[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ0hXNBLoxFEXjTpH8tGlLujRsrjHiu5qjqotywJkfzs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":165,"fingerprints":208},"wp-widgets-shortcode","WordPress Widgets Shortcode","1.0.3","Brajesh Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbrajesh\u002F","\u003Cp>The plugin allows you to embed any WordPress Widget area\u002FDynamic Sidebar to your WordPress posts\u003C\u002Fp>\n\u003Cp>What you can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the shortcode to embed widget areas in posts\u003C\u002Fli>\n\u003Cli>Use the shortcode to embed Widget areas in Pages\u003C\u002Fli>\n\u003Cli>The widgets can be embedded anywhere, at the begining of content, middle, bottom or where ever you want. Just put the shortcode there.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please leave a comment here at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fwordpress\u002Fembed-wordpress-widget-areasdynamic-sidebars-in-posts-or-pages-using-simple-shortcodes\u002F\" title=\"Post about this plugin\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Others\u003C\u002Fh3>\n\u003Cp>For more info, please visit us at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002F\" title=\"The best place for all BuddyPress based plugins, themes tutorials\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n","Embed any widget area\u002Fdynamic sidebar to your pages\u002Fposts using the shortcode [dynamic-sidebar id='Your Widget Area\u002FSidebar name']",500,17170,90,8,"2016-05-14T08:01:00.000Z","4.7.32","3.5","",[20,21,22,23,24],"dynamic-sidebar","embed","embed-widgets","shortcodes","widgets","http:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fwp-widgets-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widgets-shortcode.1.0.3.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-57989","wordpress-widgets-shortcode-authenticated-contributor-stored-cross-site-scripting","WordPress Widgets Shortcode \u003C= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WordPress Widgets Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:25:16",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F437e4f77-6426-411f-985e-35e1a1f30bfb?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"sbrajesh",12,1820,86,3856,69,"2026-04-04T04:59:49.479Z",[55,80,101,123,143],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":28,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":78,"last_vuln_date":79,"fetched_at":30},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,100,"2025-12-04T08:12:00.000Z","6.5.8","4.7","5.4.0",[71,72,23,73],"custom-post-types","elementor-widgets","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,0,"2026-02-18 15:32:44",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":65,"num_ratings":90,"last_updated":91,"tested_up_to":67,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":78,"last_vuln_date":100,"fetched_at":30},"weaverx-theme-support","Weaver Xtreme Theme Support","6.5.1","wpweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpweaver\u002F","\u003Cp>This is the theme support for the Weaver Xtreme Theme. This plugin provides a collection of useful shortcodes and widgets designed to complement the Weaver Xtreme theme. These shortcodes have been selected and developed based on requests and feedback from thousands of users of the Weaver Xtreme and previous versions of Weaver.\u003C\u002Fp>\n\u003Cp>This plugin also provides the Legacy Weaver Xtreme Admin Dashboard interface. The Legacy Admin is an old style interface alternative to the Customizer interface. The Legacy Interface has been updated for compatibility with Weaver Xtreme Version 5, and will automatically update and convert .wxt settings files from Weaver Xtreme 4.\u003C\u002Fp>\n\u003Cp>Includes complete documentation help file. Instructions for using the shortcodes and widgets are in the help file.\u003C\u002Fp>\n\u003Ch4>Shortcodes included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>[tab_group]\u003C\u002Fstrong> – Display content in a tabbed box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!--YouTube Error: bad URL entered-->\u003C\u002Fstrong> – Show your YouTube videos responsively, and with the capability to use any of the YouTube custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!-- vimeo error: not a vimeo video -->\u003C\u002Fstrong> –  Show your Vimeo videos responsively, and with the capability to use any of the Vimeo custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[iframe]\u003C\u002Fstrong> – Quick and easy display of content in an iframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[div]\u003C\u002Fstrong>, \u003Cstrong>[span]\u003C\u002Fstrong>, \u003Cstrong>[html]\u003C\u002Fstrong> – Add div, span, and other html to pages\u002Fposts without the need to switch to Text view.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[hide\u002Fshow_if]\u003C\u002Fstrong> – Show or hide content depending upon options: device, page ID, user capability, logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[bloginfo]\u003C\u002Fstrong> – Display any information available from WordPress bloginfo function.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[user_can]\u003C\u002Fstrong> – Display content base on logged-in user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_title]\u003C\u002Fstrong> – Display Site title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_tagline]\u003C\u002Fstrong> – Display Site tag line.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Weaver 2 Column Text Widget\u003C\u002Fstrong> – Add text into two columns in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Per Page Text Widget\u003C\u002Fstrong> – Add a text widget on a per-page basis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Login\u003C\u002Fstrong> – Simplified login widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Licenses\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Weaver Xtreme Theme Support plugin is licensed under the terms of the GNU GENERAL PUBLIC LICENSE, Version 2,\u003Cbr \u002F>\nJune 1991. (GPL) The full text of the license is in the license.txt file.\u003C\u002Fli>\n\u003Cli>All images included with this plugin are either original works of the author which\u003Cbr \u002F>\nhave been placed into the public domain, or have been derived from other public domain sources,\u003Cbr \u002F>\nand thus need no license. (This does not include the images provided with any of the\u003Cbr \u002F>\nbelow listed scripts and libraries. Those images are covered by their respective licenses.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin also includes several scripts and libraries that are covered under the terms\u003Cbr \u002F>\nof their own licenses in the listed files in the plugin distribution:\u003C\u002Fp>\n","A useful shortcode and widget collection for Weaver Xtreme",9000,382934,4,"2024-05-31T18:31:00.000Z","6.0","7.2",[23,95,24],"weaver-xtreme-theme","http:\u002F\u002Fweavertheme.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweaverx-theme-support.6.5.1.zip",89,3,"2024-06-04 19:18:53",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":65,"num_ratings":28,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":99,"unpatched_count":28,"last_vuln_date":122,"fetched_at":30},"popularis-extra","Popularis Extra","1.2.10","Themes4WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemes4wp\u002F","\u003Cp>Popularis Extra gives you access to demo import for free PopularisWP themes, extra features like widgets, shortcodes or additional Elementor widgets.\u003C\u002Fp>\n\u003Cp>This plugin requires PopularisWP theme to be installed.\u003C\u002Fp>\n\u003Ch3>Supported Themes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis\u002F\" rel=\"ugc\">Popularis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-ecommerce\u002F\" rel=\"nofollow ugc\">Popularis eCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-verse\u002F\" rel=\"ugc\">Popularis Verse\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-hub\u002F\" rel=\"ugc\">Popularis Hub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-star\u002F\" rel=\"ugc\">Popularis Star\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-writer\u002F\" rel=\"ugc\">Popularis Writer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fpopularis-press\u002F\" rel=\"ugc\">Popularis Press\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-fashion\u002F\" rel=\"nofollow ugc\">Popularis Fashion\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpopulariswp.com\u002Fpopularis-business\u002F\" rel=\"nofollow ugc\">Popularis Business\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Popularis Extra add extra features to Popularis theme like demo import, widgets, shortcodes or Elementor widgets.",8000,225336,"2025-12-03T07:12:00.000Z","6.9.4","4.4","5.6",[116,117,118,23,24],"demo","elementor","import","https:\u002F\u002Fpopulariswp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpopularis-extra.1.2.10.zip",74,"2026-01-28 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":140,"download_link":141,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":142,"fetched_at":30},"series","Series","2.0.1","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>Series is a plugin created to allow users to easily link posts together by using a WordPress taxonomy (like tags or categories) called “series”.  It can be particularly useful if you write several posts spanning the same topic and want them tied together in some way that tags or categories doesn’t cover.\u003C\u002Fp>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cp>If you need professional plugin support from me, the plugin author, you can access the support forums at \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fsupport\" rel=\"nofollow ugc\">Theme Hybrid\u003C\u002Fa>, which is a professional WordPress help\u002Fsupport site where I handle support for all my plugins and themes for a community of 75,000+ users (and growing).\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustintadlock\u002Fseries\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Yes, I do accept donations.  If you want to donate, you can do so from my \u003Ca href=\"https:\u002F\u002Fthemehybrid.com\u002Fdonate\" rel=\"nofollow ugc\">donations page\u003C\u002Fa> or grab me something from my \u003Ca href=\"http:\u002F\u002Fa.co\u002FflUb0ns\" rel=\"nofollow ugc\">Amazon Wish List\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>I appreciate all donations, no matter the size.  Further development of this plugin is not contingent on donations, but they are always a nice incentive.\u003C\u002Fp>\n","Plugin that allows you to collect posts in a series.",2000,46271,84,5,"2018-12-17T20:52:00.000Z","5.0.25","4.8","5.3",[124,23,24],"https:\u002F\u002Fthemehybrid.com\u002Fplugins\u002Fseries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseries.2.0.1.zip","2025-12-31 00:00:00",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":151,"downloaded":152,"rating":153,"num_ratings":14,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":163,"download_link":164,"security_score":65,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"liza-spotify-widget-for-elementor","Liza Widget For Spotify and Elementor","3.0","Ruthless WP","https:\u002F\u002Fprofiles.wordpress.org\u002Ffallentroj\u002F","\u003Cp>\u003Cstrong>Liza Widget For Spotify and Elementor\u003C\u002Fstrong> is the first use to goand easy to use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F\" rel=\"ugc\">Elementor Page Builder\u003C\u002Fa> Spotify Widget. Our goal is to provide you with the Functional Elementor Widget That can be easly used, Add Spotify Music Without writing the Single Line of Code. Liza Spotify Widget helps users to use Spotify API on their websites easily without any headaches. If you like Liza Spotify Widget, Please review us on the wordpress.org as it will help us develop better Functionality for the Spotify Widget.\u003Cbr \u002F>\nAs of New update of the plugin, we added Spotify Profile widget which allows you to share your Spotify profile with realtime stats, as well as improved our embed plugin and made it easier to share and embed tracks from Spotify directly to your website! New Settings page has been added which allows you to authorise with your Spotify profile and integrate easier with its API.\u003C\u002Fp>\n\u003Cp>Follow new tutorial linked below as well as write on plugin forum if you have any questions!\u003C\u002Fp>\n\u003Cp>Linking Spotify Account correctly is essential for plugin to work properly, with new updated version of plugin, you can directly search and embed tracks and artists inside the elementor editor.\u003C\u002Fp>\n\u003Cp>With love, Rutheless WP\u002FNikusha Sirbiladze\u003C\u002Fp>\n\u003Cp>\u003Cem>See tutorials Below\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FHbL8ERGBquk?si=8ErHDMorbyG8iAPK\" rel=\"nofollow ugc\">\u003Cstrong>How to setup the Spotify API?\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services to enable specific features and functionalities. Below is the list of external services used, the data shared, and relevant legal documentation:\u003C\u002Fp>\n\u003Ch3>Freemius\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the Freemius platform to manage licensing, plugin updates, analytics, and user feedback.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>What is sent\u003C\u002Fstrong>: When the plugin is installed or updated, it sends information such as the website URL, WordPress version, plugin version, PHP version, and potentially the user’s email address (only if explicitly provided during activation).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Data is sent during plugin activation, updates, deactivation, or when a user opts into Freemius insights.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Why\u003C\u002Fstrong>: It is required for license management, plugin updates, and collecting usage analytics if the user opts in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider\u003C\u002Fstrong>: Freemius, Inc.\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffreemius.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Freemius Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffreemius.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Freemius Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Spotify API\u003C\u002Fh3>\n\u003Cp>This plugin uses the Spotify API to fetch and display music, playlists, albums, or artist information within the Elementor widget.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>What is sent\u003C\u002Fstrong>: Requests sent to the Spotify API may include search queries, artist IDs, playlist IDs, and other music-related identifiers. No personal user data is sent unless the user connects their Spotify account for additional features.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Data is sent whenever the widget makes a request to display or update Spotify content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Why\u003C\u002Fstrong>: It is necessary to retrieve and display Spotify music content dynamically inside the widget.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider\u003C\u002Fstrong>: Spotify AB\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.spotify.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Spotify Developer Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.spotify.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Spotify Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Spotify Widget, Spotify, Easy to use Spotify widget.",1000,28434,80,"2025-06-14T12:19:00.000Z","6.8.5","5.2","7.0",[117,159,160,161,162],"music","spotify","spotify-embed","widgets-for-elementor","https:\u002F\u002Fruthlesswp.com\u002Fspotify","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fliza-spotify-widget-for-elementor.3.0.zip",{"attackSurface":166,"codeSignals":180,"taintFlows":191,"riskAssessment":192,"analyzedAt":207},{"hooks":167,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":178,"entryPointCount":179,"unprotectedCount":78},[],[],[],[171,176],{"tag":172,"callback":173,"file":174,"line":175},"widget-area","generate_widget_area","wp-widgets-shortcode.php",32,{"tag":20,"callback":173,"file":174,"line":177},36,[],2,{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":78,"externalRequests":78,"nonceChecks":78,"capabilityChecks":78,"bundledLibraries":190},[],{"prepared":78,"raw":78,"locations":183},[],{"escaped":78,"rawEcho":179,"locations":185},[186,188],{"file":174,"line":121,"context":187},"raw output",{"file":174,"line":189,"context":187},76,[],[],{"summary":193,"deductions":194},"The wp-widgets-shortcode plugin exhibits a mixed security posture. On the positive side, its static analysis reveals a clean slate regarding dangerous functions, SQL injection vulnerabilities (all queries are prepared), file operations, external HTTP requests, and no critical or high severity taint flows.  Furthermore, all identified entry points (shortcodes) are reportedly not protected by authentication checks, which is a significant concern. The lack of nonce checks and capability checks on all entry points is also worrying, as it opens the door for potential unauthorized actions if the shortcodes can be manipulated. The plugin does have a known medium severity Cross-Site Scripting (XSS) vulnerability that is currently unpatched, indicating a history of input validation issues. This unpatched vulnerability, coupled with the absence of output escaping on all identified outputs and the lack of robust authorization checks on its entry points, presents a considerable risk. While the core code doesn't exhibit immediately exploitable vulnerabilities in its current state, the unpatched historical vulnerability and the identified weaknesses in input handling and access control suggest a need for caution and prompt remediation.",[195,198,201,203,205],{"reason":196,"points":197},"Unpatched Medium Severity CVE",15,{"reason":199,"points":200},"Unprotected Entry Points (Shortcodes)",10,{"reason":202,"points":200},"No Capability Checks on Entry Points",{"reason":204,"points":77},"Output Escaping Not Properly Implemented",{"reason":206,"points":134},"No Nonce Checks on Entry Points","2026-03-16T19:34:56.673Z",{"wat":209,"direct":216},{"assetPaths":210,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[211],"\u002Fwp-content\u002Fplugins\u002Fwp-widgets-shortcode\u002Fwidget-area-shortcode.js",[],[211],[215],"wp-widgets-shortcode\u002Fwidget-area-shortcode.js?ver=",{"cssClasses":217,"htmlComments":218,"htmlAttributes":219,"restEndpoints":220,"jsGlobals":221,"shortcodeOutput":222},[],[],[],[],[],[223,224,225,226],"[widget-area id='","][widget-area","[dynamic-sidebar id='","][dynamic-sidebar"]