[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhi8XUNpCfEAt62_Xv2osZ794zpg75PdXGGSfniuPy4I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":124,"fingerprints":371},"wow-armory","WoW Armory","8.4.3","SeiferTim","https:\u002F\u002Fprofiles.wordpress.org\u002Fseifertim\u002F","\u003Cp>Grabs your character from the Armory and displays their basic info.   Allows multiple widgets with different character information.  Works for US and EU realms.  You can choose to hide or display equipment, professions, and achievements.\u003C\u002Fp>\n\u003Cp>You can optionally show a 3D model of your character using Wowhead’s model viewer.\u003C\u002Fp>\n\u003Cp>Caches data for 15 minutes to reduce the number of requests.\u003C\u002Fp>\n\u003Cp>NOTE: Currently this plugin requires cURL and PHP5 to work.\u003C\u002Fp>\n","Easily displays your character's stats from the Armory.",10,15654,0,"2009-11-06T13:54:00.000Z","2.8.4","2.8","",[19,20,21,22,23],"armory","character","widget","world-of-warcraft","wow","http:\u002F\u002Ftimsworld.nfshost.com\u002Fwordpress-plugins\u002Fwow-armory-wp-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwow-armory.8.4.3.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"seifertim",2,20,93,30,89,"2026-04-04T14:15:44.841Z",[39,54,69,86,103],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":46,"requires_at_least":47,"requires_php":17,"tags":48,"homepage":50,"download_link":51,"security_score":52,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":53},"wow-guild","WoW Guild","1.5","\u003Cp>Grabs your guild’s characters from the Armory and display them.   Allows multiple widgets with different character information.  Works for US and EU realms.  You set how many characters to show at a time, and the plugin will create ‘back\u002Fnext’ links to see all characters.\u003C\u002Fp>\n\u003Cp>Requirers cURL support on your server.\u003C\u002Fp>\n","Easily displays your Guild's Roster from the armory",5819,"2.7.1","2.6",[19,49,21,22,23],"guild","http:\u002F\u002Ftimsworld.nfshost.com\u002Fwordpress-plugins\u002Fwow-guild-wp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwow-guild.1.5.zip",100,"2026-03-15T10:48:56.248Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":33,"downloaded":62,"rating":52,"num_ratings":63,"last_updated":17,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":66,"homepage":67,"download_link":68,"security_score":52,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":53},"wowpi","WoWpi","2.5.2","avenirer","https:\u002F\u002Fprofiles.wordpress.org\u002Favenirer\u002F","\u003Cp>\u003Cstrong>ATTENTION: AFTER AN UPDATE IT IS IMPORTANT TO GO TO THE SETTINGS OF THE PLUGIN AND DO A SAVE, IN ORDER TO CLEAR THE OLD DATA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Highlights\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Guild Roster\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guild Progression (as I see it…)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guild Achievements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guild Tabard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Character Datasheets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Realm status\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin allows you to get your character data from Battle.net API service. The plugin uses caching of 12 hours, so you don’t have to worry about reaching the quota established by the Battle.net. Also, for general data, like classes, factions, races and so on, the cache is set for 14 days. If you however find yourself in the position to show data that appeared between the refresh of caches you can go to the admin section and save your data again, which will simply destroy all cache.\u003C\u002Fp>\n\u003Cp>For example, a new expansion appeared in World of Warcraft with and you created a new character of a race that didn’t exist before the expansion. In order to show that race you need to refresh the cache. Just go to WoWpi settings and push the save button. That’s it.\u003C\u002Fp>\n\u003Cp>The plugin allows you to choose if you want to include the Tooltip script from Wowhead (the one that shows a tooltip on mouseover). More info on the Tooltip can be found here (http:\u002F\u002Fwww.wowhead.com\u002Ftooltips).\u003C\u002Fp>\n\u003Cp>Also, when retrieving the Guild Tabard, the plugin uses a personal script located at http:\u002F\u002Fwow-hunter.ro\u002Ftabard-creator (by the way, my wow blog is http:\u002F\u002Fwow-hunter.ro)\u003C\u002Fp>\n","The WoWpi plugin allows you to retrieve data from Battle.net API regarding your World of Warcraft character and\u002For guild.",8854,12,"4.9.29","3.0.1",[19,22,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwowpi\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwowpi.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":11,"downloaded":77,"rating":52,"num_ratings":78,"last_updated":17,"tested_up_to":79,"requires_at_least":17,"requires_php":17,"tags":80,"homepage":84,"download_link":85,"security_score":52,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":53},"warcraft-bundle","Warcraft Bundle","2.3.2","leaklords","https:\u002F\u002Fprofiles.wordpress.org\u002Fkwark\u002F","\u003Cp>WoW collection for wordpress. 4 widgets: widget guild Perks, widget official server informations, widget guild achievements, widget guild news. 4 pages with shortcodes: guild perks pages, guild roster pages, guild progress page, guild datas page. Also character signatures with shortcode.\u003C\u002Fp>\n\u003Cp>You must update this plugin manualy (130 mo of files is not supported with the automatic upgrade WordPress from most hosters).\u003C\u002Fp>\n\u003Cp>There is the theme was build for the plugin. It’s the first developmement I made but it’s work correctly without any css change with the warcraft-bundle. You may preview @ http:\u002F\u002Fstyle-cataclysm.com and purchase @ http:\u002F\u002Fkwark.allwebtuts.net\u003C\u002Fp>\n\u003Cp>You host must support php5.2.X and allow_url_fopen\u003C\u002Fp>\n\u003Cp>This plugin is non-affiliate with Blizzard entertainment. Images are trademarked and are the propriety of Blizzard Entertainment. Api policy rules http:\u002F\u002Fblizzard.github.com\u002Fapi-wow-docs\u002F#policies-and-support\u002Fapi-policy\u003C\u002Fp>\n\u003Cp>Happy Christmas\u003C\u002Fp>\n\u003Cp>FIRST STEP\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define some information in Dashboard > Warcraft Bundle (mandatory guild name, server name and mandatory only for progress page, GM character name)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PAGES\u003C\u002Fp>\n\u003Cp>Add a page roster\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create your page “roster” or “members” under wordpress and add in the content before publish\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This page is under cron task to generate a cache of this page in html format\u003C\u002Fp>\n\u003Cp>[warcraft type=”guild members page”]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Add a page perks\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create your page “perks” or “avantages” under wordpress and add in the content before publish\u003C\u002Fp>\n\u003Cp>[warcraft type=”guild perks page”]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Add page progression\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create your page “progression” or “down” under wordpress and add in the content before publish\u003C\u002Fp>\n\u003Cp>[warcraft type=”guild progress page”]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Add page datas\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create your page “datas” or “loot” or “news” under wordpress and add in the content before publish\u003C\u002Fp>\n\u003Cp>[warcraft type=”guild datas page”]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>More option for datas page\u003C\u002Fp>\n\u003Cp>[warcraft type=”guild datas page” column=”4″ sort=”1″ stuff=”seperate” limit=”30″]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>Column, start @ 1\u003C\u002Fli>\n\u003Cli>sort, 0 or 1 for asc\u002Fdesc\u003C\u002Fli>\n\u003Cli>Limit, the limit of entries to display\u003C\u002Fli>\n\u003Cli>stuff, may take parameters full or seperate (and if defined, add one or two zone under the main list)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>WIDGETS\u003C\u002Fp>\n\u003Cp>Widget Perks\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag – drop the widget and define the inputs (title, limit and the type of displaying icon or full)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Widget Server\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag – drop the widget and define the input (server) with the exact InGame server name (majuscule, minuscule, apostrophe needed)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Widget News\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag – drop the widget and define the input (title, limit)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Widget Achievements\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag – drop the widget and define the input (title, limit)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>SIGNATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>work only if this character is in the guild defined in Dashboard > warcraft bundle\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Work in some forums plugin in a signature spaces\u003C\u002Fp>\n\u003Cp>[warcraft type=”signature” character=”…”]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Where \u003Ccode>...\u003C\u002Fcode> is the exact name from your character in this guild\u003C\u002Fp>\n","Warcraft Bundle for WordPress. World of Warcraft collection pages and widgets for WordPress.",5169,1,"3.4.2",[81,82,83,22,23],"widget-guild-news","widget-guild-perks","widget-server-news","http:\u002F\u002Fkwark.allwebtuts.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwarcraft-bundle.zip",{"slug":87,"name":88,"version":89,"author":58,"author_profile":59,"description":90,"short_description":91,"active_installs":11,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":101,"download_link":102,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wowpi-guild","WoWpi Guild","1.4.5","\u003Cp>This plugin started from an older plugin named WoWpi. That plugin was developped with the gamer in mind. But then, it seemed that a lot of guilds wanted to use the plugin for their needs. So that plugin kept evolving until it couldn’t anymore.\u003C\u002Fp>\n\u003Cp>This time I am working on a plugin that revolves around guilds in World of Warcraft. I hope it will evolve further, becoming the go to tool for a guild’s website needs.\u003C\u002Fp>\n\u003Ch4>Highlights\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Guild Roster\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Character post types\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recruitment Widget\u003C\u002Fstrong>\u003C\u002Fp>\n","You want a proper World of Warcraft's guild website but you don't know how? Look no further. This is the plugin for your guild's needs.",2026,74,3,"2021-01-07T13:47:00.000Z","5.4.19","4.7","7.0",[19,49,100,22,23],"roster","http:\u002F\u002Fwowpi-guild","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwowpi-guild.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":52,"num_ratings":94,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":17,"tags":116,"homepage":122,"download_link":123,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"html-special-characters-helper","HTML Special Characters Helper","2.2","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Add an admin widget labeled “HTML Special Characters” that is present in the admin Add\u002FEdit Post and Add\u002FEdit Page pages. Clicking on any special character in the widget causes its character encoding to be inserted into the post body text field at the current cursor location (or at the end of the post if the cursor isn’t located in the post body field). Hovering over any of the special characters in the admin widget causes hover text to appear that shows the HTML entity encoding for the character as well as the name of the character.\u003C\u002Fp>\n\u003Cp>Note that when used in the visual editor mode the special character itself is added to the post body. Also note that the visual editor has its own special characters popup helper accessible via the advanced toolbar, which depending on your usage, may make this plugin unnecessary for you. In truth, the plugin is intended more for the non-visual (aka HTML) mode as that is the mode I (the plugin author) use.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fhtml-special-characters-helper\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhtml-special-characters-helper\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The plugin exposes two filters for hooking. Typically, code making use of filters should ideally be put into a mu-plugin or site-specific plugin (which is beyond the scope of this readme to explain).\u003C\u002Fp>\n\u003Ch4>c2c_html_special_characters (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_html_special_characters’ hook allows you to remove existing characters or entire groups of characters, and\u002For add new characters or groups of characters.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$codes (array) : An association array in which the keys are a grouping name and the values are associative arrays themselves with the code as the key and the human-friendly descriptions as the values.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * Add a new grouping of characters (accented 'A's).\n *\n * @param array $characters Default HTML special characters.\n * @return array\n *\u002F\nfunction more_html_special_characters( $characters ) {\n    $characters['accented_a'] = array(\n        'name'     => 'Accented A',\n        'À' => 'A grave accent',\n        'Á' => 'A accute accent',\n        'Â'  => 'A circumflex',\n        'Ã' => 'A tilde',\n        'Ä'   => 'A umlaut',\n        'Å'  => 'A ring',\n        'Æ'  => 'AE ligature',\n    );\n    return $characters; \u002F\u002F Important!\n}\nadd_filter( 'c2c_html_special_characters', 'more_html_special_characters' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_html_special_characters_post_type (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_html_special_characters_post_type’ hook allows you to specify which post_types for which the HTML Special Characters metabox should be shown.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$post_types (array) : An array of post types. By default, this value is \u003Ccode>array( 'page', 'post' )\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * Show HTML Special Characters Helper for additional post_types.\n *\n * @param array $post_types Arry of post types.\n * @return array\n *\u002F\nfunction more_html_special_characters_post_types( $post_types ) {\n    $post_types[] = 'products'; \u002F\u002F Show for products\n    unset( $post_types['page'] ); \u002F\u002F Don't show for pages\n    return $post_types;\n}\nadd_filter( 'c2c_html_special_characters_post_types', 'more_html_special_characters_post_types' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Admin widget on the Add\u002FEdit Post pages for inserting HTML encodings of special characters into the post.",200,38064,"2017-02-22T07:32:00.000Z","4.7.32","4.6",[117,118,119,120,121],"admin-widget","dbx","html-special-characters","post","write-post","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fhtml-special-characters-helper\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-special-characters-helper.2.2.zip",{"attackSurface":125,"codeSignals":149,"taintFlows":338,"riskAssessment":356,"analyzedAt":370},{"hooks":126,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":148,"entryPointCount":78,"unprotectedCount":13},[127,133,137],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","widgets_init","WoWArmoryWidgetInit","wow-armory.php",705,{"type":128,"name":134,"callback":135,"file":131,"line":136},"admin_menu","WoWArmoryAddPages",707,{"type":128,"name":138,"callback":139,"file":131,"line":140},"admin_init","wowarmory_admin_scripts",708,[],[],[144],{"tag":145,"callback":146,"file":131,"line":147},"wowarmory","WoWArmoryFromShortcode",706,[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":153,"fileOperations":78,"externalRequests":78,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":337},[],{"prepared":78,"raw":13,"locations":152},[],{"escaped":13,"rawEcho":154,"locations":155},113,[156,160,163,165,167,169,171,173,174,176,177,178,180,181,183,184,185,187,188,190,191,193,194,195,197,198,200,201,203,205,207,209,210,211,213,214,216,217,218,220,221,223,224,225,227,228,230,231,232,234,235,237,238,240,241,243,244,246,247,249,250,252,254,255,257,259,261,263,264,266,267,269,270,272,274,275,277,278,279,281,282,284,285,287,289,290,292,293,295,297,298,300,301,303,305,306,308,309,311,313,314,316,318,320,321,322,324,326,328,330,331,333,335],{"file":157,"line":158,"context":159},"includes\\functions.php",467,"raw output",{"file":161,"line":162,"context":159},"includes\\getRealms.php",16,{"file":131,"line":164,"context":159},309,{"file":131,"line":166,"context":159},310,{"file":131,"line":168,"context":159},313,{"file":131,"line":170,"context":159},314,{"file":131,"line":172,"context":159},347,{"file":131,"line":172,"context":159},{"file":131,"line":175,"context":159},348,{"file":131,"line":175,"context":159},{"file":131,"line":175,"context":159},{"file":131,"line":179,"context":159},351,{"file":131,"line":179,"context":159},{"file":131,"line":182,"context":159},352,{"file":131,"line":182,"context":159},{"file":131,"line":182,"context":159},{"file":131,"line":186,"context":159},355,{"file":131,"line":186,"context":159},{"file":131,"line":189,"context":159},356,{"file":131,"line":189,"context":159},{"file":131,"line":192,"context":159},360,{"file":131,"line":192,"context":159},{"file":131,"line":192,"context":159},{"file":131,"line":196,"context":159},363,{"file":131,"line":196,"context":159},{"file":131,"line":199,"context":159},364,{"file":131,"line":199,"context":159},{"file":131,"line":202,"context":159},367,{"file":131,"line":204,"context":159},368,{"file":131,"line":206,"context":159},369,{"file":131,"line":208,"context":159},375,{"file":131,"line":208,"context":159},{"file":131,"line":208,"context":159},{"file":131,"line":212,"context":159},376,{"file":131,"line":212,"context":159},{"file":131,"line":215,"context":159},378,{"file":131,"line":215,"context":159},{"file":131,"line":215,"context":159},{"file":131,"line":219,"context":159},379,{"file":131,"line":219,"context":159},{"file":131,"line":222,"context":159},381,{"file":131,"line":222,"context":159},{"file":131,"line":222,"context":159},{"file":131,"line":226,"context":159},382,{"file":131,"line":226,"context":159},{"file":131,"line":229,"context":159},384,{"file":131,"line":229,"context":159},{"file":131,"line":229,"context":159},{"file":131,"line":233,"context":159},385,{"file":131,"line":233,"context":159},{"file":131,"line":236,"context":159},387,{"file":131,"line":236,"context":159},{"file":131,"line":239,"context":159},388,{"file":131,"line":239,"context":159},{"file":131,"line":242,"context":159},390,{"file":131,"line":242,"context":159},{"file":131,"line":245,"context":159},391,{"file":131,"line":245,"context":159},{"file":131,"line":248,"context":159},398,{"file":131,"line":248,"context":159},{"file":131,"line":251,"context":159},399,{"file":131,"line":253,"context":159},402,{"file":131,"line":253,"context":159},{"file":131,"line":256,"context":159},403,{"file":131,"line":258,"context":159},435,{"file":131,"line":260,"context":159},438,{"file":131,"line":262,"context":159},451,{"file":131,"line":262,"context":159},{"file":131,"line":265,"context":159},452,{"file":131,"line":265,"context":159},{"file":131,"line":268,"context":159},454,{"file":131,"line":268,"context":159},{"file":131,"line":271,"context":159},459,{"file":131,"line":273,"context":159},460,{"file":131,"line":273,"context":159},{"file":131,"line":276,"context":159},462,{"file":131,"line":276,"context":159},{"file":131,"line":158,"context":159},{"file":131,"line":280,"context":159},468,{"file":131,"line":280,"context":159},{"file":131,"line":283,"context":159},470,{"file":131,"line":283,"context":159},{"file":131,"line":286,"context":159},477,{"file":131,"line":288,"context":159},478,{"file":131,"line":288,"context":159},{"file":131,"line":291,"context":159},480,{"file":131,"line":291,"context":159},{"file":131,"line":294,"context":159},485,{"file":131,"line":296,"context":159},486,{"file":131,"line":296,"context":159},{"file":131,"line":299,"context":159},488,{"file":131,"line":299,"context":159},{"file":131,"line":302,"context":159},493,{"file":131,"line":304,"context":159},494,{"file":131,"line":304,"context":159},{"file":131,"line":307,"context":159},496,{"file":131,"line":307,"context":159},{"file":131,"line":310,"context":159},503,{"file":131,"line":312,"context":159},504,{"file":131,"line":312,"context":159},{"file":131,"line":315,"context":159},586,{"file":131,"line":317,"context":159},661,{"file":131,"line":319,"context":159},662,{"file":131,"line":319,"context":159},{"file":131,"line":319,"context":159},{"file":131,"line":323,"context":159},663,{"file":131,"line":325,"context":159},664,{"file":131,"line":327,"context":159},665,{"file":131,"line":329,"context":159},666,{"file":131,"line":329,"context":159},{"file":131,"line":332,"context":159},667,{"file":131,"line":334,"context":159},670,{"file":131,"line":336,"context":159},695,[],[339],{"entryPoint":340,"graph":341,"unsanitizedCount":78,"severity":355},"\u003Cfunctions> (includes\\functions.php:0)",{"nodes":342,"edges":352},[343,347],{"id":344,"type":345,"label":346,"file":157,"line":158},"n0","source","$_REQUEST['cname']",{"id":348,"type":349,"label":350,"file":157,"line":158,"wp_function":351},"n1","sink","echo() [XSS]","echo",[353],{"from":344,"to":348,"sanitized":354},false,"low",{"summary":357,"deductions":358},"The \"wow-armory\" plugin v8.4.3 exhibits a mixed security posture.  On the positive side, it has no known historical vulnerabilities (CVEs) and its single SQL query is properly prepared.  The attack surface is minimal, with no AJAX handlers or REST API routes, and the sole shortcode appears to have no direct unauthenticated entry points based on the provided data.  However, significant concerns arise from the static code analysis.  A critical finding is that 100% of its output is not properly escaped, posing a substantial risk of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, the plugin lacks nonce checks and capability checks entirely, which are fundamental security mechanisms for protecting against various attacks, especially if any hidden or unintended entry points exist or are introduced in future updates. The presence of a flow with unsanitized paths, even if not flagged as critical or high severity, warrants attention due to its inherent risk. The absence of any recorded vulnerabilities in its history might suggest a lack of rigorous security testing or that potential vulnerabilities have not yet been discovered or exploited.",[359,362,365,367],{"reason":360,"points":361},"0% output escaping",8,{"reason":363,"points":364},"No nonce checks",5,{"reason":366,"points":364},"No capability checks",{"reason":368,"points":369},"Flows with unsanitized paths",7,"2026-03-17T01:20:02.012Z",{"wat":372,"direct":379},{"assetPaths":373,"generatorPatterns":375,"scriptPaths":376,"versionParams":377},[374],"\u002Fwp-content\u002Fplugins\u002Fwow-armory\u002Fcss\u002Fstyle.css",[],[],[378],"wow-armory\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":380,"htmlComments":382,"htmlAttributes":383,"restEndpoints":384,"jsGlobals":385,"shortcodeOutput":387},[381],"widget_wow_armory",[],[],[],[386],"wowhead",[]]