[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHnXxD5Yv_BX0SbFaQ7dyUj3pe2wQNogARh6xHu9ZXd4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":14,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":60,"crawl_stats":37,"alternatives":68,"analysis":173,"fingerprints":209},"wp-file-get-contents","JSM file_get_contents() Shortcode","2.7.1","JS Morisset","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsmoriss\u002F","\u003Cp>A safe and reliable WordPress shortcode for PHP’s file_get_contents() function.\u003C\u002Fp>\n\u003Ch4>Shortcode Attributes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>body = Keep only the content between \u003Cbody>\u003C\u002Fbody> HTML tags (default is true).\u003C\u002Fli>\n\u003Cli>cache = Number of seconds to cache the contents (defaults is 3600 seconds).\u003C\u002Fli>\n\u003Cli>class = Add a class to the content ‘div’ container (default is none).\u003C\u002Fli>\n\u003Cli>code = Wrap the content in a \u003Ccode>\u003C\u002Fcode> container (default is false).\u003C\u002Fli>\n\u003Cli>code_class = Add a class to the ‘code’ container (default is none).\u003C\u002Fli>\n\u003Cli>code_lang = Escape HTML characters, wrap the content in a \u003Cpre>\u003Ccode>\u003C\u002Fcode>\u003C\u002Fpre> container, and add a language class to the ‘code’ container (default is none).\u003C\u002Fli>\n\u003Cli>esc_html = Escape HTML characters (default is false).\u003C\u002Fli>\n\u003Cli>esc_html_pre_code = Escape HTML characters and wrap the content in a \u003Cpre>\u003Ccode>\u003C\u002Fcode>\u003C\u002Fpre> container (default is false).\u003C\u002Fli>\n\u003Cli>file = Path to a local file (\u003Cstrong>relative\u003C\u002Fstrong> to the wp-content\u002F folder).\u003C\u002Fli>\n\u003Cli>filter = Apply the named filter to the content (default is none).\u003C\u002Fli>\n\u003Cli>more = Add a more link on non-singular web pages (default is true).\u003C\u002Fli>\n\u003Cli>pre = Wrap the content in a \u003Cpre>\u003C\u002Fpre> container (default is false).\u003C\u002Fli>\n\u003Cli>pre_class = Add a class to the ‘pre’ container (default is none).\u003C\u002Fli>\n\u003Cli>pre_code = Wrap the content in a \u003Cpre>\u003Ccode>\u003C\u002Fcode>\u003C\u002Fpre> container (default is false).\u003C\u002Fli>\n\u003Cli>pre_lang = Escape HTML characters, wrap the content in a \u003Cpre>\u003Ccode>\u003C\u002Fcode>\u003C\u002Fpre> container, and add a language class to the ‘pre’ container (default is none).\u003C\u002Fli>\n\u003Cli>pre_title = Add a title to the ‘pre’ container (default is none).\u003C\u002Fli>\n\u003Cli>url = URL or file URI.\u003C\u002Fli>\n\u003Cli>utf8 = Encode HTML entities (default is true).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>Note that all file paths (not URLs) are \u003Cstrong>relative\u003C\u002Fstrong> to the wp-content\u002F folder. For security reasons, it is not possible to include files outside the wp-content\u002F folder. As an example, the shortcode attributes \u003Ccode>url=\"file:\u002F\u002Fdir\u002Ffile.html\"\u003C\u002Fcode> and \u003Ccode>file=\"\u002Fdir\u002Ffile.html\"\u003C\u002Fcode> are both read as wordpress\u002Fwp-contents\u002Fdir\u002Ffile.html. The \u003Ccode>..\u003C\u002Fcode> folder name is also stripped from file paths to prevent backing out of the wp-content\u002F folder.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Shortcode Name\u003C\u002Fh4>\n\u003Cp>The WPFGC_SHORTCODE_NAME constant can be defined in your wp-config.php file to add an additional custom shortcode name (the default shortcode names are ‘wp-file-get-contents’ and ‘wpfgc’).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPFGC_SHORTCODE_NAME', 'include' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[wpfgc url=\"http:\u002F\u002Fexample.com\u002Fdir\u002Ffile.html\"]\n\n[wpfgc url=\"http:\u002F\u002Fexample.com\u002Fcounter\u002F\" cache=\"7200\"]\n\n[wpfgc url=\"file:\u002F\u002Fdir\u002Ffile.html\"]\n\n[wpfgc file=\"\u002Fdir\u002Ffile.txt\" pre=\"true\" filter=\"my_custom_filter_name\" cache=\"600\"]\n\n[wpfgc file=\"examples\u002Fexample-1.php\" code_lang=\"php\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A safe and reliable WordPress shortcode for PHP's file_get_contents() function.",300,13359,100,1,"2026-03-11T18:14:00.000Z","6.9.4","6.0","7.4.33",[20,21,22,23,24],"file","file_get_contents","include","shortcode","url","https:\u002F\u002Fsurniaulula.com\u002Fextend\u002Fplugins\u002Fwp-file-get-contents\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-file-get-contents.2.7.1.zip",77,2,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32,46],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58653","jsm-filegetcontents-shortcode-authenticated-contributor-stored-cross-site-scripting","JSM file_get_contents() Shortcode \u003C= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The JSM file_get_contents() Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.7.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:46:54",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F250ce6a5-d479-419b-b2b0-306895f2b782?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":51,"patched_in_version":6,"severity":39,"cvss_score":52,"cvss_vector":53,"vuln_type":54,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2023-6991","jsm-filegetcontents-shortcode-authenticated-contributor-server-side-request-forgery-via-shortcode","JSM file_get_contents() Shortcode \u003C= 2.7.0 - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode","The JSM file_get_contents() Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.7.0 via the wpfgc shortcode. This makes it possible for authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","\u003C=2.7.0",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2023-12-21 00:00:00","2024-01-22 19:56:02",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F191d5bcc-70d8-430b-9215-00ffdc04be87?source=api-prod",33,{"slug":61,"display_name":7,"profile_url":8,"plugin_count":62,"total_installs":63,"avg_security_score":64,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},"jsmoriss",31,32650,99,12,93,"2026-04-04T09:20:52.166Z",[69,95,115,136,154],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":13,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":90,"download_link":91,"security_score":92,"vuln_count":14,"unpatched_count":93,"last_vuln_date":94,"fetched_at":30},"wp-custom-author-url","WP Custom Author URL","2.1.0","Poodle Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpoodleplugins\u002F","\u003Cp>This plugin will allow you to choose a custom URL for your author links, instead of the standard WordPress author page.\u003Cbr \u002F>\nThis can be useful if you want to link to your own Twitter, LinkedIn or other social media profile.\u003C\u002Fp>\n\u003Cp>There are two areas where this plugin can be configured:\u003C\u002Fp>\n\u003Cp>Firstly, a global settings section is available under WordPress Settings. Second, under each users profile page.\u003C\u002Fp>\n\u003Cp>A user can set their own custom URL on their profile page, and this will apply just to them.\u003Cbr \u002F>\nThis can can be overriden by the global admin setting, if the ‘Override Individual Authors’ setting is checked.\u003C\u002Fp>\n\u003Cp>Custom author URL’s also redirect author pages when directly accessed.\u003Cbr \u002F>\nFor example if your user is called Bob, and you try to access https:\u002F\u002Fyourblog.com\u002Fauthor\u002Fbob, it will redirect.\u003C\u002Fp>\n","Set a custom URL for your author name link, on a global or author-specific basis. Also redirects all author pages.",5000,27788,8,"2024-11-01T23:23:00.000Z","6.7.5","3.0.1","5.6",[85,86,87,88,89],"author","author-url","banner","custom-url","profile","https:\u002F\u002Fpoodleplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-author-url.2.1.0.zip",92,0,"2023-04-18 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":13,"num_ratings":28,"last_updated":105,"tested_up_to":16,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":113,"download_link":114,"security_score":13,"vuln_count":93,"unpatched_count":93,"last_vuln_date":37,"fetched_at":30},"basic-url-shortcodes","Basic URL ShortCodes","4.0.2","Vikas Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevikas301\u002F","\u003Cp>Sometimes you need to display your website’s base URL, active theme URL or uploads folder URL directly inside your content editor.\u003C\u002Fp>\n\u003Cp>Basic URL Shortcodes allows you to easily insert important WordPress URLs using simple shortcodes inside posts, pages and widgets.\u003C\u002Fp>\n\u003Ch4>Available Shortcodes\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>[home_url]\u003C\u002Fstrong>\u003Cbr \u002F>\nOutputs the website’s home URL (as set in WordPress Settings).\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\nhttp:\u002F\u002Flocalhost\u002Fwp-demo\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[theme_url_template]\u003C\u002Fstrong>\u003Cbr \u002F>\nOutputs the URL of the currently active theme (child theme supported).\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\nhttp:\u002F\u002Flocalhost\u002Fwp-demo\u002Fwp-content\u002Fthemes\u002Fmytheme\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[UPLOAD_URL]\u003C\u002Fstrong>\u003Cbr \u002F>\nOutputs the base URL of the WordPress uploads directory.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\nhttp:\u002F\u002Flocalhost\u002Fwp-demo\u002Fwp-content\u002Fuploads\u003C\u002Fp>\n\u003Cp>These shortcodes are useful when building custom layouts, inserting dynamic links or when theme customization options are limited.\u003C\u002Fp>\n\u003Cp>Lightweight, simple and fully compatible with modern WordPress editors.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin uses the GPLv3 license.\u003C\u002Fp>\n","Provides simple shortcodes to output essential WordPress URLs inside posts, pages and widgets.",3000,7450,"2026-02-28T05:52:00.000Z","4.0.0","",[109,110,23,111,112],"basic-url","rockon","stylesheet","template","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbasic-url-shortcodes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-url-shortcodes.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":82,"requires_php":107,"tags":129,"homepage":133,"download_link":134,"security_score":135,"vuln_count":93,"unpatched_count":93,"last_vuln_date":37,"fetched_at":30},"relative-url-shortcode","Relative URL ShortCode","1.1.0","mainsufian","https:\u002F\u002Fprofiles.wordpress.org\u002Fmainsufian\u002F","\u003Cp>Now its easy to change domains and move your wordpress blog from subdomain to parent domain like from localhost to live domain you just need to use this shortcode [base_url] as your base url and images So now all links and images are fine after transfer site from localhost to live you don’t need to adjust links after change domain.\u003C\u002Fp>\n\u003Cp>ShortCode\u003Cbr \u002F>\n[base_url]\u003C\u002Fp>\n","Now its easy to change domains and keep links and images fine you just need to use this shortcode [base_url] as your base url for links and images.",600,5840,90,4,"2023-02-21T10:03:00.000Z","6.1.10",[130,131,132,23,24],"addshortcode","relative","relative_url","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelative-url-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frelative-url-shortcode.zip",85,{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":13,"num_ratings":28,"last_updated":146,"tested_up_to":147,"requires_at_least":148,"requires_php":107,"tags":149,"homepage":152,"download_link":153,"security_score":135,"vuln_count":93,"unpatched_count":93,"last_vuln_date":37,"fetched_at":30},"peters-blog-url-shortcodes","Peter’s Blog URL Shortcodes","0.4","Peter","https:\u002F\u002Fprofiles.wordpress.org\u002Fpkthree\u002F","\u003Cp>Adds shortcodes [blogurl], [posturl], [templateurl], and [childtemplateurl] for WordPress 2.6 and up. Use [blogurl] to generate your site URL. It offers the parameters “slash” and “noslash” (to add a trailing slash; [templateurl] and [childtemplateurl] also support this), as well as “uploads” to produce the URL of the uploads folder and “wordpress” to produce the URL of your WP files. Use [posturl id=3] (replace “3” with a post ID) to generate the permalink for any post.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>[blogurl] will generate \u003Ccode>http:\u002F\u002Fwww.yoursite.com\u002F\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[blogurl wordpress] will generate the URL to the root of your WordPress files, if they are in a different location than your site root\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[blogurl noslash] will generate \u003Ccode>http:\u002F\u002Fwww.yoursite.com\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[blogurl uploads] will generate \u003Ccode>http:\u002F\u002Fwww.yoursite.com\u002Fwp-content\u002Fuploads\u002F\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[blogurl uploads noslash] will generate \u003Ccode>http:\u002F\u002Fwww.yoursite.com\u002Fwp-content\u002Fuploads\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[posturl id=375] will generate the correct permalink for the post with an ID of 375; for example, \u003Ca href=”[posturl id=375]”>post about this plugin\u003C\u002Fa> would generate \u003Ca href=\"http:\u002F\u002Fwww.theblog.ca\u002Fblog-url-shortcodes\" title=\"From Peter's Useful Crap\" rel=\"nofollow ugc\">post about this plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[templateurl] will generate the URL to your parent theme’s root\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[childtemplateurl] will generate the URL to your child theme’s root\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 2.6 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n","Use shortcodes for blog URLs, post URLs, and template URLs so that your posts always have the correct internal links.",400,11231,"2015-11-19T01:47:00.000Z","4.8.28","2.6",[150,151,23,24],"admin","post","http:\u002F\u002Fwww.theblog.ca\u002Fblog-url-shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpeters-blog-url-shortcodes.zip",{"slug":155,"name":156,"version":157,"author":158,"author_profile":159,"description":160,"short_description":161,"active_installs":162,"downloaded":163,"rating":13,"num_ratings":164,"last_updated":165,"tested_up_to":166,"requires_at_least":167,"requires_php":83,"tags":168,"homepage":171,"download_link":172,"security_score":13,"vuln_count":93,"unpatched_count":93,"last_vuln_date":37,"fetched_at":30},"get-filesize-shortcode","Get Filesize Shortcode","1.3.0","ikaring","https:\u002F\u002Fprofiles.wordpress.org\u002Fikaring\u002F","\u003Cp>“Get Filesize Shortcode” is a simple shortcode to get filesize of a file( eg. PDF, JPG, PNG … ) with a human readable format, using the largest unit the bytes will fit into.\u003Cbr \u002F>\nNow added Get filesize block to display file link with file size.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Put \u003Ccode>[filesize]http:\u002F\u002Fyoursite.com\u002Fpath\u002Fto\u002Ffile.pdf[\u002Ffilesize]\u003C\u002Fcode> anywhere in a post.\u003C\u002Fp>\n\u003Cp>Or you can use url attr instead. \u003Ccode>[filesize url='http:\u002F\u002Fyoursite.com\u002Fpath\u002Fto\u002Ffile.pdf']\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Also you can place \u003Ccode>\u003C?php echo do_shortcode('[filesize]http:\u002F\u002Fyoursite.com\u002Fpath\u002Fto\u002Ffile.pdf[\u002Ffilesize]'); ?>\u003C\u002Fcode> in your templates.\u003C\u002Fp>\n\u003Cp>As to “Get filesize” block, search ‘get filesize’ in Text block category and insert it.\u003Cbr \u002F>\nSet file title and file url, and it generates a text link to the file with file size afterwards.\u003Cbr \u002F>\nYou can toggle Preview\u002FEdit by clicking Preview\u002FEdit button in toolbar of the block.\u003C\u002Fp>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>File must be in your server\u003C\u002Fli>\n\u003Cli>With files larger than 2MB, it might return different number due to the spec of filesize function of PHP.\u003C\u002Fli>\n\u003C\u002Ful>\n","\"Get Filesize Shortcode\" is a simple shortcode to get filesize of a file( eg. PDF, JPG, PNG ... ).",200,4538,3,"2025-07-15T06:42:00.000Z","6.8.5","5.8",[169,170,23],"filesize","pdf","http:\u002F\u002Fika-ring.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fget-filesize-shortcode.zip",{"attackSurface":174,"codeSignals":190,"taintFlows":198,"riskAssessment":199,"analyzedAt":208},{"hooks":175,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":93,"unprotectedCount":93},[176,182],{"type":177,"name":178,"callback":179,"file":180,"line":181},"action","plugins_loaded","init_textdomain","wp-file-get-contents.php",48,{"type":177,"name":183,"callback":184,"file":180,"line":185},"save_post","clear_post_cache",63,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":194,"fileOperations":14,"externalRequests":93,"nonceChecks":93,"capabilityChecks":93,"bundledLibraries":197},[],{"prepared":93,"raw":93,"locations":193},[],{"escaped":195,"rawEcho":93,"locations":196},11,[],[],[],{"summary":200,"deductions":201},"The \"wp-file-get-contents\" plugin v2.7.1 exhibits a mixed security posture.  Static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, no unprotected entry points. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and ensuring all output is properly escaped. There are no identified dangerous functions, external HTTP requests, or bundled libraries to raise immediate concern, and the taint analysis shows no critical or high severity flows.\n\nHowever, the plugin's vulnerability history is a significant concern.  It has a total of two known CVEs, with one currently unpatched. Both historical vulnerabilities were rated as medium severity and involved Cross-site Scripting (XSS) and Server-Side Request Forgery (SSRF). The presence of an unpatched medium-severity vulnerability, especially one that has historically included SSRF risks, presents a tangible security risk.  While the current code analysis doesn't reveal these specific weaknesses, the past indicates potential for input sanitization or improper handling of external resources, which could be exploited if the underlying code has not been completely remediated or if new, related vulnerabilities emerge.\n\nIn conclusion, the plugin's code demonstrates good defensive programming in its current state, with a limited attack surface and secure handling of common vulnerabilities like SQL injection and XSS in its output. The primary weakness lies in its past and an outstanding unpatched vulnerability. Users should be aware of this history, and immediate attention should be paid to patching the known vulnerability.",[202,205],{"reason":203,"points":204},"Unpatched CVE",15,{"reason":206,"points":207},"Vulnerability history of XSS and SSRF",10,"2026-03-16T19:52:27.449Z",{"wat":210,"direct":217},{"assetPaths":211,"generatorPatterns":214,"scriptPaths":215,"versionParams":216},[212,213],"\u002Fwp-content\u002Fplugins\u002Fwp-file-get-contents\u002Fassets\u002Fcss\u002Fwpfgc-code-highlight.css","\u002Fwp-content\u002Fplugins\u002Fwp-file-get-contents\u002Fassets\u002Fjs\u002Fwpfgc-code-highlight.js",[],[],[],{"cssClasses":218,"htmlComments":220,"htmlAttributes":223,"restEndpoints":225,"jsGlobals":226,"shortcodeOutput":227},[219],"wpfgc-code-highlight",[221,222],"\u003C!-- Start: wp-file-get-contents -->","\u003C!-- End: wp-file-get-contents -->",[224],"data-wpfgc-content-hash",[],[],[228,229],"\u003Cp>\u003Cstrong>WP_FGC: \u003C\u002Fstrong>","\u003Cp>\u003Cstrong>WPFGC: "]