[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKvbawEVVkUssmO9cMfg3q9Srp6giWih1F9MrMW0Rixc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":64,"crawl_stats":38,"alternatives":71,"analysis":170,"fingerprints":584},"wp-monalisa","wp-Monalisa","6.6","tuxlog","https:\u002F\u002Fprofiles.wordpress.org\u002Ftuxlog\u002F","\u003Cp>wp-monalisa is the plugin that smiles at you like monalisa does. place the smilies of your choice in posts, pages or comments.\u003C\u002Fp>\n\u003Cp>There are a lot plugins for smiley support out there and some of them are really useful.\u003Cbr \u002F>\nMost of them don’t work out of the box and this is what wp-monalisa tries to achieve, giving you the ability to maintain your smilies and even turn them into img tags.\u003C\u002Fp>\n\u003Cp>it’s easy and it smiles at you…what else do you want?\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>maintain your smilies in a separate directory\u003C\u002Fli>\n\u003Cli>activate or deactivate smilies for posts or comments\u003C\u002Fli>\n\u003Cli>replace smilies with img tags\u003C\u002Fli>\n\u003Cli>extend or replace wordpress smiley replacement\u003C\u002Fli>\n\u003Cli>while edit posts or pages, pops-up in a draggable meta-box\u003C\u002Fli>\n\u003Cli>extends your comment form to give you visitors the freedom to smile 🙂\u003C\u002Fli>\n\u003Cli>support for fckeditor (tested with v3.3.1)\u003C\u002Fli>\n\u003Cli>fully integrated with BuddyPress, bbPress and wpForo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The video shows a short overview of what wp-monalisa can do for you. \u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuHXlELn27ko?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Credits:\u003Cbr \u002F>\nThanks go to all who support this plugin, with  hints and suggestions for improvment and specially to\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Michal Maciejewski, polish translation\u003C\u002Fli>\n\u003Cli>Denny from http:\u002F\u002Fwww.vau3.de for testing and giving input for the BuddyPress integration\u003C\u002Fli>\n\u003Cli>FJ Bakry, Camisto (https:\u002F\u002Fcamisto.com) for indonesian translation\u003C\u002Fli>\n\u003C\u002Ful>\n","wp-monalisa is the plugin that smiles at you like monalisa does. place the smilies of your choice in posts, pages or comments.",800,99662,96,25,"2025-12-06T06:09:00.000Z","6.9.4","4.0","",[20,21,22,23,24],"comments","editor","emoji","emoticon","smiley","http:\u002F\u002Fwww.tuxlog.de\u002Fwordpress\u002F2009\u002Fwp-monalisa\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-monalisa.6.6.zip",99,2,0,"2024-10-09 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-48038","wp-monalisa-cross-site-request-forgery","wp-Monalisa \u003C= 6.4 - Cross-Site Request Forgery","The wp-Monalisa plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the wpml_admin() function. This makes it possible for unauthenticated attackers to perform bulk actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=6.4","6.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-10-16 12:46:16",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd6d3396d-708d-45de-b32a-66e17624dc62?source=api-prod",8,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"WF-6619b370-dd2a-4945-a776-1fecf407119e-wp-monalisa","wp-monalisa-authenticated-administrator-stored-cross-site-scripting","wp-Monalisa \u003C= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting","The wp-Monalisa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its emoticon parameters in versions up to, and including, 6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=6.1","6.2",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-09-28 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6619b370-dd2a-4945-a776-1fecf407119e?source=api-prod",482,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":67,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},6,6300,98,660,78,"2026-04-04T04:21:16.305Z",[72,94,114,131,150],{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":91,"download_link":92,"security_score":93,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"native-emoji","Native Emoji","3.0.1","Danny BS","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavabuu\u002F","\u003Cp>This is not just a plugin, this is the plugin for use emoji in a native way in your posts and comments. When activated you will see a new button in your wordpress editor or comments box, from there you will be able to include more than 2,000 emojis.\u003C\u002Fp>\n\u003Cp>If the Operative System doesn’t support emoji, this plugin insert an image instead of the emoji code.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Very Easy To Use\u003C\u002Fli>\n\u003Cli>More Than 2,000 emojis\u003C\u002Fli>\n\u003Cli>Supports Any Theme\u003C\u002Fli>\n\u003Cli>Supports Custom Posts Types\u003C\u002Fli>\n\u003Cli>Supports Front End Comments\u003C\u002Fli>\n\u003Cli>iOS Native Emoji\u003C\u002Fli>\n\u003Cli>Android Native Emoji\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See a live working demo \u003Ca href=\"http:\u002F\u002Fnative-emoji.davabuu.net\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you like this plugin, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fnative-emoji\" rel=\"ugc\">leave a review\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Believe it or not, there is a lot of work behind the plugins and themes we develop. We do not want that in the future we have to make them premium is why we ask your support with a small contribution; this will motivate us to further develop themes and plugins that are free.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fdanybranding\" rel=\"nofollow ugc\">Donate\u003C\u002Fa> and support the development of free plugins like this\u003C\u002Fp>\n","Insert emojis in your posts, pages, custom post types, and comments",5000,61032,74,19,"2018-06-25T00:18:00.000Z","4.9.29","4.2",[20,22,88,89,90],"emoji-comments","emoticons","icons","http:\u002F\u002Fnative-emoji.davabuu.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnative-emoji.3.0.1.zip",85,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":111,"download_link":112,"security_score":113,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"emoji-toolbar","Emoji Toolbar","1.2.9","them.es","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemes-1\u002F","\u003Cp>Accessing the Emoji library can be painful 😫 on some operating systems. You always have to leave the editor which is not useful for distraction-free writing.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin reduces the burden by implementing an easy to use Emoji picker in the block toolbar.\u003C\u002Fli>\n\u003Cli>Can be used with any WordPress theme.\u003C\u002Fli>\n\u003Cli>Only compatible with WordPress (Gutenberg) Core. Third-party page builders will probably not work.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Emoji Netiquette:\u003C\u002Fstrong> Emojis have become popular culture and are here to stay but choose them wisely and avoid ❗️ excessive use in your (business) communication.\u003C\u002Fp>\n\u003Cp>The Emoji Mart library (BSD 3-Clause “New” or “Revised” License) has been developed by Missive.\u003C\u002Fp>\n\u003Ch4>More\u003C\u002Fh4>\n\u003Cp>If you like this plugin and are missing a powerful Icon library in your Editor you may find our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fi-toolbar\u002F\" title=\"WordPress Plugin\" rel=\"ugc\">\u003Ci> Toolbar\u003C\u002Fa> plugin useful.\u003C\u002Fp>\n\u003Ch4>Contribution?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Plugin development can be followed via GitHub \u003C3 \u002F ❤️\u003C\u002Fli>\n\u003Cli>We are happy to receive feature suggestions and pull requests: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthem-es\u002Femoji-toolbar\" title=\"GitHub\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthem-es\u002Femoji-toolbar\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ch4>More information\u003C\u002Fh4>\n\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fthem.es\u002Fplugins\u002Femoji-toolbar\" rel=\"nofollow ugc\">https:\u002F\u002Fthem.es\u002Fplugins\u002Femoji-toolbar\u003C\u002Fa>\u003C\u002Fp>\n","A simple Emoji picker that integrates in the rich-text block toolbar.",2000,27447,80,3,"2026-02-12T09:06:00.000Z","5.6","7.2",[21,22,23,110],"gutenberg","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femoji-toolbar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femoji-toolbar.1.2.9.zip",100,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":113,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":86,"requires_php":18,"tags":127,"homepage":129,"download_link":130,"security_score":93,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"tinymce-smiley-button","TinyMCE Smiley Button","1.0.9","Cople","https:\u002F\u002Fprofiles.wordpress.org\u002Fcople\u002F","\u003Cp>Add Smiley Button to TinyMCE.\u003C\u002Fp>\n","Add Smiley Button to TinyMCE.",700,18726,1,"2020-09-07T11:52:00.000Z","5.5.18",[22,23,89,24,128],"smilies","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftinymce-smiley-button\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftinymce-smiley-button.1.0.9.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":148,"download_link":149,"security_score":93,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"emoji-autocomplete-gutenberg","Emoji Autocomplete Gutenberg","1.1.0","eedee","https:\u002F\u002Fprofiles.wordpress.org\u002Feedee\u002F","\u003Cp>Just type \u003Ccode>:\u003C\u002Fcode> to get a popup of all available emojis (1719 different emojis!) and easily insert them in multiple Blocks.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FCjrxO8saZ5o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Find emojis by their name and keywords really fast. See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Famio\u002Femoji.json#readme\" rel=\"nofollow ugc\">here\u003C\u002Fa> for a full list of available emojis. Supported blocks are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paragraph\u003C\u002Fli>\n\u003Cli>Heading\u003C\u002Fli>\n\u003Cli>List\u003C\u002Fli>\n\u003Cli>Quote\u003C\u002Fli>\n\u003Cli>Verse\u003C\u002Fli>\n\u003Cli>Media & Text\u003C\u002Fli>\n\u003Cli>Cover\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Frequently Asked Questions ❓\u003C\u002Fh3>\n\u003Ch4>What is Gutenberg\u003C\u002Fh4>\n\u003Cp>To get the full experience of the next-generation WordPress block editor, you’ll need a Gutenberg-ready WordPress theme then install the Gutenberg WordPress plugin or simply update your site to WordPress 5.0. That’s it! 💥\u003C\u002Fp>\n\u003Ch3>Visit us 🔗\u003C\u002Fh3>\n\u003Cp>Visit us on \u003Ca href=\"https:\u002F\u002Feedee.net\" rel=\"nofollow ugc\">https:\u002F\u002Feedee.net\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Feedee\u002F#content-plugins\" rel=\"nofollow ugc\">Check out our other plugins\u003C\u002Fa>\u003C\u002Fp>\n","Just type : to get a popup of all available emojis (1719 different emojis!) and easily insert them in multiple Blocks.",600,8251,72,5,"2020-03-19T10:12:00.000Z","5.4.0","5.0",[147,21,22,110,24],"autocomplete","https:\u002F\u002Feedee.net\u002Femoji-autocomplete-gutenberg-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femoji-autocomplete-gutenberg.zip",{"slug":151,"name":152,"version":153,"author":154,"author_profile":155,"description":156,"short_description":157,"active_installs":102,"downloaded":158,"rating":113,"num_ratings":159,"last_updated":160,"tested_up_to":161,"requires_at_least":162,"requires_php":163,"tags":164,"homepage":168,"download_link":169,"security_score":113,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"emoji-settings","Emoji Settings","2.0.0","Sybre Waaijer","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybr\u002F","\u003Cp>\u003Cstrong>Quickly enable or disable emojis conversion with an option.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you disable the option, Emoji Settings stops the conversion of ASCII smilies like \u003Ccode>:)\u003C\u002Fcode> and \u003Ccode>:D\u003C\u002Fcode> to images on any WordPress installation. This plugin also prevents changing real emojis to Twemoji (Twitter) images. It achieves this by removing several default WordPress scripts.\u003C\u002Fp>\n\u003Cp>You can find the option at “Settings > Writing” (\u003Ccode>\u002Fwp-admin\u002Foptions-writing.php\u003C\u002Fcode>).\u003C\u002Fp>\n\u003Cp>This plugin does not prevent real emojis (inserted via an emoji keyboard) from being stored and outputted on your website.\u003C\u002Fp>\n\u003Ch4>Emoji conversion enabled by default\u003C\u002Fh4>\n\u003Cp>I wrote this plugin with a WordPress.com-like environment in mind, giving users an option without overriding standard WordPress behavior.\u003C\u002Fp>\n\u003Cp>You can change this behavior via filter \u003Ccode>cw_emoji_overrides\u003C\u002Fcode>. Refer to the code for instructions.\u003C\u002Fp>\n\u003Ch4>Does more than “Disable Emojis”\u003C\u002Fh4>\n\u003Cp>Emoji Settings also fixes Character Encoding issues on sites originally installed with WP 4.2 or lower. And this plugin correctly removes the conversion of emojis in the admin area, for example, from post titles.\u003C\u002Fp>\n\u003Ch4>Translating\u003C\u002Fh4>\n\u003Cp>You can contribute by translating Emoji Settings via the sidebar on this page.\u003C\u002Fp>\n","Emoji Settings adds an option to your Writing Settings page to toggle emoji conversion to images.",29541,12,"2025-05-05T11:01:00.000Z","6.8.5","5.5","7.2.0",[22,165,23,166,167],"emojis","script","twemoji","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femoji-settings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femoji-settings.2.0.0.zip",{"attackSurface":171,"codeSignals":401,"taintFlows":455,"riskAssessment":572,"analyzedAt":583},{"hooks":172,"ajaxHandlers":392,"restRoutes":398,"shortcodes":399,"cronEvents":400,"entryPointCount":28,"unprotectedCount":28},[173,179,183,188,191,195,199,203,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,277,280,285,288,291,294,297,301,304,308,311,314,317,320,323,328,334,338,343,347,350,353,356,359,362,365,368,371,374,376,378,381,383,386,387,388],{"type":174,"name":175,"callback":176,"file":177,"line":178},"filter","mce_buttons","wpml_tinymce_add_button","wp-monalisa.php",92,{"type":174,"name":180,"callback":181,"priority":27,"file":177,"line":182},"mce_external_plugins","wpml_tinymce_add_plugin",93,{"type":184,"name":185,"callback":186,"file":177,"line":187},"action","wp_enqueue_scripts","wpml_css",102,{"type":184,"name":189,"callback":186,"file":177,"line":190},"admin_print_styles",103,{"type":184,"name":192,"callback":193,"file":177,"line":194},"init","wpml_add_button2gutenberg_register",111,{"type":184,"name":196,"callback":197,"file":177,"line":198},"enqueue_block_editor_assets","wpml_add_button2gutenberg",119,{"type":174,"name":200,"callback":201,"file":177,"line":202},"tiny_mce_plugins","wpml_disable_emojis_tinymce",134,{"type":174,"name":204,"callback":205,"priority":27,"file":177,"line":206},"bp_activity_comment_content","wpml_convert_emoticons",259,{"type":174,"name":208,"callback":205,"priority":27,"file":177,"line":209},"bp_get_activity_action",261,{"type":174,"name":211,"callback":205,"priority":27,"file":177,"line":212},"bp_get_activity_content_body",262,{"type":174,"name":214,"callback":205,"priority":27,"file":177,"line":215},"bp_get_activity_content",263,{"type":174,"name":217,"callback":205,"priority":27,"file":177,"line":218},"bp_get_activity_parent_content",264,{"type":174,"name":220,"callback":205,"priority":27,"file":177,"line":221},"bp_get_activity_latest_update",265,{"type":174,"name":223,"callback":205,"priority":27,"file":177,"line":224},"bp_get_activity_latest_update_excerpt",266,{"type":174,"name":226,"callback":205,"priority":27,"file":177,"line":227},"bp_core_render_message_content",267,{"type":174,"name":229,"callback":205,"priority":27,"file":177,"line":230},"bp_get_the_topic_title",268,{"type":174,"name":232,"callback":205,"priority":27,"file":177,"line":233},"bp_get_the_topic_latest_post_excerpt",269,{"type":174,"name":235,"callback":205,"priority":27,"file":177,"line":236},"bp_get_the_topic_post_content",270,{"type":174,"name":238,"callback":205,"priority":27,"file":177,"line":239},"bp_get_group_description",271,{"type":174,"name":241,"callback":205,"priority":27,"file":177,"line":242},"bp_get_group_description_excerpt",272,{"type":174,"name":244,"callback":205,"priority":27,"file":177,"line":245},"bp_get_message_notice_subject",273,{"type":174,"name":247,"callback":205,"priority":27,"file":177,"line":248},"bp_get_message_notice_text",274,{"type":174,"name":250,"callback":205,"priority":27,"file":177,"line":251},"bp_get_message_thread_subject",275,{"type":174,"name":253,"callback":205,"priority":27,"file":177,"line":254},"bp_get_message_thread_excerpt",276,{"type":174,"name":256,"callback":205,"priority":27,"file":177,"line":257},"bp_get_the_thread_message_content",277,{"type":174,"name":259,"callback":205,"priority":27,"file":177,"line":260},"bp_get_message_thread_content",278,{"type":174,"name":262,"callback":205,"priority":27,"file":177,"line":263},"bp_get_the_profile_field_value",279,{"type":174,"name":265,"callback":205,"priority":27,"file":177,"line":266},"bp_get_send_public_message_button",285,{"type":174,"name":268,"callback":205,"priority":27,"file":177,"line":269},"bp_get_send_message_button",286,{"type":174,"name":192,"callback":271,"file":177,"line":272},"wpml_bp_allow_tags",290,{"type":174,"name":274,"callback":205,"priority":275,"file":177,"line":276},"bbp_get_reply_content",99000,295,{"type":174,"name":278,"callback":205,"priority":275,"file":177,"line":279},"bbp_get_topic_content",296,{"type":174,"name":281,"callback":282,"priority":283,"file":177,"line":284},"wpforo_editor_settings","wpml_wpforo_add_tinymce_button",1001,301,{"type":174,"name":286,"callback":282,"priority":283,"file":177,"line":287},"wpforo_members_init_fields_tinymce_settings",302,{"type":174,"name":180,"callback":289,"priority":14,"file":177,"line":290},"wpml_wpforo_emoticons_js",303,{"type":174,"name":292,"callback":205,"priority":27,"file":177,"line":293},"wpforo_content_after",304,{"type":184,"name":192,"callback":295,"file":177,"line":296},"wp_monalisa_init",319,{"type":184,"name":192,"callback":298,"priority":299,"file":177,"line":300},"wpml_integrate_other_plugins",15,321,{"type":184,"name":192,"callback":302,"file":177,"line":303},"wpml_comment_init",323,{"type":184,"name":305,"callback":306,"file":177,"line":307},"admin_menu","wpml_admin_init",326,{"type":184,"name":305,"callback":309,"file":177,"line":310},"wpml_edit_init",328,{"type":174,"name":192,"callback":312,"file":177,"line":313},"wpml_map_emoticons",331,{"type":174,"name":315,"callback":205,"priority":27,"file":177,"line":316},"the_content",332,{"type":174,"name":318,"callback":205,"priority":27,"file":177,"line":319},"the_excerpt",333,{"type":174,"name":321,"callback":205,"priority":27,"file":177,"line":322},"comment_text",334,{"type":184,"name":324,"callback":325,"file":326,"line":327},"admin_enqueue_scripts","wpml_editor_scripts","wpml-admin.php",49,{"type":174,"name":329,"callback":330,"priority":331,"file":332,"line":333},"upgrader_pre_install","hm_backup",10,"wpml-autoupdate.php",116,{"type":174,"name":335,"callback":336,"priority":331,"file":332,"line":337},"upgrader_post_install","hm_recover",117,{"type":184,"name":339,"callback":340,"file":341,"line":342},"comment_form","wpml_comment","wpml-comment.php",50,{"type":174,"name":344,"callback":345,"file":341,"line":346},"comment_form_defaults","wpml_comment_meta",55,{"type":184,"name":348,"callback":340,"file":341,"line":349},"bp_after_activity_post_form",61,{"type":184,"name":351,"callback":340,"file":341,"line":352},"bp_activity_entry_comments",62,{"type":184,"name":354,"callback":340,"file":341,"line":355},"bp_after_messages_compose_content",64,{"type":184,"name":357,"callback":340,"file":341,"line":358},"bbp_theme_after_topic_form_content",66,{"type":184,"name":360,"callback":340,"priority":124,"file":341,"line":361},"bbp_theme_after_reply_form_content",67,{"type":184,"name":363,"callback":340,"file":341,"line":364},"groups_forum_new_topic_after",68,{"type":184,"name":366,"callback":340,"file":341,"line":367},"groups_forum_new_reply_after",69,{"type":184,"name":369,"callback":340,"file":341,"line":370},"bp_group_after_edit_forum_topic",70,{"type":184,"name":372,"callback":340,"file":341,"line":373},"bp_after_group_forum_post_new",71,{"type":184,"name":354,"callback":340,"file":341,"line":375},73,{"type":184,"name":377,"callback":340,"file":341,"line":82},"bp_after_message_reply_box",{"type":184,"name":379,"callback":340,"file":341,"line":380},"bp_group_after_edit_forum_post",76,{"type":174,"name":382,"callback":340,"file":341,"line":104},"bbp_user_edit_signature_info",{"type":184,"name":384,"callback":340,"file":341,"line":385},"rtmedia_add_comments_extra",86,{"type":184,"name":357,"callback":340,"file":341,"line":178},{"type":184,"name":360,"callback":340,"priority":124,"file":341,"line":182},{"type":174,"name":389,"callback":390,"file":391,"line":303},"safe_style_css","closure","wpml-func.php",[393,396],{"action":394,"nopriv":395,"callback":394,"hasNonce":395,"hasCapCheck":395,"file":177,"line":141},"wpml_import_ajax",false,{"action":397,"nopriv":395,"callback":397,"hasNonce":395,"hasCapCheck":395,"file":177,"line":375},"wpml_edit_disable_comments_ajax",[],[],[],{"dangerousFunctions":402,"sqlUsage":443,"outputEscaping":445,"fileOperations":450,"externalRequests":29,"nonceChecks":142,"capabilityChecks":29,"bundledLibraries":451},[403,406,408,410,412,415,417,420,423,425,427,429,431,434,435,436,437,439,440],{"fn":404,"file":177,"line":361,"context":405},"unserialize","$av = unserialize( get_option( 'wpml-opts' ) );",{"fn":404,"file":177,"line":407,"context":405},246,{"fn":404,"file":326,"line":93,"context":409},"$av                      = unserialize( get_option( 'wpml-opts' ) );",{"fn":404,"file":341,"line":411,"context":405},38,{"fn":404,"file":341,"line":413,"context":414},131,"$excludes = unserialize( get_option( 'wpml_excludes' ) );",{"fn":404,"file":341,"line":416,"context":405},144,{"fn":404,"file":418,"line":419,"context":414},"wpml-edit.php",36,{"fn":404,"file":418,"line":421,"context":422},84,"$av = unserialize( get_blog_option( get_current_blog_id(), 'wpml-opts' ) );",{"fn":404,"file":418,"line":424,"context":405},87,{"fn":404,"file":418,"line":426,"context":405},125,{"fn":404,"file":418,"line":428,"context":422},129,{"fn":404,"file":418,"line":430,"context":414},136,{"fn":404,"file":432,"line":433,"context":405},"wpml-export.php",35,{"fn":404,"file":391,"line":361,"context":405},{"fn":404,"file":391,"line":239,"context":405},{"fn":404,"file":391,"line":251,"context":422},{"fn":404,"file":438,"line":419,"context":405},"wpml-import.php",{"fn":404,"file":438,"line":182,"context":405},{"fn":404,"file":441,"line":442,"context":405},"wpml-setup.php",127,{"prepared":358,"raw":29,"locations":444},[],{"escaped":141,"rawEcho":124,"locations":446},[447],{"file":438,"line":448,"context":449},54,"raw output",7,[452],{"name":453,"version":38,"knownCves":454},"TinyMCE",[],[456,517,540,558],{"entryPoint":457,"graph":458,"unsanitizedCount":29,"severity":516},"wpml_admin (wpml-admin.php:74)",{"nodes":459,"edges":508},[460,465,470,472,476,480,483,487,492,496,501,503],{"id":461,"type":462,"label":463,"file":326,"line":464},"n0","source","$_POST['NEWemoticon']",251,{"id":466,"type":467,"label":468,"file":326,"line":464,"wp_function":469},"n1","sink","get_var() [SQLi]","get_var",{"id":471,"type":462,"label":463,"file":326,"line":230},"n2",{"id":473,"type":467,"label":474,"file":326,"line":218,"wp_function":475},"n3","query() [SQLi]","query",{"id":477,"type":462,"label":478,"file":326,"line":479},"n4","$_POST[?]",340,{"id":481,"type":467,"label":474,"file":326,"line":482,"wp_function":475},"n5",336,{"id":484,"type":462,"label":485,"file":326,"line":486},"n6","$_POST",519,{"id":488,"type":467,"label":489,"file":326,"line":490,"wp_function":491},"n7","update_option() [Settings Manipulation]",522,"update_option",{"id":493,"type":462,"label":494,"file":326,"line":495},"n8","$_GET",505,{"id":497,"type":467,"label":498,"file":326,"line":499,"wp_function":500},"n9","get_results() [SQLi]",639,"get_results",{"id":502,"type":462,"label":485,"file":326,"line":486},"n10",{"id":504,"type":467,"label":505,"file":326,"line":506,"wp_function":507},"n11","echo() [XSS]",735,"echo",[509,511,512,513,514,515],{"from":461,"to":466,"sanitized":510},true,{"from":471,"to":473,"sanitized":510},{"from":477,"to":481,"sanitized":510},{"from":484,"to":488,"sanitized":510},{"from":493,"to":497,"sanitized":510},{"from":502,"to":504,"sanitized":510},"low",{"entryPoint":518,"graph":519,"unsanitizedCount":29,"severity":516},"\u003Cwpml-admin> (wpml-admin.php:0)",{"nodes":520,"edges":533},[521,522,523,524,525,526,527,528,529,530,531,532],{"id":461,"type":462,"label":463,"file":326,"line":464},{"id":466,"type":467,"label":468,"file":326,"line":464,"wp_function":469},{"id":471,"type":462,"label":463,"file":326,"line":230},{"id":473,"type":467,"label":474,"file":326,"line":218,"wp_function":475},{"id":477,"type":462,"label":478,"file":326,"line":479},{"id":481,"type":467,"label":474,"file":326,"line":482,"wp_function":475},{"id":484,"type":462,"label":485,"file":326,"line":486},{"id":488,"type":467,"label":489,"file":326,"line":490,"wp_function":491},{"id":493,"type":462,"label":494,"file":326,"line":495},{"id":497,"type":467,"label":498,"file":326,"line":499,"wp_function":500},{"id":502,"type":462,"label":485,"file":326,"line":486},{"id":504,"type":467,"label":505,"file":326,"line":506,"wp_function":507},[534,535,536,537,538,539],{"from":461,"to":466,"sanitized":510},{"from":471,"to":473,"sanitized":510},{"from":477,"to":481,"sanitized":510},{"from":484,"to":488,"sanitized":510},{"from":493,"to":497,"sanitized":510},{"from":502,"to":504,"sanitized":510},{"entryPoint":541,"graph":542,"unsanitizedCount":29,"severity":516},"wpml_import_ajax (wpml-import.php:28)",{"nodes":543,"edges":554},[544,545,549,550,551,553],{"id":461,"type":462,"label":485,"file":438,"line":342},{"id":466,"type":467,"label":546,"file":438,"line":547,"wp_function":548},"fopen() [File Access]",59,"fopen",{"id":471,"type":462,"label":485,"file":438,"line":342},{"id":473,"type":467,"label":474,"file":438,"line":355,"wp_function":475},{"id":477,"type":462,"label":552,"file":438,"line":342},"$_POST (x2)",{"id":481,"type":467,"label":505,"file":438,"line":380,"wp_function":507},[555,556,557],{"from":461,"to":466,"sanitized":510},{"from":471,"to":473,"sanitized":510},{"from":477,"to":481,"sanitized":510},{"entryPoint":559,"graph":560,"unsanitizedCount":29,"severity":516},"\u003Cwpml-import> (wpml-import.php:0)",{"nodes":561,"edges":568},[562,563,564,565,566,567],{"id":461,"type":462,"label":485,"file":438,"line":342},{"id":466,"type":467,"label":546,"file":438,"line":547,"wp_function":548},{"id":471,"type":462,"label":485,"file":438,"line":342},{"id":473,"type":467,"label":474,"file":438,"line":355,"wp_function":475},{"id":477,"type":462,"label":552,"file":438,"line":342},{"id":481,"type":467,"label":505,"file":438,"line":380,"wp_function":507},[569,570,571],{"from":461,"to":466,"sanitized":510},{"from":471,"to":473,"sanitized":510},{"from":477,"to":481,"sanitized":510},{"summary":573,"deductions":574},"The wp-monalisa v6.6 plugin presents a mixed security posture. While it demonstrates good practices in SQL query handling (100% prepared statements) and output escaping (99%), significant concerns arise from its attack surface.  Two AJAX handlers are exposed without any authentication checks, creating direct entry points for potential attackers.  Furthermore, the presence of 19 instances of the `unserialize` function is a notable risk, as improper handling of serialized data can lead to arbitrary code execution, though no critical or high severity taint flows were identified in the static analysis.  \n\nThe plugin's vulnerability history, with two known medium severity CVEs (CSRF and XSS), reinforces the need for caution. While currently unpatched vulnerabilities are zero, the types of past vulnerabilities suggest a pattern of input validation and authorization issues. The most recent vulnerability being in October 2024 indicates active security attention but also that these types of issues have occurred recently.  Overall, the plugin has strengths in data sanitization and query security, but the unprotected AJAX endpoints and the `unserialize` function introduce substantial risks that require mitigation.",[575,577,579,581],{"reason":576,"points":331},"2 AJAX handlers without auth checks",{"reason":578,"points":299},"Dangerous function: unserialize (19 instances)",{"reason":580,"points":331},"2 medium CVEs, recent vulnerability history",{"reason":582,"points":142},"0 Capability checks","2026-03-16T19:20:17.711Z",{"wat":585,"direct":592},{"assetPaths":586,"generatorPatterns":589,"scriptPaths":590,"versionParams":591},[587,588],"\u002Fwp-content\u002Fplugins\u002Fwp-monalisa\u002Fwpml_script.js","\u002Fwp-content\u002Fplugins\u002Fwp-monalisa\u002Fwpml_gutenberg.js",[],[587,588],[],{"cssClasses":593,"htmlComments":594,"htmlAttributes":595,"restEndpoints":596,"jsGlobals":597,"shortcodeOutput":602},[],[],[],[],[598,599,600,601],"window._wpml_richedit_smilies","window._wpml_richedit_smiliesperrow","window._wpml_richedit_maxwidth","window._wpml_richedit_maxheight",[]]