[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCTQDNU3cqpG3k0z1-l8erBEf8ISRCDOjo6IvoSk2vH0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":145,"fingerprints":298},"wp-wrapper","WP Wrapper","1.2.9","nabtron","https:\u002F\u002Fprofiles.wordpress.org\u002Fnabtron\u002F","\u003Cp>Wrapper for WordPress does a simple thing, adds a wrapper to your WrodPress.\u003C\u002Fp>\n\u003Cp>Joomla comes with built-in wrapper which is missed in WordPress by many wordpress users.\u003C\u002Fp>\n\u003Cp>Options in admin panel include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>desired url\u003C\u002Fli>\n\u003Cli>select page on which wrapper has to be shown\u003C\u002Fli>\n\u003Cli>height \u003C\u002Fli>\n\u003Cli>width\u003C\u002Fli>\n\u003Cli>show scroll bar or not\u003C\u002Fli>\n\u003Cli>show border or not\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Up coming version will have many more options\u003C\u002Fp>\n\u003Cp>Found a bug or have a feature request ? \u003Ca href=\"https:\u002F\u002Fnabtron.com\u002Fwp-wrapper\u002F\" rel=\"nofollow ugc\">\u003Cbr \u002F>\nReport here\u003C\u002Fa>\u003C\u002Fp>\n","Wrapper for WordPress pages using iFrame. Various options in admin panel",700,53394,100,4,"2024-11-26T17:47:00.000Z","6.7.5","5.0","",[20,21,22,23,24],"frame","iframe","joomla","page","wrapper","https:\u002F\u002Fnabtron.com\u002Fwp-wrapper\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wrapper.1.2.9.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},5,1030,91,30,88,"2026-04-04T14:36:40.263Z",[40,66,87,106,123],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":61,"download_link":62,"security_score":63,"vuln_count":64,"unpatched_count":28,"last_vuln_date":65,"fetched_at":30},"include-me","Include Me","1.3.7","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Include Me helps to include in posts or pages external files usually to be shared\u003Cbr \u002F>\nbetween different posts or pages or that contains PHP or other code that can be\u003Cbr \u002F>\ncompromised by the visual editor.\u003C\u002Fp>\n\u003Cp>The use is immediate: the shortcode [includeme] is all that you need (see the documentation\u003Cbr \u002F>\non \u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me official page\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>The best way to use it is to include functionalities\u003Cbr \u002F>\nwritten in external PHP that will be rendered in post body or to include pieces of\u003Cbr \u002F>\njavascript that will be hard to add with WordPress editor.\u003C\u002Fp>\n\u003Cp>Inclusions can be rendered with IFRAME if needed to create boxes that display\u003Cbr \u002F>\nexternal web pages.\u003C\u002Fp>\n\u003Cp>This plugin is made of few line of code, ultralite!\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>You can contribute to translate this plugin in your language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">WordPress Translate\u003C\u002Fa>\u003C\u002Fp>\n","Include Me helps to include any external file (textual, HTML or PHP) in posts or pages.",4000,91243,96,21,"2026-02-05T15:36:00.000Z","6.9.4","6.1","7.0",[57,21,58,59,60],"external-page","include","php","php-execute","https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finclude-me.1.3.7.zip",97,2,"2025-09-09 00:00:00",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":76,"num_ratings":33,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":84,"download_link":85,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"embed-iframe","Embed Iframe","1.2","brajesh","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrajesh\u002F","\u003Cp>Embed Iframe is a plugin that will let you embed iframe – an HTML tag that allows a webpage to be displayed inline with the current page, in a WordPress post. Although an iframe can lead to a complicated website, it can be very effective when used appropriately.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Use following tag to insert another page in post using iframe\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[iframe url width height]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>e.g.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[iframe http:\u002F\u002Fwww.example.com 400 500]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allows the insertion of code to display an external webpage within an iframe.",2000,156429,68,"2022-06-01T02:10:00.000Z","6.0.11","1.3","5.3",[82,21,23,83],"embed","post","https:\u002F\u002Fwww.deskera.com\u002Fblog\u002Fwordpress-plugin-embed-iframe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-iframe.zip",85,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":18,"tags":102,"homepage":104,"download_link":105,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"pageview","PageView","1.6","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>PageView is a plugin that will display another web page inside the current post. This is achieved with the use of an\u003Cbr \u002F>\niframe – an HTML tag that allows a webpage to be displayed inline with the current page.\u003C\u002Fp>\n\u003Cp>To use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[pageview url=\"http:\u002F\u002Furbangiraffe.com\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Optional arguments:\u003C\u002Fp>\n\u003Cp>title = A title to show under the iframe\u003Cbr \u002F>\ndesc = A description to show under the iframe\u003Cbr \u002F>\nwidth = Width of iframe, in px or %\u003Cbr \u002F>\nheight = Height of iframe, in px or %\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation can be found on the \u003Ca href=\"http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fpageview\u002F\" rel=\"nofollow ugc\">Pageview\u003C\u002Fa> page.\u003C\u002Fp>\n","Insert an iframe and display an external website directly in a post using just a shortcode.",1000,73637,84,6,"2017-11-28T20:21:00.000Z","4.1.42","2.5",[82,103,21,23,83],"html","http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fpageview\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpageview.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":28,"num_ratings":28,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":121,"download_link":122,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"iframe-wrapper","iframe Wrapper","0.1.1","Aelora","https:\u002F\u002Fprofiles.wordpress.org\u002Faelora\u002F","\u003Cp>iframes get a bad wrap, and rightly so in many cases. But when you want to embed\u003Cbr \u002F>\none website inside of another one in a single step, they’re a really easy way to make it work.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Inside whatever post or page you want to embed another site, use the short code\u003C\u002Fp>\n\u003Cp>[iframeWrapper url=http:\u002F\u002Fexample.com]\u003C\u002Fp>\n\u003Cp>This will put an iframe linking to example.com into your page. The width will\u003Cbr \u002F>\nbe 100% of the contain it’s in and the height will automatically adjust to the\u003Cbr \u002F>\ncontents of the frame.\u003C\u002Fp>\n\u003Cp>This plugin was originally written to embed \u003Ca href=\"http:\u002F\u002Fwww.proofbuddy.com\" rel=\"nofollow ugc\">ProofBuddy\u003C\u002Fa>\u003Cbr \u002F>\nsites within a WordPress theme without much fuss. But it should work well to embed\u003Cbr \u002F>\nany site within a WordPress theme.\u003C\u002Fp>\n","A small little plugin to embed an auto resizing iframe into a WordPress page or post.",500,13658,"2012-03-24T22:14:00.000Z","3.0.5","2.6",[82,20,21,120,24],"wrap","http:\u002F\u002Fwww.proofbuddy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiframe-wrapper.0.1.1.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":143,"download_link":144,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-image-lazy-load","Zedna WP Image Lazy Load","1.6.3.3","Radek Mezulanik","https:\u002F\u002Fprofiles.wordpress.org\u002Fzedna\u002F","\u003Cp>Decreasing page load time by progressive loading of images and other elements. They will load just when reach visible part of screen. Lazy loading can be also applied on themes.\u003C\u002Fp>\n\u003Cp>Plugin affect these elements:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Ccode>\u003Cimg>\u003C\u002Fcode> element\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>CSS property \u003Ccode>background-image\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>responsive images with \u003Ccode>srcset\u003C\u002Fcode> attribute\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>\u003Ciframe>\u003C\u002Fcode> element\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>\u003Cvideo>\u003C\u002Fcode> element\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cp>-reduce up to 90% of page load time, depends on elements amount\u003C\u002Fp>\n\u003Cp>-compatible with Visual Composer\u003C\u002Fp>\n\u003Cp>-compatible with WooCommerce\u003C\u002Fp>\n\u003Cp>-you can choose to skip all iframes or just one in specific element\u003C\u002Fp>\n\u003Cp>-you can choose to skip specific elements with some class\u003C\u002Fp>\n\u003Cp>-you can show elements earlier or later than are visible on the screen\u003C\u002Fp>\n\u003Cp>-optional fade in animation\u003C\u002Fp>\n","Image lazy load plugin to boost page load time and save bandwidth by removing all the images, background-images, responsive images, iframes and videos &hellip;",300,25687,90,16,"2019-11-07T16:13:00.000Z","5.2.24","4.0",[139,21,140,141,142],"bandwith","image","page-load","speed","https:\u002F\u002Fprofiles.wordpress.org\u002Fzedna#content-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-image-lazy-load.zip",{"attackSurface":146,"codeSignals":166,"taintFlows":184,"riskAssessment":290,"analyzedAt":297},{"hooks":147,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":28,"unprotectedCount":28},[148,153,157],{"type":149,"name":150,"callback":151,"file":152,"line":35},"action","init","nabwrapper_init_func","wp-wrapper.php",{"type":149,"name":154,"callback":155,"file":152,"line":156},"admin_menu","nabwrap_description_add_menu",130,{"type":158,"name":159,"callback":160,"file":152,"line":161},"filter","the_content","get_nabwrapper_id",131,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":28,"externalRequests":28,"nonceChecks":182,"capabilityChecks":182,"bundledLibraries":183},[],{"prepared":28,"raw":28,"locations":169},[],{"escaped":171,"rawEcho":14,"locations":172},26,[173,176,178,180],{"file":152,"line":174,"context":175},76,"raw output",{"file":152,"line":177,"context":175},87,{"file":152,"line":179,"context":175},143,{"file":152,"line":181,"context":175},187,1,[],[185,202,259],{"entryPoint":186,"graph":187,"unsanitizedCount":182,"severity":201},"nabwrap_description_option_page (wp-wrapper.php:135)",{"nodes":188,"edges":198},[189,193],{"id":190,"type":191,"label":192,"file":152,"line":179},"n0","source","$_SERVER['REQUEST_URI']",{"id":194,"type":195,"label":196,"file":152,"line":179,"wp_function":197},"n1","sink","echo() [XSS]","echo",[199],{"from":190,"to":194,"sanitized":200},false,"medium",{"entryPoint":203,"graph":204,"unsanitizedCount":28,"severity":258},"nabwrapper_init_func (wp-wrapper.php:92)",{"nodes":205,"edges":249},[206,209,212,216,218,222,224,228,230,234,237,241,243,247],{"id":190,"type":191,"label":207,"file":152,"line":208},"$_POST['nabwrap_url']",104,{"id":194,"type":195,"label":210,"file":152,"line":208,"wp_function":211},"update_option() [Settings Manipulation]","update_option",{"id":213,"type":191,"label":214,"file":152,"line":215},"n2","$_POST['nabwrap_page']",105,{"id":217,"type":195,"label":210,"file":152,"line":215,"wp_function":211},"n3",{"id":219,"type":191,"label":220,"file":152,"line":221},"n4","$_POST['nabwrap_width']",106,{"id":223,"type":195,"label":210,"file":152,"line":221,"wp_function":211},"n5",{"id":225,"type":191,"label":226,"file":152,"line":227},"n6","$_POST['nabwrap_height']",107,{"id":229,"type":195,"label":210,"file":152,"line":227,"wp_function":211},"n7",{"id":231,"type":191,"label":232,"file":152,"line":233},"n8","$_POST",108,{"id":235,"type":195,"label":210,"file":152,"line":236,"wp_function":211},"n9",112,{"id":238,"type":191,"label":239,"file":152,"line":240},"n10","$_POST['nabwrap_scroll']",113,{"id":242,"type":195,"label":210,"file":152,"line":240,"wp_function":211},"n11",{"id":244,"type":191,"label":245,"file":152,"line":246},"n12","$_POST['nabwrap_addlink']",114,{"id":248,"type":195,"label":210,"file":152,"line":246,"wp_function":211},"n13",[250,252,253,254,255,256,257],{"from":190,"to":194,"sanitized":251},true,{"from":213,"to":217,"sanitized":251},{"from":219,"to":223,"sanitized":251},{"from":225,"to":229,"sanitized":251},{"from":231,"to":235,"sanitized":251},{"from":238,"to":242,"sanitized":251},{"from":244,"to":248,"sanitized":251},"low",{"entryPoint":260,"graph":261,"unsanitizedCount":28,"severity":258},"\u003Cwp-wrapper> (wp-wrapper.php:0)",{"nodes":262,"edges":281},[263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,279],{"id":190,"type":191,"label":207,"file":152,"line":208},{"id":194,"type":195,"label":210,"file":152,"line":208,"wp_function":211},{"id":213,"type":191,"label":214,"file":152,"line":215},{"id":217,"type":195,"label":210,"file":152,"line":215,"wp_function":211},{"id":219,"type":191,"label":220,"file":152,"line":221},{"id":223,"type":195,"label":210,"file":152,"line":221,"wp_function":211},{"id":225,"type":191,"label":226,"file":152,"line":227},{"id":229,"type":195,"label":210,"file":152,"line":227,"wp_function":211},{"id":231,"type":191,"label":232,"file":152,"line":233},{"id":235,"type":195,"label":210,"file":152,"line":236,"wp_function":211},{"id":238,"type":191,"label":239,"file":152,"line":240},{"id":242,"type":195,"label":210,"file":152,"line":240,"wp_function":211},{"id":244,"type":191,"label":245,"file":152,"line":246},{"id":248,"type":195,"label":210,"file":152,"line":246,"wp_function":211},{"id":278,"type":191,"label":192,"file":152,"line":179},"n14",{"id":280,"type":195,"label":196,"file":152,"line":179,"wp_function":197},"n15",[282,283,284,285,286,287,288,289],{"from":190,"to":194,"sanitized":251},{"from":213,"to":217,"sanitized":251},{"from":219,"to":223,"sanitized":251},{"from":225,"to":229,"sanitized":251},{"from":231,"to":235,"sanitized":251},{"from":238,"to":242,"sanitized":251},{"from":244,"to":248,"sanitized":251},{"from":278,"to":280,"sanitized":251},{"summary":291,"deductions":292},"The \"wp-wrapper\" plugin version 1.2.9 demonstrates a strong security posture based on the provided static analysis.  The plugin exhibits a remarkably small attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Crucially, all identified entry points appear to be protected, indicating a commitment to access control. The code also shows good practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output.\n\nDespite the generally positive findings, there is one identified flow with an unsanitized path in the taint analysis, which warrants attention. While the severity is not explicitly classified as critical or high, any unsanitized path is a potential risk for directory traversal or other path manipulation vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is a significant strength. This suggests a history of secure development and maintenance.\n\nIn conclusion, \"wp-wrapper\" v1.2.9 appears to be a secure plugin with robust development practices. The lack of known vulnerabilities and a well-controlled attack surface are commendable. The single identified unsanitized path is the primary concern and should be investigated and remediated to maintain this strong security record.",[293,295],{"reason":294,"points":33},"Flow with unsanitized path found",{"reason":296,"points":64},"Output escaping not fully proper (87%)","2026-03-16T19:23:20.801Z",{"wat":299,"direct":304},{"assetPaths":300,"generatorPatterns":301,"scriptPaths":302,"versionParams":303},[],[],[],[],{"cssClasses":305,"htmlComments":307,"htmlAttributes":308,"restEndpoints":310,"jsGlobals":311,"shortcodeOutput":312},[306],"wp-wrapper-iframe",[],[309],"id=\"wp-wrapper-iframe\"",[],[],[313],"\u003Ciframe class=\"wp-wrapper-iframe\" id=\"wp-wrapper-iframe\" width=\""]