\u002Fstrong> – Display Site title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_tagline]\u003C\u002Fstrong> – Display Site tag line.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Weaver 2 Column Text Widget\u003C\u002Fstrong> – Add text into two columns in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Per Page Text Widget\u003C\u002Fstrong> – Add a text widget on a per-page basis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Login\u003C\u002Fstrong> – Simplified login widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Licenses\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Weaver Xtreme Theme Support plugin is licensed under the terms of the GNU GENERAL PUBLIC LICENSE, Version 2,\u003Cbr \u002F>\nJune 1991. (GPL) The full text of the license is in the license.txt file.\u003C\u002Fli>\n\u003Cli>All images included with this plugin are either original works of the author which\u003Cbr \u002F>\nhave been placed into the public domain, or have been derived from other public domain sources,\u003Cbr \u002F>\nand thus need no license. (This does not include the images provided with any of the\u003Cbr \u002F>\nbelow listed scripts and libraries. Those images are covered by their respective licenses.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin also includes several scripts and libraries that are covered under the terms\u003Cbr \u002F>\nof their own licenses in the listed files in the plugin distribution:\u003C\u002Fp>\n","A useful shortcode and widget collection for Weaver Xtreme",9000,382934,100,4,"2024-05-31T18:31:00.000Z","6.5.8","6.0","7.2",[20,21,22],"shortcodes","weaver-xtreme-theme","widgets","http:\u002F\u002Fweavertheme.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweaverx-theme-support.6.5.1.zip",89,3,0,"2024-06-04 19:18:53","2026-03-15T15:16:48.613Z",[31,47,63],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-4939","weaver-xtreme-theme-support-authenticated-contributor-stored-cross-site-scripting-via-div-shortcode","Weaver Xtreme Theme Support \u003C= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode","The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=6.4","6.5","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-06-05 07:34:57",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbc121ed0-4cb3-4ba4-b693-413b1c25e4ca?source=api-prod",1,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2023-4971","weaver-xtreme-theme-support-authenticated-administrator-php-object-injection-via-imported-file","Weaver Xtreme Theme Support \u003C= 6.3.0 - Authenticated (Administrator+) PHP Object Injection via Imported File","The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.3.0 via deserialization of untrusted input from imported files. This allows authenticated attackers, with administrator-level privileges and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","\u003C=6.3.0","6.3.1","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2023-09-19 00:00:00","2024-01-22 19:56:02",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F572689c6-d7d6-46c3-9e96-b9185337e8ce?source=api-prod",126,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":36,"affected_versions":68,"patched_in_version":69,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":70,"updated_date":59,"references":71,"days_to_patch":73},"CVE-2023-0276","weaver-xtreme-theme-support-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Weaver Xtreme Theme Support \u003C= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '[youtube]' and '[vimeo]' shortcodes in versions up to, and including, 6.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=6.2.5","6.2.7","2023-03-11 00:00:00",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7431ee0f-f485-48a4-9cdd-8fb2ac43e216?source=api-prod",318,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":75,"total_installs":76,"avg_security_score":77,"avg_patch_time_days":78,"trust_score":79,"computed_at":80},6,19650,88,158,71,"2026-04-04T15:10:06.908Z",[82,103,125,146,169],{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":46,"last_updated":92,"tested_up_to":16,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":99,"download_link":100,"security_score":101,"vuln_count":75,"unpatched_count":27,"last_vuln_date":102,"fetched_at":29},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,"2025-12-04T08:12:00.000Z","4.7","5.4.0",[96,97,20,98],"custom-post-types","elementor-widgets","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,"2026-02-18 15:32:44",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":13,"num_ratings":46,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":121,"download_link":122,"security_score":123,"vuln_count":26,"unpatched_count":46,"last_vuln_date":124,"fetched_at":29},"popularis-extra","Popularis Extra","1.2.10","Themes4WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemes4wp\u002F","\u003Cp>Popularis Extra gives you access to demo import for free PopularisWP themes, extra features like widgets, shortcodes or additional Elementor widgets.\u003C\u002Fp>\n\u003Cp>This plugin requires PopularisWP theme to be installed.\u003C\u002Fp>\n\u003Ch3>Supported Themes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis\u002F\" rel=\"ugc\">Popularis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-ecommerce\u002F\" rel=\"nofollow ugc\">Popularis eCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-verse\u002F\" rel=\"ugc\">Popularis Verse\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-hub\u002F\" rel=\"ugc\">Popularis Hub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-star\u002F\" rel=\"ugc\">Popularis Star\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-writer\u002F\" rel=\"ugc\">Popularis Writer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-press\u002F\" rel=\"ugc\">Popularis Press\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-fashion\u002F\" rel=\"nofollow ugc\">Popularis Fashion\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-business\u002F\" rel=\"nofollow ugc\">Popularis Business\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Popularis Extra add extra features to Popularis theme like demo import, widgets, shortcodes or Elementor widgets.",8000,225336,"2025-12-03T07:12:00.000Z","6.9.4","4.4","5.6",[118,119,120,20,22],"demo","elementor","import","https:\u002F\u002Fpopulariswp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpopularis-extra.1.2.10.zip",74,"2026-01-28 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":142,"download_link":143,"security_score":144,"vuln_count":46,"unpatched_count":46,"last_vuln_date":145,"fetched_at":29},"series","Series","2.0.1","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>Series is a plugin created to allow users to easily link posts together by using a WordPress taxonomy (like tags or categories) called “series”.  It can be particularly useful if you write several posts spanning the same topic and want them tied together in some way that tags or categories doesn’t cover.\u003C\u002Fp>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cp>If you need professional plugin support from me, the plugin author, you can access the support forums at \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fsupport\" rel=\"nofollow ugc\">Theme Hybrid\u003C\u002Fa>, which is a professional WordPress help\u002Fsupport site where I handle support for all my plugins and themes for a community of 75,000+ users (and growing).\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustintadlock\u002Fseries\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Yes, I do accept donations.  If you want to donate, you can do so from my \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fdonate\" rel=\"nofollow ugc\">donations page\u003C\u002Fa> or grab me something from my \u003Ca href=\"http:\u002F\u002Fa.co\u002FflUb0ns\" rel=\"nofollow ugc\">Amazon Wish List\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>I appreciate all donations, no matter the size.  Further development of this plugin is not contingent on donations, but they are always a nice incentive.\u003C\u002Fp>\n","Plugin that allows you to collect posts in a series.",2000,46271,84,5,"2018-12-17T20:52:00.000Z","5.0.25","4.8","5.3",[126,20,22],"https:\u002F\u002Fthemehybrid.com\u002Fplugins\u002Fseries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseries.2.0.1.zip",63,"2025-12-31 00:00:00",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":156,"num_ratings":157,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":161,"tags":162,"homepage":166,"download_link":167,"security_score":144,"vuln_count":46,"unpatched_count":46,"last_vuln_date":168,"fetched_at":29},"wp-widgets-shortcode","WordPress Widgets Shortcode","1.0.3","Brajesh Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbrajesh\u002F","\u003Cp>The plugin allows you to embed any WordPress Widget area\u002FDynamic Sidebar to your WordPress posts\u003C\u002Fp>\n\u003Cp>What you can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the shortcode to embed widget areas in posts\u003C\u002Fli>\n\u003Cli>Use the shortcode to embed Widget areas in Pages\u003C\u002Fli>\n\u003Cli>The widgets can be embedded anywhere, at the begining of content, middle, bottom or where ever you want. Just put the shortcode there.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please leave a comment here at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fwordpress\u002Fembed-wordpress-widget-areasdynamic-sidebars-in-posts-or-pages-using-simple-shortcodes\u002F\" title=\"Post about this plugin\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Others\u003C\u002Fh3>\n\u003Cp>For more info, please visit us at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002F\" title=\"The best place for all BuddyPress based plugins, themes tutorials\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n","Embed any widget area\u002Fdynamic sidebar to your pages\u002Fposts using the shortcode [dynamic-sidebar id='Your Widget Area\u002FSidebar name']",500,17170,90,8,"2016-05-14T08:01:00.000Z","4.7.32","3.5","",[163,164,165,20,22],"dynamic-sidebar","embed","embed-widgets","http:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fwp-widgets-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widgets-shortcode.1.0.3.zip","2025-09-22 00:00:00",{"slug":170,"name":171,"version":172,"author":173,"author_profile":174,"description":175,"short_description":176,"active_installs":177,"downloaded":178,"rating":13,"num_ratings":179,"last_updated":180,"tested_up_to":159,"requires_at_least":181,"requires_php":161,"tags":182,"homepage":186,"download_link":187,"security_score":188,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"shortcodes-in-sidebar","Shortcodes in Sidebar","3.0","Pankaj Anupam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpankajanupam\u002F","\u003Cp>Shortcodes in Sidebar plugin allow shortcodes to execute when used in sidebar text widgets.  All that is needed is to download, install and activate. This is very useful for placing things like contact forms and other shortcode enabled features in sidebars.\u003C\u002Fp>\n","Shortcodes in Sidebar allows shortcodes to execute in sidebars.",400,14783,2,"2017-02-01T15:24:00.000Z","2.5",[183,20,184,185,22],"shortcode","sidebar","sidebars","http:\u002F\u002Fpankajanupam.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-in-sidebar.zip",85,{"attackSurface":190,"codeSignals":288,"taintFlows":593,"riskAssessment":694,"analyzedAt":713},{"hooks":191,"ajaxHandlers":284,"restRoutes":285,"shortcodes":286,"cronEvents":287,"entryPointCount":27,"unprotectedCount":27},[192,198,202,206,210,214,218,222,227,231,235,239,243,249,254,257,259,264,268,272,276,280],{"type":193,"name":194,"callback":195,"file":196,"line":197},"action","admin_head","weaverx_admin_ts_head","admin\\add-weaverx-sapi-options.php",11,{"type":193,"name":199,"callback":200,"file":196,"line":201},"weaverx_admin_saverestore","weaverx_ts_weaverx_admin_saverestore",18,{"type":193,"name":203,"callback":204,"file":196,"line":205},"weaverx_admin_subthemes","weaverx_ts_weaverx_admin_subthemes",19,{"type":193,"name":207,"callback":208,"file":196,"line":209},"weaverx_admin_mainopts","weaverx_ts_weaverx_admin_mainopts",20,{"type":193,"name":211,"callback":212,"file":196,"line":213},"weaverx_admin_advancedopts","weaverx_ts_weaverx_admin_advancedopts",21,{"type":193,"name":215,"callback":216,"file":217,"line":123},"weaverx_save_mcecss","weaverx_ts_save_mcecss","includes\\wvrx-ts-editor-style.php",{"type":193,"name":219,"callback":220,"file":217,"line":221},"weaverx_save_gutenberg_css","weaverx_ts_save_gutenberg_css",81,{"type":223,"name":224,"callback":225,"file":217,"line":226},"filter","weaverx_mce_css","weaverx_ts_mce_css",625,{"type":223,"name":228,"callback":229,"file":230,"line":201},"widget_text","do_shortcode","includes\\wvrx-ts-runtime-lib.php",{"type":193,"name":232,"callback":233,"file":230,"line":234},"weaverx_theme_support_addon","wvrx_ts_theme_support_addon",35,{"type":193,"name":236,"callback":237,"file":230,"line":238},"weaverx_more_help","weaverx_ts_more_help",198,{"type":193,"name":240,"callback":241,"file":230,"line":242},"weaverx_ts_show_version","weaverx_ts_show_version_action",234,{"type":193,"name":244,"callback":245,"priority":246,"file":247,"line":248},"init","wvrx_ts_setup_shortcodes",99,"includes\\wvrx-ts-shortcodes.php",39,{"type":193,"name":250,"callback":251,"file":252,"line":253},"widgets_init","wvrx_ts_load_widgets","includes\\wvrx-ts-widgets.php",453,{"type":223,"name":255,"callback":229,"file":252,"line":256},"weaverx_text",454,{"type":223,"name":228,"callback":229,"file":252,"line":258},455,{"type":193,"name":260,"callback":261,"file":262,"line":263},"wp_enqueue_scripts","wvrx_ts_enqueue_scripts","weaverx-ts.php",83,{"type":193,"name":265,"callback":266,"file":262,"line":267},"weaver_xtreme_load_admin","weaver_xtreme_load_admin_action",98,{"type":193,"name":269,"callback":270,"file":262,"line":271},"weaverx_child_show_extrathemes","wvrx_ts_child_show_extrathemes_action",102,{"type":193,"name":273,"callback":274,"file":262,"line":275},"weaverx_child_process_options","wvrx_ts_child_process_options",109,{"type":193,"name":277,"callback":278,"file":262,"line":279},"weaverx_child_saverestore","wvrx_ts_child_saverestore_action",131,{"type":193,"name":281,"callback":282,"file":262,"line":283},"plugins_loaded","wvrx_check_jetpack",273,[],[],[],[],{"dangerousFunctions":289,"sqlUsage":297,"outputEscaping":299,"fileOperations":590,"externalRequests":27,"nonceChecks":27,"capabilityChecks":591,"bundledLibraries":592},[290,295],{"fn":291,"file":292,"line":293,"context":294},"unserialize","admin\\admin-lib-ts.php",145,"$restore = unserialize(substr($contents, 10));",{"fn":291,"file":292,"line":296,"context":294},811,{"prepared":27,"raw":27,"locations":298},[],{"escaped":300,"rawEcho":301,"locations":302},269,162,[303,307,308,310,312,314,316,319,321,323,325,326,328,330,331,332,334,336,337,339,341,343,345,347,349,350,352,354,356,358,360,362,364,366,368,370,372,373,375,377,379,381,383,385,387,389,391,393,395,397,399,400,401,403,405,407,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,447,449,451,452,454,456,458,460,462,464,466,468,470,472,474,476,478,479,481,483,485,487,488,489,491,493,494,496,497,498,499,500,501,503,504,506,507,509,511,512,514,516,517,519,520,521,522,524,526,527,528,529,531,533,534,536,537,539,541,543,544,546,548,550,551,553,555,557,559,561,563,565,566,568,569,571,573,574,575,577,579,581,582,584,586,587,589],{"file":304,"line":305,"context":306},"admin\\admin-advancedopts4.php",232,"raw output",{"file":304,"line":305,"context":306},{"file":304,"line":309,"context":306},238,{"file":304,"line":311,"context":306},253,{"file":304,"line":313,"context":306},260,{"file":304,"line":315,"context":306},505,{"file":317,"line":318,"context":306},"admin\\admin-lib-ts-2.php",25,{"file":317,"line":320,"context":306},40,{"file":317,"line":322,"context":306},41,{"file":317,"line":324,"context":306},61,{"file":317,"line":144,"context":306},{"file":317,"line":327,"context":306},79,{"file":317,"line":329,"context":306},82,{"file":317,"line":263,"context":306},{"file":317,"line":188,"context":306},{"file":317,"line":333,"context":306},86,{"file":317,"line":335,"context":306},87,{"file":317,"line":25,"context":306},{"file":317,"line":338,"context":306},104,{"file":317,"line":340,"context":306},133,{"file":317,"line":342,"context":306},134,{"file":317,"line":344,"context":306},136,{"file":317,"line":346,"context":306},152,{"file":317,"line":348,"context":306},157,{"file":317,"line":348,"context":306},{"file":317,"line":351,"context":306},231,{"file":317,"line":353,"context":306},235,{"file":317,"line":355,"context":306},252,{"file":317,"line":357,"context":306},279,{"file":317,"line":359,"context":306},1118,{"file":317,"line":361,"context":306},1143,{"file":317,"line":363,"context":306},1145,{"file":317,"line":365,"context":306},1155,{"file":317,"line":367,"context":306},1344,{"file":317,"line":369,"context":306},1348,{"file":317,"line":371,"context":306},1349,{"file":317,"line":371,"context":306},{"file":317,"line":374,"context":306},1441,{"file":292,"line":376,"context":306},387,{"file":292,"line":378,"context":306},393,{"file":292,"line":380,"context":306},394,{"file":292,"line":382,"context":306},404,{"file":292,"line":384,"context":306},423,{"file":292,"line":386,"context":306},426,{"file":292,"line":388,"context":306},428,{"file":292,"line":390,"context":306},456,{"file":292,"line":392,"context":306},458,{"file":292,"line":394,"context":306},459,{"file":292,"line":396,"context":306},466,{"file":292,"line":398,"context":306},468,{"file":292,"line":398,"context":306},{"file":292,"line":398,"context":306},{"file":292,"line":402,"context":306},480,{"file":292,"line":404,"context":306},488,{"file":292,"line":406,"context":306},497,{"file":292,"line":315,"context":306},{"file":292,"line":409,"context":306},532,{"file":292,"line":411,"context":306},548,{"file":292,"line":413,"context":306},550,{"file":292,"line":415,"context":306},551,{"file":292,"line":417,"context":306},583,{"file":292,"line":419,"context":306},596,{"file":292,"line":421,"context":306},638,{"file":292,"line":423,"context":306},646,{"file":292,"line":425,"context":306},674,{"file":292,"line":427,"context":306},682,{"file":292,"line":429,"context":306},711,{"file":292,"line":431,"context":306},719,{"file":292,"line":433,"context":306},771,{"file":292,"line":435,"context":306},774,{"file":292,"line":437,"context":306},782,{"file":292,"line":439,"context":306},899,{"file":292,"line":441,"context":306},914,{"file":292,"line":443,"context":306},915,{"file":445,"line":446,"context":306},"admin\\admin-saverestore4.php",47,{"file":445,"line":448,"context":306},149,{"file":445,"line":450,"context":306},154,{"file":445,"line":348,"context":306},{"file":445,"line":453,"context":306},171,{"file":455,"line":79,"context":306},"admin\\admin-subthemes4.php",{"file":455,"line":457,"context":306},73,{"file":455,"line":459,"context":306},101,{"file":455,"line":461,"context":306},128,{"file":230,"line":463,"context":306},12,{"file":230,"line":465,"context":306},28,{"file":230,"line":467,"context":306},30,{"file":230,"line":469,"context":306},58,{"file":230,"line":471,"context":306},146,{"file":230,"line":473,"context":306},159,{"file":230,"line":475,"context":306},185,{"file":230,"line":477,"context":306},219,{"file":252,"line":213,"context":306},{"file":252,"line":480,"context":306},22,{"file":252,"line":482,"context":306},26,{"file":252,"line":484,"context":306},27,{"file":252,"line":486,"context":306},29,{"file":252,"line":467,"context":306},{"file":252,"line":234,"context":306},{"file":252,"line":490,"context":306},59,{"file":252,"line":492,"context":306},60,{"file":252,"line":492,"context":306},{"file":252,"line":495,"context":306},62,{"file":252,"line":495,"context":306},{"file":252,"line":495,"context":306},{"file":252,"line":144,"context":306},{"file":252,"line":144,"context":306},{"file":252,"line":144,"context":306},{"file":252,"line":502,"context":306},64,{"file":252,"line":502,"context":306},{"file":252,"line":505,"context":306},65,{"file":252,"line":156,"context":306},{"file":252,"line":508,"context":306},92,{"file":252,"line":510,"context":306},94,{"file":252,"line":101,"context":306},{"file":252,"line":513,"context":306},130,{"file":252,"line":515,"context":306},132,{"file":252,"line":344,"context":306},{"file":252,"line":518,"context":306},143,{"file":252,"line":348,"context":306},{"file":252,"line":348,"context":306},{"file":252,"line":348,"context":306},{"file":252,"line":523,"context":306},192,{"file":252,"line":525,"context":306},196,{"file":252,"line":238,"context":306},{"file":252,"line":305,"context":306},{"file":252,"line":242,"context":306},{"file":252,"line":530,"context":306},261,{"file":252,"line":532,"context":306},262,{"file":252,"line":532,"context":306},{"file":252,"line":535,"context":306},264,{"file":252,"line":535,"context":306},{"file":252,"line":538,"context":306},265,{"file":252,"line":540,"context":306},282,{"file":252,"line":542,"context":306},283,{"file":252,"line":542,"context":306},{"file":252,"line":545,"context":306},288,{"file":252,"line":547,"context":306},299,{"file":252,"line":549,"context":306},300,{"file":252,"line":549,"context":306},{"file":252,"line":552,"context":306},337,{"file":252,"line":554,"context":306},341,{"file":252,"line":556,"context":306},343,{"file":252,"line":558,"context":306},377,{"file":252,"line":560,"context":306},379,{"file":252,"line":562,"context":306},406,{"file":252,"line":564,"context":306},407,{"file":252,"line":564,"context":306},{"file":252,"line":567,"context":306},409,{"file":252,"line":567,"context":306},{"file":252,"line":570,"context":306},410,{"file":252,"line":572,"context":306},425,{"file":252,"line":386,"context":306},{"file":252,"line":386,"context":306},{"file":252,"line":576,"context":306},431,{"file":252,"line":578,"context":306},442,{"file":252,"line":580,"context":306},443,{"file":252,"line":580,"context":306},{"file":262,"line":583,"context":306},140,{"file":262,"line":585,"context":306},141,{"file":262,"line":518,"context":306},{"file":262,"line":588,"context":306},259,{"file":262,"line":530,"context":306},9,10,[],[594,610,619,629,637,652,665],{"entryPoint":595,"graph":596,"unsanitizedCount":46,"severity":39},"weaverx_saverestore (admin\\admin-saverestore4.php:130)",{"nodes":597,"edges":607},[598,602],{"id":599,"type":600,"label":601,"file":445,"line":453},"n0","source","$_SERVER['REQUEST_URI']",{"id":603,"type":604,"label":605,"file":445,"line":453,"wp_function":606},"n1","sink","echo() [XSS]","echo",[608],{"from":599,"to":603,"sanitized":609},false,{"entryPoint":611,"graph":612,"unsanitizedCount":179,"severity":39},"wvrx_ts_theme_support_addon (includes\\wvrx-ts-runtime-lib.php:36)",{"nodes":613,"edges":617},[614,616],{"id":599,"type":600,"label":615,"file":230,"line":471},"$_SERVER['REQUEST_URI'] (x2)",{"id":603,"type":604,"label":605,"file":230,"line":471,"wp_function":606},[618],{"from":599,"to":603,"sanitized":609},{"entryPoint":620,"graph":621,"unsanitizedCount":27,"severity":628},"\u003Cadmin-saverestore4> (admin\\admin-saverestore4.php:0)",{"nodes":622,"edges":625},[623,624],{"id":599,"type":600,"label":601,"file":445,"line":453},{"id":603,"type":604,"label":605,"file":445,"line":453,"wp_function":606},[626],{"from":599,"to":603,"sanitized":627},true,"low",{"entryPoint":630,"graph":631,"unsanitizedCount":179,"severity":628},"\u003Cwvrx-ts-runtime-lib> (includes\\wvrx-ts-runtime-lib.php:0)",{"nodes":632,"edges":635},[633,634],{"id":599,"type":600,"label":615,"file":230,"line":471},{"id":603,"type":604,"label":605,"file":230,"line":471,"wp_function":606},[636],{"from":599,"to":603,"sanitized":609},{"entryPoint":638,"graph":639,"unsanitizedCount":46,"severity":54},"weaverx_process_options_themes (admin\\admin-lib-ts.php:5)",{"nodes":640,"edges":649},[641,643,646],{"id":599,"type":600,"label":642,"file":292,"line":463},"$_POST",{"id":603,"type":644,"label":645,"file":292,"line":463},"transform","→ weaverx_activate_subtheme()",{"id":647,"type":604,"label":648,"file":292,"line":293,"wp_function":291},"n2","unserialize() [Object Injection]",[650,651],{"from":599,"to":603,"sanitized":609},{"from":603,"to":647,"sanitized":609},{"entryPoint":653,"graph":654,"unsanitizedCount":46,"severity":54},"weaverx_loadtheme (admin\\admin-lib-ts.php:729)",{"nodes":655,"edges":662},[656,659,661],{"id":599,"type":600,"label":657,"file":292,"line":658},"$_FILES",781,{"id":603,"type":644,"label":660,"file":292,"line":658},"→ weaverx_ex_set_current_to_serialized_values()",{"id":647,"type":604,"label":648,"file":292,"line":296,"wp_function":291},[663,664],{"from":599,"to":603,"sanitized":609},{"from":603,"to":647,"sanitized":609},{"entryPoint":666,"graph":667,"unsanitizedCount":179,"severity":54},"\u003Cadmin-lib-ts> (admin\\admin-lib-ts.php:0)",{"nodes":668,"edges":687},[669,670,671,673,675,677,679,681,683,685],{"id":599,"type":600,"label":642,"file":292,"line":591},{"id":603,"type":604,"label":648,"file":292,"line":293,"wp_function":291},{"id":647,"type":600,"label":657,"file":292,"line":672},742,{"id":674,"type":604,"label":648,"file":292,"line":296,"wp_function":291},"n3",{"id":676,"type":600,"label":642,"file":292,"line":463},"n4",{"id":678,"type":644,"label":645,"file":292,"line":463},"n5",{"id":680,"type":604,"label":648,"file":292,"line":293,"wp_function":291},"n6",{"id":682,"type":600,"label":657,"file":292,"line":658},"n7",{"id":684,"type":644,"label":660,"file":292,"line":658},"n8",{"id":686,"type":604,"label":648,"file":292,"line":296,"wp_function":291},"n9",[688,689,690,691,692,693],{"from":599,"to":603,"sanitized":627},{"from":647,"to":674,"sanitized":627},{"from":676,"to":678,"sanitized":609},{"from":678,"to":680,"sanitized":609},{"from":682,"to":684,"sanitized":609},{"from":684,"to":686,"sanitized":609},{"summary":695,"deductions":696},"The weaverx-theme-support plugin v6.5.1 presents a mixed security posture. While the static analysis shows no direct attack surface through AJAX, REST API, shortcodes, or cron events, and all SQL queries utilize prepared statements, there are significant underlying concerns. The presence of two dangerous `unserialize` functions is a major red flag, especially when combined with a high number of taint flows with unsanitized paths, including three of high severity. This indicates a strong potential for deserialization vulnerabilities if external data is not meticulously sanitized before being passed to these functions.\n\nThe vulnerability history reveals a pattern of past security issues, including Deserialization of Untrusted Data and Cross-site Scripting. The fact that a high-severity vulnerability was patched very recently (2024-06-04) suggests that the plugin, despite recent updates, has historically been susceptible to critical flaws. The total number of known CVEs (3) also indicates a history of security weaknesses that require ongoing attention and rigorous security practices from developers.\n\nIn conclusion, while the plugin's current version lacks immediately exposed entry points for attackers and employs secure SQL practices, the inherent risk associated with deserialization functions and the historical vulnerability patterns necessitate caution. The high number of unsanitized taint flows is a critical area of concern that could lead to severe exploits if not addressed comprehensively. Developers should prioritize thorough input validation and sanitization, particularly around `unserialize` calls, and continue to monitor for and address security vulnerabilities promptly.",[697,699,702,704,707,709,711],{"reason":698,"points":591},"Dangerous function: unserialize",{"reason":700,"points":701},"Taint flows with unsanitized paths (High severity)",15,{"reason":703,"points":157},"Vulnerability history: Deserialization of Untrusted Data",{"reason":705,"points":706},"Vulnerability history: Cross-site Scripting",7,{"reason":708,"points":591},"Recent high severity vulnerability patched",{"reason":710,"points":136},"Moderate output escaping (62% properly escaped)",{"reason":712,"points":591},"No nonce checks","2026-03-16T17:52:22.468Z",{"wat":715,"direct":720},{"assetPaths":716,"generatorPatterns":717,"scriptPaths":718,"versionParams":719},[],[],[],[],{"cssClasses":721,"htmlComments":722,"htmlAttributes":723,"restEndpoints":724,"jsGlobals":725,"shortcodeOutput":726},[],[],[],[],[],[]]