[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fF-JGB6oQ45O2REJZiYy19FprNcgD4IUHRWLWF_8hvvM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":160,"fingerprints":248},"wp-graphviz","WP-GraphViz","1.5.1","DeBAAT","https:\u002F\u002Fprofiles.wordpress.org\u002Fdebaat\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.graphviz.org\u002F\" rel=\"nofollow ugc\">GraphViz\u003C\u002Fa> is a powerful tool for visualising network and tree structures that connect objects.\u003C\u002Fp>\n\u003Cp>This WordPress plugin provides a shortcode mechanism to create GraphViz graphics within blogs, using the shortcode mechanism.\u003C\u002Fp>\n\u003Cp>It’s working is based on the viz.js code as provided by Mike Daines:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fgithub.com\u002Fmdaines\u002Fviz.js\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Special thanks goes to chrisy as author of TFO Graphviz, e.g. for providing the inspiration for this readme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftfo-graphviz\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>How to use WP GraphViz\u003C\u002Fh3>\n\u003Cp>The shortcode syntax is:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp_graphviz \u003Coptions>]\n \u003CDOT code>\n[\u002Fwp_graphviz]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Where \u003Ccode>\u003Coptions>\u003C\u002Fcode> is anything from this list. All are entirely optional:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>id=\"\u003C\u002Fcode>\u003Cem>\u003Cid>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Provides the identifier used to link the generated image to an image map. If you use the \u003Ccode>simple\u003C\u002Fcode> option then it also provides the name of the generated DOT graph container (since GraphViz uses this to generate the image map). If not given then an identifier is generated with the form \u003Ccode>wp_graphviz_N\u003C\u002Fcode> where \u003Cem>N\u003C\u002Fem> is an integer that starts at one when the plugin is loaded and is incremented with use.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>output=\"\u003Cpng|gif|jpg|svg>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Indicates the desired image format. Defaults to \u003Ccode>png\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>simple=\"yes|no\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>The \u003Ccode>simple\u003C\u002Fcode> option provides a very basic DOT wrapper around your code such that the following is possible:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp_graphviz simple=\"yes\"] a -> b -> c; [\u002Fwp_graphviz]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The generated code would look like:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>digraph wp_graphviz_1 {\n    a -> b -> c;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See the \u003Ccode>id\u003C\u002Fcode> option for a description of where the name of the \u003Ccode>digraph\u003C\u002Fcode> comes from. \u003Ccode>simple\u003C\u002Fcode> defaults to \u003Ccode>no\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>title=\"\u003C\u002Fcode>\u003Cem>\u003Ctitle>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Indicates the title of the image. This is used in the \u003Ccode>alt\u003C\u002Fcode> and \u003Ccode>title\u003C\u002Fcode> attributes of the image reference. This defaults to an empty string. Note that image maps may indicate a \u003Ccode>title\u003C\u002Fcode> string which will appear in tool-tips.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin to provide GraphViz functionality for WordPress sites.",50,3579,80,3,"2023-07-23T14:58:00.000Z","6.2.9","5.0","",[20,21,22,23,24],"diagram","dot","graph","graphviz","network","http:\u002F\u002Fwww.de-baat.nl\u002FWP_Graphviz","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-graphviz.1.5.1.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58870","wp-graphviz-authenticated-contributor-stored-cross-site-scripting","WP-GraphViz \u003C= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP-GraphViz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.5.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-10 22:10:00",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F836a646c-af96-45eb-841d-c6bde270a27e?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"debaat",7,6080,86,5,90,"2026-04-04T16:46:11.725Z",[55,77,100,121,139],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":72,"download_link":73,"security_score":74,"vuln_count":28,"unpatched_count":75,"last_vuln_date":76,"fetched_at":30},"tfo-graphviz","TFO Graphviz","1.19","Chris Luke","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrisy\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.graphviz.org\u002F\" rel=\"nofollow ugc\">Graphviz\u003C\u002Fa> is a powerful tool for visualizing network and tree structures that connect objects.\u003C\u002Fp>\n\u003Cp>This WordPress plugin provides a shortcode mechanism to create Graphviz graphics within blogs, including image map generation and most other Graphviz features.\u003C\u002Fp>\n\u003Ch4>How to use TFO Graphviz\u003C\u002Fh4>\n\u003Cp>The shortcode syntax is:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[graphviz \u003Coptions>]\n \u003CDOT code>\n[\u002Fgraphviz]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Where \u003Ccode>\u003Coptions>\u003C\u002Fcode> is anything from this list. All are entirely optional:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>class=\"\u003C\u002Fcode>\u003Cem>\u003Ccss_class>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Adds an extra CSS class name (or names) to the \u003Ccode>img\u003C\u002Fcode> tag of the rendered graph. This is in addition to the \u003Ccode>graphviz\u003C\u002Fcode> class that is already applied.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>emitjs=\"yes|no\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Override the global setting that controls whether JavaScript is emitted as necessary. Typically this JavaScript is only produced when rendering SVG output and is intended to ensure SVG images work on most browsers. However this can sometimes be undesirable and thus this option gives some control over this.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>height=\"\u003C\u002Fcode>\u003Cem>\u003Cimage_height>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Adds a \u003Ccode>height\u003C\u002Fcode> attribute to the image tags to enable control of the image rendering. This is useful for making sure the graphic fits into a certain space and works well for SVG rendered graphs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>href=\"self|\u003C\u002Fcode>\u003Cem>\u003CURL>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Encompasses the generated image with a link either to the image itself (with the \u003Ccode>self\u003C\u002Fcode> value) or to the provided URL. If the option is empty (for example, \u003Ccode>href=\"\"\u003C\u002Fcode>) then no link is generated. This is the default.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>id=\"\u003C\u002Fcode>\u003Cem>\u003Cid>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Provides the identifier used to link the generated image to an image map. If you use the \u003Ccode>simple\u003C\u002Fcode> option then it also provides the name of the generated DOT graph container (since Graphviz uses this to generate the image map). If not given then an identifier is generated with the form \u003Ccode>tfo_graphviz_N\u003C\u002Fcode> where \u003Cem>N\u003C\u002Fem> is an integer that starts at one when the plugin is loaded and is incremented with use.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>imap=\"yes|no\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Graphviz can generate image maps using any URL’s given in the DOT code so that clicking on objects in the resultant image will direct a web browser to a new page. The effect of this option is to both instruct Graphviz to generate a client-side image map and to also insert that map into the generated HTML. It will use the \u003Ccode>id\u003C\u002Fcode> value as the name of the map (see the \u003Ccode>id\u003C\u002Fcode> option for details). \u003Ccode>imap\u003C\u002Fcode> defaults to \u003Ccode>no\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Take note that the \u003Ccode>id\u003C\u002Fcode> value specified in the shortcode tag must match the name of the graph inside your DOT; the HTML for the image map is generated by Graphviz using the name of the graph as the map id and name. This plugin uses the \u003Ccode>id\u003C\u002Fcode> specified in the shortcode tag to link the image to the map and thus these values need to match.\u003C\u002Fp>\n\u003Cp>For example, note that \u003Ccode>mymap\u003C\u002Fcode> is both the \u003Ccode>id\u003C\u002Fcode> and the graph name:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[graphviz imap=\"yes\" title=\"This is my map\" id=\"mymap\"]\ndigraph mymap {\n  input[shape=\"box\", style=\"rounded\", label=\"My label\", URL=\"\u002Fmyurl\"];\n}\n[\u002Fgraphviz]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you do not give the graph any name at all the results are undefined. Some versions of Graphviz use the string \u003Ccode>%3\u003C\u002Fcode> as the identifier in the map but this may not be universally true.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>lang=\"\u003Cdot|neato|twopi|circo|fdp>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Specifies the particular Graphviz interpreter to use. The options are \u003Ccode>dot\u003C\u002Fcode>, \u003Ccode>neato\u003C\u002Fcode>, \u003Ccode>twopi\u003C\u002Fcode>, \u003Ccode>circo\u003C\u002Fcode> and \u003Ccode>fdp\u003C\u002Fcode>. The default is \u003Ccode>dot\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>output=\"\u003Cpng|gif|jpg|svg>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Indicates the desired image format. Defaults to \u003Ccode>png\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>simple=\"yes|no\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>The \u003Ccode>simple\u003C\u002Fcode> option provides a very basic DOT wrapper around your code such that the following is possible:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[graphviz simple=\"yes\"] a -> b -> c; [\u002Fgraphviz]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The generated code would look like:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>digraph tfo_graphviz_1 {\n    a -> b -> c;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See the \u003Ccode>id\u003C\u002Fcode> option for a description of how the name of the \u003Ccode>digraph\u003C\u002Fcode> is created. \u003Ccode>simple\u003C\u002Fcode> defaults to \u003Ccode>no\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>title=\"\u003C\u002Fcode>\u003Cem>\u003Ctitle>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Indicates the title of the image. This is used in the \u003Ccode>alt\u003C\u002Fcode> and \u003Ccode>title\u003C\u002Fcode> attributes of the image reference. This defaults to an empty string. Note that image maps may indicate a \u003Ccode>title\u003C\u002Fcode> string which will appear in tool-tips.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>width=\"\u003C\u002Fcode>\u003Cem>\u003Cimage_width>\u003C\u002Fem>\u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Adds a \u003Ccode>width\u003C\u002Fcode> attribute to the image tags to enable control of the image rendering. This is useful for making sure the graphic fits into a certain space and works well for SVG rendered graphs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>method=\"\u003C\u002Fcode>\u003Cem>\u003CGraphviz|Graphlib_Dot|PHP>\u003C\u002Fem>`”\u003C\u002Fp>\n\u003Cp>Overrides the configured output generation method to use the one indicated. This is useful when the mechanism normally in use does not support a specific feature, or when developing new methods. Note that since this does not have the same tests that the settings page has it may fail in mysterious ways without letting you know that it did.\u003C\u002Fp>\n\u003Cp>In particular, note that the \u003Ccode>Graphlib_Dot\u003C\u002Fcode> method is \u003Cem>very\u003C\u002Fem> experimental at the moment.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Generates Graphviz graphics using shortcodes. Supports almost all Graphviz features (depending on the generation method in use.)",40,4548,100,2,"2019-06-23T22:17:00.000Z","5.2.24","4.2.0",[20,71,22,23,24],"flirble","http:\u002F\u002Fblog.flirble.org\u002Fprojects\u002Fgraphviz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftfo-graphviz.1.19.zip",85,0,"2015-05-25 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":98,"download_link":99,"security_score":65,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"data-diagrams","Data Diagrams: Visual Chart Editor for WordPress","1.1.6","Henrik Juul-Nyholm","https:\u002F\u002Fprofiles.wordpress.org\u002Fhenrikjuulnyholm2\u002F","\u003Cp>The plugin is an extension to WordPress for importing and integrating responsive visualising SVG data charts from data-diagrams.com. The portal gives access to 33+ different kinds of data charts. The SVG charts are imported into WordPress Media Library to be embedded into the pages in WordPress. Using a subscription with the Free PRO Edition of the plugin, the SVG diagrams are downloaded and embedded into the pages as responsive SVG using Smart Codes: [diagram id=1]\u003C\u002Fp>\n\u003Cp>The diagrams are loaded from within WordPress without API calls or iframing to external systems – giving smooth loading with the page flow. When embedded as SVG, the diagrams are loaded with the HTML without delay at all.\u003C\u002Fp>\n\u003Cp>Please download the FREE PRO Edition for much better integration of the Editor into the Admin page of the plugin.\u003C\u002Fp>\n\u003Cp>Free support by email is provided as part of any subscription starting at only $49.50 USD\u002Fyear. The “data-diagram.com” link will also disappear from the diagrams when making a subscription.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdata-diagrams.com is a web portal for easily creating data visualising SVG charts without any programming skills required. Everything is defined through an easy visual user interface. Finally, the designed diagrams are downloaded into WordPress. When data needs updates or the diagram in other ways needs changes, it is easily done through the visual editor.\u003C\u002Fp>\n\u003Cp>A model for dynamic live data integration from your own web site is provided. The diagram is produced by XML Stylesheet generating SVG from XML data. Guidance is provided on how to produce the XML data from your inhouse systems (WordPress tables or other tables). When the diagrams needs other updates than data, a new XML Stylesheet (XSL) is produced through the graphical user interface on the portal, and the XSL is replaced onto your own system making it easy to make changes on a day to day basis.\u003C\u002Fp>\n\u003Ch3>Key features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>33+ kinds of data charts for visualisation of the most complex data (up to 4-dimensional data).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Responsive SVG charts scaling to any device needed from mobiles to cinema displays.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Easy Visual Editor. No technical skills needed. Adjusting to any device.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No calls to external sources (API nor iframing) – giving smooth loading of the diagrams without delays\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Simpel integration to inhouse databases or other live data sources\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Affordable if not entirely for free.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Charts\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bar Charts (6 types with 2 variants each)\u003C\u002Fli>\n\u003Cli>Area Chars (6 types with 2 variants each)\u003C\u002Fli>\n\u003Cli>Function\u002Fline Chars (2 types with 2 variants each)\u003C\u002Fli>\n\u003Cli>Point Charts (2 types with 2 variants each)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Mixed Charts (2 types with 2 variants each)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Donut Charts (3 types)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Pie Charts (2 types)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Spider Web Charts (2 types)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Radar Web Charts (3 types)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Spider Radar Chart\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Gauge Charts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bubble Charts (3 types)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How do I use this plugin?\u003C\u002Fh3>\n\u003Cp>Follow the guide on the admin page.\u003C\u002Fp>\n\u003Ch3>How to uninstall the plugin?\u003C\u002Fh3>\n\u003Cp>Simply deactivate and delete the plugin.\u003C\u002Fp>\n\u003Ch3>Terms of Use\u003C\u002Fh3>\n\u003Cp>This Terms of Use Agreement (the “Agreement”) is between Cartouche Limited, Denmark, and the end user (“You”).\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Limited Warranty\u003Cbr \u002F>\nThe Data-Diagrams Software is provided to You under this License on an “as is” basis, without warranty or representation of any kind. The Data-Diagrams Software is provided as general purpose software and not for your particular use. You accept that Data-Diagrams and its suppliers do not represent or warrant that the Data-Diagrams Software will meet your requirements or be error or defect free or that any defects in the operation or functionality of the Data-Diagrams Software will be corrected. Data-Diagrams further expressly disclaims all warranties and conditions of any kind, whether express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property rights. Any implied warranties that cannot be excluded are limited to thirty (30) days or to the shortest period permitted by applicable law, whichever is the greater. Your use of the Data-Diagrams Software is at your sole risk and You are responsible for any decisions made and actions taken based on the Data-Diagrams Software, irrespective of any recommendations preferred by such Software. Data-Diagrams makes no representation regarding Third Party Software which may be accessed through or included with the Data-Diagrams Software.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Limitation of Liability.\u003Cbr \u002F>\nTO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCE AND UNDER NO LEGAL THEORY\u002FINSTITUTE, WHETHER IN TORT, CONTRACT OR OTHERWISE, WILL Data-Diagrams OR ITS SUPPLIERS, BE LIABLE TO YOU OR ANY THIRD PARTY BENEFICIARY FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO ANY DAMAGE FOR LOSS OF BUSINESS, LOSS OF PROFITS, LOSS OF DATA, LOSS OF PRIVACY, LOSS OF CONFIDENTIAL OR OTHER INFORMATION, COMPUTER FAILURE OR MALFUNCTION AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF, OR IN ANY WAY RELATED TO, THE USE OR THE INABILITY TO USE THE Data-Diagrams SOFTWARE, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE IN CONNECTION WITH ANY ASPECT OF THIS SOFTWARE, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY, AND EVEN IF Data-Diagrams OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL THE TOTAL LIABILITY OF Data-Diagrams OR ITS SUPPLIERS WHETHER IN TORT, CONTRACT OR OTHERWISE, EXCEED THE AMOUNT ACTUALLY PAID BY YOU FOR THE Data-Diagrams SOFTWARE (ìLICENSE FEEî). YOU ACKNOWLEDGE THAT THE LICENSE FEE REFLECTS THIS ALLOCATION OF RISK AND THAT THE LIMITATION SET FORTH IN THIS SECTION IS AN ESSENTIAL ELEMENT OF THE AGREEMENT BETWEEN THE PARTIES. Some jurisdictions do not allow the exclusion or limitation of liability, so the above limitations might not apply to You.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Indemnity\u003Cbr \u002F>\nYou will indemnify and hold Data-Diagrams harmless from any and all claims, losses, liabilities, damages, fines, penalties, costs and expenses (including attorneys fees) arising from or relating to your use of the Data-Diagrams Software. Your obligations under this section shall survive the expiration or termination of this Agreement.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Privacy\u003Cbr \u002F>\nYou agree that Data-Diagrams may collect and use information transmitted through the Data-Diagrams Software to improve its products and services. Any personal information pertaining to You, which may be held by Data-Diagrams (e.g. further to support services provided to You) shall be processed in accordance with the Data-Diagrams Privacy Policy, as it exists at any relevant time. You may access our Privacy Policy at any time at http:\u002F\u002Fwww.Data-Diagrams.com\u002Fprivacy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>General Provisions\u003Cbr \u002F>\nAny rights not expressly granted under this License Agreement are being reserved. This License is the entire agreement between You and Data-Diagrams with respect to this subject matter and supersedes any and all prior or contemporaneous oral or written agreements, representations, negotiations, any additional terms or other similar communication between the parties. If any part of this License Agreement is found to be void, unenforceable or invalid, that part will be deemed stricken and will not affect the validity of the other License provisions. Failure by either party to enforce any provision of this License will not be deemed a waiver of future enforcement of that or any other provision.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Visual Editor for 33+ free responsive SVG data charts - as easy as adding an image. No technical skills needed. Live data. No external API calls.",10,2078,96,4,"2025-12-21T01:21:00.000Z","6.9.0","6.0",[93,94,95,96,97],"charts","datadiagrams","graphs","spider","visualization","https:\u002F\u002Fdata-diagrams.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdata-diagrams.1.1.6.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":85,"downloaded":108,"rating":75,"num_ratings":75,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":118,"download_link":119,"security_score":74,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":120},"graph-commons","Graph Commons","1.1.0","binfil","https:\u002F\u002Fprofiles.wordpress.org\u002Fbinfil\u002F","\u003Cp>The Graph Commons plugin for WordPress allows you to search for and insert node cards and graphs from Graph Commons to your posts.\u003C\u002Fp>\n\u003Cp>Just paste a link from Graph Commons to your editor and it will bring the object to your post. You can use the plugin’s built-in search functionality, preview your findings and then insert it as well.\u003C\u002Fp>\n\u003Ch4>About\u003C\u002Fh4>\n\u003Cp>Graph Commons plugin for WordPress is developed and maintained by \u003Ca href=\"https:\u002F\u002Fgraphcommons.com\u002F\" title=\"graphcommons.com\" rel=\"nofollow ugc\">Graph Commons\u003C\u002Fa>. For support, contact us from \u003Ca href=\"https:\u002F\u002Fgraphcommons.com\u002Fcontact\" rel=\"nofollow ugc\">our website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You need a \u003Ca href=\"https:\u002F\u002Fgraphcommons.com\" rel=\"nofollow ugc\">Graph Commons membership\u003C\u002Fa> (free) and \u003Ca href=\"https:\u002F\u002Fgraphcommons.github.io\u002Fapi-v1\u002F\" rel=\"nofollow ugc\">API Key\u003C\u002Fa> if you would like to use the search feature.\u003C\u002Fp>\n","Insert Node Cards and Graphs from Graph Commons to your posts.",1600,"2016-08-04T13:11:00.000Z","4.7.32","3.3",[113,114,115,116,117],"data-vizualisation","graphcommons","network-analysis","networks","publishing","https:\u002F\u002Fgithub.com\u002Fcdolek\u002Fgraphcommons-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgraph-commons.1.1.0.zip","2026-03-15T14:54:45.397Z",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":85,"downloaded":129,"rating":65,"num_ratings":66,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":18,"tags":133,"homepage":137,"download_link":138,"security_score":74,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"post-popularity-chart-widget-lite","Post Popularity Chart Widget","1.0.1","Piotr Pesta","https:\u002F\u002Fprofiles.wordpress.org\u002Fpiotr-pesta\u002F","\u003Cp>Post Popularity Chart Widget, by which you display a graph with statistics of visits of any article on your site. Widget on an ongoing basis collects data on visits selected by you posts and displays them in a clear and legible graphic chart. Widget is very simple to configure and accompanying documentation makes it even easier.\u003C\u002Fp>\n\u003Cp>Appearance and operation of the widget can be freely modified, and this is thanks to the possibility of changing virtually all the settings. What can be changed?\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive widget (dynamically adjust the page dimensions and resolution of the device)\u003C\u002Fli>\n\u003Cli>Uses Google Charts API\u003C\u002Fli>\n\u003Cli>Very easy to use – just install, put anywhere, set your preferred options and use anytime\u003C\u002Fli>\n\u003Cli>You can change :\u003C\u002Fli>\n\u003Cli>titles of individual axes\u003C\u002Fli>\n\u003Cli>the color of chart and its background\u003C\u002Fli>\n\u003Cli>range of days which is to include\u003C\u002Fli>\n\u003Cli>exclusion of specific pages and categories\u003C\u002Fli>\n\u003Cli>change the chart type (at the moment there are 3 types)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It should be noted that the widget may not work with plugs serving to store cached page, such as. W3.\u003C\u002Fp>\n\u003Cp>Widget can be freely configured by using the available options. Each option has an extensive descriptions, so nobody should have no problem to understand what it does. In the settings menu you can change (in order):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Number of days to include statistics\u003C\u002Fli>\n\u003Cli>A list of ID numbers of excluded articles (chart there will not be displayed)\u003C\u002Fli>\n\u003Cli>A list of ID numbers of excluded categories\u003C\u002Fli>\n\u003Cli>Type of chart\u003C\u002Fli>\n\u003Cli>Description(title) X-axis and Y\u003C\u002Fli>\n\u003Cli>The background color and the color of the graph line\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The widget automatically deletes the data older than 30 days, so there is no problem with excessive cluttering of the database.\u003C\u002Fp>\n\u003Cp>If you would like to show your support for this software, please consider donating: \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=EEDF5TV3M2WVG&lc=US\" rel=\"nofollow ugc\">Donate via PayPal\u003C\u002Fa>.\u003C\u002Fp>\n","Post Popularity Chart Widget, by which you display a graph with statistics of visits of any article on your site.",2456,"2015-08-18T20:48:00.000Z","4.3.34","2.8.0",[134,20,22,135,136],"chart","pupular","widget","http:\u002F\u002Fsmartfan.pl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-popularity-chart-widget-lite.1.0.1.zip",{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":75,"downloaded":147,"rating":75,"num_ratings":75,"last_updated":18,"tested_up_to":148,"requires_at_least":149,"requires_php":150,"tags":151,"homepage":157,"download_link":158,"security_score":65,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":159},"markdeep-block","Markdeep Block","0.0.2","neffff","https:\u002F\u002Fprofiles.wordpress.org\u002Fneffff\u002F","\u003Cblockquote>\n\u003Cp>“Markdeep is ideal for design documents, specifications, README files, code documentation, lab reports, blogs, and technical web pages. Because the source is plain text, Markdeep works well with software development toolchains.”\u003Cbr \u002F>\n   — http:\u002F\u002Fcasual-effects.com\u002Fmarkdeep\u002F\u003C\u002Fp>\n\u003Cp>“Markdeep is a text formatting syntax that extends Markdown, and a JavaScript program for making it work in browsers. The two most powerful features are its ability to run in any web browser on the client side and the inclusion of diagrams.”\u003Cbr \u002F>\n   — https:\u002F\u002Fcasual-effects.com\u002Fmarkdeep\u002Ffeatures.md.html\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin adds a gutenberg block supporting the \u003Ca href=\"http:\u002F\u002Fcasual-effects.com\u002Fmarkdeep\u002F\" rel=\"nofollow ugc\">markdeep\u003C\u002Fa> language. The editor shows both a plaintext\u003Cbr \u002F>\narea for composing the text, and a preview area to display the rendered block.\u003C\u002Fp>\n\u003Ch3>MathJax & CDN\u003C\u002Fh3>\n\u003Cp>In order to support \u003Ca href=\"https:\u002F\u002Fwww.mathjax.org\u002F\" rel=\"nofollow ugc\">MathJax\u003C\u002Fa> features, the MathJax library is loaded from an external \u003Ca href=\"https:\u002F\u002Fcdnjs.cloudflare.com\u002F\" rel=\"nofollow ugc\">CDN (cdnjs\u002Fcloudflare)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>MathJax.org does not collect, maintain, distribute, purchase, or sell personal data of any kind, and uses no cookies or other tracking\u003Cbr \u002F>\n  or advertising techniques.\u003C\u002Fp>\n\u003Cp>Likewise, the MathJax software does not track you, and uses local storage only to maintain your preferences as set by the MathJax contextual menu.\u003C\u002Fp>\n\u003Cp>— https:\u002F\u002Fwww.mathjax.org\u002F#privacy-statement\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you do not change the CDN you will be subject to cloudflare’s \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fwebsite-terms\u002F\" rel=\"nofollow ugc\">terms\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This CDN can be changed with a one-line script.  (Alternately, use the WordPress plugin file editor to uncomment a similar line in\u003Cbr \u002F>\n    markdeep-block.php). \u003Cem>In the future this should be an exposed configuration option.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>To override the CDN use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u002F\u002F Markdeep currently uses version 2.7.6\u003Cbr \u002F>\nadd_filter( ‘markdeepblock_mathjax_url’, fn($u) => ‘https:\u002F\u002Fcdn.jsdelivr.net\u002Fnpm\u002Fmathjax@2.7.6\u002Funpacked\u002FMathJax.js?config=TeX-AMS-MML_HTMLorMML’ );\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>Planned features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>UI to configure CDN for JS resources (Markdeep, MathJax).\u003C\u002Fli>\n\u003Cli>Configurable style per block.\u003C\u002Fli>\n\u003Cli>Drop-down style selection of styles (globally & per-block).\u003C\u002Fli>\n\u003Cli>Get MathJax commands working in editor. \u003Cem>(MathJax currently works in posts).\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Markdeep specific LaTeX\u002FMathJax macros. (e.g. θ₀, θ₁, etc.)\u003C\u002Fli>\n\u003Cli>Configurable MathJax macros.\u003C\u002Fli>\n\u003Cli>Optional Table of Contents (currently suppressed)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Logo\u003C\u002Fh3>\n\u003Cp>The logo is derived from \u003Ca href=\"https:\u002F\u002Fdustincurtis.com\" rel=\"nofollow ugc\">Dustin Curtis’s\u003C\u002Fa> https:\u002F\u002Fgithub.com\u002Fdcurtis\u002Fmarkdown-mark.\u003C\u002Fp>\n","Markdeep Block is a WordPress plugin for adding Gutenberg blocks supporting Markdeep syntax.",1459,"6.0.11","5.9","7.0",[152,153,154,155,156],"diagrams","graphics","markdeep","markdown","mathjax","https:\u002F\u002Fgithub.com\u002Fn3f\u002Fmarkdeep-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarkdeep-block.0.0.2.zip","2026-03-15T10:48:56.248Z",{"attackSurface":161,"codeSignals":212,"taintFlows":238,"riskAssessment":239,"analyzedAt":247},{"hooks":162,"ajaxHandlers":208,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":75,"unprotectedCount":75},[163,168,172,176,179,183,186,190,193,196,201,205],{"type":164,"name":165,"callback":166,"file":167,"line":13},"action","init","wpg_init","classes\\class-wp-graphviz-plugin.php",{"type":164,"name":169,"callback":170,"file":167,"line":171},"dmp_addpanel","create_DMPPanels",81,{"type":164,"name":173,"callback":174,"file":167,"line":175},"admin_menu","add_plugin_admin_menu",84,{"type":164,"name":177,"callback":178,"file":167,"line":74},"admin_init","plugin_page_init",{"type":164,"name":180,"callback":181,"file":167,"line":182},"admin_enqueue_scripts","enqueue_admin_styles",88,{"type":164,"name":180,"callback":184,"file":167,"line":185},"enqueue_admin_scripts",89,{"type":164,"name":187,"callback":188,"file":167,"line":189},"wp_enqueue_scripts","enqueue_styles",92,{"type":164,"name":187,"callback":191,"file":167,"line":192},"enqueue_scripts",93,{"type":164,"name":177,"callback":177,"file":194,"line":195},"classes\\class-wp-graphviz-shortcodes.php",29,{"type":197,"name":198,"callback":199,"priority":52,"file":194,"line":200},"filter","add_wp_graphviz_menu_items","add_menu_items",42,{"type":197,"name":202,"callback":203,"file":194,"line":204},"no_texturize_shortcodes","wpg_no_texturize_shortcodes",45,{"type":164,"name":165,"callback":206,"file":194,"line":207},"init_wp_graphviz_shortcodes",355,[],[],[],[],{"dangerousFunctions":213,"sqlUsage":214,"outputEscaping":216,"fileOperations":75,"externalRequests":75,"nonceChecks":75,"capabilityChecks":28,"bundledLibraries":237},[],{"prepared":75,"raw":75,"locations":215},[],{"escaped":217,"rawEcho":218,"locations":219},6,8,[220,223,225,227,229,231,233,235],{"file":167,"line":221,"context":222},191,"raw output",{"file":194,"line":224,"context":222},163,{"file":194,"line":226,"context":222},167,{"file":194,"line":228,"context":222},172,{"file":194,"line":230,"context":222},180,{"file":194,"line":232,"context":222},181,{"file":194,"line":234,"context":222},196,{"file":194,"line":236,"context":222},204,[],[],{"summary":240,"deductions":241},"The wp-graphviz plugin v1.5.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface with no direct entry points identified in AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The presence of at least one capability check suggests some attempt at access control. However, the concerning aspect is the moderate output escaping rate of 43%, indicating that a significant portion of dynamic output may not be adequately sanitized, posing a potential risk for Cross-Site Scripting (XSS) vulnerabilities. The absence of taint analysis data is also a gap, leaving potential data flow issues unexamined.\n\nThe vulnerability history for this plugin is a significant concern. It shows a total of one known CVE, which is currently unpatched, categorized as medium severity. This past vulnerability was specifically an Improper Neutralization of Input During Web Page Generation (XSS) issue. The fact that this vulnerability is still outstanding and was relatively recent (according to the 'Last vulnerability' date) strongly suggests a lack of consistent security maintenance and patching practices by the plugin developers. This history, combined with the moderate output escaping, points to a recurring weakness in handling user-supplied data safely.\n\nIn conclusion, while the plugin has a small attack surface and good practices in areas like SQL query handling, the unpatched medium severity XSS vulnerability and the suboptimal output escaping rate present a tangible risk. The plugin's history indicates a potential for recurring XSS issues. Users should be cautious, especially given the unpatched vulnerability. The lack of taint analysis further adds to the uncertainty regarding other potential data handling flaws. The plugin's strengths are overshadowed by its unaddressed security flaw and questionable output sanitization.",[242,245],{"reason":243,"points":244},"Unpatched medium severity CVE",15,{"reason":246,"points":51},"Moderate output escaping (43%)","2026-03-16T21:59:40.849Z",{"wat":249,"direct":260},{"assetPaths":250,"generatorPatterns":254,"scriptPaths":255,"versionParams":256},[251,252,253],"\u002Fwp-content\u002Fplugins\u002Fwp-graphviz\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fwp-graphviz\u002Fjs\u002Fviz-public.js","\u002Fwp-content\u002Fplugins\u002Fwp-graphviz\u002Fjs\u002Fviz-lite.js",[],[252,253],[257,258,259],"wp-graphviz\u002Fcss\u002Fadmin.css?ver=","wp-graphviz\u002Fjs\u002Fviz-public.js?ver=","wp-graphviz\u002Fjs\u002Fviz-lite.js?ver=",{"cssClasses":261,"htmlComments":262,"htmlAttributes":268,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":278},[],[263,264,265,266,267],"\u003C!-- WP-GraphViz Plugin -->","\u003C!-- WP GraphViz Plugin -->","\u003C!-- WP GraphViz Admin page wpg_init -->","\u003C!-- WP GraphViz Admin page add_plugin_admin_menu -->","\u003C!-- WP GraphViz Admin page add_plugin_admin_menu menuItems -->",[269,270,271,272,273,274],"data-graphviz-id","data-graphviz-graph","data-graphviz-type","data-graphviz-engine","data-graphviz-width","data-graphviz-height",[],[277],"WP_GraphViz_Object",[279,280],"[graphviz]","[\u002Fgraphviz]"]