[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyI1B8XPsEttAGQ2SVf3PPhZ9-eYv0GvstXDjPGBpmaw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":14,"unpatched_count":14,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":43,"crawl_stats":34,"alternatives":51,"analysis":140,"fingerprints":198},"wp-github-gist","WP Github Gist","0.5","Sudar Muthu","https:\u002F\u002Fprofiles.wordpress.org\u002Fsudar\u002F","\u003Cp>WP Github Gist WordPress Plugin, provides the ability to embed gist and files from Github in your blog posts or pages. Even though Github doesn’t provide a way to embed files, this Plugin still works by using the gist-it service.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Embed Gist\u003C\u002Fh4>\n\u003Cp>To embed a gist you have to use the following shortcode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gist id = \"{GIST_ID}\" file = \"{GIST_FILE}\" width = \"{WIDTH}\" height = \"{HEIGHT}\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The following are the different attributes that you can use in the shortcode\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>id\u003C\u002Fcode> – Id of your gist.\u003C\u002Fli>\n\u003Cli>\u003Ccode>file\u003C\u002Fcode> – File inside gist that you want to display. If there is only one file in the gist, then you can ignore this.\u003C\u002Fli>\n\u003Cli>\u003Ccode>width\u003C\u002Fcode> – Width of the code wrapper. Default is \u003Ccode>100%\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>height\u003C\u002Fcode> – Height of the code wrapper. Default is \u003Ccode>100%\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>eg: \u003Ccode>[gist id = \"12345\" file = \"myfile\" width = \"100%\" height = \"100%\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Embed Github files\u003C\u002Fh4>\n\u003Cp>To embed a github file you have to use the following shortcode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[github file = \"{GITHUB_FILE}\" start_line = \"{START_LINE}\" end_line = \"{END_LINE}\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Ccode>{GITHUB_FILE}\u003C\u002Fcode> – full path to your github file. eg: If you want to embed https:\u002F\u002Fgithub.com\u002Fsudar\u002FMissileLauncher\u002Fblob\u002Fmaster\u002FMissileLauncher.cpp then \u003Ccode>{GITHUB_FILE}\u003C\u002Fcode> would be \u002Fsudar\u002FMissileLauncher\u002Fblob\u002Fmaster\u002FMissileLauncher.cpp\u003C\u002Fli>\n\u003Cli>\u003Ccode>{START_LINE}\u003C\u002Fcode> – If you want to embed only part of the file, then you can specify the starting line number (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>{END_LINE}\u003C\u002Fcode> – If you want to embed only part of the file, then you can specify the ending line number (optional)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>eg: \u003Ccode>[github file = \"\u002Fsudar\u002FMissileLauncher\u002Fblob\u002Fmaster\u002FMissileLauncher.cpp\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>if you want to embed only part of the file, then you can specify the start and end line as well\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[github file = \"\u002Fsudar\u002FMissileLauncher\u002Fblob\u002Fmaster\u002FMissileLauncher.cpp\" start_line = \"10\" end_line = \"20\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Changing Gist-it server\u003C\u002Fh3>\n\u003Cp>By default, this Plugin uses my own \u003Ca href=\"http:\u002F\u002Fgist-it.sudarmuthu.com\" rel=\"nofollow ugc\">gist-it server\u003C\u002Fa> which is hosted on a free Google App Engine account. If you expect significant amount of traffic to your blog, then do consider using your own gist-it server. You can follow the \u003Ca href=\"http:\u002F\u002Fsudarmuthu.com\u002Fwordpress\u002Fwp-github-gist\u002Fchanging-gist-it-server\" rel=\"nofollow ugc\">instructions to deploy your own gist-it server\u003C\u002Fa> and then go to the settings page to change the url.\u003C\u002Fp>\n\u003Ch3>Translation\u003C\u002Fh3>\n\u003Cp>The pot file is available with the Plugin. If you are willing to do translation for the Plugin, use the pot file to create the .po files for your language and let me know. I will add it to the Plugin after giving credit to you.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Support for the Plugin is available from the \u003Ca href=\"http:\u002F\u002Fsudarmuthu.com\u002Fwordpress\u002Fwp-github-gist\" rel=\"nofollow ugc\">Plugin’s home page\u003C\u002Fa>. If you have any questions or suggestions, do leave a comment there or contact me in \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fsudarmuthu\" rel=\"nofollow ugc\">twitter\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Readme Generator\u003C\u002Fh3>\n\u003Cp>This Readme file was generated using \u003Ca href='http:\u002F\u002Fsudarmuthu.com\u002Fwordpress\u002Fwp-readme' rel=\"nofollow ugc\">wp-readme\u003C\u002Fa>, which generates readme files for WordPress Plugins.\u003C\u002Fp>\n","Embed files and gist from Github in your blog posts or pages.",40,4928,20,1,"2021-10-13T12:18:00.000Z","5.8.13","2.8","",[20,21,22],"embed","gist","github","http:\u002F\u002Fsudarmuthu.com\u002Fwordpress\u002Fwp-github-gist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-github-gist.0.5.zip",63,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-58875","wp-github-gist-authenticated-contributor-stored-cross-site-scripting","WP Github Gist \u003C= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP Github Gist plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.5","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-10 22:09:31",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F07380092-6fe9-4f9e-ae13-3219e355dbd5?source=api-prod",{"slug":44,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"sudar",16,21300,86,30,84,"2026-04-04T14:09:01.402Z",[52,74,88,105,121],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":34,"fetched_at":27},"gist-for-robots-wordpress","Gist for Robots WordPress Plugin","1.3","Pedro Elsner","https:\u002F\u002Fprofiles.wordpress.org\u002Fpedro-elsner\u002F","\u003Cp>Drop in the embed code from github between the gist shortcode.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gist]\u003Cscript src=\"http:\u002F\u002Fgist.github.com\u002F447298.js?file=github_gist_wordpress_plugin_test.txt\">\u003C\u002Fscript>[\u002Fgist]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>or pass the ID and file (optional)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[gist id=447298 file=github_gist_wordpress_plugin_test.txt]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Makes embedding Github.com gists SEO friendly and super awesomely easy.",10,2601,100,3,"2013-12-19T11:10:00.000Z","3.7.41","2.1",[20,21,68,22,69],"git","shortcode","https:\u002F\u002Fgithub.com\u002Fpedroelsner\u002Fgist-for-robots-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgist-for-robots-wordpress.zip",85,0,{"slug":75,"name":76,"version":77,"author":18,"author_profile":78,"description":79,"short_description":80,"active_installs":60,"downloaded":81,"rating":73,"num_ratings":73,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":18,"tags":85,"homepage":86,"download_link":87,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":34,"fetched_at":27},"github-gist","GitHub Gist WordPress Plugin","1.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fjingweno\u002F","\u003Cp>GitHub Gist WordPress Plugin allows you to embed \u003Ca href=\"http:\u002F\u002Fgist.github.com\" rel=\"nofollow ugc\">GitHub Gist\u003C\u002Fa> snippets with a [gist] tag, instead of copying and pasting HTML. For example, to embed the \u003Ca href=\"http:\u002F\u002Fgist.github.com\u002F447298.js?file=github_gist_wordpress_plugin_test.txt\" rel=\"nofollow ugc\">github_gist_wordpress_plugin_test.txt\u003C\u002Fa> file from \u003Ca href=\"http:\u002F\u002Fgist.github.com\u002F447298.js\" rel=\"nofollow ugc\">gist: 447298\u003C\u002Fa>, fill in the id and file attributes in the [gist] tag:\u003C\u002Fp>\n\u003Cp>[gist id=447298 file=github_gist_wordpress_plugin_test.txt]\u003C\u002Fp>\n\u003Cp>or\u003C\u002Fp>\n\u003Cp>copy the embedding JavaScript code from GitHub and directly paste it in the body of the [gist] tag:\u003C\u002Fp>\n\u003Cp>[gist]\u003Ccode>\u003Cscript src=\"http:\u002F\u002Fgist.github.com\u002F447298.js?file=github_gist_wordpress_plugin_test.txt\">\u003C\u002Fscript>\u003C\u002Fcode>[\u002Fgist].\u003C\u002Fp>\n\u003Cp>The [gist] tag also expands the content of the embedded Gist and wraps it with “\u003Ccode>\u003Cnoscript>\u003Ccode>\u003Cpre>\u003C\u002Fcode>” so that search engine spiders, users with javascript disabled and users reading your blog through RSS will still see your code in a blog entry.\u003C\u002Fp>\n","GitHub Gist Wordpress Plugin allows you to embed GitHub Gist snippets with a [gist] tag, instead of copying and pasting HTML.",3431,"2010-09-22T07:14:00.000Z","3.0.5","2.5.1",[20,21,68,22,69],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fgithub-gist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgithub-gist.zip",{"slug":89,"name":90,"version":77,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":60,"downloaded":95,"rating":73,"num_ratings":73,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":18,"tags":99,"homepage":103,"download_link":104,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":34,"fetched_at":27},"simple-gist-embed","Simple Gist Embed","Bainternet","https:\u002F\u002Fprofiles.wordpress.org\u002Fbainternet\u002F","\u003Cp>This plugin lets you embed Github’s Gists in your posts or pages, but the main deference then all others is that this plugin also enables you to create Gists without leaving your WordPress.\u003Cbr \u002F>\nthat’s right you can create gists from within your WordPress admin.\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQ_dBkGQSU7g?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updated to the latest GitHub API V3\u003C\u002Fli>\n\u003Cli>Create Gists from your WordPress Admin panel\u003C\u002Fli>\n\u003Cli>Internal cache built-in\u003C\u002Fli>\n\u003Cli>Built in Tinymce (editor) button.\u003C\u002Fli>\n\u003Cli>Works with all posts types (post,page,custom).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>any feedback or suggestions are welcome.\u003C\u002Fp>\n\u003Cp>check out my \u003Ca href=\"http:\u002F\u002Fen.bainternet.info\u002Fcategory\u002Fplugins\" rel=\"nofollow ugc\">other plugins\u003C\u002Fa>\u003C\u002Fp>\n","This plugin lets you embed Github's Gists in your posts or pages, but the main deference is that this plugin also enables you to create Gists wit &hellip;",2026,"2011-09-13T23:52:00.000Z","3.2.1","2.9.2",[100,21,22,101,102],"embed-gist","syntax-highlight","syntax-highlighting","http:\u002F\u002Fen.bainternet.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-gist-embed.1.1.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":60,"downloaded":113,"rating":73,"num_ratings":73,"last_updated":18,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":118,"download_link":119,"security_score":62,"vuln_count":73,"unpatched_count":73,"last_vuln_date":34,"fetched_at":120},"wp-git-embed","WP-Git-Embed","0.4","Guilherme Baptista","https:\u002F\u002Fprofiles.wordpress.org\u002Fgbaptistas\u002F","\u003Cp>Embed GitHub, Gist or Bitbucket files.\u003C\u002Fp>\n\u003Cp>See: https:\u002F\u002Fgithub.com\u002Fgbaptista\u002Fwp-git-embed\u003C\u002Fp>\n","Embed GitHub, Gist or Bitbucket files.",2089,"3.4.2","3.0.1",[117,20,21,68,22],"bitbucket","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-git-embed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-git-embed.0.4.zip","2026-03-15T10:48:56.248Z",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":18,"tags":136,"homepage":138,"download_link":139,"security_score":62,"vuln_count":73,"unpatched_count":73,"last_vuln_date":34,"fetched_at":27},"github-embed","Github Embed","2.2.1","Lee Willis","https:\u002F\u002Fprofiles.wordpress.org\u002Fleewillis77\u002F","\u003Cp>Plugin that allows you to embed details from GitHub just by pasting in the URL as you would any other embed source. Currently supports:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Repositories\u003C\u002Fli>\n\u003Cli>User profiles\u003C\u002Fli>\n\u003Cli>Project milestone summaries\u003C\u002Fli>\n\u003Cli>Project contributors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Coming soon:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Gists…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin provides very basic styling, but adds classes so you can style as you see fit. If anyone has some ideas for a better default stylesheet – pull requests welcome!\u003C\u002Fp>\n\u003Cp>The main development is all going on on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fleewillis77\u002Fwp-github-oembed\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Treeware\u003C\u002Fh3>\n\u003Cp>You’re free to use this package for free, but if it makes it to your production environment please \u003Ca href=\"https:\u002F\u002Foffset.earth\u002Fademtisoftware?gift-trees\" rel=\"nofollow ugc\">buy the world a tree\u003C\u002Fa>.\u003C\u002Fp>\n","Plugin that allows you to embed details from GitHub just by pasting in the URL as you would any other embed source. Currently supports:",1000,28316,78,14,"2025-12-02T09:44:00.000Z","6.9.4","6.2",[20,22,137],"oembed","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgithub-embed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgithub-embed.2.2.1.zip",{"attackSurface":141,"codeSignals":172,"taintFlows":184,"riskAssessment":185,"analyzedAt":197},{"hooks":142,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":170,"entryPointCount":171,"unprotectedCount":73},[143,149,153,157],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","register_settings_page","wp-github-gist.php",65,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_init","add_settings",66,{"type":144,"name":154,"callback":155,"file":147,"line":156},"in_admin_footer","add_footer_links",157,{"type":144,"name":158,"callback":159,"file":147,"line":160},"init","WPGithubGist",394,[],[],[164,167],{"tag":21,"callback":165,"file":147,"line":166},"gist_shortcode_handler",69,{"tag":22,"callback":168,"file":147,"line":169},"github_shortcode_handler",70,[],2,{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":73,"externalRequests":14,"nonceChecks":73,"capabilityChecks":73,"bundledLibraries":183},[],{"prepared":73,"raw":73,"locations":175},[],{"escaped":14,"rawEcho":171,"locations":177},[178,181],{"file":147,"line":179,"context":180},142,"raw output",{"file":147,"line":182,"context":180},213,[],[],{"summary":186,"deductions":187},"The wp-github-gist plugin v0.5 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a lack of dangerous functions or file operations, significant concerns arise from the absence of security checks on its entry points and its vulnerability history.  The static analysis reveals two shortcodes as entry points, but crucially, none of these have capability checks. This means any user, regardless of their WordPress role, could potentially interact with these shortcodes, which could lead to unintended behavior or information disclosure if the shortcode's functionality is not inherently secure.\n\nThe vulnerability history is a major red flag. The plugin has a known medium severity vulnerability (CVE) from 2025-09-05, and it remains unpatched. This indicates a lack of ongoing security maintenance and a history of introducing vulnerabilities. The common vulnerability type being Cross-site Scripting (XSS) is particularly concerning, as it directly impacts user security within the WordPress environment. The presence of even one unpatched medium severity CVE suggests that the plugin might be actively exploitable, posing a tangible risk to websites using it.\n\nIn conclusion, while the code exhibits some positive security habits like prepared SQL statements, the absence of permission checks on its shortcodes and the existence of an unpatched CVE are significant weaknesses. The plugin's history suggests a potential for recurring security issues. Users should exercise extreme caution and prioritize updating or replacing this plugin.",[188,191,194],{"reason":189,"points":190},"Unpatched CVE (Medium Severity)",15,{"reason":192,"points":193},"Shortcodes without capability checks",5,{"reason":195,"points":196},"Low output escaping percentage (33%)",6,"2026-03-16T22:06:04.878Z",{"wat":199,"direct":204},{"assetPaths":200,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[],[],[],[],{"cssClasses":205,"htmlComments":206,"htmlAttributes":207,"restEndpoints":208,"jsGlobals":209,"shortcodeOutput":210},[],[],[],[],[],[211,212],"[gist","[github"]