[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1h9cIbkkmyXo4p9PNa8We5eo6hnmt4qBrIm9Otmz-fI":3,"$fdfMm8otFxMERH_jK_BBou8aDyYd1m10iUtfr750Llz0":464,"$fJEYKZjPa08w1SlFoAMBlft45wNNFr1jmTOagwHKHx_c":469},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":58,"analysis":165,"fingerprints":443},"widget-manager-light","Widget Manager Light","1.18","OTWthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fotwthemes\u002F","\u003Cp>Widget Manager gives you full control over widget visibility via nice and easy interface.\u003C\u002Fp>\n\u003Cp>Every widget can now be displayed on or hidden from one or few pages. Display relevent content on your pages, posts, categories, tags, archives, custom post types, custom taxonomies, page templates, WordPress service pages, etc..\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Upgrade to the Pro version of this plugin – the worlds most complete Sidebar and Widget management system for WordPress including regular updates and premium support:\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002F1.envato.market\u002Fc\u002F1246358\u002F275988\u002F4415?subId1=sbm&subId2=2020&subId3=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fsidebar-widget-manager-for-wordpress%2F2287447&u=https%3A%2F%2Fcodecanyon.net%2Fitem%2Fsidebar-widget-manager-for-wordpress%2F2287447\" rel=\"nofollow ugc\">Sidebar and Widget Manager\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fotwthemes.com\u002Fdemos\u002F1ts\u002F?item=Sidebar%20Widget%20Manager&utm_source=wp.org&utm_medium=page&utm_content=upgrade&utm_campaign=wml\" rel=\"nofollow ugc\">Demo site\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Display widgets based on language(WMPL plugin) or user role is available as well.\u003C\u002Fp>\n\u003Cp>Support for WooCommerce plugin, bbPress plugin and BuddyPress plugin has been added too.\u003C\u002Fp>\n\u003Cp>This plugin works with all widgedets – WordPress default and any custom added widget.\u003C\u002Fp>\n\u003Cp>The interface is very intuitive and requires no coding knowledge at all.\u003C\u002Fp>\n\u003Cp>How Widget Manager Light works\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to Appearance -> Widgets.\u003C\u002Fli>\n\u003Cli>Select a Widget in any sidebar.\u003C\u002Fli>\n\u003Cli>Click on the Set Visibility button.\u003C\u002Fli>\n\u003Cli>Select where to display on or hide from.\u003C\u002Fli>\n\u003C\u002Ful>\n","Widget Manager lets you control on which pages widgets appear via nice and easy interface. Show or hide widgets. Display relevant content on your page &hellip;",600,48994,76,11,"2022-03-03T06:42:00.000Z","5.9.13","3.0","",[20,21,22,23,24],"admin","conditional-tags","context","filter","hide-widgets","http:\u002F\u002Fotwthemes.com\u002F?utm_source=wp.org&utm_medium=admin&utm_content=site&utm_campaign=wml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.zip",64,1,"2025-04-02 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-31768","widget-manager-light-missing-authorization","Widget Manager Light \u003C= 1.18 - Missing Authorization","The Widget Manager Light plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.18. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.18","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-04-08 15:32:33",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fab2a011e-73c5-4fb9-a8d2-aaa2756d93f9?source=api-prod",[],false,0,{"slug":51,"display_name":7,"profile_url":8,"plugin_count":52,"total_installs":53,"avg_security_score":54,"avg_patch_time_days":55,"trust_score":56,"computed_at":57},"otwthemes",12,5760,66,30,70,"2026-05-20T02:05:33.864Z",[59,79,102,125,145],{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":17,"requires_php":18,"tags":73,"homepage":75,"download_link":76,"security_score":77,"vuln_count":28,"unpatched_count":28,"last_vuln_date":78,"fetched_at":30},"widget-logic-visual","Widget Logic Visual","1.52","totalbounty","https:\u002F\u002Fprofiles.wordpress.org\u002Ftotalbounty\u002F","\u003Cp>Control, limit, and restrict what webpages widgets are shown on – point and click visual display.  Replaces original widget logic plugin because anyone can use it easily without knowing any code or template tags, “it just works”.\u003C\u002Fp>\n\u003Cp>\u003Cem>UPDATE\u003C\u002Fem> – now contains ability to visually add widget limitations or exceptions for display OR the ability to add conditional tag code (for advanced users).  You get the best of both worlds!\u003C\u002Fp>\n\u003Cp>The original Widget Logic plugin is very useful because it allows you to restrict the display of widgets to specific pages using WordPress “conditional tags”.  The only problem is that non-technical people don’t know how to use conditional tags.\u003C\u002Fp>\n\u003Cp>Another Plugin by: \u003Ca href=\"http:\u002F\u002Fwww.totalbounty.com\" title=\"Total Bounty Marketplace\" rel=\"nofollow ugc\">Total Bounty Marketplace\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>WordPress is now used by nearly 70 million websites worldwide and the majority of those website owners are non-technical people.  We created Widget Logic Visual Version for all of those people.  Now you can easily just point and click what sections of your WordPress website you want a widget to display on without knowing code, or “conditional tags” or any of that at all.\u003C\u002Fp>\n\u003Cp>You can select to restrict view of widgets to the homepage, specific posts or pages, tags or categories, author pages, etc.  You can create just about any combination of any of those you’d like as well.\u003C\u002Fp>\n\u003Cp>For instance, you could choose to display a widget on only the homepage and your “about” page, or specific tag or category pages – nearly any combination you can think of.\u003C\u002Fp>\n\u003Cp>Here’s a video tutorial:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FApP2A3rWtyU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Post plugins questions and comments in the forum:  \u003Ca href=\"http:\u002F\u002Fwww.totalbounty.com\u002Fforums\u002Ftopic\u002Fwidget-logic-visual-version\u002F\" title=\"Widget Logic Visual Forum\" rel=\"nofollow ugc\">Widget Logic Visual Forum\u003C\u002Fa>\u003C\u002Fp>\n","Widget Logic Visual Version lets you control on which pages widgets appear using WP's conditional tags without having to know how conditional tag &hellip;",200,38431,54,7,"2012-02-28T14:32:00.000Z","3.3.2",[20,21,22,23,74],"widget","http:\u002F\u002Fwww.totalbounty.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-logic-visual.zip",63,"2026-01-27 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":49,"last_vuln_date":101,"fetched_at":30},"conditional-menus","Conditional Menus","1.2.7","themifyme","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemifyme\u002F","\u003Cp>Conditional Menus is a simple yet useful WordPress plugin by \u003Ca href=\"https:\u002F\u002Fthemify.me\u002F\" rel=\"nofollow ugc\">Themify\u003C\u002Fa>, which allows you to swap the menus in the theme as per specific conditions. In short, you can have different menus in different posts, pages, categories, archive pages, etc. It works with any WordPress theme that uses the standard WordPress menu function.\u003C\u002Fp>\n\u003Ch3>How to use it\u003C\u002Fh3>\n\u003Cp>Once you activate the plugin, you will see the conditional menus on the Manage Locations tab located in your WP Admin > Appearance > Menus page.\u003C\u002Fp>\n\u003Cp>1) To add conditional menu: click “Conditional Menu” and select a menu from the list (you can create these menus in the “Edit Menus” tab)\u003Cbr \u002F>\n   – You can remove the menu by selecting “Disable Menu” from the list.\u003Cbr \u002F>\n2) Click on “+ Conditions” to add conditions in the modal box (tick the checkboxes where you want the menu to appear)\u003Cbr \u002F>\n3) To remove the conditional menus, click on the “X” button\u003C\u002Fp>\n\u003Cp>Visit https:\u002F\u002Fthemify.me\u002Fconditional-menus for more details.\u003C\u002Fp>\n","This plugin enables you to set conditional menus per posts, pages, categories, archive pages, etc.",60000,887911,88,72,"2026-02-17T20:29:00.000Z","6.9.4","4.0",[20,21,22,95,96],"menu","menu-items","https:\u002F\u002Fthemify.me\u002Fconditional-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconditional-menus.1.2.7.zip",98,2,"2026-03-25 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":18,"tags":117,"homepage":122,"download_link":123,"security_score":124,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"admin-taxonomy-filter","Admin Taxonomy Filter","1.0.5","Anh Tran","https:\u002F\u002Fprofiles.wordpress.org\u002Frilwis\u002F","\u003Cp>\u003Cstrong>Admin Taxonomy Filter\u003C\u002Fstrong> helps you to filter posts or custom post types in the admin area (the post list table) by custom taxonomies. It’s similar to filter posts by categories, which is supported by default.\u003C\u002Fp>\n\u003Cp>The plugin supports filter by multiple taxonomies and has settings to let you choose which taxonomies are filterable.\u003C\u002Fp>\n\u003Cp>The plugin is open source and hosted on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frilwis\u002Fadmin-taxonomy-filter\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. If you have any problem or feedback, please open an issue.\u003C\u002Fp>\n\u003Ch3>You might also like\u003C\u002Fh3>\n\u003Cp>If you like this plugin, you might also like our other WordPress products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetabox.io\" rel=\"nofollow ugc\">Meta Box\u003C\u002Fa> – A powerful WordPress plugin for creating custom post types and custom fields.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpslimseo.com\" rel=\"nofollow ugc\">Slim SEO\u003C\u002Fa> – A fast, lightweight and full-featured SEO plugin for WordPress with minimal configuration.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgretathemes.com\" rel=\"nofollow ugc\">GretaThemes\u003C\u002Fa> – Free and premium WordPress themes that clean, simple and just work.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpautolistings.com\" rel=\"nofollow ugc\">Auto Listings\u003C\u002Fa> – A car sale and dealership plugin for WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Filter posts or custom post types in the admin area by custom taxonomies.",5000,57258,90,14,"2025-10-06T01:39:00.000Z","6.8.5","4.3",[20,118,119,120,121],"post-filter","post-list","taxonomy","taxonomy-filter","https:\u002F\u002Felightup.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-taxonomy-filter.1.0.5.zip",100,{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":56,"num_ratings":14,"last_updated":135,"tested_up_to":115,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":18,"download_link":143,"security_score":99,"vuln_count":28,"unpatched_count":49,"last_vuln_date":144,"fetched_at":30},"advanced-post-manager","Advanced Post Manager","4.5.5","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Cp>This is a tool for developers who want to turbo-charge their custom post type listings with metadata, taxonomies, and more. An intuitive interface for adding (and saving) complex filtersets is provided, along with a drag-and-drop interface for choosing and ordering columns to be displayed. Metaboxes are also automatically generated for all your metadata-entry needs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add columns to the post listing view\u003C\u002Fli>\n\u003Cli>Filter post listings by custom criteria\u003C\u002Fli>\n\u003Cli>Easily add metaboxes to custom post types\u003C\u002Fli>\n\u003Cli>Automatically add registered taxonomies to post listings\u003C\u002Fli>\n\u003Cli>Sort by post metadata\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See docs\u002Fdocumentation.html in the plugin directory for full documentation.\u003C\u002Fp>\n\u003Cp>The team at The Events Calendar stands by our work and offers light support every Wednesday to the community via the WordPress.org support forums. Feel free to ask a question if you’re having a problem with implementation or if you find bugs.\u003C\u002Fp>\n\u003Ch4>SUBMITTING PATCHES\u003C\u002Fh4>\n\u003Cp>If you’ve identified a bug and want to submit a patch, we’d welcome it at our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthe-events-calendar\u002Fadvanced-post-manager\" rel=\"nofollow ugc\">GitHub page for Advanced Post Manager.\u003C\u002Fa> Simply cue up your proposed patch as a pull request, and we’ll review as part of our monthly release cycle and merge into the codebase if appropriate from there. (If a pull request is rejected, we’ll do our best to tell you why). Users whose pull requests are accepted will receive credit in the plugin’s changelog. For more information, check out the readme at our GitHub page. Happy coding!\u003C\u002Fp>\n\u003Ch3>Add-Ons\u003C\u002Fh3>\n\u003Cp>But wait: there’s more! We’ve got a whole stable of plugins available to help you be awesome at what you do. Check out a full list of the products below, and over on \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F18wn\" rel=\"nofollow ugc\">our website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Our Free Plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fthe-events-calendar\u002F\" rel=\"ugc\">The Events Calendar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fevent-tickets\u002F\" rel=\"ugc\">Event Tickets\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgigpress\u002F\" rel=\"ugc\">GigPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-widget\u002F\" rel=\"ugc\">Image Widget\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Our Premium Plugins and Services:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002F18wi\" rel=\"nofollow ugc\">Events Calendar PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002F197u\" rel=\"nofollow ugc\">Event Aggregator\u003C\u002Fa> (service)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002F18wk\" rel=\"nofollow ugc\">Event Tickets Plus\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002F2g\" rel=\"nofollow ugc\">Community Events\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002F18wl\" rel=\"nofollow ugc\">Community Tickets\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002Ffa\" rel=\"nofollow ugc\">Filter Bar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fevnt.is\u002F2e\" rel=\"nofollow ugc\">Eventbrite Tickets\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Turbo charge your posts admin for any custom post type with sortable filters and columns, and auto-registration of metaboxes.",4000,146764,"2025-08-26T20:29:00.000Z","6.6","7.4",[139,140,141,23,142],"column","custom-post","developer-tools","wp-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-post-manager.4.5.5.zip","2022-07-15 00:00:00",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":133,"downloaded":153,"rating":154,"num_ratings":155,"last_updated":156,"tested_up_to":115,"requires_at_least":157,"requires_php":158,"tags":159,"homepage":163,"download_link":164,"security_score":124,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"woocommerce-filter-orders-by-product","Filter Orders by Product for WooCommerce","4.1.2","Kowsar Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fkowsar89\u002F","\u003Cp>Have you ever wanted to filter your order page results by a specific product? With this plugin, now you can!\u003C\u002Fp>\n\u003Cp>Once installed, a new filter dropdown will appear on the WooCommerce Orders screen, displaying a list of all products. Simply select a product and click the “Filter” button to view orders containing only that product.\u003C\u002Fp>\n\u003Cp>This plugin supports filtering orders by:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Product Name\u003C\u002Fli>\n\u003Cli>Product Category\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: This plugin is compatible with both WooCommerce’s new HPOS (High-Performance Order Storage) and the legacy WordPress posts storage. Whether you’re using HPOS or the traditional storage method, this plugin will work seamlessly.\u003C\u002Fp>\n","Simplify order management by filtering WooCommerce orders by any specific product or product category using this plugin",58213,94,15,"2025-09-21T17:12:00.000Z","3.0.1","5.6",[20,23,160,161,162],"order","product","woocommerce","http:\u002F\u002Fkowsarhossain.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-filter-orders-by-product.4.1.2.zip",{"attackSurface":166,"codeSignals":252,"taintFlows":372,"riskAssessment":424,"analyzedAt":442},{"hooks":167,"ajaxHandlers":241,"restRoutes":249,"shortcodes":250,"cronEvents":251,"entryPointCount":100,"unprotectedCount":100},[168,175,179,182,186,191,196,198,203,205,207,212,215,218,222,226,229,232,236],{"type":169,"name":170,"callback":171,"priority":172,"file":173,"line":174},"action","admin_menu","register_pages",1000000,"include\\otw_components\\otw_factory\\otw_factory.class.php",34,{"type":169,"name":176,"callback":177,"file":173,"line":178},"admin_print_styles","enqueue_admin_styles",36,{"type":169,"name":180,"callback":180,"file":173,"line":181},"admin_notices",38,{"type":23,"name":183,"callback":184,"file":173,"line":185},"pre_set_site_transient_update_plugins","change_plugin_transient",40,{"type":23,"name":187,"callback":188,"priority":189,"file":173,"line":190},"plugins_api","get_updates_info",10,42,{"type":169,"name":192,"callback":193,"priority":194,"file":195,"line":112},"wp_enqueue_scripts","enqueue_scripts",1000,"include\\otw_components\\otw_functions\\otw_component.class.php",{"type":169,"name":197,"callback":193,"priority":194,"file":195,"line":154},"admin_enqueue_scripts",{"type":23,"name":199,"callback":200,"file":201,"line":202},"posts_where","otw_sbm_post_by_title","include\\otw_sbm_core.php",930,{"type":23,"name":199,"callback":200,"file":201,"line":204},1006,{"type":23,"name":199,"callback":200,"file":201,"line":206},1572,{"type":169,"name":208,"callback":209,"file":210,"line":211},"plugins_loaded","otw_wml_plugin_loaded","otw_widget_manager.php",143,{"type":169,"name":170,"callback":213,"file":210,"line":214},"otw_wml_admin_actions",147,{"type":169,"name":180,"callback":216,"file":210,"line":217},"otw_wml_admin_notice",148,{"type":23,"name":219,"callback":220,"file":210,"line":221},"sidebars_widgets","otw_sidebars_widgets",149,{"type":23,"name":223,"callback":224,"file":210,"line":225},"otwfcr_notice","otw_wml_factory_message",150,{"type":169,"name":197,"callback":227,"file":210,"line":228},"enqueue_wml_scripts",154,{"type":169,"name":176,"callback":230,"file":210,"line":231},"enqueue_wml_styles",155,{"type":169,"name":233,"callback":234,"file":210,"line":235},"enqueue_block_editor_assets","otw_wml_add_block_assets",161,{"type":169,"name":237,"callback":238,"priority":239,"file":210,"line":240},"init","otw_wml_plugin_init",102,166,[242,246],{"action":243,"nopriv":48,"callback":244,"hasNonce":48,"hasCapCheck":48,"file":210,"line":245},"otw_wml_widget_dialog","otw_wml_ajax_widget_dialog",159,{"action":247,"nopriv":48,"callback":247,"hasNonce":48,"hasCapCheck":48,"file":210,"line":248},"otw_wml_items_by_type",160,[],[],[],{"dangerousFunctions":253,"sqlUsage":259,"outputEscaping":261,"fileOperations":370,"externalRequests":100,"nonceChecks":100,"capabilityChecks":49,"bundledLibraries":371},[254],{"fn":255,"file":256,"line":257,"context":258},"unserialize","include\\otw_components\\otw_functions\\otw_functions.php",596,"$value = unserialize( urldecode( $value ) );",{"prepared":49,"raw":49,"locations":260},[],{"escaped":262,"rawEcho":263,"locations":264},117,60,[265,268,270,272,275,276,278,280,282,284,286,288,290,292,294,296,298,299,300,302,303,305,307,309,310,311,313,315,317,319,322,323,325,328,330,332,334,335,336,338,339,340,342,343,344,346,348,349,350,352,355,357,358,360,362,363,364,365,366,368],{"file":173,"line":266,"context":267},142,"raw output",{"file":173,"line":269,"context":267},144,{"file":173,"line":271,"context":267},518,{"file":273,"line":274,"context":267},"include\\otw_components\\otw_factory\\views\\action_message.php",6,{"file":273,"line":189,"context":267},{"file":273,"line":277,"context":267},13,{"file":279,"line":70,"context":267},"include\\otw_components\\otw_factory\\views\\license_manager.php",{"file":279,"line":281,"context":267},21,{"file":279,"line":283,"context":267},24,{"file":279,"line":285,"context":267},27,{"file":279,"line":287,"context":267},43,{"file":279,"line":289,"context":267},50,{"file":279,"line":291,"context":267},55,{"file":279,"line":293,"context":267},56,{"file":279,"line":295,"context":267},59,{"file":279,"line":297,"context":267},61,{"file":279,"line":297,"context":267},{"file":279,"line":77,"context":267},{"file":279,"line":301,"context":267},71,{"file":279,"line":90,"context":267},{"file":279,"line":304,"context":267},84,{"file":279,"line":306,"context":267},95,{"file":279,"line":308,"context":267},96,{"file":279,"line":99,"context":267},{"file":279,"line":99,"context":267},{"file":279,"line":312,"context":267},109,{"file":279,"line":314,"context":267},110,{"file":279,"line":316,"context":267},119,{"file":279,"line":318,"context":267},121,{"file":320,"line":321,"context":267},"include\\otw_functions.php",85,{"file":320,"line":269,"context":267},{"file":320,"line":324,"context":267},227,{"file":326,"line":327,"context":267},"include\\otw_widget_dialog.php",104,{"file":326,"line":329,"context":267},145,{"file":326,"line":331,"context":267},295,{"file":326,"line":333,"context":267},332,{"file":326,"line":333,"context":267},{"file":326,"line":333,"context":267},{"file":326,"line":337,"context":267},364,{"file":326,"line":337,"context":267},{"file":326,"line":337,"context":267},{"file":326,"line":341,"context":267},366,{"file":326,"line":341,"context":267},{"file":326,"line":341,"context":267},{"file":326,"line":345,"context":267},384,{"file":326,"line":347,"context":267},385,{"file":326,"line":347,"context":267},{"file":326,"line":347,"context":267},{"file":326,"line":351,"context":267},386,{"file":353,"line":354,"context":267},"include\\otw_wml_items_by_type.php",86,{"file":353,"line":356,"context":267},277,{"file":353,"line":331,"context":267},{"file":353,"line":359,"context":267},316,{"file":353,"line":361,"context":267},326,{"file":353,"line":361,"context":267},{"file":353,"line":361,"context":267},{"file":353,"line":361,"context":267},{"file":353,"line":361,"context":267},{"file":353,"line":367,"context":267},342,{"file":353,"line":369,"context":267},363,9,[],[373,394,406],{"entryPoint":374,"graph":375,"unsanitizedCount":28,"severity":393},"otw_get (include\\otw_components\\otw_functions\\otw_functions.php:558)",{"nodes":376,"edges":390},[377,382,386],{"id":378,"type":379,"label":380,"file":256,"line":381},"n0","source","$_GET",560,{"id":383,"type":384,"label":385,"file":256,"line":381},"n1","transform","→ otw_req()",{"id":387,"type":388,"label":389,"file":256,"line":257,"wp_function":255},"n2","sink","unserialize() [Object Injection]",[391,392],{"from":378,"to":383,"sanitized":48},{"from":383,"to":387,"sanitized":48},"high",{"entryPoint":395,"graph":396,"unsanitizedCount":28,"severity":393},"otw_post (include\\otw_components\\otw_functions\\otw_functions.php:566)",{"nodes":397,"edges":403},[398,401,402],{"id":378,"type":379,"label":399,"file":256,"line":400},"$_POST",568,{"id":383,"type":384,"label":385,"file":256,"line":400},{"id":387,"type":388,"label":389,"file":256,"line":257,"wp_function":255},[404,405],{"from":378,"to":383,"sanitized":48},{"from":383,"to":387,"sanitized":48},{"entryPoint":407,"graph":408,"unsanitizedCount":100,"severity":393},"\u003Cotw_functions> (include\\otw_components\\otw_functions\\otw_functions.php:0)",{"nodes":409,"edges":419},[410,411,412,413,415,417],{"id":378,"type":379,"label":380,"file":256,"line":381},{"id":383,"type":384,"label":385,"file":256,"line":381},{"id":387,"type":388,"label":389,"file":256,"line":257,"wp_function":255},{"id":414,"type":379,"label":399,"file":256,"line":400},"n3",{"id":416,"type":384,"label":385,"file":256,"line":400},"n4",{"id":418,"type":388,"label":389,"file":256,"line":257,"wp_function":255},"n5",[420,421,422,423],{"from":378,"to":383,"sanitized":48},{"from":383,"to":387,"sanitized":48},{"from":414,"to":416,"sanitized":48},{"from":416,"to":418,"sanitized":48},{"summary":425,"deductions":426},"The widget-manager-light plugin exhibits a concerning security posture due to significant vulnerabilities in its attack surface and historical patterns. The presence of two unprotected AJAX handlers represents a critical entry point for attackers. This, combined with three high-severity taint flows with unsanitized paths, suggests a strong likelihood of exploitable vulnerabilities that could lead to unauthorized actions or data breaches.  While the plugin demonstrates good practices in using prepared statements for SQL queries and a substantial percentage of proper output escaping, these strengths are overshadowed by the identified weaknesses.\n\nThe plugin's vulnerability history, including a currently unpatched medium-severity CVE, further reinforces the elevated risk. The repeated pattern of \"Missing Authorization\" vulnerabilities indicates a systemic issue with how the plugin handles user permissions and controls access to its functionalities. While the plugin has some defensive measures like nonce checks, the lack of capability checks on its entry points is a major flaw.  In conclusion, the plugin has a weak security posture. While some code hygiene is present, the unprotected AJAX handlers, critical taint flows, and a history of authorization vulnerabilities make it a high-risk plugin that requires immediate attention and patching.",[427,429,431,433,436,439],{"reason":428,"points":189},"Unprotected AJAX handlers",{"reason":430,"points":52},"High severity taint flows with unsanitized paths",{"reason":432,"points":155},"Unpatched CVE (medium)",{"reason":434,"points":435},"Missing capability checks on entry points",8,{"reason":437,"points":438},"Dangerous function 'unserialize'",5,{"reason":440,"points":441},"Unescaped output (34%)",4,"2026-03-16T19:26:53.697Z",{"wat":444,"direct":455},{"assetPaths":445,"generatorPatterns":449,"scriptPaths":450,"versionParams":451},[446,447,448],"\u002Fwp-content\u002Fplugins\u002Fwidget-manager-light\u002Fcss\u002Fotw_sbm_admin.css","\u002Fwp-content\u002Fplugins\u002Fwidget-manager-light\u002Fjs\u002Fotw_widgets.js","\u002Fwp-content\u002Fplugins\u002Fwidget-manager-light\u002Fjs\u002Fotw_widgets_appearence.js",[],[447,448],[452,453,454],"widget-manager-light\u002Fjs\u002Fotw_widgets.js?ver=","widget-manager-light\u002Fjs\u002Fotw_widgets_appearence.js?ver=","widget-manager-light\u002Fcss\u002Fotw_sbm_admin.css?ver=",{"cssClasses":456,"htmlComments":457,"htmlAttributes":458,"restEndpoints":460,"jsGlobals":461,"shortcodeOutput":463},[],[],[459],"data-otw-wml-widget-id",[],[462],"otw_wml_plugin_url",[],{"error":465,"url":466,"statusCode":467,"statusMessage":468,"message":468},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwidget-manager-light\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":470,"versions":471},17,[472,480,488,496,504,512,520,528,536,544,552,560,568,576,584,592,600],{"version":473,"download_url":474,"svn_tag_url":475,"released_at":38,"has_diff":48,"diff_files_changed":476,"diff_lines":38,"trac_diff_url":477,"vulnerabilities":478,"is_current":48},"1.17","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.17.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.17\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.16&new_path=%2Fwidget-manager-light%2Ftags%2F1.17",[479],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":481,"download_url":482,"svn_tag_url":483,"released_at":38,"has_diff":48,"diff_files_changed":484,"diff_lines":38,"trac_diff_url":485,"vulnerabilities":486,"is_current":48},"1.16","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.16.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.16\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.15&new_path=%2Fwidget-manager-light%2Ftags%2F1.16",[487],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":489,"download_url":490,"svn_tag_url":491,"released_at":38,"has_diff":48,"diff_files_changed":492,"diff_lines":38,"trac_diff_url":493,"vulnerabilities":494,"is_current":48},"1.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.15\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.14&new_path=%2Fwidget-manager-light%2Ftags%2F1.15",[495],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":497,"download_url":498,"svn_tag_url":499,"released_at":38,"has_diff":48,"diff_files_changed":500,"diff_lines":38,"trac_diff_url":501,"vulnerabilities":502,"is_current":48},"1.14","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.14.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.14\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.13&new_path=%2Fwidget-manager-light%2Ftags%2F1.14",[503],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":505,"download_url":506,"svn_tag_url":507,"released_at":38,"has_diff":48,"diff_files_changed":508,"diff_lines":38,"trac_diff_url":509,"vulnerabilities":510,"is_current":48},"1.13","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.13.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.12&new_path=%2Fwidget-manager-light%2Ftags%2F1.13",[511],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":513,"download_url":514,"svn_tag_url":515,"released_at":38,"has_diff":48,"diff_files_changed":516,"diff_lines":38,"trac_diff_url":517,"vulnerabilities":518,"is_current":48},"1.12","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.12.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.12\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.11&new_path=%2Fwidget-manager-light%2Ftags%2F1.12",[519],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":521,"download_url":522,"svn_tag_url":523,"released_at":38,"has_diff":48,"diff_files_changed":524,"diff_lines":38,"trac_diff_url":525,"vulnerabilities":526,"is_current":48},"1.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.11.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.11\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.10&new_path=%2Fwidget-manager-light%2Ftags%2F1.11",[527],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":529,"download_url":530,"svn_tag_url":531,"released_at":38,"has_diff":48,"diff_files_changed":532,"diff_lines":38,"trac_diff_url":533,"vulnerabilities":534,"is_current":48},"1.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.9&new_path=%2Fwidget-manager-light%2Ftags%2F1.10",[535],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":537,"download_url":538,"svn_tag_url":539,"released_at":38,"has_diff":48,"diff_files_changed":540,"diff_lines":38,"trac_diff_url":541,"vulnerabilities":542,"is_current":48},"1.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.8&new_path=%2Fwidget-manager-light%2Ftags%2F1.9",[543],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":545,"download_url":546,"svn_tag_url":547,"released_at":38,"has_diff":48,"diff_files_changed":548,"diff_lines":38,"trac_diff_url":549,"vulnerabilities":550,"is_current":48},"1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.7&new_path=%2Fwidget-manager-light%2Ftags%2F1.8",[551],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":553,"download_url":554,"svn_tag_url":555,"released_at":38,"has_diff":48,"diff_files_changed":556,"diff_lines":38,"trac_diff_url":557,"vulnerabilities":558,"is_current":48},"1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.6&new_path=%2Fwidget-manager-light%2Ftags%2F1.7",[559],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":561,"download_url":562,"svn_tag_url":563,"released_at":38,"has_diff":48,"diff_files_changed":564,"diff_lines":38,"trac_diff_url":565,"vulnerabilities":566,"is_current":48},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.5&new_path=%2Fwidget-manager-light%2Ftags%2F1.6",[567],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":569,"download_url":570,"svn_tag_url":571,"released_at":38,"has_diff":48,"diff_files_changed":572,"diff_lines":38,"trac_diff_url":573,"vulnerabilities":574,"is_current":48},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.4&new_path=%2Fwidget-manager-light%2Ftags%2F1.5",[575],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":577,"download_url":578,"svn_tag_url":579,"released_at":38,"has_diff":48,"diff_files_changed":580,"diff_lines":38,"trac_diff_url":581,"vulnerabilities":582,"is_current":48},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.3&new_path=%2Fwidget-manager-light%2Ftags%2F1.4",[583],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":585,"download_url":586,"svn_tag_url":587,"released_at":38,"has_diff":48,"diff_files_changed":588,"diff_lines":38,"trac_diff_url":589,"vulnerabilities":590,"is_current":48},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.2&new_path=%2Fwidget-manager-light%2Ftags%2F1.3",[591],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":593,"download_url":594,"svn_tag_url":595,"released_at":38,"has_diff":48,"diff_files_changed":596,"diff_lines":38,"trac_diff_url":597,"vulnerabilities":598,"is_current":48},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwidget-manager-light%2Ftags%2F1.0&new_path=%2Fwidget-manager-light%2Ftags%2F1.2",[599],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":601,"download_url":602,"svn_tag_url":603,"released_at":38,"has_diff":48,"diff_files_changed":604,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":605,"is_current":48},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-manager-light.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwidget-manager-light\u002Ftags\u002F1.0\u002F",[],[606],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38}]