[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9I_mAUAHM9arnELiuyWxJH7vsCc6LekqrCYDIw9zIWk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":46,"crawl_stats":35,"alternatives":52,"analysis":162,"fingerprints":235},"wiredminds-leadlab","LeadLab by wiredminds","1.4.3","wiredmindshelp","https:\u002F\u002Fprofiles.wordpress.org\u002Fwiredmindshelp\u002F","\u003Cp>This Plugin will provide a Tracking-Code for LeadLab (powered by WiredMinds). The code will be placed in front of the closed body tag to each page rendered by WordPress.\u003Cbr \u002F>\nThe User has only to use his customer number in the plugin configuration.\u003C\u002Fp>\n","Integration of the Wiredminds LeadLab trackingcode.",100,2728,1,"2025-07-11T07:27:00.000Z","6.4.8","4.8.1","7.4",[19,20,21,22],"leadlab","tracking-code","webanalyser","wiredminds","https:\u002F\u002Fgithub.com\u002Fwiredminds-gmbh\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwiredminds-leadlab.1.4.3.zip",99,0,"2025-04-01 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-31568","leadlab-by-wiredminds-reflected-cross-site-scripting","LeadLab by wiredminds \u003C= 1.3 - Reflected Cross-Site Scripting","The LeadLab by wiredminds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.3","1.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-11 15:56:30",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb1106654-a36d-47a5-9db8-a897a0a45ef3?source=api-prod",102,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":45,"trust_score":50,"computed_at":51},3,110,94,75,"2026-04-04T19:07:05.779Z",[53,75,94,117,141],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":11,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":67,"download_link":73,"security_score":74,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"addfunc-head-footer-code","AddFunc Head & Footer Code","2.3","AddFunc","https:\u002F\u002Fprofiles.wordpress.org\u002Faddfunc\u002F","\u003Cp>Allows administrators to add code to the \u003Ccode>\u003Chead>\u003C\u002Fcode> and\u002For footer of an individual post (or page or other content) and\u002For site-wide. Ideal for scripts such as Google Analytics conversion tracking code and any other general or page-specific JavaScript. A very simple, reliable and lightweight plugin.\u003C\u002Fp>\n","Easily add code to your head, footer and\u002For immediately after the opening body tag, site-wide and\u002For on any individual page\u002Fpost.",20000,234825,25,"2019-05-29T19:41:00.000Z","5.2.24","3.0.1","",[69,70,71,72,20],"add-to-head","footer-code","head-code","per-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddfunc-head-footer-code.2.3.zip",85,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":11,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":67,"download_link":93,"security_score":74,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"embed-code","Embed Code – Headers & Footers by DesignBombs","2.0.4","designbombs","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignbombs\u002F","\u003Cp>Easily insert or embed header and footer code in WordPress. Embed Code makes embedding global or page\u002Fpost-specific header and footer code super easy. It can be used to add almost anything, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics tracking code\u003C\u002Fli>\n\u003Cli>Site verification snippets\u003C\u002Fli>\n\u003Cli>Typekit font scripts\u003C\u002Fli>\n\u003Cli>Custom CSS\u003C\u002Fli>\n\u003Cli>Custom JavaScript\u003C\u002Fli>\n\u003Cli>Optimizely embed code\u003C\u002Fli>\n\u003Cli>Facebook tracking pixel\u003C\u002Fli>\n\u003Cli>Live chat integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It even supports embedding code on custom post types!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is maintained by folks over at \u003Ca href=\"http:\u002F\u002Fdesignbombs.com\" rel=\"nofollow ugc\">DesignBombs.com\u003C\u002Fa>. If you are looking to start a new website, checkout their guide on \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">how to create a website\u003C\u002Fa>. They also have in-depth guides on other topics like how to \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fbest-wordpress-hosting\" rel=\"nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fhow-to-start-a-blog\u002F\" rel=\"nofollow ugc\">how to start a blog\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fwordpress-security\u002F\" rel=\"nofollow ugc\">WordPress security\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to embed code in the head or footer of your site, globally or on a per-page\u002Fpost basis.",5000,59115,6,"2021-08-04T08:03:00.000Z","5.8.13","4.7.0","5.4",[76,91,70,92,20],"embed-javascript","header-code","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-code.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":49,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":114,"download_link":115,"security_score":11,"vuln_count":13,"unpatched_count":26,"last_vuln_date":116,"fetched_at":28},"bws-google-analytics","Analytics by BestWebSoft – Google Analytics Dashboard and Statistic Plugin for WordPress","2.0","bestweblayout","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestweblayout\u002F","\u003Cp>Analytics plugin is the best way to view Google Analytics on your WordPress website dashboard. Configure the reporting mode, select the metrics you need, set the time range for your statistic displaying and keep tracking your WordPress website statistics.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-analytics\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fu6GCmG2SYIg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add single tracking code\u003C\u002Fli>\n\u003Cli>Choose statistics view mode:\n\u003Cul>\n\u003Cli>Line chart\u003C\u002Fli>\n\u003Cli>Table\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Choose statistics time range\u003C\u002Fli>\n\u003Cli>Supports several webproperties for the statistics displaying\u003C\u002Fli>\n\u003Cli>Choose statistics metrics:\n\u003Cul>\n\u003Cli>Visitor\n\u003Cul>\n\u003Cli>Unique visitors\u003C\u002Fli>\n\u003Cli>New visits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Session\n\u003Cul>\n\u003Cli>Visits\u003C\u002Fli>\n\u003Cli>Bounce rate\u003C\u002Fli>\n\u003Cli>Average visit duration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Page Tracking\n\u003Cul>\n\u003Cli>Pageviews\u003C\u002Fli>\n\u003Cli>Page\u002FVisit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Incredibly simple settings for fast setup without modifying code\u003C\u002Fli>\n\u003Cli>Detailed step-by-step documentation and videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All features from Free version included plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View visual statistics\u003C\u002Fli>\n\u003Cli>View visual statistics for URL\u003C\u002Fli>\n\u003Cli>Choose statistics metrics:\n\u003Cul>\n\u003Cli>Session\u003C\u002Fli>\n\u003Cli>Revenue\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Save statistics to scv\u003C\u002Fli>\n\u003Cli>Get answer to your support question within one business day (\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fsupport-policy\u002F\" rel=\"nofollow ugc\">Support Policy\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fbws-google-analytics\u002F?k=5891b1a2761b39cd5706eba26c3af1d4\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1crUDzT-SASTmoj3M6lJcR4CyRzCp9Ge1l2-BcsUotZY\u002F\" rel=\"nofollow ugc\">[Doc] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1-hvn6WRvWnOqj5v5pLUk7Awyu87lq5B_dO-Tv-MC9JQ\u002F\" rel=\"nofollow ugc\">[Doc] Installation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1EUdBVvnm7IHZ6y0DNyldZypUQKpB8UVPToSc_LdOYQI\u002F\" rel=\"nofollow ugc\">[Doc] Purchase\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Visit our Help Center if you have any questions, our friendly Support Team is happy to help — \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.bestwebsoft.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Russian (ru_RU)\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) (thanks to \u003Ca href=\"mailto:jmbescos@ibidemgroup.com\" rel=\"nofollow ugc\">Jose Bescos\u003C\u002Fa> – www.ibidemgroup.com)\u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">the text of PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">BestWebSoft\u003C\u002Fa> and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO \u003Ca href=\"https:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">files Poedit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=b0536eca91f29f7603d42d53f5fd3990\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add Google Analytics code to WordPress website and track basic stats.",1000,90431,23,"2025-06-09T10:31:00.000Z","6.8.5","5.6",[109,110,111,112,113],"add-tracking-code","analytics","display-statistic-report","google-analytics","google-analytics-plugin","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fbws-google-analytics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbws-google-analytics.2.0.zip","2017-04-12 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":11,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":138,"download_link":139,"security_score":140,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"wp-tracking-codes","Wp Tracking Codes","1.9.3","Heitor_tito","https:\u002F\u002Fprofiles.wordpress.org\u002Fheitor_tito\u002F","\u003Cp>The tracking codes in one place.\u003Cbr \u002F>\nSupport: Google Tag Manager, Google Analytics 4 Global Tag, Google ADS Remarketing Global Tag, Google Merchant Customer Reviews for WooCommerce, Facebook Pixel Code.\u003C\u002Fp>\n","The tracking codes in one place. Support: Google Tag Manager, GA 4 Global Tag, Google ADS Remarketing Global Tag,Google Merchant Reviews,Facebook Pixe …",900,28446,4,"2024-10-29T02:40:00.000Z","6.6.5","5.2.0","7.2",[133,134,135,136,137],"ads","facebook","ga4","gtm","tracking-codes","https:\u002F\u002Fbr.wordpress.org\u002Fplugins\u002Fwp-tracking-codes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tracking-codes.1.9.3.zip",92,{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":26,"num_ratings":26,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":107,"tags":154,"homepage":158,"download_link":159,"security_score":160,"vuln_count":13,"unpatched_count":26,"last_vuln_date":161,"fetched_at":28},"content-snippet-manager","Content Snippet Manager","1.1.6","alexvtn","https:\u002F\u002Fprofiles.wordpress.org\u002Falexvtn\u002F","\u003Cp>\u003Cstrong>Content Snippet Manager plugin\u003C\u002Fstrong> allows you to create and manage unlimited numbers of HTML and WordPress shortcodes in your WordPress content\u003Cbr \u002F>\nYou will be able to choose the position and the destination of each snippet.\u003C\u002Fp>\n\u003Cp>For example, you may need to insert an Amazon banner or a subscription newsletter shortcode at the middle or at the end of all posts, you can do it using our plugin, without being forced to edit manually each WordPress post.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong> Javascript code, conversion script or custom css codes are not allowed on the free version, they will be removed from the WordPress editor.\u003C\u002Fp>\n\u003Cp>To insert an header, body, footer or conversion snippet, you can configure one of available shortcode.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdemo.themeinprogress.eu\u002Fcontent-snippet-manager-pro\u002Fconversion-shortcodes\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.themeinprogress.eu\u002Fcontent-snippet-manager-pro\u002Fconversion-shortcodes\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Premium features.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Header snippets\u003C\u002Fstrong>\u003Cbr \u002F>\n  You can insert your own Javascript and CSS code on the wp_head hook.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Body snippets\u003C\u002Fstrong>\u003Cbr \u002F>\n  You can insert your own Javascript and CSS code on the wp_body hook.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Footer snippets\u003C\u002Fstrong>\u003Cbr \u002F>\n  You can insert your own Javascript and CSS code on the wp_footer hook.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conversion snippets\u003C\u002Fstrong>\u003Cbr \u002F>\n  You can insert your own Javascript and CSS code inside the final thank you page of WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dynamic conversion values\u003C\u002Fstrong>\u003Cbr \u002F>\n  The dynamic conversion values allow you to use specific parameters of a WooCommerce order inside your snippet, when a user has been redirected to the final thank you page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Custom post type support\u003C\u002Fstrong>\u003Cbr \u002F>\n  You can include a snippet inside all available custom post types available on WordPress, instead of only the WordPress posts, pages and WooCommerce products.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Custom taxonomies support\u003C\u002Fstrong>\u003Cbr \u002F>\n  You can include a snippet inside all available custom taxonomies available on WordPress, instead of only the WordPress post categories, tags and WooCommerce categories.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Device selection\u003C\u002Fstrong>\u003Cbr \u002F>\n  Select one or more devices where you can load the content snippet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Role\u003C\u002Fstrong>\u003Cbr \u002F>\n  If needed, you can hide each snippet for specific user roles, like the administrator.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>You can get the premium version, from the following link:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.themeinprogress.com\u002Fcontent-snippet-manager\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.themeinprogress.com\u002Fcontent-snippet-manager\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Cp>Once you have installed the plugin, you just need to activate the plugin in order to enable it.\u003C\u002Fp>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>Content Snippet Manager will add a new admin page, where you can manage all snippets.\u003C\u002Fp>\n\u003Ch3>Translators\u003C\u002Fh3>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (Default)\u003C\u002Fli>\n\u003Cli>Italiano\u003C\u002Fli>\n\u003C\u002Ful>\n","Content Snippet Manager plugin allows you to create and manage unlimited numbers of HTML and WordPress shortcodes in your WordPress content",200,10622,"2025-02-01T18:57:00.000Z","6.7.5","3.5.0",[155,156,112,137,157],"conversion-tracking","facebook-conversion-pixel","woocommerce-tracking-code","https:\u002F\u002Fwww.themeinprogress.com\u002Fcontent-snippet-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-snippet-manager.1.1.6.zip",91,"2025-02-14 00:00:00",{"attackSurface":163,"codeSignals":183,"taintFlows":191,"riskAssessment":228,"analyzedAt":234},{"hooks":164,"ajaxHandlers":179,"restRoutes":180,"shortcodes":181,"cronEvents":182,"entryPointCount":26,"unprotectedCount":26},[165,171,175],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","admin_menu","wp_wm_add_links","leadlab.php",393,{"type":166,"name":172,"callback":173,"file":169,"line":174},"wp_footer","wp_wm_pixel",394,{"type":166,"name":176,"callback":177,"file":169,"line":178},"admin_init","wp_wm_add_security_headers",395,[],[],[],[],{"dangerousFunctions":184,"sqlUsage":185,"outputEscaping":187,"fileOperations":26,"externalRequests":26,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":190},[],{"prepared":26,"raw":26,"locations":186},[],{"escaped":188,"rawEcho":26,"locations":189},9,[],[],[192,211],{"entryPoint":193,"graph":194,"unsanitizedCount":26,"severity":210},"wp_wm_handle_form_submission (leadlab.php:72)",{"nodes":195,"edges":207},[196,201],{"id":197,"type":198,"label":199,"file":169,"line":200},"n0","source","$_POST (x2)",97,{"id":202,"type":203,"label":204,"file":169,"line":205,"wp_function":206},"n1","sink","update_option() [Settings Manipulation]",109,"update_option",[208],{"from":197,"to":202,"sanitized":209},true,"low",{"entryPoint":212,"graph":213,"unsanitizedCount":26,"severity":210},"\u003Cleadlab> (leadlab.php:0)",{"nodes":214,"edges":225},[215,216,217,220],{"id":197,"type":198,"label":199,"file":169,"line":200},{"id":202,"type":203,"label":204,"file":169,"line":205,"wp_function":206},{"id":218,"type":198,"label":219,"file":169,"line":200},"n2","$_POST",{"id":221,"type":203,"label":222,"file":169,"line":223,"wp_function":224},"n3","echo() [XSS]",374,"echo",[226,227],{"from":197,"to":202,"sanitized":209},{"from":218,"to":221,"sanitized":209},{"summary":229,"deductions":230},"The wiredminds-leadlab plugin v1.4.3 demonstrates a generally strong security posture based on the static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength.  Furthermore, the code signals indicate a responsible development approach, with no dangerous functions, all SQL queries using prepared statements, and all output properly escaped. The presence of nonce and capability checks further reinforces this positive assessment.\n\nHowever, the plugin's vulnerability history raises a concern. The existence of one known CVE, even if currently unpatched and of medium severity, suggests that vulnerabilities have been discovered in the past. While the static analysis did not reveal any critical or high severity issues in the current version, the historical pattern of Cross-site Scripting (XSS) vulnerabilities implies a potential for undiscovered flaws or regressions. The lack of an identified attack surface is a positive sign for the current version, but the historical context warrants a cautious approach.\n\nIn conclusion, the wiredminds-leadlab plugin v1.4.3 appears to be well-developed with excellent security practices evident in its code. The static analysis reveals no immediate critical risks. Nevertheless, the past discovery of a medium-severity XSS vulnerability, though patched, indicates that diligent security monitoring and prompt updates are crucial for this plugin to maintain its security. Users should remain vigilant for future updates and advisories.",[231],{"reason":232,"points":233},"1 Medium Severity CVE historically",10,"2026-03-16T21:00:05.587Z",{"wat":236,"direct":245},{"assetPaths":237,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[238,239],"\u002Fwp-content\u002Fplugins\u002Fwiredminds-leadlab\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fwiredminds-leadlab\u002Fassets\u002Fcss\u002Fstyle.css",[],[238],[243,244],"wiredminds-leadlab\u002Fassets\u002Fjs\u002Fscript.js?ver=","wiredminds-leadlab\u002Fassets\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":246,"htmlComments":255,"htmlAttributes":260,"restEndpoints":264,"jsGlobals":265,"shortcodeOutput":269},[247,248,249,250,251,252,253,254],"wp-wm-form","wp-wm-label","wp-wm-input","wp-wm-description","wp-wm-submit","wp-wm-status","wp-wm-status active","wp-wm-status inactive",[256,257,258,259],"\u003C!-- LeadLab tracking code -->","\u003C!-- End LeadLab tracking code -->","\u003C!-- BEGIN: wiredminds LeadLab tracking code -->","\u003C!-- END: wiredminds LeadLab tracking code -->",[261,262,263],"pattern=\"[a-zA-Z0-9]{16}\"","title=\"Geben Sie genau 16 alphanumerische Zeichen ein\"","oninput=\"this.value = this.value.replace(\u002F[^a-zA-Z0-9]\u002Fg, '')\"",[],[266,267,268],"window.wiredminds = window.wiredminds || {};","window.wiredminds.leadlab = window.wiredminds.leadlab || {};","window.wiredminds.leadlab.trackingId = '%%TRACKING_ID%%';",[]]