[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4RRXd4ghCtNh0oYvy6T9iVRUlRodGg2oQJFlydgpciw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":50,"analysis":149,"fingerprints":565},"widget-logic-visual","Widget Logic Visual","1.52","totalbounty","https:\u002F\u002Fprofiles.wordpress.org\u002Ftotalbounty\u002F","\u003Cp>Control, limit, and restrict what webpages widgets are shown on – point and click visual display.  Replaces original widget logic plugin because anyone can use it easily without knowing any code or template tags, “it just works”.\u003C\u002Fp>\n\u003Cp>\u003Cem>UPDATE\u003C\u002Fem> – now contains ability to visually add widget limitations or exceptions for display OR the ability to add conditional tag code (for advanced users).  You get the best of both worlds!\u003C\u002Fp>\n\u003Cp>The original Widget Logic plugin is very useful because it allows you to restrict the display of widgets to specific pages using WordPress “conditional tags”.  The only problem is that non-technical people don’t know how to use conditional tags.\u003C\u002Fp>\n\u003Cp>Another Plugin by: \u003Ca href=\"http:\u002F\u002Fwww.totalbounty.com\" title=\"Total Bounty Marketplace\" rel=\"nofollow ugc\">Total Bounty Marketplace\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>WordPress is now used by nearly 70 million websites worldwide and the majority of those website owners are non-technical people.  We created Widget Logic Visual Version for all of those people.  Now you can easily just point and click what sections of your WordPress website you want a widget to display on without knowing code, or “conditional tags” or any of that at all.\u003C\u002Fp>\n\u003Cp>You can select to restrict view of widgets to the homepage, specific posts or pages, tags or categories, author pages, etc.  You can create just about any combination of any of those you’d like as well.\u003C\u002Fp>\n\u003Cp>For instance, you could choose to display a widget on only the homepage and your “about” page, or specific tag or category pages – nearly any combination you can think of.\u003C\u002Fp>\n\u003Cp>Here’s a video tutorial:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FApP2A3rWtyU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Post plugins questions and comments in the forum:  \u003Ca href=\"http:\u002F\u002Fwww.totalbounty.com\u002Fforums\u002Ftopic\u002Fwidget-logic-visual-version\u002F\" title=\"Widget Logic Visual Forum\" rel=\"nofollow ugc\">Widget Logic Visual Forum\u003C\u002Fa>\u003C\u002Fp>\n","Widget Logic Visual Version lets you control on which pages widgets appear using WP's conditional tags without having to know how conditional tag &hellip;",200,38332,54,7,"2012-02-28T14:32:00.000Z","3.3.2","3.0","",[20,21,22,23,24],"admin","conditional-tags","context","filter","widget","http:\u002F\u002Fwww.totalbounty.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-logic-visual.zip",63,1,"2026-01-27 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-68842","widget-logic-visual-reflected-cross-site-scripting","Widget Logic Visual \u003C= 1.52 - Reflected Cross-Site Scripting","The Widget Logic Visual plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.52 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.52","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-02 16:18:24",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1bb9259e-f65a-4cb3-9401-35be0212c182?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},30,68,"2026-04-04T03:39:17.449Z",[51,71,94,113,131],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":17,"requires_php":18,"tags":65,"homepage":67,"download_link":68,"security_score":69,"vuln_count":28,"unpatched_count":28,"last_vuln_date":70,"fetched_at":30},"widget-manager-light","Widget Manager Light","1.18","OTWthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fotwthemes\u002F","\u003Cp>Widget Manager gives you full control over widget visibility via nice and easy interface.\u003C\u002Fp>\n\u003Cp>Every widget can now be displayed on or hidden from one or few pages. Display relevent content on your pages, posts, categories, tags, archives, custom post types, custom taxonomies, page templates, WordPress service pages, etc..\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Upgrade to the Pro version of this plugin – the worlds most complete Sidebar and Widget management system for WordPress including regular updates and premium support:\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002F1.envato.market\u002Fc\u002F1246358\u002F275988\u002F4415?subId1=sbm&subId2=2020&subId3=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fsidebar-widget-manager-for-wordpress%2F2287447&u=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fsidebar-widget-manager-for-wordpress%2F2287447\" rel=\"nofollow ugc\">Sidebar and Widget Manager\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fotwthemes.com\u002Fdemos\u002F1ts\u002F?item=Sidebar%20Widget%20Manager&utm_source=wp.org&utm_medium=page&utm_content=upgrade&utm_campaign=wml\" rel=\"nofollow ugc\">Demo site\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Display widgets based on language(WMPL plugin) or user role is available as well.\u003C\u002Fp>\n\u003Cp>Support for WooCommerce plugin, bbPress plugin and BuddyPress plugin has been added too.\u003C\u002Fp>\n\u003Cp>This plugin works with all widgedets – WordPress default and any custom added widget.\u003C\u002Fp>\n\u003Cp>The interface is very intuitive and requires no coding knowledge at all.\u003C\u002Fp>\n\u003Cp>How Widget Manager Light works\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to Appearance -> Widgets.\u003C\u002Fli>\n\u003Cli>Select a Widget in any sidebar.\u003C\u002Fli>\n\u003Cli>Click on the Set Visibility button.\u003C\u002Fli>\n\u003Cli>Select where to display on or hide from.\u003C\u002Fli>\n\u003C\u002Ful>\n","Widget Manager lets you control on which pages widgets appear via nice and easy interface. Show or hide widgets. Display relevant content on your page &hellip;",600,48849,76,11,"2022-03-03T06:42:00.000Z","5.9.13",[20,21,22,23,66],"hide-widgets","http:\u002F\u002Fotwthemes.com\u002F?utm_source=wp.org&utm_medium=admin&utm_content=site&utm_campaign=wml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.zip",64,"2025-04-02 00:00:00",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":89,"download_link":90,"security_score":91,"vuln_count":28,"unpatched_count":92,"last_vuln_date":93,"fetched_at":30},"conditional-menus","Conditional Menus","1.2.7","themifyme","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemifyme\u002F","\u003Cp>Conditional Menus is a simple yet useful WordPress plugin by \u003Ca href=\"https:\u002F\u002Fthemify.me\u002F\" rel=\"nofollow ugc\">Themify\u003C\u002Fa>, which allows you to swap the menus in the theme as per specific conditions. In short, you can have different menus in different posts, pages, categories, archive pages, etc. It works with any WordPress theme that uses the standard WordPress menu function.\u003C\u002Fp>\n\u003Ch3>How to use it\u003C\u002Fh3>\n\u003Cp>Once you activate the plugin, you will see the conditional menus on the Manage Locations tab located in your WP Admin > Appearance > Menus page.\u003C\u002Fp>\n\u003Cp>1) To add conditional menu: click “Conditional Menu” and select a menu from the list (you can create these menus in the “Edit Menus” tab)\u003Cbr \u002F>\n   – You can remove the menu by selecting “Disable Menu” from the list.\u003Cbr \u002F>\n2) Click on “+ Conditions” to add conditions in the modal box (tick the checkboxes where you want the menu to appear)\u003Cbr \u002F>\n3) To remove the conditional menus, click on the “X” button\u003C\u002Fp>\n\u003Cp>Visit https:\u002F\u002Fthemify.me\u002Fconditional-menus for more details.\u003C\u002Fp>\n","This plugin enables you to set conditional menus per posts, pages, categories, archive pages, etc.",60000,879798,88,72,"2026-02-17T20:29:00.000Z","6.9.4","4.0",[20,21,22,87,88],"menu","menu-items","https:\u002F\u002Fthemify.me\u002Fconditional-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconditional-menus.1.2.7.zip",100,0,"2023-05-24 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":91,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":18,"download_link":111,"security_score":112,"vuln_count":92,"unpatched_count":92,"last_vuln_date":37,"fetched_at":30},"date-range-filter","Date Range Filter","0.0.11","Jonathan Bardo","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonathanbardo\u002F","\u003Cp>\u003Cstrong>Note: This plugin requires PHP 5.3 or higher to be activated. 5.4 Strongly recommended.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A big shout-out to the \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fstream\u002F\" rel=\"nofollow ugc\">Stream\u003C\u002Fa> team for developing much of the functionnality of this plugin and letting me reuse it for another purposes. You guys rock!\u003C\u002Fp>\n\u003Cp>This plugin was develop to supercharge the current date filter of WordPress admin. It will let you filter posts by a custom date range or by an already defined range.\u003C\u002Fp>\n\u003Cp>By default the plugin only filters post creation date. If you would like to filter the post modified date, please use this filter:\u003C\u002Fp>\n\u003Cpre>\nfunction my_date_range_filter_query_column( $column ){\n    return 'post_modified';\n}\nadd_filter( 'date_range_filter_query_column', 'my_date_range_filter_query_column', 10, 1 );\n\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Languages Supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Improvement? Bugs?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please fill out an issue \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjonathanbardo\u002FWP-Date-Range-Filter\u002Fissues\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Easily filter the admin list of post and custom post type with a date range.",300,8691,5,"2017-01-24T15:23:00.000Z","4.7.32","3.7",[20,109,110,23,24],"dashboard","date","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdate-range-filter.zip",85,{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":91,"downloaded":121,"rating":91,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":18,"tags":126,"homepage":129,"download_link":130,"security_score":112,"vuln_count":92,"unpatched_count":92,"last_vuln_date":37,"fetched_at":30},"wpml-widget-filter","WPML Widget Filter","0.1","Ayebare Mucunguzi Brooks","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrooksx\u002F","\u003Cp>This plugin gives every widget extra language control fields that let you control the languages that the widget or sidebar will appear on when using WPML plugin.\u003Cbr \u002F>\nThe plugin was adopted from alanft’s amazing widget logic plugin and stream lined to make it an extremely light weight plugin with only one purpose:  to filter widgets and sidebars according to WPML languages.\u003C\u002Fp>\n\u003Cp>To get quick support for this plugin, submit a support ticket \u003Ca href=\"http:\u002F\u002Fzanto.org\u002Fsupport\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003Cbr \u002F>\nTo keep up to date with the latest WordPress translation, localization and Internationalization news, subscribe to our blog at \u003Ca href=\"http:\u002F\u002Fzanto.org\" title=\"WordPress translation, Internationalization and localization\" rel=\"nofollow ugc\"> Zanto\u003C\u002Fa>\u003Cbr \u002F>\nFor more free and premium multilingual plugins for WPML, and  Zanto visit our\u003Ca href=\"http:\u002F\u002Fshop.zanto.org\" title=\"wordpress multilingual plugins\" rel=\"nofollow ugc\"> Multilingual plugins page\u003C\u002Fa>. all GPL\u003C\u002Fp>\n","WPML Widget Filter lets you control on which languages widgets or sidebars appear when using WPML Translation plugin.",3899,2,"2014-09-01T22:47:00.000Z","3.9.40","2.8",[20,23,127,24,128],"sidebar","wpml","http:\u002F\u002Fshop.zanto.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpml-widget-filter.0.1.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":91,"num_ratings":122,"last_updated":141,"tested_up_to":64,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":147,"download_link":148,"security_score":112,"vuln_count":92,"unpatched_count":92,"last_vuln_date":37,"fetched_at":30},"widget-display-filter","Widget Display Filter","2.0.0","enomoto celtislab","https:\u002F\u002Fprofiles.wordpress.org\u002Fenomoto-celtislab\u002F","\u003Cp>It defines Hashtags that are associated with the display conditions. and use Hashtag to manage the display conditions of the widget. By setting the same Hashtag to multiple widgets, you can easily manage as a group. (\u003Cbr \u002F>\nOf course, Hashtag does not appear at run time.)\u003C\u002Fp>\n\u003Cp>Feature\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support Device filter (Discrimination of Desktop \u002F Mobile device uses the wp_is_mobile function)\u003C\u002Fli>\n\u003Cli>Support Post Format type filter\u003C\u002Fli>\n\u003Cli>Support Post category and tags filter\u003C\u002Fli>\n\u003Cli>Support Custom Post type filter\u003C\u002Fli>\n\u003Cli>Support Widget Group block (Widget by Block after WP5.9)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage\u003C\u002Fp>\n\u003Col>\n\u003Cli>Open the menu – “Appearance -> Widget Display Filter”, and configure and manage the display conditions of Widgets.\u003C\u002Fli>\n\u003Cli>Definition of Hashtags associated with the widget display conditions.\u003C\u002Fli>\n\u003Cli>Open the menu – “Appearance -> Widgets”, and set the display condition for each widget.\u003C\u002Fli>\n\u003Cli>If you enter Hashtag in Widget Title input field, its display condition is enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Notice\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hashtag that can be set for each widget is only one. \u003C\u002Fli>\n\u003Cli>Between Hashtag and title should be separated by a space.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more detailed information, there is an introduction page.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fceltislab.net\u002Fen\u002Fwp_widget_display_filter\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fceltislab.net\u002Fwp_widget_display_filter\u002F\" title=\"Documentation in Japanese\" rel=\"nofollow ugc\">日本語の説明\u003C\u002Fa>\u003C\u002Fp>\n","Set the display condition for each widget. Widgets display condition setting can be easily, and very easy-to-use plugin.",40,4301,"2022-02-24T08:42:00.000Z","5.9","7.3",[21,23,145,24,146],"hide","widget-group-block","https:\u002F\u002Fceltislab.net\u002Fen\u002Fwp_widget_display_filter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-display-filter.zip",{"attackSurface":150,"codeSignals":237,"taintFlows":358,"riskAssessment":549,"analyzedAt":564},{"hooks":151,"ajaxHandlers":195,"restRoutes":234,"shortcodes":235,"cronEvents":236,"entryPointCount":173,"unprotectedCount":173},[152,158,162,166,170,175,179,183,187,191],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","admin_enqueue_scripts","widget_logic_visual_admin_enqueue_script","widget_logic.php",18,{"type":153,"name":159,"callback":160,"file":156,"line":161},"admin_print_styles","widget_logic_visual_admin_enqueue_style",19,{"type":153,"name":163,"callback":164,"file":156,"line":165},"sidebar_admin_setup","widget_logic_visual_expand_control",20,{"type":153,"name":167,"callback":168,"file":156,"line":169},"sidebar_admin_page","widget_logic_visual_options_filter",21,{"type":23,"name":171,"callback":172,"priority":173,"file":156,"line":174},"widget_update_callback","widget_logic_visual_widget_update_callback",10,22,{"type":23,"name":176,"callback":177,"priority":173,"file":156,"line":178},"plugin_action_links","widget_logic_visual_charity",23,{"type":23,"name":180,"callback":181,"priority":173,"file":156,"line":182},"sidebars_widgets","widget_logic_visual_filter_sidebars_widgets",26,{"type":23,"name":184,"callback":185,"priority":173,"file":156,"line":186},"dynamic_sidebar_params","widget_logic_visual_widget_display_callback",29,{"type":153,"name":188,"callback":189,"file":156,"line":190},"admin_notices","widget_logic_visual_message",35,{"type":153,"name":192,"callback":193,"file":156,"line":194},"admin_menu","widget_logic_visual_plugin_menu",285,[196,201,204,208,211,215,218,222,226,230],{"action":197,"nopriv":198,"callback":199,"hasNonce":198,"hasCapCheck":198,"file":200,"line":122},"widget-logic-options",false,"widget_logic_visual_options","ajax.php",{"action":202,"nopriv":198,"callback":203,"hasNonce":198,"hasCapCheck":198,"file":200,"line":104},"widget-logic-save","widget_logic_visual_save",{"action":205,"nopriv":198,"callback":206,"hasNonce":198,"hasCapCheck":198,"file":200,"line":207},"widget-logic-update","widget_logic_visual_update",6,{"action":209,"nopriv":198,"callback":210,"hasNonce":198,"hasCapCheck":198,"file":200,"line":14},"widget-logic-delete-option","widget_logic_visual_delete",{"action":212,"nopriv":198,"callback":213,"hasNonce":198,"hasCapCheck":198,"file":200,"line":214},"widget-logic-add-tags","widget_logic_visual_conditional_tags",9,{"action":216,"nopriv":198,"callback":217,"hasNonce":198,"hasCapCheck":198,"file":200,"line":62},"widget-logic-add-options","widget_logic_visual_add_options",{"action":219,"nopriv":198,"callback":220,"hasNonce":198,"hasCapCheck":198,"file":200,"line":221},"widget-logic-edit-option","widget_logic_visual_edit_options",12,{"action":223,"nopriv":198,"callback":224,"hasNonce":198,"hasCapCheck":198,"file":200,"line":225},"widget-logic-more-options","widget_logic_visual_more_options",13,{"action":227,"nopriv":198,"callback":228,"hasNonce":198,"hasCapCheck":198,"file":200,"line":229},"widget-logic-update-conditional-tags","widget_logic_visual_update_conditional_tags",14,{"action":231,"nopriv":198,"callback":232,"hasNonce":198,"hasCapCheck":198,"file":200,"line":233},"widget-logic-update-visibility","widget_logic_visual_update_visibility",15,[],[],[],{"dangerousFunctions":238,"sqlUsage":239,"outputEscaping":241,"fileOperations":92,"externalRequests":92,"nonceChecks":92,"capabilityChecks":92,"bundledLibraries":357},[],{"prepared":92,"raw":92,"locations":240},[],{"escaped":92,"rawEcho":242,"locations":243},60,[244,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,276,278,280,282,284,286,288,290,292,294,295,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,325,327,328,329,331,333,334,336,338,340,341,343,345,347,349,351,353,355],{"file":200,"line":245,"context":246},137,"raw output",{"file":200,"line":248,"context":246},140,{"file":200,"line":250,"context":246},156,{"file":200,"line":252,"context":246},159,{"file":200,"line":254,"context":246},204,{"file":200,"line":256,"context":246},210,{"file":200,"line":258,"context":246},228,{"file":200,"line":260,"context":246},239,{"file":200,"line":262,"context":246},247,{"file":200,"line":264,"context":246},250,{"file":200,"line":266,"context":246},254,{"file":200,"line":268,"context":246},289,{"file":200,"line":270,"context":246},301,{"file":200,"line":272,"context":246},302,{"file":200,"line":274,"context":246},303,{"file":200,"line":274,"context":246},{"file":200,"line":277,"context":246},304,{"file":200,"line":279,"context":246},315,{"file":200,"line":281,"context":246},318,{"file":200,"line":283,"context":246},331,{"file":200,"line":285,"context":246},334,{"file":200,"line":287,"context":246},342,{"file":200,"line":289,"context":246},345,{"file":200,"line":291,"context":246},349,{"file":200,"line":293,"context":246},560,{"file":200,"line":293,"context":246},{"file":200,"line":293,"context":246},{"file":200,"line":297,"context":246},577,{"file":200,"line":299,"context":246},582,{"file":200,"line":301,"context":246},586,{"file":200,"line":303,"context":246},602,{"file":200,"line":305,"context":246},607,{"file":200,"line":307,"context":246},624,{"file":200,"line":309,"context":246},631,{"file":200,"line":311,"context":246},634,{"file":200,"line":313,"context":246},638,{"file":200,"line":315,"context":246},647,{"file":200,"line":317,"context":246},654,{"file":200,"line":319,"context":246},657,{"file":200,"line":321,"context":246},661,{"file":200,"line":323,"context":246},735,{"file":200,"line":323,"context":246},{"file":200,"line":326,"context":246},761,{"file":200,"line":326,"context":246},{"file":200,"line":326,"context":246},{"file":330,"line":225,"context":246},"custom.php",{"file":330,"line":332,"context":246},24,{"file":330,"line":332,"context":246},{"file":330,"line":335,"context":246},25,{"file":156,"line":337,"context":246},138,{"file":156,"line":339,"context":246},139,{"file":156,"line":248,"context":246},{"file":156,"line":342,"context":246},145,{"file":156,"line":344,"context":246},150,{"file":156,"line":346,"context":246},153,{"file":156,"line":348,"context":246},189,{"file":156,"line":350,"context":246},192,{"file":156,"line":352,"context":246},282,{"file":156,"line":354,"context":246},360,{"file":156,"line":356,"context":246},361,[],[359,389,405,420,437,449,464,474,486,497,506],{"entryPoint":360,"graph":361,"unsanitizedCount":388,"severity":39},"widget_logic_visual_save (ajax.php:20)",{"nodes":362,"edges":384},[363,367,373,376,380],{"id":364,"type":365,"label":366,"file":200,"line":174},"n0","source","$_POST (x2)",{"id":368,"type":369,"label":370,"file":200,"line":371,"wp_function":372},"n1","sink","update_option() [Settings Manipulation]",34,"update_option",{"id":374,"type":365,"label":375,"file":200,"line":190},"n2","$_POST",{"id":377,"type":378,"label":379,"file":200,"line":190},"n3","transform","→ widget_logic_visual_list_visibility_options()",{"id":381,"type":369,"label":382,"file":200,"line":291,"wp_function":383},"n4","echo() [XSS]","echo",[385,386,387],{"from":364,"to":368,"sanitized":198},{"from":374,"to":377,"sanitized":198},{"from":377,"to":381,"sanitized":198},3,{"entryPoint":390,"graph":391,"unsanitizedCount":388,"severity":39},"widget_logic_visual_update (ajax.php:43)",{"nodes":392,"edges":401},[393,395,397,399,400],{"id":364,"type":365,"label":366,"file":200,"line":394},45,{"id":368,"type":369,"label":370,"file":200,"line":396,"wp_function":372},56,{"id":374,"type":365,"label":375,"file":200,"line":398},58,{"id":377,"type":378,"label":379,"file":200,"line":398},{"id":381,"type":369,"label":382,"file":200,"line":291,"wp_function":383},[402,403,404],{"from":364,"to":368,"sanitized":198},{"from":374,"to":377,"sanitized":198},{"from":377,"to":381,"sanitized":198},{"entryPoint":406,"graph":407,"unsanitizedCount":388,"severity":39},"widget_logic_visual_delete (ajax.php:67)",{"nodes":408,"edges":416},[409,411,412,414,415],{"id":364,"type":365,"label":366,"file":200,"line":410},69,{"id":368,"type":369,"label":370,"file":200,"line":61,"wp_function":372},{"id":374,"type":365,"label":375,"file":200,"line":413},78,{"id":377,"type":378,"label":379,"file":200,"line":413},{"id":381,"type":369,"label":382,"file":200,"line":291,"wp_function":383},[417,418,419],{"from":364,"to":368,"sanitized":198},{"from":374,"to":377,"sanitized":198},{"from":377,"to":381,"sanitized":198},{"entryPoint":421,"graph":422,"unsanitizedCount":104,"severity":39},"widget_logic_visual_update_conditional_tags (ajax.php:86)",{"nodes":423,"edges":433},[424,427,429,431,432],{"id":364,"type":365,"label":425,"file":200,"line":426},"$_POST (x4)",89,{"id":368,"type":369,"label":370,"file":200,"line":428,"wp_function":372},91,{"id":374,"type":365,"label":375,"file":200,"line":430},94,{"id":377,"type":378,"label":379,"file":200,"line":430},{"id":381,"type":369,"label":382,"file":200,"line":291,"wp_function":383},[434,435,436],{"from":364,"to":368,"sanitized":198},{"from":374,"to":377,"sanitized":198},{"from":377,"to":381,"sanitized":198},{"entryPoint":438,"graph":439,"unsanitizedCount":28,"severity":39},"widget_logic_visual_update_visibility (ajax.php:103)",{"nodes":440,"edges":446},[441,443,445],{"id":364,"type":365,"label":375,"file":200,"line":442},107,{"id":368,"type":378,"label":444,"file":200,"line":442},"→ widget_logic_visual_list_visibility_on_widget()",{"id":374,"type":369,"label":382,"file":330,"line":225,"wp_function":383},[447,448],{"from":364,"to":368,"sanitized":198},{"from":368,"to":374,"sanitized":198},{"entryPoint":450,"graph":451,"unsanitizedCount":388,"severity":39},"widget_logic_visual_options (ajax.php:116)",{"nodes":452,"edges":460},[453,455,456,458,459],{"id":364,"type":365,"label":366,"file":200,"line":454},118,{"id":368,"type":369,"label":382,"file":200,"line":248,"wp_function":383},{"id":374,"type":365,"label":375,"file":200,"line":457},131,{"id":377,"type":378,"label":379,"file":200,"line":457},{"id":381,"type":369,"label":382,"file":200,"line":291,"wp_function":383},[461,462,463],{"from":364,"to":368,"sanitized":198},{"from":374,"to":377,"sanitized":198},{"from":377,"to":381,"sanitized":198},{"entryPoint":465,"graph":466,"unsanitizedCount":473,"severity":39},"widget_logic_visual_conditional_tags (ajax.php:183)",{"nodes":467,"edges":471},[468,470],{"id":364,"type":365,"label":425,"file":200,"line":469},185,{"id":368,"type":369,"label":382,"file":200,"line":254,"wp_function":383},[472],{"from":364,"to":368,"sanitized":198},4,{"entryPoint":475,"graph":476,"unsanitizedCount":28,"severity":39},"widget_logic_visual_add_options (ajax.php:476)",{"nodes":477,"edges":483},[478,480,482],{"id":364,"type":365,"label":375,"file":200,"line":479},485,{"id":368,"type":378,"label":481,"file":200,"line":479},"→ widget_logic_visual_more_extra_control()",{"id":374,"type":369,"label":382,"file":200,"line":321,"wp_function":383},[484,485],{"from":364,"to":368,"sanitized":198},{"from":368,"to":374,"sanitized":198},{"entryPoint":487,"graph":488,"unsanitizedCount":28,"severity":39},"widget_logic_visual_edit_options (ajax.php:495)",{"nodes":489,"edges":494},[490,492,493],{"id":364,"type":365,"label":375,"file":200,"line":491},501,{"id":368,"type":378,"label":481,"file":200,"line":491},{"id":374,"type":369,"label":382,"file":200,"line":321,"wp_function":383},[495,496],{"from":364,"to":368,"sanitized":198},{"from":368,"to":374,"sanitized":198},{"entryPoint":498,"graph":499,"unsanitizedCount":28,"severity":39},"widget_logic_visual_more_extra_control (ajax.php:509)",{"nodes":500,"edges":504},[501,503],{"id":364,"type":365,"label":502,"file":200,"line":301},"$_POST['visOption']",{"id":368,"type":369,"label":382,"file":200,"line":301,"wp_function":383},[505],{"from":364,"to":368,"sanitized":198},{"entryPoint":507,"graph":508,"unsanitizedCount":548,"severity":39},"\u003Cajax> (ajax.php:0)",{"nodes":509,"edges":538},[510,512,513,515,516,517,519,522,524,526,528,530,532,534,536],{"id":364,"type":365,"label":511,"file":200,"line":174},"$_POST (x10)",{"id":368,"type":369,"label":370,"file":200,"line":371,"wp_function":372},{"id":374,"type":365,"label":514,"file":200,"line":454},"$_POST (x17)",{"id":377,"type":369,"label":382,"file":200,"line":248,"wp_function":383},{"id":381,"type":365,"label":502,"file":200,"line":301},{"id":518,"type":369,"label":382,"file":200,"line":301,"wp_function":383},"n5",{"id":520,"type":365,"label":521,"file":200,"line":190},"n6","$_POST (x5)",{"id":523,"type":378,"label":379,"file":200,"line":190},"n7",{"id":525,"type":369,"label":382,"file":200,"line":291,"wp_function":383},"n8",{"id":527,"type":365,"label":375,"file":200,"line":442},"n9",{"id":529,"type":378,"label":444,"file":200,"line":442},"n10",{"id":531,"type":369,"label":382,"file":330,"line":225,"wp_function":383},"n11",{"id":533,"type":365,"label":366,"file":200,"line":479},"n12",{"id":535,"type":378,"label":481,"file":200,"line":479},"n13",{"id":537,"type":369,"label":382,"file":200,"line":321,"wp_function":383},"n14",[539,540,541,542,543,544,545,546,547],{"from":364,"to":368,"sanitized":198},{"from":374,"to":377,"sanitized":198},{"from":381,"to":518,"sanitized":198},{"from":520,"to":523,"sanitized":198},{"from":523,"to":525,"sanitized":198},{"from":527,"to":529,"sanitized":198},{"from":529,"to":531,"sanitized":198},{"from":533,"to":535,"sanitized":198},{"from":535,"to":537,"sanitized":198},36,{"summary":550,"deductions":551},"The plugin 'widget-logic-visual' v1.52 presents a significant security risk due to its extensive unprotected attack surface and a history of vulnerabilities. While the plugin utilizes prepared statements for SQL queries, this is overshadowed by the fact that none of its 10 AJAX handlers have authentication checks. This creates a wide entry point for attackers to potentially exploit other weaknesses within the plugin.\n\nThe static analysis reveals a concerning lack of proper output escaping, with 0% of 60 outputs being escaped. This, coupled with the 11 unsanitized path taint flows, strongly suggests a high probability of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history confirms this, indicating a past medium-severity XSS vulnerability that is currently unpatched and was recently discovered, raising concerns about the plugin's ongoing maintenance and security practices.\n\nIn conclusion, despite the use of prepared statements for SQL, the plugin's security posture is weak. The combination of unprotected AJAX endpoints, widespread unescaped output, unsanitized taint flows, and an unpatched historical vulnerability makes this plugin a considerable risk. Users should exercise extreme caution and consider disabling or replacing it until these critical issues are addressed.",[552,554,556,558,560,562],{"reason":553,"points":173},"10 unprotected AJAX handlers",{"reason":555,"points":233},"0% properly escaped output",{"reason":557,"points":173},"11 flows with unsanitized paths",{"reason":559,"points":233},"1 unpatched CVE (medium severity)",{"reason":561,"points":14},"Lack of nonce checks on AJAX handlers",{"reason":563,"points":14},"Lack of capability checks on AJAX handlers","2026-03-16T20:19:29.342Z",{"wat":566,"direct":574},{"assetPaths":567,"generatorPatterns":571,"scriptPaths":572,"versionParams":573},[568,569,570],"\u002Fwp-content\u002Fplugins\u002Fwidget-logic-visual\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwidget-logic-visual\u002Fcss\u002Fjquery.nyromodal.css","\u002Fwp-content\u002Fplugins\u002Fwidget-logic-visual\u002Fjs\u002Fjquery.nyromodal.js",[],[570],[],{"cssClasses":575,"htmlComments":577,"htmlAttributes":578,"restEndpoints":583,"jsGlobals":585,"shortcodeOutput":587},[576],"nwlv-widget-visibility",[],[579,580,581,582],"id=\"widget-logic-more-options-","id=\"widget-logic-options-","id=\"visibility-","class=\"nwlv-widget-visibility\"",[584],"\u002Fwp-json\u002Fwidget-logic-options",[586],"jQuery.nmData",[]]