[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkFkwBo60Y6b4Dj9ndOxP94H26zm8zrj9UhlY2KRBkug":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":49,"analysis":154,"fingerprints":562},"woo-tumblog","WooTumblog","2.1.4","jeffikus","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeffikus\u002F","\u003Cp>Create a tumblr style blog using this plugin. Simply install the plugin, add the easy to use tags to your theme, and your blog will be transformed into a Tumblr-style blog.  Create posts direct from the WordPress dashboard, your iPhone, or the familiar WordPress interface.\u003C\u002Fp>\n","Create a tumblr style blog using this plugin.",90,65344,30,2,"2014-02-07T10:28:00.000Z","3.7.41","3.2.1","",[20,21,22,23,24],"custom-taxonomy","post","quickpress","tumblog","tumblr","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwoo-tumblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-tumblog.2.1.4.zip",64,1,"2025-04-02 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-31729","wootumblog-missing-authorization-to-unauthenticated-content-injection","WooTumblog \u003C= 2.1.4 - Missing Authorization to Unauthenticated Content Injection","The WooTumblog plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to inject content.",null,"\u003C=2.1.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-04-10 13:35:36",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5a1c6bb-2054-40ad-b7fc-0a868b2c5eab?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":13,"trust_score":47,"computed_at":48},69,"2026-04-04T21:02:46.576Z",[50,76,98,118,135],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":72,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"real-custom-post-order","Real Custom Post Order: Create a custom order for your content","1.3.130","devowl.io GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevowl\u002F","\u003Cp>\u003Cstrong>Create a custom order of your content by dragging and dropping\u003C\u002Fstrong> for the following content types:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>WooCommerce products\u003C\u002Fli>\n\u003Cli>All other custom post types\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simple and intuitive sorting for your content!\u003C\u002Fp>\n\u003Ch3>Free Sandbox\u003C\u002Fh3>\n\u003Cp>You want to try Real Custom Post Order before installing? \u003Cstrong>Take a free sandbox\u003C\u002Fstrong> and play around!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftry.devowl.io\u002F?product=RCPO\" rel=\"nofollow ugc\">Create sandbox\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Why should you create a custom post order?\u003C\u002Fh3>\n\u003Cp>Many WordPress sites grow over time and with it the number of posts, pages, products, etc. It can be difficult to find the right content that is related to each other if you use the default order by publication date from WordPress. A custom order of posts – whether it’s a post order, a custom page order, a custom product order, or a custom post type order – can help you organize your content in a more intuitive way that helps you find your content more simply and quickly.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>We try our best to make Real Custom Post Order compatible with other plugins that enhance your WordPress. At the moment we have explicit compatibility with the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdevowl.io\u002Fgo\u002Freal-category-management?source=wordpress-org&plugin=real-custom-post-order\" rel=\"nofollow ugc\">Real Category Management\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freal-media-library-lite\u002F\" rel=\"ugc\">Real Media Library\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> (custom post order for products only)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-seo\u002F\" rel=\"ugc\">Yoast SEO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpseo.de\u002F\" rel=\"nofollow ugc\">wpSEO\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Languages\u003C\u002Fh3>\n\u003Cp>Real Custom Post Order is \u003Cstrong>in multiple languages available\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you want to help us add a translation in your language, please \u003Ca href=\"https:\u002F\u002Fdevowl.io\u002Fsupport\u002F\" rel=\"nofollow ugc\">open a support ticket\u003C\u002Fa> and we will help you with the technical part. Thanks for your participation!\u003C\u002Fp>\n","Custom post order for posts, pages, WooCommerce products and custom post types using drag and drop. Simple and intuitive sorting of your content!",9000,321603,96,40,"2025-12-02T08:36:00.000Z","6.9.4","5.9","7.4.0",[67,68,69,70,71],"custom-page-order","custom-post-order","custom-post-type-order","custom-product-order","custom-taxonomy-order","https:\u002F\u002Fdevowl.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freal-custom-post-order.1.3.130.zip",100,0,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":63,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":96,"download_link":97,"security_score":74,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"easy-post-types-fields","Easy Post Types and Fields","1.1.14","Barn2 Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fbarn2media\u002F","\u003Cp>\u003Cem>Easy Post Types and Fields\u003C\u002Fem> makes it quick and easy to \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fblog\u002Fcustom-wordpress-post-types\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">add custom post types\u003C\u002Fa>, custom fields, and taxonomies to your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FNOmnHxHpnU8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>There are lots of reasons why WordPress site owners need to add extra content types to the CMS:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Create dedicated areas for each type of content within the WordPress admin (these are called ‘custom post types’)\u003C\u002Fstrong>. For example, if you’re adding ‘Resources’ to your site then it’s best to create a ‘Resources’ custom post type and manage the resources separately from your pages and posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Add extra fields (called ‘custom fields’) to your pages, posts, or any custom post type\u003C\u002Fstrong>. These are useful for storing and displaying information in a structured way. For example, you might add a ‘Modified Date’ field to your Resources post type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Create extra ways of categorizing and organizing your website content (these are called ‘custom taxonomies’)\u003C\u002Fstrong>. These are like categories and tags in WordPress, but the difference is that you can have as many as you like – for any post type. For example, you might create an ‘Industries’ taxonomy in order to group your Resources by industry.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Developed by leading UK-based plugin company \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">Barn2\u003C\u002Fa>, \u003Cem>Easy Post Types and Fields\u003C\u002Fem> is intentionally simpler and easier to use than other plugins. It has all the essential features that you need to create custom post types, custom fields, and custom taxonomies – without any unnecessary complexity.\u003C\u002Fp>\n\u003Ch4>How to add custom post types, fields, and taxonomies to WordPress\u003C\u002Fh4>\n\u003Cp>Simply create any type of content using a simple and intuitive wizard. You can create brand new custom post types, or add custom fields and taxonomies to existing post types. Either way, it’s incredibly straightforward.\u003C\u002Fp>\n\u003Cp>Once you have created your custom post types, fields, and taxonomies, it’s easy to add the extra information to the WordPress CMS. Each custom post type has its own section on the left of the WordPress admin. Your custom fields and taxonomies appear on the ‘Add\u002FEdit’ screen for each post.\u003C\u002Fp>\n\u003Cp>View the full \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fkb-categories\u002Feasy-post-types-fields-kb\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> in our knowledge base.\u003C\u002Fp>\n\u003Ch4>Can I display the custom content on the front end of my website?\u003C\u002Fh4>\n\u003Cp>By default, your theme will display your custom post types using the same templates as the blog. This will list custom posts in the same way as blog posts, and won’t include your custom fields or taxonomies. This may not be the best way to present your custom content, so we recommend displaying it in a table using the \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fwordpress-plugins\u002Fposts-table-pro\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">Posts Table Pro\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>Posts Table Pro is a dynamic WordPress table plugin that lists any type of content from your website in a searchable table. As well as displaying any custom post type, you can choose which columns of information to show in the table – including your custom fields and custom taxonomies. See below for screenshots.\u003C\u002Fp>\n\u003Cp>Your users will view the information in a table on the front end of your site. They can use the search box, sortable columns, and filter dropdowns to find exactly what they’re looking for.\u003C\u002Fp>\n\u003Cp>This is how it displays the information from Easy Post Types and Fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create a table listing any or all of the posts from your custom post type. For example, you can list all the custom posts, or list posts with a specific ID, custom field value, custom taxonomy term, published date, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display each custom field as a separate column in the table. Users can sort the table by custom field.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display each custom taxonomy as a separate column in the table. Users can sort by taxonomy terms, and also click on a term to filter the table. In addition, you can add each taxonomy as a filter dropdown above the table. That way, users can instantly find custom posts by taxonomy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>This free WordPress custom post type plugin includes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Custom post types:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create an unlimited number of custom post types. Each custom post type has its own section in the WordPress admin, so you can manage your custom content separately from other WordPress post types.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Extend existing post types.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Add custom fields to any WordPress post type – either the post types that are built into WordPress itself (pages, posts, media attachments, etc.), content types created using Easy Post Types and Fields, or any other custom post type (e.g. post types created using other plugins such as \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fwordpress-plugins\u002Fdocument-library-pro\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">Document Library Pro\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fwordpress-plugins\u002Fwoocommerce-product-table\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">WooCommerce Product Table\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>2 custom field types: Plain text or WYSIWYG (Visual Editor).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom taxonomies:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Add custom taxonomies to any post type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose between hierarchical taxonomies (similar to WordPress categories) or non-hierarchical taxonomies (similar to WordPress tags).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Each taxonomy is unique to a specific post type, so you can manage the taxonomy terms separately from other categories and taxonomies.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What doesn’t it include?\u003C\u002Fh4>\n\u003Cp>Easy Post Types and Fields includes the features that the majority of WordPress site owners use when they create custom post types, custom fields, and taxonomies. It intentionally does not include more advanced features that only a small proportion of users need, such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Additional custom field types such as date picker, checkbox, and color picker fields (remember, you can add dates, numbers, images, etc. to a Visual Editor custom field in Easy Post Types and Fields).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Privacy options to restrict which user roles can see each field.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Relationship and repeater fields.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Advanced Content Types (ACTs) that get their own database tables.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you need these features then we recommend using a different custom post type plugin (e.g. Pods, Custom Post Type UI, or ACF). There are some excellent options available if you are happy with the added complexity.\u003C\u002Fp>\n\u003Ch4>Restrict access to custom post types and make them private\u003C\u002Fh4>\n\u003Cp>Some people want to control who can access some or all of their custom posts. You can do this by using Easy Post Types and Fields with our other plugin, \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fwordpress-plugins\u002Fpassword-protected-categories\u002F?utm_source=wporg&utm_medium=freeplugin&utm_campaign=freepluginwporg&utm_content=ecpt-wporg\" rel=\"nofollow ugc\">WordPress Password Protected Categories\u003C\u002Fa>. This adds privacy options to your hierarchical custom taxonomies.\u003C\u002Fp>\n\u003Cp>Simply restrict each one to specific logged-in users or user roles, or to anyone with the password. All the posts\u002Fcustom posts in that taxonomy will then be private and hidden from view.\u003C\u002Fp>\n","Easy Post Types and Fields makes it quick and easy to add custom post types, custom fields, and taxonomies to your WordPress website.",1000,22614,54,3,"2025-12-04T11:12:00.000Z","6.1","7.4",[92,93,94,20,95],"custom-data","custom-field","custom-post-type","meta-fields","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-post-types-fields\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-post-types-fields.1.1.14.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":74,"num_ratings":14,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":115,"download_link":116,"security_score":117,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"zillaportfolio","Zilla Portfolio","1.0","marksouthard","https:\u002F\u002Fprofiles.wordpress.org\u002Fmbsatunc\u002F","\u003Cp>This plugin adds the portfolio custom post type to your WordPress blog. By default, the plugin will append portfolio meta information (client, date, and project URL) to the portfolio post. It will prepend media elements (gallery, audio and video media) to portfolio posts.\u003C\u002Fp>\n\u003Ch3>Creating Themes for this Plugin\u003C\u002Fh3>\n\u003Cp>There are several handy bits that you can use within your theme:\u003Cbr \u002F>\n1. By default, the portfolio posts are displayed in the portfolio archive. However, you may want to create a custom page template that will display your portfolio posts. As such, you’ll need to disable the archives. In your theme’s function file, use the following code: \u003Ccode>\u003C?php if( !defined('TZP_DISABLE_ARCHIVE') ) define('TZP_DISABLE_ARCHIVE', TRUE); ?>\u003C\u002Fcode>\u003Cbr \u002F>\nThis will enable child themes to enable the portfolio archives if desired.\u003Cbr \u002F>\n2. Set custom slugs for ‘portfolio’ and ‘portfolio-type’ by defining constants for: \u003Ccode>TZP_SLUG\u003C\u002Fcode> and \u003Ccode>TZP_TAX_SLUG\u003C\u002Fcode>. After defining the constants, save the Permalink Settings. Also, define the constants as above to allow a child theme to customize the slugs.\u003Cbr \u002F>\n3. There are several actions and filters available for adding additional custom fields to the existings metaboxes. Have a look through metaboxes.php to see how these all play together.\u003Cbr \u002F>\n4. To prevent the media and meta from being added to the_content(), remove these filters: \u003Ccode>tzp_add_portfolio_post_media\u003C\u002Fcode> and \u003Ccode>tzp_add_portfolio_post_meta\u003C\u002Fcode>\u003Cbr \u002F>\n5. To update the image size used for galleries add a filter to ‘tzp_set_gallery_image_size’. Pass the string name or an array of the image size to be used.\u003C\u002Fp>\n\u003Ch3>Complete List of Constants and Actions\u002FFilters\u003C\u002Fh3>\n\u003Cp>\u003Cem>Constants\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>TZP_DISABLE_CSS\u003C\u002Fcode> set to true to prevent plugin from loading basic CSS\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_PORTFOLIO_ORDER\u003C\u002Fcode> default is ‘ASC’\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_PORTFOLIO_ORDERBY\u003C\u002Fcode> default is ‘menu_order’\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_DISABLE_ARCHIVE\u003C\u002Fcode> default is false\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_SLUG\u003C\u002Fcode> default is ‘portfolio’\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_DISABLE_REWRITE\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_TAX_SLUG\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_DISABLE_MEDIAELEMENT_STYLE\u003C\u002Fcode> prevent the plugin from loading the default mediaelement stylesheet\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Actions\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_portfolio_settings_meta_box_fields\u003C\u002Fcode> add meta fields to the settings section\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_gallery_meta_box_fields\u003C\u002Fcode> add meta fields to the gallery section\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_audio_meta_box_fields\u003C\u002Fcode> add meta fields to the audio section\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_video_meta_box_fields\u003C\u002Fcode> add meta fields to the video section\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Actions added in plugin that you may want to remove\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_add_custom_css\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolios_display_order\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Filters\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_metabox_fields_save\u003C\u002Fcode> add fields to be saved (use url, html, checkbox, or images for sanitization)\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_gallery_classes\u003C\u002Fcode> class added to gallery; default is tzp-portfolio-gallery\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_set_gallery_image_size\u003C\u002Fcode> default image size is ‘full’\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_labels\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_supports\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_post_type_args\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_type_labels\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_type_args\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Filters applied in plugin that you may want to remove\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_add_portfolio_post_media\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_add_portfolio_post_meta\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n","A complete portfolio plugin for creative folks",400,13543,"2016-03-31T15:27:00.000Z","4.5.33","3.5",[94,20,112,113,114],"portfolio","theme-zilla","themezilla","http:\u002F\u002Fthemezilla.com\u002Fplugins\u002Fzilla-portfolio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzillaportfolio.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":74,"num_ratings":14,"last_updated":128,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":129,"homepage":133,"download_link":134,"security_score":117,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"ang-timeline","ANG Timeline","1.3.5","most_wanted","https:\u002F\u002Fprofiles.wordpress.org\u002Fmost_wanted\u002F","\u003Cp>ANG Timeline is a responsive WordPress Plugin that allows you to create beautiful vertical storyline and a series of events that you can assign to that timeline.\u003Cbr \u002F>\nThis plugin adds the ‘timeline’ custom post type to your WordPress blog. By default, the plugin will append timeline meta information (timeline value) to the timeline post.\u003Cbr \u002F>\nIt will prepend text element(date) to timeline posts. Timeline widget allows you select any registered image size to show in timeline post.\u003C\u002Fp>\n\u003Cp>Working demos are available here:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fw-esta.torbara.com\u002F?page_id=7\" rel=\"nofollow ugc\">LIVE DEMO Esta\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fw-endeavor.torbara.com\u002Fblog\u002F\" rel=\"nofollow ugc\">LIVE DEMO Endeavor\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fw-bizorg.torbara.com\u002F\" rel=\"nofollow ugc\">LIVE DEMO BizOrg\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Timeline Tabs (ANG Timeline Pro)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fw-renter.torbara.com\u002F?page_id=7\" rel=\"nofollow ugc\">LIVE DEMO Renter\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Github\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falex1278\u002Fang-timeline\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Custom post type ‘timeline’;\u003C\u002Fli>\n\u003Cli>Custom taxonomy;\u003C\u002Fli>\n\u003Cli>Custom widget.\u003C\u002Fli>\n\u003Cli>Compatible with all active post types of your theme.\u003C\u002Fli>\n\u003Cli>Responsive and mobile ready.\u003C\u002Fli>\n\u003Cli>Smooth scroll animation.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgetuikit.com\u002Fdocs\u002Fdocumentation_get-started.html\" rel=\"nofollow ugc\">UiKit\u003C\u002Fa> based animation\u003C\u002Fli>\n\u003Cli>Clean minimalist design.\u003C\u002Fli>\n\u003Cli>Specify Timeline Title.\u003C\u002Fli>\n\u003Cli>Set the Timeline post image.\u003C\u002Fli>\n\u003Cli>Specify the length to trim each story.\u003C\u002Fli>\n\u003Cli>Hide the read more button for each story.\u003C\u002Fli>\n\u003Cli>Specify Timeline post featured Image size.\u003C\u002Fli>\n\u003Cli>Show or hide Timeline title.\u003C\u002Fli>\n\u003Cli>Show or hide Timelene story date.\u003C\u002Fli>\n\u003Cli>Specify Story date format.\u003C\u002Fli>\n\u003Cli>Spesify number of stories to be shown.\u003C\u002Fli>\n\u003Cli>Specify order type format.s\u003C\u002Fli>\n\u003Cli>Timeline tabs* (Pro).\u003C\u002Fli>\n\u003Cli>Timeline tabs shortcode with extended options* (Pro).\u003C\u002Fli>\n\u003Cli>Specify any post type and any taxonomy which your WordPress theme supports* (Pro).\u003C\u002Fli>\n\u003Cli>Tabs users shortcode* (Pro).  \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fw-renter.torbara.com\u002F\" rel=\"nofollow ugc\">DEMO Renter Agents\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","A complete timeline plugin for creative folks. ANG Timeline creates responsive vertical storyline in chronological, colorful and more attractive order &hellip;",80,11930,"2016-07-19T21:42:00.000Z",[94,20,130,131,132],"images","timeline","timeline-type","https:\u002F\u002Fgithub.com\u002Falex1278\u002Fang-timeline","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fang-timeline.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":126,"downloaded":143,"rating":27,"num_ratings":144,"last_updated":145,"tested_up_to":63,"requires_at_least":146,"requires_php":18,"tags":147,"homepage":152,"download_link":153,"security_score":74,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"auto-publish-tumblr","WP Tumblr Auto Publish","1.2.9","f1logic","https:\u002F\u002Fprofiles.wordpress.org\u002Ff1logic\u002F","\u003Cp>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew\u002F?pre-installed-plugin-slug=auto-publish-tumblr\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fnew\u002F?pre-installed-plugin-slug=auto-publish-tumblr\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>A quick look into WP Tumblr Auto Publish :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>★ Publish simple text message to Tumblr\n★ Publish post to Tumblr with image or link\n★ Filter items  to be published based on categories\n★ Filter items to be published based on custom post types\n★ Enable or disable wordpress page publishing\n★ Customizable  message formats for Tumblr\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WP Tumblr Auto Publish Features in Detail\u003C\u002Fh4>\n\u003Cp>The WP Tumblr Auto Publish lets you publish posts automatically from your blog to Tumblr. You can publish your posts to Tumblr as simple text message, text message with link or image. The plugin supports filtering posts by post-types and categories.\u003C\u002Fp>\n\u003Cp>The prominent features of  the WP Tumblr Auto Publish plugin are highlighted below.\u003C\u002Fp>\n\u003Ch4>Supported Mechanisms\u003C\u002Fh4>\n\u003Cp>The various mechanisms of posting to Tumblr are listed below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Simple text message\nAttach image to tumblr post\nAttach link to tumblr post\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter Settings\u003C\u002Fh4>\n\u003Cp>The plugin offers multiple kinds of filters for contents to be published automatically.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Enable or disable publishing of wordpress pages\nFilter posts to be published based on categories\nFiltering based on custom post types\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Message Format Settings\u003C\u002Fh4>\n\u003Cp>The supported post elements which can be published are given below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Post title\nPost description\nPost excerpt\nPermalink\nBlog title\nUser nicename\nPost ID\nPost publish date\nUser display name\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>About\u003C\u002Fh4>\n\u003Cp>WP Tumblr Auto Publish is developed and maintained by \u003Ca href=\"https:\u002F\u002Fxyzscripts.com\u002F\" title=\"xyzscripts.com\" rel=\"nofollow ugc\">XYZScripts\u003C\u002Fa>. For any support, you may \u003Ca href=\"https:\u002F\u002Fxyzscripts.com\u002Fsupport\u002F\" title=\"XYZScripts Support\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002F\" title=\"WP Tumblr Auto Publish User Guide\" rel=\"nofollow ugc\">WP Tumblr Auto Publish User Guide\u003C\u002Fa>\u003Cbr \u002F>\n★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002Ffaq\u002F\" title=\"WP Tumblr Auto Publish FAQ\" rel=\"nofollow ugc\">WP Tumblr Auto Publish FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Cp>★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002F\" title=\"WP Tumblr Auto Publish User Guide\" rel=\"nofollow ugc\">WP Tumblr Auto Publish User Guide\u003C\u002Fa>\u003Cbr \u002F>\n★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002Ffaq\u002F\" title=\"WP Tumblr Auto Publish FAQ\" rel=\"nofollow ugc\">WP Tumblr Auto Publish FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Troubleshooting\u003C\u002Fh4>\n\u003Cp>Please read the FAQ first if you are having problems.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>WordPress 3.0+\nPHP 7.4+\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>We would like to receive your feedback and suggestions about WP Tumblr Auto Publish plugin. You may submit them at our \u003Ca href=\"https:\u002F\u002Fxyzscripts.com\u002Fsupport\u002F\" title=\"XYZScripts Support\" rel=\"nofollow ugc\">support desk\u003C\u002Fa>.\u003C\u002Fp>\n","Publish posts automatically to Tumblr.",15768,9,"2026-02-18T09:04:00.000Z","3.0",[148,149,24,150,151],"add-link-to-tumblr","publish-post-to-tumblr","tumblr-auto-publish","wp-tumblr-auto-publish","https:\u002F\u002Fxyzscripts.com\u002Fwordpress-plugins\u002Ftumblr-auto-publish\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-publish-tumblr.1.2.9.zip",{"attackSurface":155,"codeSignals":264,"taintFlows":408,"riskAssessment":545,"analyzedAt":561},{"hooks":156,"ajaxHandlers":248,"restRoutes":261,"shortcodes":262,"cronEvents":263,"entryPointCount":87,"unprotectedCount":87},[157,163,168,172,176,179,183,188,190,193,197,200,204,209,213,215,216,221,224,227,231,236,239,244],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_menu","woo_tumblog_menu","classes\\wootumblog.class.php",46,{"type":158,"name":164,"callback":165,"priority":166,"file":161,"line":167},"admin_enqueue_scripts","woo_tumblog_custom_enqueue",10,47,{"type":158,"name":169,"callback":170,"priority":166,"file":161,"line":171},"contextual_help","woo_tumblog_contextual_help",48,{"type":158,"name":173,"callback":174,"file":161,"line":175},"admin_notices","woo_tumblog_plugin_install_notice",49,{"type":158,"name":173,"callback":177,"file":161,"line":178},"woo_tumblog_plugin_options_notice",50,{"type":158,"name":180,"callback":181,"file":161,"line":182},"wp_head","woo_tumblog_header_code",52,{"type":184,"name":185,"callback":186,"file":161,"line":187},"filter","the_excerpt_rss","woo_custom_tumblog_rss_output",53,{"type":184,"name":189,"callback":186,"file":161,"line":86},"the_content_rss",{"type":184,"name":191,"callback":186,"file":161,"line":192},"the_content_feed",55,{"type":158,"name":194,"callback":195,"file":161,"line":196},"edit_post","woothemes_tumblog_metabox_handle",104,{"type":158,"name":159,"callback":198,"file":161,"line":199},"woothemes_tumblog_metabox_add",105,{"type":158,"name":201,"callback":202,"file":161,"line":203},"admin_head","woothemes_tumblog_metabox_header",1155,{"type":158,"name":205,"callback":206,"file":207,"line":208},"restrict_manage_posts","woo_tumblog_restrict_manage_posts","classes\\wootumblog_postformat.class.php",34,{"type":184,"name":210,"callback":211,"file":207,"line":212},"posts_where","woo_tumblog_posts_where",35,{"type":158,"name":205,"callback":206,"file":214,"line":171},"classes\\wootumblog_taxonomy.class.php",{"type":184,"name":210,"callback":211,"file":214,"line":175},{"type":158,"name":217,"callback":218,"file":219,"line":220},"admin_print_scripts-index.php","woo_load_tumblog_libraries","functions\\wootumblog_dashboard_functions.php",29,{"type":158,"name":222,"callback":223,"priority":166,"file":219,"line":13},"admin_print_styles-index.php","woo_load_tumblog_css",{"type":158,"name":225,"callback":223,"priority":166,"file":219,"line":226},"admin_print_styles",33,{"type":158,"name":228,"callback":229,"file":219,"line":230},"wp_dashboard_setup","woo_register_tumblog_dashboard_widget",36,{"type":184,"name":232,"callback":233,"file":234,"line":235},"xmlrpc_methods","attach_express_methods","functions\\wootumblog_express_app_functions.php",450,{"type":184,"name":232,"callback":233,"file":237,"line":238},"functions\\wootumblog_express_app_functions_deprecated.php",389,{"type":158,"name":240,"callback":241,"file":242,"line":243},"init","WooTumblogInit","woo_tumblog.php",59,{"type":158,"name":245,"callback":246,"file":242,"line":247},"after_setup_theme","woo_tumblog_after_theme_setup",98,[249,254,258],{"action":250,"nopriv":251,"callback":252,"hasNonce":251,"hasCapCheck":251,"file":219,"line":253},"woo_tumblog_media_upload",false,"woo_tumblog_file_upload",25,{"action":255,"nopriv":251,"callback":256,"hasNonce":251,"hasCapCheck":251,"file":219,"line":257},"woo_tumblog_post","woo_tumblog_ajax_post",26,{"action":255,"nopriv":259,"callback":256,"hasNonce":251,"hasCapCheck":251,"file":219,"line":260},true,27,[],[],[],{"dangerousFunctions":265,"sqlUsage":266,"outputEscaping":277,"fileOperations":405,"externalRequests":28,"nonceChecks":75,"capabilityChecks":406,"bundledLibraries":407},[],{"prepared":267,"raw":87,"locations":268},6,[269,272,275],{"file":207,"line":270,"context":271},304,"$wpdb->get_col() with variable interpolation",{"file":234,"line":273,"context":274},218,"$wpdb->get_row() with variable interpolation",{"file":237,"line":276,"context":274},217,{"escaped":278,"rawEcho":27,"locations":279},45,[280,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,314,316,319,321,323,325,327,329,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,373,375,377,379,381,383,384,385,387,389,390,392,394,395,398,401,403],{"file":161,"line":281,"context":282},117,"raw output",{"file":161,"line":284,"context":282},119,{"file":161,"line":286,"context":282},172,{"file":161,"line":288,"context":282},180,{"file":161,"line":290,"context":282},252,{"file":161,"line":292,"context":282},257,{"file":161,"line":294,"context":282},267,{"file":161,"line":296,"context":282},271,{"file":161,"line":298,"context":282},282,{"file":161,"line":300,"context":282},352,{"file":161,"line":302,"context":282},370,{"file":161,"line":304,"context":282},386,{"file":161,"line":306,"context":282},396,{"file":161,"line":308,"context":282},404,{"file":161,"line":310,"context":282},1071,{"file":161,"line":312,"context":282},1112,{"file":161,"line":312,"context":282},{"file":207,"line":315,"context":282},350,{"file":317,"line":318,"context":282},"functions\\thumb.php",227,{"file":317,"line":320,"context":282},424,{"file":317,"line":322,"context":282},425,{"file":317,"line":324,"context":282},1039,{"file":317,"line":326,"context":282},1232,{"file":219,"line":328,"context":282},68,{"file":219,"line":47,"context":282},{"file":219,"line":331,"context":282},761,{"file":219,"line":333,"context":282},762,{"file":219,"line":335,"context":282},781,{"file":219,"line":337,"context":282},790,{"file":219,"line":339,"context":282},826,{"file":219,"line":341,"context":282},842,{"file":219,"line":343,"context":282},855,{"file":219,"line":345,"context":282},886,{"file":219,"line":347,"context":282},902,{"file":219,"line":349,"context":282},915,{"file":219,"line":351,"context":282},946,{"file":219,"line":353,"context":282},962,{"file":219,"line":355,"context":282},975,{"file":219,"line":357,"context":282},1006,{"file":219,"line":359,"context":282},1022,{"file":219,"line":361,"context":282},1035,{"file":219,"line":363,"context":282},1066,{"file":219,"line":365,"context":282},1082,{"file":219,"line":367,"context":282},1095,{"file":219,"line":369,"context":282},1126,{"file":219,"line":371,"context":282},1142,{"file":219,"line":203,"context":282},{"file":219,"line":374,"context":282},1201,{"file":219,"line":376,"context":282},1227,{"file":219,"line":378,"context":282},1256,{"file":219,"line":380,"context":282},1258,{"file":219,"line":382,"context":282},1380,{"file":219,"line":382,"context":282},{"file":219,"line":382,"context":282},{"file":219,"line":386,"context":282},1388,{"file":219,"line":388,"context":282},1392,{"file":219,"line":388,"context":282},{"file":219,"line":391,"context":282},1404,{"file":219,"line":393,"context":282},1408,{"file":219,"line":393,"context":282},{"file":396,"line":397,"context":282},"functions\\wootumblog_helper_functions.php",362,{"file":399,"line":400,"context":282},"functions\\wootumblog_template_functions.php",94,{"file":399,"line":402,"context":282},439,{"file":399,"line":404,"context":282},502,28,13,[],[409,425,442,454,464,509,532],{"entryPoint":410,"graph":411,"unsanitizedCount":28,"severity":39},"tryBrowserCache (functions\\thumb.php:334)",{"nodes":412,"edges":423},[413,418],{"id":414,"type":415,"label":416,"file":317,"line":417},"n0","source","$_SERVER['SERVER_PROTOCOL']",364,{"id":419,"type":420,"label":421,"file":317,"line":417,"wp_function":422},"n1","sink","header() [Header Injection]","header",[424],{"from":414,"to":419,"sanitized":251},{"entryPoint":426,"graph":427,"unsanitizedCount":14,"severity":39},"serveErrors (functions\\thumb.php:417)",{"nodes":428,"edges":439},[429,431,432,435],{"id":414,"type":415,"label":416,"file":317,"line":430},418,{"id":419,"type":420,"label":421,"file":317,"line":430,"wp_function":422},{"id":433,"type":415,"label":434,"file":317,"line":322},"n2","$_SERVER['QUERY_STRING']",{"id":436,"type":420,"label":437,"file":317,"line":322,"wp_function":438},"n3","echo() [XSS]","echo",[440,441],{"from":414,"to":419,"sanitized":251},{"from":433,"to":436,"sanitized":251},{"entryPoint":443,"graph":444,"unsanitizedCount":87,"severity":39},"\u003Cthumb> (functions\\thumb.php:0)",{"nodes":445,"edges":451},[446,448,449,450],{"id":414,"type":415,"label":447,"file":317,"line":417},"$_SERVER['SERVER_PROTOCOL'] (x2)",{"id":419,"type":420,"label":421,"file":317,"line":417,"wp_function":422},{"id":433,"type":415,"label":434,"file":317,"line":322},{"id":436,"type":420,"label":437,"file":317,"line":322,"wp_function":438},[452,453],{"from":414,"to":419,"sanitized":251},{"from":433,"to":436,"sanitized":251},{"entryPoint":455,"graph":456,"unsanitizedCount":14,"severity":39},"woo_tumblog_file_upload (functions\\wootumblog_dashboard_functions.php:739)",{"nodes":457,"edges":462},[458,461],{"id":414,"type":415,"label":459,"file":219,"line":460},"$_FILES (x2)",742,{"id":419,"type":420,"label":437,"file":219,"line":331,"wp_function":438},[463],{"from":414,"to":419,"sanitized":251},{"entryPoint":465,"graph":466,"unsanitizedCount":75,"severity":508},"woo_tumblog_options (classes\\wootumblog.class.php:186)",{"nodes":467,"edges":501},[468,471,474,477,478,482,484,488,490,493,495,499],{"id":414,"type":415,"label":469,"file":161,"line":470},"$_REQUEST['woo_custom_rss']",288,{"id":419,"type":420,"label":472,"file":161,"line":470,"wp_function":473},"update_option() [Settings Manipulation]","update_option",{"id":433,"type":415,"label":475,"file":161,"line":476},"$_REQUEST['woo_tumblog_content_method']",292,{"id":436,"type":420,"label":472,"file":161,"line":476,"wp_function":473},{"id":479,"type":415,"label":480,"file":161,"line":481},"n4","$_REQUEST['woo_image_link_to']",296,{"id":483,"type":420,"label":472,"file":161,"line":481,"wp_function":473},"n5",{"id":485,"type":415,"label":486,"file":161,"line":487},"n6","$_REQUEST['woo_tumblog_width']",300,{"id":489,"type":420,"label":472,"file":161,"line":487,"wp_function":473},"n7",{"id":491,"type":415,"label":492,"file":161,"line":270},"n8","$_REQUEST['woo_tumblog_video_width']",{"id":494,"type":420,"label":472,"file":161,"line":270,"wp_function":473},"n9",{"id":496,"type":415,"label":497,"file":161,"line":498},"n10","$_REQUEST['woo_resize']",308,{"id":500,"type":420,"label":472,"file":161,"line":498,"wp_function":473},"n11",[502,503,504,505,506,507],{"from":414,"to":419,"sanitized":259},{"from":433,"to":436,"sanitized":259},{"from":479,"to":483,"sanitized":259},{"from":485,"to":489,"sanitized":259},{"from":491,"to":494,"sanitized":259},{"from":496,"to":500,"sanitized":259},"low",{"entryPoint":510,"graph":511,"unsanitizedCount":75,"severity":508},"\u003Cwootumblog.class> (classes\\wootumblog.class.php:0)",{"nodes":512,"edges":525},[513,514,515,516,517,518,519,520,521,522,523,524],{"id":414,"type":415,"label":469,"file":161,"line":470},{"id":419,"type":420,"label":472,"file":161,"line":470,"wp_function":473},{"id":433,"type":415,"label":475,"file":161,"line":476},{"id":436,"type":420,"label":472,"file":161,"line":476,"wp_function":473},{"id":479,"type":415,"label":480,"file":161,"line":481},{"id":483,"type":420,"label":472,"file":161,"line":481,"wp_function":473},{"id":485,"type":415,"label":486,"file":161,"line":487},{"id":489,"type":420,"label":472,"file":161,"line":487,"wp_function":473},{"id":491,"type":415,"label":492,"file":161,"line":270},{"id":494,"type":420,"label":472,"file":161,"line":270,"wp_function":473},{"id":496,"type":415,"label":497,"file":161,"line":498},{"id":500,"type":420,"label":472,"file":161,"line":498,"wp_function":473},[526,527,528,529,530,531],{"from":414,"to":419,"sanitized":259},{"from":433,"to":436,"sanitized":259},{"from":479,"to":483,"sanitized":259},{"from":485,"to":489,"sanitized":259},{"from":491,"to":494,"sanitized":259},{"from":496,"to":500,"sanitized":259},{"entryPoint":533,"graph":534,"unsanitizedCount":75,"severity":508},"\u003Cwootumblog_dashboard_functions> (functions\\wootumblog_dashboard_functions.php:0)",{"nodes":535,"edges":542},[536,537,538,541],{"id":414,"type":415,"label":459,"file":219,"line":460},{"id":419,"type":420,"label":437,"file":219,"line":331,"wp_function":438},{"id":433,"type":415,"label":539,"file":219,"line":540},"$_POST",122,{"id":436,"type":420,"label":437,"file":219,"line":382,"wp_function":438},[543,544],{"from":414,"to":419,"sanitized":259},{"from":433,"to":436,"sanitized":259},{"summary":546,"deductions":547},"The \"woo-tumblog\" v2.1.4 plugin exhibits a concerning security posture primarily due to significant vulnerabilities in its attack surface and a history of security issues. The static analysis reveals a small but entirely unprotected attack surface, with all three identified AJAX handlers lacking authentication checks. This, combined with a notable 41% of output functions not being properly escaped, creates a fertile ground for potential cross-site scripting (XSS) and other injection attacks. The presence of 4 flows with unsanitized paths, even if not reaching a critical or high severity in the static analysis, raises flags for potential path traversal or file manipulation vulnerabilities.\n\nThe plugin's vulnerability history further exacerbates these concerns. With one known medium severity CVE that remains unpatched, and a pattern of 'Missing Authorization' as a common vulnerability type, it indicates a recurring weakness in the plugin's access control mechanisms. While the plugin does utilize prepared statements for a majority of its SQL queries and has a reasonable number of capability checks, these strengths are overshadowed by the fundamental flaws in handling its entry points and the established pattern of security negligence shown by the unpatched vulnerability.",[548,551,553,555,558],{"reason":549,"points":550},"Unprotected AJAX handlers",15,{"reason":552,"points":550},"Unpatched medium CVE",{"reason":554,"points":166},"Unsanitized paths found",{"reason":556,"points":557},"Low output escaping",8,{"reason":559,"points":560},"No nonce checks",7,"2026-03-16T21:21:29.585Z",{"wat":563,"direct":574},{"assetPaths":564,"generatorPatterns":571,"scriptPaths":572,"versionParams":573},[565,566,567,568,569,570],"\u002Fwp-content\u002Fplugins\u002Fwoo-tumblog\u002Ffunctions\u002Fcss\u002Fjquery-ui-datepicker.css","\u002Fwp-content\u002Fplugins\u002Fwoo-tumblog\u002Ffunctions\u002Fcss\u002Ftumblog_admin_styles.css","\u002Fwp-content\u002Fplugins\u002Fwoo-tumblog\u002Ffunctions\u002Fjs\u002Fphp.js","\u002Fwp-content\u002Fplugins\u002Fwoo-tumblog\u002Ffunctions\u002Fjs\u002FnicEdit.js","\u002Fwp-content\u002Fplugins\u002Fwoo-tumblog\u002Ffunctions\u002Fjs\u002Ftumblog-ajax.js","\u002Fwp-content\u002Fplugins\u002Fwoo-tumblog\u002Ffunctions\u002Fjs\u002Fui.datepicker.js",[],[569,568,567,570],[],{"cssClasses":575,"htmlComments":576,"htmlAttributes":578,"restEndpoints":579,"jsGlobals":580,"shortcodeOutput":582},[],[577],"\u003C!-- Widget Output -->",[],[],[581],"window.woo_tumblog_opts",[]]