[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKCtwMG_ZaSM4dMEtPbQ0vIx9CJwZg7VaaevFNOMAB_8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":53,"analysis":149,"fingerprints":399},"wp-wiki-tooltip","WP Wiki Tooltip","2.1.1","Nico Danneberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fnida78\u002F","\u003Cp>Adds explaining tooltips querying their content from a \u003Ca href=\"https:\u002F\u002Fwww.mediawiki.org\" title=\"see MediaWiki docs\" rel=\"nofollow ugc\">MediaWiki\u003C\u002Fa> installation, e.g. \u003Ca href=\"https:\u002F\u002Fwww.wikipedia.org\" title=\"see the well-known Wikipedia\" rel=\"nofollow ugc\">Wikipedia.org\u003C\u002Fa>. Therefore shortcodes can be used in Posts and Pages to mark keywords and link them to public Wiki pages. The well-known package of \u003Ca href=\"https:\u002F\u002Fcalebjacob.github.io\u002Ftooltipster\u002F\" title=\"Tooltipster rocks :)\" rel=\"nofollow ugc\">Tooltipster\u003C\u002Fa> is used to create the nice and themable tooltips.\u003C\u002Fp>\n\u003Cp>Main features of the current version are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setup at least one wanted Wiki base and several other options at a backend page\u003C\u002Fli>\n\u003Cli>Integrate the Wiki tooltip in Posts and Pages using a handy popup in Gutenberg editor or simple shortcodes\u003C\u002Fli>\n\u003Cli>Shortcodes can be created by a \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTinyMCE\" rel=\"nofollow ugc\">TinyMCE\u003C\u002Fa> plugin, too\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds explaining tooltips querying their content from a MediaWiki installation, e.g. Wikipedia.org.",200,14875,96,18,"2025-08-10T20:03:00.000Z","6.8.5","3.0","",[20,21,22,23,24],"mediawiki","tooltip","tooltipster","wiki","wikipedia","https:\u002F\u002Fn1da.net\u002Fspecials\u002Fwp-wiki-tooltip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wiki-tooltip.2.1.1.zip",99,1,0,"2025-02-18 19:21:58","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-13462","wp-wiki-tooltip-authenticated-contributor-stored-cross-site-scripting","WP Wiki Tooltip \u003C= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.0.2","2.1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-11 14:26:37",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F926646de-4fb0-4460-b0d1-4d451e6505ca?source=api-prod",174,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":51,"computed_at":52},"nida78",78,"2026-04-04T19:05:22.560Z",[54,72,94,114,132],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":29,"num_ratings":29,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":69,"download_link":70,"security_score":71,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wikilink","WikiLink","0.1","eduardosada","https:\u002F\u002Fprofiles.wordpress.org\u002Feduardosada\u002F","\u003Cp>WikiLink WordPress plugin is an easier way to link to Wikipedia. Allows you to see a Wikipedia definition but without leaving your blog.\u003C\u002Fp>\n\u003Ch4>Licence\u003C\u002Fh4>\n\u003Cp>This plugins is released under the MIT, you can use it free of charge on your personal or commercial blog.\u003C\u002Fp>\n","An easier way to link to Wikipedia.",10,3572,"2009-09-27T19:05:00.000Z","2.8.4","2.5",[68,21,23,24],"google","http:\u002F\u002Fwww.coders.me\u002Fwordpress\u002Fwikilink-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwikilink.0.1.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":13,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":91,"download_link":92,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":93,"fetched_at":31},"wikipedia-preview","Wikipedia Preview","1.17.0","Wikimedia Foundation","https:\u002F\u002Fprofiles.wordpress.org\u002Fwikimediafoundation\u002F","\u003Cp>Enhance your website with free knowledge straight from Wikipedia!\u003C\u002Fp>\n\u003Cp>Install Wikipedia Preview, the free add-on designed to better engage your visitors and improve the user experience on your website.\u003C\u002Fp>\n\u003Cp>The Wikipedia Preview plugin provides context to your site’s visitors with content directly from Wikipedia. It allows you to add links to your content so that when your visitors click or hover on them, they see a pop-up box with information and images straight from Wikipedia. With Wikipedia Preview your visitors gain context on a topic, without ever leaving your website.\u003C\u002Fp>\n\u003Cp>Wikipedia Preview is an official plug-in designed and developed by the \u003Ca href=\"https:\u002F\u002Fwikimediafoundation.org\u002F\" rel=\"nofollow ugc\">Wikimedia Foundation\u003C\u002Fa>, the non-profit behind Wikipedia and other free knowledge projects.\u003C\u002Fp>\n\u003Cp>The plug-in is entirely free to download and use, in line with the Wikimedia Foundation’s mission to provide free knowledge for everyone.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_m6YzR0j8Fs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rich-media content straight from Wikipedia, to give your site’s visitors the context they need, without ever having to leave your website.\u003C\u002Fli>\n\u003Cli>Always free.\u003C\u002Fli>\n\u003Cli>Available in 300 languages.\u003C\u002Fli>\n\u003Cli>Easy to set up. Adding Wikipedia Preview links is even easier than adding other hyperlinks.\u003C\u002Fli>\n\u003Cli>Leveraging the content and brand name of one of the most popular websites in the world.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Can be set up using the same process you use to add hyperlinks to your articles or using the Gutenberg editor custom tool.\u003C\u002Fli>\n\u003Cli>Handles any link to a Wikipedia article regardless of language, lead image presence or length.\u003C\u002Fli>\n\u003Cli>Site owners can choose a specific section of an article as a preview, not limited to just the lead section.\u003C\u002Fli>\n\u003Cli>Supports dark mode option for improved readability.\u003C\u002Fli>\n\u003Cli>Works for Right-to-Left (RTL) and Left-To-Right (LTR) languages.\u003C\u002Fli>\n\u003Cli>Offers access to a built-in gallery to dive into article images.\u003C\u002Fli>\n\u003Cli>Can be disabled for any page using the post metadata sidebar.\u003C\u002Fli>\n\u003Cli>Uses Gutenberg editor custom tool to search for Wikipedia articles and visualize Wikipedia Preview for readers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How to add preview links to your site\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Option 1 – How to add Wikipedia Preview links using the Classic Editor:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a Wikipedia article link to your site’s content using the same process you use to add hyperlinks to your articles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Option 2 – How to add Wikipedia Preview links using the Gutenberg\u002F Block Editor:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Highlight the text you want to link to a Wikipedia article.\u003C\u002Fli>\n\u003Cli>Select ‘W’ – Wikipedia Preview icon from the menu.\u003C\u002Fli>\n\u003Cli>You will see a list of suggested articles. Select the one you want to link to.\u003C\u002Fli>\n\u003Cli>Wikipedia Preview will automatically turn the link into a preview of the relevant Wikipedia article. You can easily customize the preview content by selecting a specific section of the article.\u003C\u002Fli>\n\u003C\u002Fol>\n","Wikipedia Preview lets you show a popup card with a short summary from Wikipedia when a reader clicks or hovers over a link.",1000,18217,38,"2025-12-08T23:40:00.000Z","6.9.4","6.1","5.6.39",[88,89,90,23,24],"card","facts","popup","https:\u002F\u002Fgithub.com\u002Fwikimedia\u002Fwikipedia-preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwikipedia-preview.1.17.0.zip","2025-08-03 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":17,"requires_php":18,"tags":108,"homepage":110,"download_link":111,"security_score":112,"vuln_count":28,"unpatched_count":28,"last_vuln_date":113,"fetched_at":31},"rdp-wiki-embed","RDP Wiki Embed","1.2.20","Robert D Payne","https:\u002F\u002Fprofiles.wordpress.org\u002Frpayne7264\u002F","\u003Cp>RDP Wiki Embed will pull content from any MediaWiki website (such as wikipedia.org) and embed it in pages and posts. It strips and reformats the content, allowing you to supply some arguments to dictate how this works.\u003C\u002Fp>\n\u003Cp>RDP Wiki Embed can also look for all links to wiki sites listed in the Security section and force the content on the current page to be replaced with the content found at the wiki site when the link is clicked. Visitors will be able to read wiki content without leaving your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>RDP Wiki Embed is not coded to work with the block editor.  Therefore, the shortcode button will not work.\u003C\u002Fstrong> A plugin that restores the classic editor will need to be installed for the shortcode button to work. Get the Classic Editor Plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">here.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Posting to the WordPress.org Support Forum does not send me notifications of new issues. Therefore, please send support requests using the \u003Ca href=\"http:\u002F\u002Fwww.rdptechsolutions.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact form on my web site.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Sponsor\u003C\u002Fh4>\n\u003Cp>This plug-in brought to you through the generous funding of \u003Ca href=\"http:\u002F\u002Fwww.limsinstitute.org\u002F\" rel=\"nofollow ugc\">Laboratory Informatics Institute, Inc.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Use the shortcode [rdp-wiki-embed] for embedding MediaWiki content. The following arguments are accepted:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>url: (required) the web address of the wiki article that you want to embed on this page\u003C\u002Fli>\n\u003Cli>title_show: 0 (zero) to hide title or 1 to show\u003C\u002Fli>\n\u003Cli>toc_show: 0 (zero) to hide table of contents (TOC) or 1 to show\u003C\u002Fli>\n\u003Cli>edit_show: 0 (zero) to hide edit links or 1 to show \u003C\u002Fli>\n\u003Cli>infobox_show: 0 (zero) to hide info boxes or 1 to show \u003C\u002Fli>\n\u003Cli>unreferenced_show: 0 (zero) to hide “unreferenced” warning boxes  or 1 to show \u003C\u002Fli>\n\u003Cli>wiki_update: number of minutes content of the wiki page will be stored on your site, before it is refreshed \u003C\u002Fli>\n\u003Cli>wiki_links: behavior after clicking a link to wiki content – \u003Cstrong>default\u003C\u002Fstrong> or \u003Cstrong>overwrite\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>wiki_links_open_new: 0 (zero) to open wiki links in same window or 1 to open in new window \u003C\u002Fli>\n\u003Cli>global_content_replace: 1 to apply embed overwrite behavior to all wiki links on the site or 0 (zero)  \u003C\u002Fli>\n\u003Cli>global_content_replace_template: page template to use for replaced content\u003C\u002Fli>\n\u003Cli>source_show: 0 (zero) to hide attribution or 1 to show \u003C\u002Fli>\n\u003Cli>pre_source: text for source label\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cp>Basic uasge:\u003C\u002Fp>\n\u003Cp>[rdp-wiki-embed url=’http:\u002F\u002Fen.wikipedia.org’]\u003C\u002Fp>\n\u003Cp>Display table-of-contents and info boxes, but hide title, edit links and ‘unreferenced’ warning boxes:\u003C\u002Fp>\n\u003Cp>[rdp-wiki-embed url=’http:\u002F\u002Fen.wikipedia.org’ title_show=’0′ toc_show=’1′ edit_show=’0′ infobox_show=’1′ unreferenced_show=’0′]\u003C\u002Fp>\n\u003Ch4>About Overwrite and Global Content Replace\u003C\u002Fh4>\n\u003Cp>Global content replace requires Overwrite mode to be enabled. When content is being replaced in Overwrite mode, the Default Shortcode Settings on the plug-in’s settings page will be applied to content that is fetched from wiki sites.\u003C\u002Fp>\n\u003Ch3>Action Hook Reference:\u003C\u002Fh3>\n\u003Ch4>rdp_we_scripts_enqueued\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Param: none\u003C\u002Fli>\n\u003Cli>Fires after enqueuing plug-in-specific frontend scripts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>rdp_we_styles_enqueued\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Param: none\u003C\u002Fli>\n\u003Cli>Fires after enqueuing plug-in-specific frontend styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filter Reference\u003C\u002Fh3>\n\u003Ch4>rdp_we_scrub_remove_elements_filter\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Param: Array of HTML elements to remove from the raw wiki content, before being cached\u003C\u002Fli>\n\u003Cli>Return: Array of HTML elements to remove from the raw wiki content, before being cached\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>rdp_we_prerender_remove_elements_filter\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Param: Array of HTML elements to remove from the wiki content, before rendering to browser\u003C\u002Fli>\n\u003Cli>Return: Array of HTML elements to remove from the wiki content, before rendering to browser\u003C\u002Fli>\n\u003C\u002Ful>\n","RDP Wiki Embed lets you embed content from MediaWiki sites.",400,18200,100,12,"2024-01-08T07:24:00.000Z","6.4.8",[20,23,109],"wiki-embed","http:\u002F\u002Fwww.rdptechsolutions.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frdp-wiki-embed.1.2.20.zip",63,"2025-04-04 00:00:00",{"slug":109,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":104,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":17,"requires_php":18,"tags":126,"homepage":129,"download_link":130,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":131,"fetched_at":31},"Wiki Embed","1.4.10","ctltwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fctltwp\u002F","\u003Cp>This plugin will pull content from any Media Wiki website (Such as wikipedia.org).\u003C\u002Fp>\n\u003Cp>It strips and reformats the content, allowing you to supply some arguments to dictate how this works.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How does it work?\u003C\u002Fstrong>\u003Cbr \u002F>\nOn your WordPress page or post. You embed a shortcode, something like\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wiki-embed url='http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FWordPress' tabs no-contents no-infobox ]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you save the page you will have the content of the wiki embed into you page. Kind of like a youtube video.\u003Cbr \u002F>\nOnly the page will look like as if it is part of your site. Any changes that are made on the wiki will be reflected on your site, once the cache has expired and a new version of the page is requested from the wiki.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why would you want to do that?\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can build a better navigation structure to your site, while crowd sourcing the content of the pages inside the wiki.\u003Cbr \u002F>\nWin Win.\u003C\u002Fp>\n\u003Cp>** Where can I get more info?**\u003Cbr \u002F>\nCheckout our Support page http:\u002F\u002Fsupport.cms.ubc.ca\u002Fcms-manual\u002Fadding-content\u002Fembedding-content-from-the-ubc-wiki\u002F that is using the wiki-embed plugin to grab content from our [wiki http:\u002F\u002Fwiki.ubc.ca\u002FDocumentation:UBC_Content_Management_System\u002FCLF_Theme\u002FHow_to_embed_content_from_the_UBC_Wiki\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Wiki Embed is implemented using the shortcode [wiki-embed]. It accepts the following arguments:\u003Cbr \u002F>\n* url: (required) the web address of the wiki article that you want to embed on this page.\u003Cbr \u002F>\n* no-edit: Hide the “edit” links from the wiki.\u003Cbr \u002F>\n* no-contents: Hide the page’s contents box.\u003Cbr \u002F>\n* no-infobox: Hide any infobox that appears on the wiki for this page.\u003Cbr \u002F>\n* tabs: Replaces the sections of the wiki article with tabs.\u003Cbr \u002F>\n* accordion: Replaces the sections of the wiki article with an accordian. This option cannot be used as the same time as ‘tabs’.\u003C\u002Fp>\n\u003Cp>Example;\u003Cbr \u002F>\n    [wiki-embed url=”http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FExample” no-edit no-contents no-infobox accordion]\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>Settings for the plugin can be found in ‘Wiki Embed’ -> ‘Settings’.\u003Cbr \u002F>\nHere you can enable\u002Fdisable various features, define shortcode defaults, and configure some global settings for the plugin.\u003C\u002Fp>\n","Wiki Embed lets you embed mediawiki pages in to your site, sites like Wikipedia",15847,76,8,"2025-05-02T18:14:00.000Z","3.3.2",[127,128,20,23,109],"content-framework","embed","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwiki-embed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwiki-embed.zip","2025-05-07 00:00:00",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":18,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":28,"last_updated":142,"tested_up_to":65,"requires_at_least":143,"requires_php":18,"tags":144,"homepage":18,"download_link":148,"security_score":71,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"infolinks","InfoLink","1.3.1","Alexander Rauscha","https:\u002F\u002Fprofiles.wordpress.org\u002Fsirlon\u002F","Quickly add Links to Wikipedia, IMDB Sites or search for site\u002Fblog or news with Google. And New with 1.3 also your bookmarked Links.",60,15380,80,"2013-01-22T01:41:00.000Z","2.8",[68,145,146,147,24],"information","link","links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfolinks.1.3.1.zip",{"attackSurface":150,"codeSignals":228,"taintFlows":330,"riskAssessment":386,"analyzedAt":398},{"hooks":151,"ajaxHandlers":207,"restRoutes":221,"shortcodes":222,"cronEvents":225,"entryPointCount":226,"unprotectedCount":227},[152,157,161,165,168,170,173,176,179,184,188,192,196,199,202],{"type":153,"name":154,"callback":155,"file":156,"line":105},"action","enqueue_block_assets","init_gutenberg","class.wp-wiki-tooltip-admin.php",{"type":153,"name":158,"callback":159,"file":156,"line":160},"admin_menu","init",15,{"type":153,"name":162,"callback":163,"file":156,"line":164},"admin_init","load_all_options",16,{"type":153,"name":162,"callback":166,"file":156,"line":167},"register_base_settings",17,{"type":153,"name":162,"callback":169,"file":156,"line":14},"register_error_settings",{"type":153,"name":162,"callback":171,"file":156,"line":172},"register_design_settings",19,{"type":153,"name":162,"callback":174,"file":156,"line":175},"register_thumb_settings",20,{"type":153,"name":159,"callback":159,"file":177,"line":178},"class.wp-wiki-tooltip-mce.php",11,{"type":180,"name":181,"callback":182,"file":177,"line":183},"filter","mce_external_plugins","add_buttons",26,{"type":180,"name":185,"callback":186,"file":177,"line":187},"mce_buttons","register_buttons",27,{"type":180,"name":189,"callback":190,"file":177,"line":191},"mce_external_languages","add_wp_wiki_tooltip_mce_locale",28,{"type":153,"name":193,"callback":159,"file":194,"line":195},"wp_enqueue_scripts","class.wp-wiki-tooltip.php",14,{"type":153,"name":197,"callback":198,"file":194,"line":160},"wp_footer","add_wiki_container",{"type":180,"name":200,"callback":201,"file":194,"line":167},"the_content","filter_the_content_for_wiki_tags",{"type":153,"name":203,"callback":204,"file":205,"line":206},"plugins_loaded","load_wiki_translation","wp-wiki-tooltip.php",22,[208,213,216,220],{"action":209,"nopriv":210,"callback":211,"hasNonce":210,"hasCapCheck":210,"file":156,"line":212},"get_wiki_page",false,"ajax_get_wiki_page",23,{"action":209,"nopriv":214,"callback":211,"hasNonce":210,"hasCapCheck":210,"file":156,"line":215},true,24,{"action":217,"nopriv":210,"callback":218,"hasNonce":210,"hasCapCheck":210,"file":156,"line":219},"test_wiki_url","ajax_test_wiki_url",25,{"action":217,"nopriv":214,"callback":218,"hasNonce":210,"hasCapCheck":210,"file":156,"line":183},[],[223],{"tag":23,"callback":224,"file":194,"line":164},"do_wiki_shortcode",[],5,4,{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":232,"fileOperations":29,"externalRequests":226,"nonceChecks":105,"capabilityChecks":328,"bundledLibraries":329},[],{"prepared":29,"raw":29,"locations":231},[],{"escaped":233,"rawEcho":234,"locations":235},137,45,[236,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,320,322,324,326],{"file":156,"line":237,"context":238},384,"raw output",{"file":156,"line":240,"context":238},388,{"file":156,"line":242,"context":238},392,{"file":156,"line":244,"context":238},396,{"file":156,"line":246,"context":238},403,{"file":156,"line":248,"context":238},440,{"file":156,"line":250,"context":238},441,{"file":156,"line":252,"context":238},442,{"file":156,"line":254,"context":238},443,{"file":156,"line":256,"context":238},444,{"file":156,"line":258,"context":238},455,{"file":156,"line":260,"context":238},456,{"file":156,"line":262,"context":238},470,{"file":156,"line":264,"context":238},471,{"file":156,"line":266,"context":238},474,{"file":156,"line":268,"context":238},484,{"file":156,"line":270,"context":238},485,{"file":156,"line":272,"context":238},492,{"file":156,"line":274,"context":238},493,{"file":156,"line":276,"context":238},508,{"file":156,"line":278,"context":238},519,{"file":156,"line":280,"context":238},520,{"file":156,"line":282,"context":238},521,{"file":156,"line":284,"context":238},532,{"file":156,"line":286,"context":238},537,{"file":156,"line":288,"context":238},538,{"file":156,"line":290,"context":238},539,{"file":156,"line":292,"context":238},574,{"file":156,"line":294,"context":238},606,{"file":156,"line":296,"context":238},614,{"file":156,"line":298,"context":238},622,{"file":156,"line":300,"context":238},630,{"file":156,"line":302,"context":238},638,{"file":156,"line":304,"context":238},647,{"file":156,"line":306,"context":238},648,{"file":156,"line":308,"context":238},654,{"file":156,"line":310,"context":238},655,{"file":156,"line":312,"context":238},663,{"file":156,"line":314,"context":238},671,{"file":156,"line":316,"context":238},844,{"file":318,"line":319,"context":238},"class.wp-wiki-tooltip-comm.php",153,{"file":318,"line":321,"context":238},176,{"file":318,"line":323,"context":238},184,{"file":177,"line":325,"context":238},39,{"file":194,"line":327,"context":238},46,2,[],[331,361,375],{"entryPoint":332,"graph":333,"unsanitizedCount":28,"severity":41},"ajax_get_wiki_page (class.wp-wiki-tooltip-comm.php:57)",{"nodes":334,"edges":357},[335,340,346,350,354],{"id":336,"type":337,"label":338,"file":318,"line":339},"n0","source","$_REQUEST (x2)",68,{"id":341,"type":342,"label":343,"file":318,"line":344,"wp_function":345},"n1","sink","wp_remote_get() [SSRF]",101,"wp_remote_get",{"id":347,"type":337,"label":348,"file":318,"line":349},"n2","$_REQUEST",90,{"id":351,"type":352,"label":353,"file":318,"line":349},"n3","transform","→ get_section_id_by_name()",{"id":355,"type":342,"label":343,"file":318,"line":356,"wp_function":345},"n4",190,[358,359,360],{"from":336,"to":341,"sanitized":214},{"from":347,"to":351,"sanitized":210},{"from":351,"to":355,"sanitized":210},{"entryPoint":362,"graph":363,"unsanitizedCount":28,"severity":41},"\u003Cclass.wp-wiki-tooltip-comm> (class.wp-wiki-tooltip-comm.php:0)",{"nodes":364,"edges":371},[365,367,368,369,370],{"id":336,"type":337,"label":366,"file":318,"line":339},"$_REQUEST (x5)",{"id":341,"type":342,"label":343,"file":318,"line":344,"wp_function":345},{"id":347,"type":337,"label":348,"file":318,"line":349},{"id":351,"type":352,"label":353,"file":318,"line":349},{"id":355,"type":342,"label":343,"file":318,"line":356,"wp_function":345},[372,373,374],{"from":336,"to":341,"sanitized":214},{"from":347,"to":351,"sanitized":210},{"from":351,"to":355,"sanitized":210},{"entryPoint":376,"graph":377,"unsanitizedCount":29,"severity":385},"ajax_test_wiki_url (class.wp-wiki-tooltip-comm.php:157)",{"nodes":378,"edges":383},[379,381],{"id":336,"type":337,"label":348,"file":318,"line":380},161,{"id":341,"type":342,"label":343,"file":318,"line":382,"wp_function":345},166,[384],{"from":336,"to":341,"sanitized":214},"low",{"summary":387,"deductions":388},"The wp-wiki-tooltip plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having no file operations or bundled libraries, which are common sources of vulnerabilities. The absence of critical or high-severity taint flows, along with a significant percentage of properly escaped output, suggests a reasonable level of sanitization in core functionality.\n\nHowever, significant security concerns arise from the attack surface. The plugin exposes 4 AJAX handlers without authentication checks, representing a substantial entry point for unauthenticated attackers. While taint analysis didn't reveal critical or high severity issues, the presence of unsanitized paths in taint flows warrants attention, as these could potentially be exploited. The vulnerability history, though showing no currently unpatched CVEs, indicates a past medium-severity vulnerability related to Cross-site Scripting, suggesting that input validation and output escaping, while generally good, may have had historical weaknesses.\n\nIn conclusion, while the plugin has strengths in its handling of SQL and output escaping, the lack of authentication on a significant portion of its AJAX endpoints is a critical weakness. This, combined with past XSS vulnerabilities, suggests a moderate risk profile. The developer should prioritize implementing proper authentication and capability checks on all AJAX handlers to mitigate these risks effectively.",[389,391,393,395],{"reason":390,"points":62},"AJAX handlers without auth checks",{"reason":392,"points":226},"Unsanitized paths in taint flows",{"reason":394,"points":226},"Past medium severity XSS vulnerability",{"reason":396,"points":397},"75% output escaping, not 100%",3,"2026-03-16T20:09:18.975Z",{"wat":400,"direct":412},{"assetPaths":401,"generatorPatterns":405,"scriptPaths":406,"versionParams":407},[402,403,404],"\u002Fwp-content\u002Fplugins\u002Fwp-wiki-tooltip\u002Fstatic\u002Fcss\u002Fwp-wiki-tooltip-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-wiki-tooltip\u002Fstatic\u002Fcss\u002Fwp-wiki-tooltip-mce.css","\u002Fwp-content\u002Fplugins\u002Fwp-wiki-tooltip\u002Fstatic\u002Fjs\u002Fwp-wiki-tooltip-admin.js",[],[404],[408,409,410,411],"wp-wiki-tooltip\u002Fstyle.css?ver=","wp-wiki-tooltip-admin.css?ver=","wp-wiki-tooltip-mce.css?ver=","wp-wiki-tooltip-admin.js?ver=",{"cssClasses":413,"htmlComments":417,"htmlAttributes":418,"restEndpoints":423,"jsGlobals":425,"shortcodeOutput":427},[414,415,416],"wp-wiki-tooltip-settings-design","wp-wiki-tooltip-settings-error","wp-wiki-tooltip-settings-thumb",[],[419,420,421,422],"wp-wiki-tooltip-settings-base[nonce]","wp-wiki-tooltip-settings-error[nonce]","wp-wiki-tooltip-settings-design[nonce]","wp-wiki-tooltip-settings-thumb[nonce]",[424],"\u002Fwp-json\u002Fwp-wiki-tooltip\u002Fv1\u002Fpages",[426],"wp_wiki_tooltip_admin",[]]