[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fydLq9UcxriBuIg18rsDNPe8JT9eoe5G4-LW1C-E8p4Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":78,"crawl_stats":35,"alternatives":86,"analysis":87,"fingerprints":642},"wp-vertical-image-slider","Vertical Image Slider","1.2.19","Nks","https:\u002F\u002Fprofiles.wordpress.org\u002Fnik00726\u002F","\u003Cp>This is a beautiful responsive vertical image slider for wp blogs and sites. Admin can manage any number of images into the responsive vertical slider. Admin can add, edit and delete slider images. Before add slider, to wp blog, admin can preview a slider. Admin can set height, the width of slider images. Admin can also set speed, Number Of visible images into the slider, Circular slider. Admin can also set if want to slide images with up and down arrow or by the automatic slider.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Find wp Vertical Image Slider Pro Plugin(Unlimited Slider + Mass Image Upload + Much More) at \u003Ca href=\"https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-vertical-thumbnail-slider-pro-plugin\u002F\" rel=\"nofollow ugc\">Vertical Image Slider Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Live demo at \u003Ca href=\"http:\u002F\u002Fblog.i13websolution.com\u002Flive-preview-vertical-thumbnail-slider-pro\u002F\" rel=\"nofollow ugc\">WP Vertical Image Slider\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please rate this plugin if you find it useful\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>=Features=\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Add any number of images to vertical slider.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose Responsive Slider or Non Responsive Slider\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Edit images and image name.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Image name is used as alt tag for seo.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Preview your slider before use it.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Slider installation into theme is simple just add shortcode\u003Cbr \u002F>\nto theme or pages\u002Fposts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>changes to images height,width\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Changes to slider speed is easy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin can set slider as slide with arrow left and right arrow.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin can set slider as circular slider.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support WP responsive admin panel.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WP capabilities feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>=Pro Version Features=\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Unlimited Slider(Multiple sliders).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose Responsive Slider or Non Responsive Slider\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Mass Images Upload.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Mass Images order update.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use WP Media Uploader(wp>3.5) image upload.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add WP featured image in vertical slider directly from post\u002Fpage add\u002Fedit.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Slider Easing Effects(select your desired slider easing effect from 16 easing effect).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No advertisements.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If image description set it will added to image title tag for seo.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Now admin can display slider according image order.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Open image link in new tab or same tab.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support WP responsive admin panel.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WP capabilities feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.i13websolution.com\u002Fcontacts\" rel=\"nofollow ugc\">Get Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But you can make some donations if you realy find it useful.\u003C\u002Fp>\n","This is a beautiful responsive vertical image slider for wp blogs and sites. Admin can manage any number of images into the responsive vertical slider &hellip;",1000,70138,98,7,"2025-12-04T13:49:00.000Z","6.9.4","3.5","",[4,20,21,22],"wp-vertical-slider","wp-vertical-thumbnail-scroller","wp-vertical-vertical-image-sliders","https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-vertical-thumbnail-slider-pro-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-vertical-image-slider.1.2.19.zip",4,0,"2023-05-09 00:00:00","2026-03-15T15:16:48.613Z",[30,46,54,65],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2023-24413","wordpress-vertical-image-slider-plugin-reflected-cross-site-scripting","wordpress vertical image slider plugin \u003C= 1.2.16 - Reflected Cross-Site Scripting","The wordpress vertical image slider plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2.16","1.2.17","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F59c40a86-ea1c-4015-ac47-2b7b91cc3519?source=api-prod",259,{"id":47,"url_slug":48,"title":33,"description":49,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":50,"updated_date":42,"references":51,"days_to_patch":53},"CVE-2023-2289","wordpress-vertical-image-slider-plugin-reflected-cross-site-scripting-2","The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","2023-04-25 00:00:00",[52],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc9983364-9b52-4acc-91d4-b352c6d24d52?source=api-prod",273,{"id":55,"url_slug":56,"title":57,"description":58,"plugin_slug":4,"theme_slug":35,"affected_versions":59,"patched_in_version":60,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":61,"updated_date":42,"references":62,"days_to_patch":64},"WF-966b43ea-dbd3-4f1e-b803-08027fff6f8f-wp-vertical-image-slider","wordpress-vertical-image-slider-plugin-cross-site-scripting","wordpress vertical image slider plugin \u003C 1.2 - Cross-Site Scripting","The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘imagetitle’ and ‘imageurl’ parameters in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C1.2","1.2","2015-09-19 00:00:00",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F966b43ea-dbd3-4f1e-b803-08027fff6f8f?source=api-prod",3048,{"id":66,"url_slug":67,"title":68,"description":69,"plugin_slug":4,"theme_slug":35,"affected_versions":59,"patched_in_version":60,"severity":70,"cvss_score":71,"cvss_vector":72,"vuln_type":73,"published_date":74,"updated_date":42,"references":75,"days_to_patch":77},"WF-b7fe772a-542e-4c3e-b1cb-05cce3b2ec3f-wp-vertical-image-slider","wordpress-vertical-image-slider-plugin-cross-site-request-forgery","wordpress vertical image slider plugin \u003C 1.2 - Cross-Site Request Forgery","The \"wordpress vertical image slider plugin\" plugin for WordPress is vulnerable to Cross-Site Request Forgery via several functions in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload malicious files among other actions granted they can trick a site's administrator into performing an action such as clicking on a link.","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2015-08-02 00:00:00",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb7fe772a-542e-4c3e-b1cb-05cce3b2ec3f?source=api-prod",3096,{"slug":79,"display_name":7,"profile_url":8,"plugin_count":80,"total_installs":81,"avg_security_score":82,"avg_patch_time_days":83,"trust_score":84,"computed_at":85},"nik00726",19,22900,97,350,77,"2026-04-04T14:00:47.734Z",[],{"attackSurface":88,"codeSignals":148,"taintFlows":539,"riskAssessment":626,"analyzedAt":641},{"hooks":89,"ajaxHandlers":133,"restRoutes":140,"shortcodes":141,"cronEvents":146,"entryPointCount":147,"unprotectedCount":26},[90,96,100,104,108,113,117,121,126,129],{"type":91,"name":92,"callback":93,"file":94,"line":95},"action","admin_menu","add_vertical_thumbnail_slider_admin_menu","wp-vertical-images-thumbnail-slider.php",13,{"type":91,"name":97,"callback":98,"file":94,"line":99},"wp_enqueue_scripts","vertical_thumbnail_slider_load_styles_and_js",17,{"type":101,"name":102,"callback":103,"file":94,"line":80},"filter","widget_text","do_shortcode",{"type":91,"name":105,"callback":106,"file":94,"line":107},"admin_notices","vertical_thumbnail_slider_admin_notices",20,{"type":101,"name":109,"callback":110,"priority":111,"file":94,"line":112},"user_has_cap","vts_vertical_thumbnail_slider_admin_cap_list",10,21,{"type":91,"name":114,"callback":115,"file":94,"line":116},"plugins_loaded","vts_load_lang_for_responsive_vertical_thumbnail_slider",23,{"type":101,"name":118,"callback":119,"priority":111,"file":94,"line":120},"map_meta_cap","map_vts_vertical_thumbnail_slider_meta_caps",29,{"type":101,"name":122,"callback":123,"priority":124,"file":94,"line":125},"widget_text_content","vis_remove_extra_p_tags",999,2859,{"type":101,"name":127,"callback":123,"priority":124,"file":94,"line":128},"the_content",2860,{"type":101,"name":130,"callback":131,"priority":111,"file":94,"line":132},"render_block","i13_vth_render_block_defaults",2873,[134],{"action":135,"nopriv":136,"callback":137,"hasNonce":138,"hasCapCheck":138,"file":94,"line":139},"mass_upload_verticalslider",false,"wrthslider_slider_mass_upload_verticalslider",true,24,[],[142],{"tag":143,"callback":144,"file":94,"line":145},"print_vertical_thumbnail_slider","print_vertical_thumbnail_slider_func",18,[],2,{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":157,"fileOperations":111,"externalRequests":152,"nonceChecks":537,"capabilityChecks":111,"bundledLibraries":538},[],{"prepared":151,"raw":152,"locations":153},12,1,[154],{"file":94,"line":155,"context":156},1040,"$wpdb->get_var() with variable interpolation",{"escaped":158,"rawEcho":159,"locations":160},49,216,[161,164,166,168,170,172,174,176,178,180,181,183,185,187,189,190,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,238,240,241,242,244,246,248,250,252,253,255,256,258,260,262,264,266,268,270,272,274,276,278,279,281,283,285,287,289,291,293,295,297,299,301,302,304,305,306,308,309,310,311,313,314,315,316,318,319,320,322,323,324,325,327,328,329,330,332,333,334,336,338,340,341,343,344,346,348,350,351,353,354,355,356,358,359,360,361,363,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,415,416,418,420,422,424,426,428,430,431,433,435,437,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468,469,470,471,472,473,475,476,477,478,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,508,509,510,511,513,514,515,517,519,521,523,525,527,529,531,533,535],{"file":94,"line":162,"context":163},315,"raw output",{"file":94,"line":165,"context":163},322,{"file":94,"line":167,"context":163},463,{"file":94,"line":169,"context":163},481,{"file":94,"line":171,"context":163},482,{"file":94,"line":173,"context":163},488,{"file":94,"line":175,"context":163},490,{"file":94,"line":177,"context":163},497,{"file":94,"line":179,"context":163},502,{"file":94,"line":179,"context":163},{"file":94,"line":182,"context":163},512,{"file":94,"line":184,"context":163},517,{"file":94,"line":186,"context":163},527,{"file":94,"line":188,"context":163},533,{"file":94,"line":188,"context":163},{"file":94,"line":188,"context":163},{"file":94,"line":192,"context":163},543,{"file":94,"line":194,"context":163},548,{"file":94,"line":196,"context":163},559,{"file":94,"line":198,"context":163},564,{"file":94,"line":200,"context":163},565,{"file":94,"line":202,"context":163},570,{"file":94,"line":204,"context":163},574,{"file":94,"line":206,"context":163},590,{"file":94,"line":208,"context":163},595,{"file":94,"line":210,"context":163},606,{"file":94,"line":212,"context":163},611,{"file":94,"line":214,"context":163},612,{"file":94,"line":216,"context":163},617,{"file":94,"line":218,"context":163},623,{"file":94,"line":220,"context":163},628,{"file":94,"line":222,"context":163},634,{"file":94,"line":224,"context":163},639,{"file":94,"line":226,"context":163},655,{"file":94,"line":228,"context":163},660,{"file":94,"line":230,"context":163},671,{"file":94,"line":232,"context":163},676,{"file":94,"line":234,"context":163},687,{"file":94,"line":236,"context":163},692,{"file":94,"line":236,"context":163},{"file":94,"line":239,"context":163},693,{"file":94,"line":239,"context":163},{"file":94,"line":239,"context":163},{"file":94,"line":243,"context":163},702,{"file":94,"line":245,"context":163},707,{"file":94,"line":247,"context":163},708,{"file":94,"line":249,"context":163},718,{"file":94,"line":251,"context":163},723,{"file":94,"line":251,"context":163},{"file":94,"line":254,"context":163},732,{"file":94,"line":254,"context":163},{"file":94,"line":257,"context":163},849,{"file":94,"line":259,"context":163},851,{"file":94,"line":261,"context":163},859,{"file":94,"line":263,"context":163},862,{"file":94,"line":265,"context":163},915,{"file":94,"line":267,"context":163},916,{"file":94,"line":269,"context":163},934,{"file":94,"line":271,"context":163},953,{"file":94,"line":273,"context":163},954,{"file":94,"line":275,"context":163},963,{"file":94,"line":277,"context":163},966,{"file":94,"line":277,"context":163},{"file":94,"line":280,"context":163},968,{"file":94,"line":282,"context":163},974,{"file":94,"line":284,"context":163},975,{"file":94,"line":286,"context":163},977,{"file":94,"line":288,"context":163},1044,{"file":94,"line":290,"context":163},1045,{"file":94,"line":292,"context":163},1046,{"file":94,"line":294,"context":163},1047,{"file":94,"line":296,"context":163},1058,{"file":94,"line":298,"context":163},1065,{"file":94,"line":300,"context":163},1072,{"file":94,"line":300,"context":163},{"file":94,"line":303,"context":163},1073,{"file":94,"line":303,"context":163},{"file":94,"line":303,"context":163},{"file":94,"line":307,"context":163},1083,{"file":94,"line":307,"context":163},{"file":94,"line":307,"context":163},{"file":94,"line":307,"context":163},{"file":94,"line":312,"context":163},1086,{"file":94,"line":312,"context":163},{"file":94,"line":312,"context":163},{"file":94,"line":312,"context":163},{"file":94,"line":317,"context":163},1088,{"file":94,"line":317,"context":163},{"file":94,"line":317,"context":163},{"file":94,"line":321,"context":163},1093,{"file":94,"line":321,"context":163},{"file":94,"line":321,"context":163},{"file":94,"line":321,"context":163},{"file":94,"line":326,"context":163},1096,{"file":94,"line":326,"context":163},{"file":94,"line":326,"context":163},{"file":94,"line":326,"context":163},{"file":94,"line":331,"context":163},1098,{"file":94,"line":331,"context":163},{"file":94,"line":331,"context":163},{"file":94,"line":335,"context":163},1101,{"file":94,"line":337,"context":163},1102,{"file":94,"line":339,"context":163},1141,{"file":94,"line":339,"context":163},{"file":94,"line":342,"context":163},1142,{"file":94,"line":342,"context":163},{"file":94,"line":345,"context":163},1143,{"file":94,"line":347,"context":163},1144,{"file":94,"line":349,"context":163},1146,{"file":94,"line":349,"context":163},{"file":94,"line":352,"context":163},1147,{"file":94,"line":352,"context":163},{"file":94,"line":352,"context":163},{"file":94,"line":352,"context":163},{"file":94,"line":357,"context":163},1148,{"file":94,"line":357,"context":163},{"file":94,"line":357,"context":163},{"file":94,"line":357,"context":163},{"file":94,"line":362,"context":163},1157,{"file":94,"line":362,"context":163},{"file":94,"line":365,"context":163},1170,{"file":94,"line":367,"context":163},1177,{"file":94,"line":369,"context":163},1178,{"file":94,"line":371,"context":163},1180,{"file":94,"line":373,"context":163},1193,{"file":94,"line":375,"context":163},1201,{"file":94,"line":377,"context":163},1208,{"file":94,"line":379,"context":163},1223,{"file":94,"line":381,"context":163},1229,{"file":94,"line":383,"context":163},1324,{"file":94,"line":385,"context":163},1327,{"file":94,"line":387,"context":163},1334,{"file":94,"line":389,"context":163},1336,{"file":94,"line":391,"context":163},1343,{"file":94,"line":393,"context":163},1346,{"file":94,"line":395,"context":163},1386,{"file":94,"line":397,"context":163},1455,{"file":94,"line":399,"context":163},1469,{"file":94,"line":401,"context":163},1544,{"file":94,"line":403,"context":163},1569,{"file":94,"line":405,"context":163},1588,{"file":94,"line":407,"context":163},1604,{"file":94,"line":409,"context":163},1610,{"file":94,"line":411,"context":163},1619,{"file":94,"line":413,"context":163},1622,{"file":94,"line":413,"context":163},{"file":94,"line":413,"context":163},{"file":94,"line":417,"context":163},1627,{"file":94,"line":419,"context":163},1653,{"file":94,"line":421,"context":163},1708,{"file":94,"line":423,"context":163},1723,{"file":94,"line":425,"context":163},1725,{"file":94,"line":427,"context":163},1729,{"file":94,"line":429,"context":163},1733,{"file":94,"line":429,"context":163},{"file":94,"line":432,"context":163},1735,{"file":94,"line":434,"context":163},1739,{"file":94,"line":436,"context":163},1748,{"file":94,"line":436,"context":163},{"file":94,"line":439,"context":163},1786,{"file":94,"line":441,"context":163},1827,{"file":94,"line":443,"context":163},1869,{"file":94,"line":445,"context":163},1886,{"file":94,"line":447,"context":163},1935,{"file":94,"line":449,"context":163},1942,{"file":94,"line":451,"context":163},1949,{"file":94,"line":453,"context":163},1977,{"file":94,"line":455,"context":163},1989,{"file":94,"line":457,"context":163},1998,{"file":94,"line":459,"context":163},2001,{"file":94,"line":461,"context":163},2032,{"file":94,"line":463,"context":163},2034,{"file":94,"line":465,"context":163},2038,{"file":94,"line":467,"context":163},2144,{"file":94,"line":467,"context":163},{"file":94,"line":467,"context":163},{"file":94,"line":467,"context":163},{"file":94,"line":467,"context":163},{"file":94,"line":467,"context":163},{"file":94,"line":474,"context":163},2146,{"file":94,"line":474,"context":163},{"file":94,"line":474,"context":163},{"file":94,"line":474,"context":163},{"file":94,"line":474,"context":163},{"file":94,"line":480,"context":163},2157,{"file":94,"line":482,"context":163},2169,{"file":94,"line":484,"context":163},2172,{"file":94,"line":486,"context":163},2178,{"file":94,"line":488,"context":163},2180,{"file":94,"line":490,"context":163},2188,{"file":94,"line":492,"context":163},2190,{"file":94,"line":494,"context":163},2292,{"file":94,"line":496,"context":163},2293,{"file":94,"line":498,"context":163},2295,{"file":94,"line":500,"context":163},2296,{"file":94,"line":502,"context":163},2302,{"file":94,"line":504,"context":163},2303,{"file":94,"line":506,"context":163},2426,{"file":94,"line":506,"context":163},{"file":94,"line":506,"context":163},{"file":94,"line":506,"context":163},{"file":94,"line":506,"context":163},{"file":94,"line":512,"context":163},2428,{"file":94,"line":512,"context":163},{"file":94,"line":512,"context":163},{"file":94,"line":516,"context":163},2441,{"file":94,"line":518,"context":163},2445,{"file":94,"line":520,"context":163},2452,{"file":94,"line":522,"context":163},2453,{"file":94,"line":524,"context":163},2454,{"file":94,"line":526,"context":163},2455,{"file":94,"line":528,"context":163},2456,{"file":94,"line":530,"context":163},2457,{"file":94,"line":532,"context":163},2458,{"file":94,"line":534,"context":163},2573,{"file":94,"line":536,"context":163},2577,5,[],[540,573,611],{"entryPoint":541,"graph":542,"unsanitizedCount":147,"severity":38},"wrthslider_slider_mass_upload_verticalslider (wp-vertical-images-thumbnail-slider.php:2766)",{"nodes":543,"edges":568},[544,549,553,559,561,563],{"id":545,"type":546,"label":547,"file":94,"line":548},"n0","source","$_POST",2827,{"id":550,"type":551,"label":552,"file":94,"line":548},"n1","transform","→ rsths_save_image_remote_vertical_image()",{"id":554,"type":555,"label":556,"file":94,"line":557,"wp_function":558},"n2","sink","wp_remote_get() [SSRF]",2849,"wp_remote_get",{"id":560,"type":546,"label":547,"file":94,"line":548},"n3",{"id":562,"type":551,"label":552,"file":94,"line":548},"n4",{"id":564,"type":555,"label":565,"file":94,"line":566,"wp_function":567},"n5","fopen() [File Access]",2854,"fopen",[569,570,571,572],{"from":545,"to":550,"sanitized":136},{"from":550,"to":554,"sanitized":136},{"from":560,"to":562,"sanitized":136},{"from":562,"to":564,"sanitized":136},{"entryPoint":574,"graph":575,"unsanitizedCount":147,"severity":38},"\u003Cwp-vertical-images-thumbnail-slider> (wp-vertical-images-thumbnail-slider.php:0)",{"nodes":576,"edges":603},[577,580,583,586,587,590,591,593,595,597,599,601],{"id":545,"type":546,"label":578,"file":94,"line":579},"$_GET (x15)",994,{"id":550,"type":555,"label":581,"file":94,"line":290,"wp_function":582},"echo() [XSS]","echo",{"id":554,"type":546,"label":584,"file":94,"line":585},"$_POST (x6)",1475,{"id":560,"type":555,"label":581,"file":94,"line":425,"wp_function":582},{"id":562,"type":546,"label":588,"file":94,"line":589},"$_GET['id']",1744,{"id":564,"type":555,"label":581,"file":94,"line":589,"wp_function":582},{"id":592,"type":546,"label":547,"file":94,"line":548},"n6",{"id":594,"type":551,"label":552,"file":94,"line":548},"n7",{"id":596,"type":555,"label":556,"file":94,"line":557,"wp_function":558},"n8",{"id":598,"type":546,"label":547,"file":94,"line":548},"n9",{"id":600,"type":551,"label":552,"file":94,"line":548},"n10",{"id":602,"type":555,"label":565,"file":94,"line":566,"wp_function":567},"n11",[604,605,606,607,608,609,610],{"from":545,"to":550,"sanitized":138},{"from":554,"to":560,"sanitized":138},{"from":562,"to":564,"sanitized":138},{"from":592,"to":594,"sanitized":136},{"from":594,"to":596,"sanitized":136},{"from":598,"to":600,"sanitized":136},{"from":600,"to":602,"sanitized":136},{"entryPoint":612,"graph":613,"unsanitizedCount":26,"severity":625},"vertical_thumbnail_image_management (wp-vertical-images-thumbnail-slider.php:875)",{"nodes":614,"edges":621},[615,616,617,618,619,620],{"id":545,"type":546,"label":578,"file":94,"line":579},{"id":550,"type":555,"label":581,"file":94,"line":290,"wp_function":582},{"id":554,"type":546,"label":547,"file":94,"line":585},{"id":560,"type":555,"label":581,"file":94,"line":425,"wp_function":582},{"id":562,"type":546,"label":588,"file":94,"line":589},{"id":564,"type":555,"label":581,"file":94,"line":589,"wp_function":582},[622,623,624],{"from":545,"to":550,"sanitized":138},{"from":554,"to":560,"sanitized":138},{"from":562,"to":564,"sanitized":138},"low",{"summary":627,"deductions":628},"The wp-vertical-image-slider plugin, version 1.2.19, presents a mixed security posture. While it demonstrates good practices by implementing nonce checks, capability checks, and largely using prepared statements for SQL queries, several areas raise concerns. The static analysis reveals a low percentage of properly escaped output, with only 18% meeting this standard. This significant gap, coupled with two identified flows with unsanitized paths, indicates a heightened risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of XSS-related CVEs.  Furthermore, the presence of file operations and an external HTTP request without further context on their sanitization or purpose warrants attention.  The plugin's vulnerability history, with 4 known CVEs, including one high severity and three medium, primarily related to XSS and CSRF, suggests a pattern of insecure input handling and lack of robust output sanitization in the past. Although there are currently no unpatched CVEs, this history, combined with the static analysis findings, points to a plugin that, while having some security strengths, requires careful scrutiny regarding its handling of user-provided data and output rendering to prevent potential exploitation.",[629,632,634,636,638],{"reason":630,"points":631},"Low output escaping percentage (18%)",15,{"reason":633,"points":111},"Unsanitized paths identified in taint analysis",{"reason":635,"points":111},"Vulnerability history of XSS and CSRF",{"reason":637,"points":537},"Multiple file operations without context",{"reason":639,"points":640},"External HTTP request without context",3,"2026-03-16T18:56:30.756Z",{"wat":643,"direct":652},{"assetPaths":644,"generatorPatterns":647,"scriptPaths":648,"versionParams":649},[645,646],"\u002Fwp-content\u002Fplugins\u002Fwp-vertical-image-slider\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fwp-vertical-image-slider\u002Fcss\u002Fslider.css",[],[645],[650,651],"wp-vertical-image-slider\u002Fjs\u002Fmain.js?ver=","wp-vertical-image-slider\u002Fcss\u002Fslider.css?ver=",{"cssClasses":653,"htmlComments":657,"htmlAttributes":658,"restEndpoints":665,"jsGlobals":666,"shortcodeOutput":668},[654,655,656],"vts-slider-container","vts-thumbnail-wrapper","vts-thumbnail-active",[],[659,660,661,662,663,664],"data-slider-id","data-thumbnail-width","data-thumbnail-height","data-image-width","data-image-height","data-vertical-navigation",[],[667],"vts_slider_options",[669],"[print_vertical_thumbnail_slider"]