[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6gIfobZldr0x9brKHq-jm0aFDszk9ct0lq23XlOxLS8":3,"$fu8kbt4HnVVtE5x_89sDA0tz0jqqn7K5azkd0NgpEACw":317,"$fPRvPSgRtgdnQKYmb5abfcKeaKN-zBXG-shTzqyrAZ4g":321},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":68,"crawl_stats":39,"alternatives":75,"analysis":172,"fingerprints":301},"which-template-file","which template file","5.2.0","gilles66","https:\u002F\u002Fprofiles.wordpress.org\u002Fgilles66\u002F","\u003Cp>Need to know which template is used by WordPress to display your pages in the front office ?\u003Cbr \u002F>\nThis plugin simply does this.\u003C\u002Fp>\n\u003Cp>Show the name of the php file of your theme used to display the current page.Need to know which template is used by WordPress to display your pages in the front office ?\u003Cbr \u002F>\nThis plugin simply does this.\u003C\u002Fp>\n\u003Cp>Efficient and very easy to install, it will show you in the admin bar the name of the php file currently used to display the current page.\u003Cbr \u002F>\nThe color of the text is different regarding the origin of the template(the theme, a parent theme, or a plugin)\u003Cbr \u002F>\n(icon author :http:\u002F\u002Fwww.megaicons.net\u002Ficonspack-1096\u002F45043\u002F)\u003C\u002Fp>\n","Show the name of the php file of your theme used to display the current page.",4000,54868,100,4,"2025-02-02T14:14:00.000Z","6.7.5","3.3.0","5.6",[20,21,22,23,24],"adminbar","debug","template","toolbar","tpl","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.5.2.0.zip",91,2,0,"2023-11-29 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,52],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-49177","which-template-file-unauthenticated-cross-site-scripting","which template file \u003C= 5.0.0 - Unauthenticated Cross-Site Scripting","The which template file plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=5.0.0","5.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-02-03 15:00:52",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbe3208c8-aceb-4ac9-91e1-d5de5a85f74d?source=api-prod",433,[],false,{"id":53,"url_slug":54,"title":55,"description":56,"plugin_slug":4,"theme_slug":39,"affected_versions":57,"patched_in_version":58,"severity":42,"cvss_score":59,"cvss_vector":60,"vuln_type":61,"published_date":62,"updated_date":63,"references":64,"days_to_patch":66,"patch_diff_files":67,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-45753","which-template-file-cross-site-request-forgery","which template file \u003C= 4.8.0 - Cross-Site Request Forgery","The which template file plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.8.0","4.9.0",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-10-12 00:00:00","2024-01-22 19:56:02",[65],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F279314a4-2d70-4036-ae9a-27bb694b03db?source=api-prod",103,[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":69,"total_installs":70,"avg_security_score":71,"avg_patch_time_days":72,"trust_score":73,"computed_at":74},3,4440,92,268,73,"2026-05-20T03:11:41.880Z",[76,94,115,133,154],{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":13,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":92,"download_link":93,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"show-current-template","Show Current Template","0.5.4","JOTAKI, Taisuke","https:\u002F\u002Fprofiles.wordpress.org\u002Ftai\u002F","\u003Cp>A WordPress plugin which shows the current template file name, the current theme name and included template files’ name in the tool bar. If you like this plugin, \u003Ca href=\"https:\u002F\u002Fwp.tekapo.com\u002Fis-my-plugin-useful\u002F\" rel=\"nofollow ugc\">you can buy me a coffee! 😉\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Inspired by (and big thanks to):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fgist.github.com\u002Fgatespace\u002F4482529\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freveal-template\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","A WordPress plugin which shows the current template file name, the current theme name and included template files' name in the tool bar.",100000,1262980,71,"2026-01-17T04:18:00.000Z","6.9.4","5.9","7.4",[22,23],"https:\u002F\u002Fwp.tekapo.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-current-template.0.5.4.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":88,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":113,"download_link":114,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"what-the-file","What The File","1.6.1","Barry Kooij","https:\u002F\u002Fprofiles.wordpress.org\u002Fbarrykooij\u002F","\u003Cp>What The File adds an option to your toolbar showing what file and template parts are used to display the page you’re currently viewing.\u003C\u002Fp>\n\u003Cp>You can click the file name to directly edit it through the theme editor, though I don’t recommend this for bigger changes.\u003C\u002Fp>\n\u003Cp>What The File supports BuddyPress and Roots Theme based themes.\u003C\u002Fp>\n\u003Cp>More information can be found \u003Ca href=\"http:\u002F\u002Fwww.barrykooij.com\u002Fwhat-the-file\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Looking for a great related posts plugin for WordPress?\u003C\u002Fh4>\n\u003Cp>Another plugin I’ve built, that I’m very proud of is Related Posts for WordPress. Related Posts for WordPress offers you the ability to link related posts to each other with just 1 click! And it’s 100% free! \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-for-wp\u002F\" rel=\"ugc\">Check it out on the WordPress repository.\u003C\u002Fa>\u003C\u002Fp>\n","What The File is the best tool to find out what template parts are used to display the page you're currently viewing!",40000,591241,98,882,"2026-02-19T17:21:00.000Z","3.1","5.3",[110,111,22,112,23],"development","file","template-editing","http:\u002F\u002Fwww.barrykooij.com\u002Fwhat-the-file\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-the-file.1.6.1.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":16,"requires_at_least":128,"requires_php":25,"tags":129,"homepage":25,"download_link":132,"security_score":71,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"hide-admin-bar-from-non-admins","Hide Admin Bar from Non-Admins","1.0.2","Andrew Lima","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewza\u002F","\u003Ch3>Install, activate, and you’re done.\u003C\u002Fh3>\n\u003Cp>This plugin hides the WordPress Toolbar (admin bar) for all visitors and users without the ‘administrator’ role. It’s a very simple plugin with no settings to configure.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use this plugin for sites with only one admin who needs access to the dashboard and the admin bar.\u003C\u002Fli>\n\u003Cli>This plugin is super lightweight, with just a few lines of code.\u003C\u002Fli>\n\u003Cli>If you need to show the toolbar for other user roles, use the filter \u003Ccode>habfna_show_admin_bar_roles\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is a tweak of the code by Yoast to hide the admin bar for non-admins only.\u003C\u002Fp>\n","Hides the WordPress toolbar (admin bar) for all non-admin users. Simple plugin with no settings to configure.",10000,237834,86,30,"2024-11-18T14:39:00.000Z","5.2",[130,20,131,23],"admin-bar","dashboard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-admin-bar-from-non-admins.1.0.2.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":125,"num_ratings":143,"last_updated":144,"tested_up_to":88,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":150,"download_link":151,"security_score":152,"vuln_count":28,"unpatched_count":29,"last_vuln_date":153,"fetched_at":31},"my-wp","My WP Customize Admin\u002FFrontend","1.27.1","gqevu6bsiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fgqevu6bsiz\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fmywpcustomize.com\" rel=\"nofollow ugc\">My WP Customize\u003C\u002Fa> is customize for WordPress.\u003C\u002Fp>\n\u003Cp>Simply and easy-to-use the customize for Admin and Frontend. A lot of custom filters and actions, and included the developer tools.\u003C\u002Fp>\n\u003Cp>There are lots of custom actions and filters.\u003C\u002Fp>\n\u003Cp>You will speed up to your site creation. Debug on current post, Debug on current using theme, Debug on server info, …etc more helpful info.\u003C\u002Fp>\n\u003Cp>The demo site is here: \u003Ca href=\"https:\u002F\u002Fplayground.wordpress.net\u002F?plugin=my-wp&url=\u002Fwp-admin\u002Fadmin.php?page=mywp\" rel=\"nofollow ugc\">https:\u002F\u002Fplayground.wordpress.net\u002F?plugin=my-wp&url=\u002Fwp-admin\u002Fadmin.php?page=mywp\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Customize the admin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Admin General(hide update notifications, hide screen options, custom footer text).\u003C\u002Fli>\n\u003Cli>Admin Dashboard(hide meta boxes, change meta box title, restrict meta box order).\u003C\u002Fli>\n\u003Cli>Admin Sidebar(hide menus, order menus, change icon and title, add custom link menu).\u003C\u002Fli>\n\u003Cli>Admin Toolbar(hide menus, order menus, change icon and title, add custom link menu).\u003C\u002Fli>\n\u003Cli>Admin Post list(hide columns, order columns, change title).\u003C\u002Fli>\n\u003Cli>Admin Post edit(support block editor and classic editor, hide meta boxes, change title placeholder, restrict order meta box).\u003C\u002Fli>\n\u003Cli>Admin Terms(hide columns, order columns, change title).\u003C\u002Fli>\n\u003Cli>Admin Media uploads(hide columns, order columns, change title).\u003C\u002Fli>\n\u003Cli>Admin Comments(hide columns, order columns, change title).\u003C\u002Fli>\n\u003Cli>Admin Users(hide columns, order columns, change title).\u003C\u002Fli>\n\u003Cli>Admin User edit(hide Visual Editor checkbox, hide Syntax Highlighting checkbox, hide Admin Color Scheme).\u003C\u002Fli>\n\u003Cli>Admin Site editor(Change top left button).\u003C\u002Fli>\n\u003Cli>Admin Nav menus(hide meta boxes, hide Link target, hide Title Attribute, hide CSS classes).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customize the frontend\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Frontend General(show and hide toolbar, hide Rest link, hide Shortlink, set X-Frame-Options, add custom header meta).\u003C\u002Fli>\n\u003Cli>Frontend Author archive(hide archive page, add Disallow to robots.txt).\u003C\u002Fli>\n\u003Cli>Frontend Date archive(hide archive page).\u003C\u002Fli>\n\u003Cli>Frontend Taxonomy archive(hide archive page).\u003C\u002Fli>\n\u003Cli>Frontend Toolbar(hide menus, order menus, change icon and title, add custom link menu).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customize the login\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Login General(Change logo link and image, hide select language, add custom footer text).\u003C\u002Fli>\n\u003Cli>Login User(redirect after login and logout).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customize the website\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Site General(Disable file edit, hide PHP X-Mailer version).\u003C\u002Fli>\n\u003Cli>Site Post type(Change create_posts capability).\u003C\u002Fli>\n\u003Cli>Site Sitemap(hide core sitemap.xml).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For Debug\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Debug General(Display a debug screen that is useful for development).\u003C\u002Fli>\n\u003Cli>Debug Blogs(Show all blogs on network\u002Fmultisite).\u003C\u002Fli>\n\u003Cli>Debug Crons(Show all crons).\u003C\u002Fli>\n\u003Cli>Debug Date time(Show all date and time values).\u003C\u002Fli>\n\u003Cli>Debug Defines(Show all defines).\u003C\u002Fli>\n\u003Cli>Debug Post statuses(Show all post statuses).\u003C\u002Fli>\n\u003Cli>Debug Post structure(Show a post structure).\u003C\u002Fli>\n\u003Cli>Debug Post types(Show all post types).\u003C\u002Fli>\n\u003Cli>Debug Rest API(Show all rest api).\u003C\u002Fli>\n\u003Cli>Debug Site options(Show all site options on network\u002Fmultisite).\u003C\u002Fli>\n\u003Cli>Debug Taxonomies(Show all taxonomies).\u003C\u002Fli>\n\u003Cli>Debug Terms(Show all terms).\u003C\u002Fli>\n\u003Cli>Debug transients(Show all transients).\u003C\u002Fli>\n\u003Cli>Debug translations(Show all translations).\u003C\u002Fli>\n\u003Cli>Debug Capabilities(Show all user roles capabilities).\u003C\u002Fli>\n\u003C\u002Ful>\n","Simply and easy-to-use the customize for Admin and Frontend. A lot of custom filters and actions, and included the developer tools.",8000,115127,16,"2025-12-07T03:54:00.000Z","4.7",[147,21,148,149,23],"admin","frontend","sidebar","https:\u002F\u002Fmywpcustomize.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp.1.27.1.zip",99,"2024-12-13 00:00:00",{"slug":155,"name":156,"version":157,"author":158,"author_profile":159,"description":160,"short_description":161,"active_installs":162,"downloaded":163,"rating":13,"num_ratings":164,"last_updated":165,"tested_up_to":88,"requires_at_least":166,"requires_php":18,"tags":167,"homepage":170,"download_link":171,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"bottom-admin-toolbar","Bottom Admin Toolbar","1.5.2","M.Code","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevloper00\u002F","\u003Ch4>LET’S STICK THAT BAR AT THE BOTTOM FOREVER!\u003C\u002Fh4>\n\u003Cp>Natively WordPress doesn’t offer the possibility to change your admin bar position. With that simple extension you can stick it at the bottom forever and hide it by pressing shortcut!\u003C\u002Fp>\n\u003Ch4>Main features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Stick admin bar to the bottom\u003C\u002Fli>\n\u003Cli>Hide bar by pressing \u003Cstrong>SHIFT + Down Arrow\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","Stick the WordPress admin bar to the bottom of the screen. Hide it with SHIFT + Down Arrow keyboard shortcut.",1000,16558,7,"2026-01-01T16:33:00.000Z","4.9",[147,20,168,169,23],"bar","bottom-bar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbottom-admin-toolbar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbottom-admin-toolbar.1.5.2.zip",{"attackSurface":173,"codeSignals":210,"taintFlows":243,"riskAssessment":287,"analyzedAt":300},{"hooks":174,"ajaxHandlers":206,"restRoutes":207,"shortcodes":208,"cronEvents":209,"entryPointCount":29,"unprotectedCount":29},[175,180,183,186,190,194,196,202],{"type":176,"name":177,"callback":177,"file":178,"line":179},"action","init","admin\\add_menu_page.php",24,{"type":176,"name":181,"callback":181,"file":178,"line":182},"admin_init",25,{"type":176,"name":184,"callback":184,"file":178,"line":185},"admin_head",26,{"type":176,"name":187,"callback":188,"file":178,"line":189},"admin_menu","add_plugin_page",27,{"type":176,"name":191,"callback":192,"file":178,"line":193},"admin_notices","my_admin_notice",61,{"type":176,"name":191,"callback":192,"file":178,"line":195},66,{"type":176,"name":197,"callback":198,"priority":199,"file":200,"line":201},"admin_bar_menu","gwp_my_admin_bar_menu",9999,"which-template-file.php",21,{"type":176,"name":203,"callback":204,"file":200,"line":205},"wp_head","which_template_file_style",114,[],[],[],[],{"dangerousFunctions":211,"sqlUsage":212,"outputEscaping":214,"fileOperations":29,"externalRequests":29,"nonceChecks":241,"capabilityChecks":29,"bundledLibraries":242},[],{"prepared":29,"raw":29,"locations":213},[],{"escaped":29,"rawEcho":215,"locations":216},12,[217,220,221,223,225,227,229,231,234,236,238,239],{"file":178,"line":218,"context":219},109,"raw output",{"file":178,"line":218,"context":219},{"file":178,"line":222,"context":219},110,{"file":178,"line":224,"context":219},121,{"file":178,"line":226,"context":219},131,{"file":178,"line":228,"context":219},144,{"file":178,"line":230,"context":219},145,{"file":232,"line":233,"context":219},"admin\\class_page_admin.php",60,{"file":232,"line":235,"context":219},64,{"file":232,"line":237,"context":219},65,{"file":232,"line":27,"context":219},{"file":232,"line":240,"context":219},107,1,[],[244,259,274],{"entryPoint":245,"graph":246,"unsanitizedCount":241,"severity":42},"display_admin_page (admin\\add_menu_page.php:100)",{"nodes":247,"edges":257},[248,252],{"id":249,"type":250,"label":251,"file":178,"line":222},"n0","source","$_GET['page']",{"id":253,"type":254,"label":255,"file":178,"line":222,"wp_function":256},"n1","sink","echo() [XSS]","echo",[258],{"from":249,"to":253,"sanitized":51},{"entryPoint":260,"graph":261,"unsanitizedCount":29,"severity":273},"admin_init (admin\\add_menu_page.php:48)",{"nodes":262,"edges":270},[263,266],{"id":249,"type":250,"label":264,"file":178,"line":265},"$_GET",52,{"id":253,"type":254,"label":267,"file":178,"line":268,"wp_function":269},"update_option() [Settings Manipulation]",53,"update_option",[271],{"from":249,"to":253,"sanitized":272},true,"low",{"entryPoint":275,"graph":276,"unsanitizedCount":29,"severity":273},"\u003Cadd_menu_page> (admin\\add_menu_page.php:0)",{"nodes":277,"edges":284},[278,279,280,282],{"id":249,"type":250,"label":264,"file":178,"line":265},{"id":253,"type":254,"label":267,"file":178,"line":268,"wp_function":269},{"id":281,"type":250,"label":251,"file":178,"line":222},"n2",{"id":283,"type":254,"label":255,"file":178,"line":222,"wp_function":256},"n3",[285,286],{"from":249,"to":253,"sanitized":272},{"from":281,"to":283,"sanitized":272},{"summary":288,"deductions":289},"The 'which-template-file' plugin version 5.2.0 presents a mixed security posture. On the positive side, it boasts a zero attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events, and all identified SQL queries are properly prepared. The presence of a nonce check is also a positive indicator. However, a significant concern arises from the complete lack of output escaping across all 12 identified output points. This suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data could be injected into the output and executed by a victim's browser.\n\nThe taint analysis reveals one flow with unsanitized paths, which, while not rated as critical or high severity in this analysis, still indicates a potential weakness in how file paths are handled. The plugin's vulnerability history is a major red flag. With two documented medium-severity CVEs in the past, specifically related to XSS and CSRF, the trend points towards recurring input validation and output sanitization issues. The fact that these vulnerabilities were in the past and are currently unpatched according to the data is concerning, though the \"currently unpatched: 0\" implies they have been addressed. The recurring nature of these vulnerability types, particularly XSS, coupled with the current lack of output escaping, strongly suggests an ongoing risk.\n\nIn conclusion, while the plugin has a minimal attack surface and handles SQL securely, the critical weakness in output escaping and the history of XSS and CSRF vulnerabilities create a substantial risk. The taint analysis, though not indicating critical severity, adds to the overall concern regarding input handling. Users should be highly cautious, and developers should prioritize addressing the output escaping deficiency immediately.",[290,293,296,298],{"reason":291,"points":292},"All outputs are unescaped",20,{"reason":294,"points":295},"Flow with unsanitized paths",8,{"reason":297,"points":215},"History of medium severity CVEs (2)",{"reason":299,"points":295},"Vulnerability types include XSS and CSRF","2026-03-16T18:12:59.370Z",{"wat":302,"direct":309},{"assetPaths":303,"generatorPatterns":306,"scriptPaths":307,"versionParams":308},[304,305],"\u002Fwp-content\u002Fplugins\u002Fwhich-template-file\u002Fadmin\u002Fclass_page_admin.php","\u002Fwp-content\u002Fplugins\u002Fwhich-template-file\u002Fadmin\u002Fadd_menu_page.php",[],[],[],{"cssClasses":310,"htmlComments":312,"htmlAttributes":313,"restEndpoints":314,"jsGlobals":315,"shortcodeOutput":316},[311],"class_gwp_my_template_file",[],[],[],[],[],{"error":272,"url":318,"statusCode":319,"statusMessage":320,"message":320},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwhich-template-file\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":201,"versions":322},[323,328,334,342,349,358,366,375,384,393,402,411,420,429,438,447,456,465,474,483,492],{"version":6,"download_url":26,"svn_tag_url":324,"released_at":39,"has_diff":51,"diff_files_changed":325,"diff_lines":39,"trac_diff_url":326,"vulnerabilities":327,"is_current":272},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F5.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F5.1&new_path=%2Fwhich-template-file%2Ftags%2F5.2.0",[],{"version":41,"download_url":329,"svn_tag_url":330,"released_at":39,"has_diff":51,"diff_files_changed":331,"diff_lines":39,"trac_diff_url":332,"vulnerabilities":333,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F5.0&new_path=%2Fwhich-template-file%2Ftags%2F5.1",[],{"version":335,"download_url":336,"svn_tag_url":337,"released_at":39,"has_diff":51,"diff_files_changed":338,"diff_lines":39,"trac_diff_url":339,"vulnerabilities":340,"is_current":51},"5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.9&new_path=%2Fwhich-template-file%2Ftags%2F5.0",[341],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":166,"download_url":343,"svn_tag_url":344,"released_at":39,"has_diff":51,"diff_files_changed":345,"diff_lines":39,"trac_diff_url":346,"vulnerabilities":347,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.8&new_path=%2Fwhich-template-file%2Ftags%2F4.9",[348],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":350,"download_url":351,"svn_tag_url":352,"released_at":39,"has_diff":51,"diff_files_changed":353,"diff_lines":39,"trac_diff_url":354,"vulnerabilities":355,"is_current":51},"4.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.7&new_path=%2Fwhich-template-file%2Ftags%2F4.8",[356,357],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":145,"download_url":359,"svn_tag_url":360,"released_at":39,"has_diff":51,"diff_files_changed":361,"diff_lines":39,"trac_diff_url":362,"vulnerabilities":363,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.6&new_path=%2Fwhich-template-file%2Ftags%2F4.7",[364,365],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":367,"download_url":368,"svn_tag_url":369,"released_at":39,"has_diff":51,"diff_files_changed":370,"diff_lines":39,"trac_diff_url":371,"vulnerabilities":372,"is_current":51},"4.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.5.0&new_path=%2Fwhich-template-file%2Ftags%2F4.6",[373,374],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":376,"download_url":377,"svn_tag_url":378,"released_at":39,"has_diff":51,"diff_files_changed":379,"diff_lines":39,"trac_diff_url":380,"vulnerabilities":381,"is_current":51},"4.5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.4.0&new_path=%2Fwhich-template-file%2Ftags%2F4.5.0",[382,383],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":385,"download_url":386,"svn_tag_url":387,"released_at":39,"has_diff":51,"diff_files_changed":388,"diff_lines":39,"trac_diff_url":389,"vulnerabilities":390,"is_current":51},"4.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.3.0&new_path=%2Fwhich-template-file%2Ftags%2F4.4.0",[391,392],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":394,"download_url":395,"svn_tag_url":396,"released_at":39,"has_diff":51,"diff_files_changed":397,"diff_lines":39,"trac_diff_url":398,"vulnerabilities":399,"is_current":51},"4.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.2.2&new_path=%2Fwhich-template-file%2Ftags%2F4.3.0",[400,401],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":403,"download_url":404,"svn_tag_url":405,"released_at":39,"has_diff":51,"diff_files_changed":406,"diff_lines":39,"trac_diff_url":407,"vulnerabilities":408,"is_current":51},"4.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.1.1&new_path=%2Fwhich-template-file%2Ftags%2F4.2.2",[409,410],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":412,"download_url":413,"svn_tag_url":414,"released_at":39,"has_diff":51,"diff_files_changed":415,"diff_lines":39,"trac_diff_url":416,"vulnerabilities":417,"is_current":51},"4.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.1&new_path=%2Fwhich-template-file%2Ftags%2F4.1.1",[418,419],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":421,"download_url":422,"svn_tag_url":423,"released_at":39,"has_diff":51,"diff_files_changed":424,"diff_lines":39,"trac_diff_url":425,"vulnerabilities":426,"is_current":51},"4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F4.0&new_path=%2Fwhich-template-file%2Ftags%2F4.1",[427,428],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":430,"download_url":431,"svn_tag_url":432,"released_at":39,"has_diff":51,"diff_files_changed":433,"diff_lines":39,"trac_diff_url":434,"vulnerabilities":435,"is_current":51},"4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F3.0&new_path=%2Fwhich-template-file%2Ftags%2F4.0",[436,437],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":439,"download_url":440,"svn_tag_url":441,"released_at":39,"has_diff":51,"diff_files_changed":442,"diff_lines":39,"trac_diff_url":443,"vulnerabilities":444,"is_current":51},"3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F2.1&new_path=%2Fwhich-template-file%2Ftags%2F3.0",[445,446],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":448,"download_url":449,"svn_tag_url":450,"released_at":39,"has_diff":51,"diff_files_changed":451,"diff_lines":39,"trac_diff_url":452,"vulnerabilities":453,"is_current":51},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F2.0&new_path=%2Fwhich-template-file%2Ftags%2F2.1",[454,455],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":457,"download_url":458,"svn_tag_url":459,"released_at":39,"has_diff":51,"diff_files_changed":460,"diff_lines":39,"trac_diff_url":461,"vulnerabilities":462,"is_current":51},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F1.4&new_path=%2Fwhich-template-file%2Ftags%2F2.0",[463,464],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":466,"download_url":467,"svn_tag_url":468,"released_at":39,"has_diff":51,"diff_files_changed":469,"diff_lines":39,"trac_diff_url":470,"vulnerabilities":471,"is_current":51},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F1.3&new_path=%2Fwhich-template-file%2Ftags%2F1.4",[472,473],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":475,"download_url":476,"svn_tag_url":477,"released_at":39,"has_diff":51,"diff_files_changed":478,"diff_lines":39,"trac_diff_url":479,"vulnerabilities":480,"is_current":51},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F1.2&new_path=%2Fwhich-template-file%2Ftags%2F1.3",[481,482],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":484,"download_url":485,"svn_tag_url":486,"released_at":39,"has_diff":51,"diff_files_changed":487,"diff_lines":39,"trac_diff_url":488,"vulnerabilities":489,"is_current":51},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwhich-template-file%2Ftags%2F1.1&new_path=%2Fwhich-template-file%2Ftags%2F1.2",[490,491],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":493,"download_url":494,"svn_tag_url":495,"released_at":39,"has_diff":51,"diff_files_changed":496,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":497,"is_current":51},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwhich-template-file\u002Ftags\u002F1.1\u002F",[],[498,499],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41}]