[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzLPJRogpm50keXrAKivQSAl9btU7XpCaMqph2PXkJ3s":3,"$fZdIEUUJuUnuT_nPIB35gQvAv-BGvFDO9cpo3y5E7jS4":489,"$fT5gap0dPadMBEE5PAXN7WQ84iIAXRlkizf0YpdXZp9c":493},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":57,"analysis":152,"fingerprints":457},"wpshapere-lite","WPShapere Lite","1.4.1","AcmeeDesign","https:\u002F\u002Fprofiles.wordpress.org\u002Facmeedesign\u002F","\u003Cp>WPShapere WordPress Admin Theme is a WordPress plugin and a powerful tool to customize your WordPress admin. It will totally white label the WordPress admin section. With WPShapere you have the ability to offer your customers a complete new admin dashboard with your brand name.\u003Cbr \u002F>\nWPShapere has Simple to use user interface to manage the colors and some of the elements of the WordPress admin theme.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Unlimited color options + 5 pre-made Pro themes.\u003C\u002Fli>\n\u003Cli>Flat\u002FDefault design.\u003C\u002Fli>\n\u003Cli>White Label Branding.\u003C\u002Fli>\n\u003Cli>Upload custom logo for login and dashboard pages.\u003C\u002Fli>\n\u003Cli>RTL Compatibility.\u003C\u002Fli>\n\u003Cli>Custom login Theme.\u003C\u002Fli>\n\u003Cli>Hide unwanted widgets from dashboard.\u003C\u002Fli>\n\u003Cli>Manage Admin Bar elements.\u003C\u002Fli>\n\u003Cli>Hide WordPress version from the footer and add your company name or any text you want.\u003C\u002Fli>\n\u003Cli>Export and Import of settings feature.\u003C\u002Fli>\n\u003Cli>Powerful and simple to use Options panel.\u003C\u002Fli>\n\u003Cli>Add custom css styles to login and admin pages.\u003C\u002Fli>\n\u003Cli>Tested for Compatibility with popular plugins: Contact form 7, WP Super cache, WP Total cache, woocommerce, Elementor etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Version Features\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpshapere.com\u002F\" rel=\"nofollow ugc\">WPShapere Pro Version\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited color options + 16 pre-made Pro themes.\u003C\u002Fli>\n\u003Cli>Hide, rename and sort admin menu items.\u003C\u002Fli>\n\u003Cli>Privilege Users who can access to all menu items.\u003C\u002Fli>\n\u003Cli>Custom Icons for admin menu items: Dashicons, FontAwesome and Line icons\u003C\u002Fli>\n\u003Cli>Modern custom login Theme with 3 preset themes.\u003C\u002Fli>\n\u003Cli>Manage and Create custom dashboard widgets.\u003C\u002Fli>\n\u003Cli>Hide unwanted Metaboxes from the posts and pages.\u003C\u002Fli>\n\u003Cli>Ability to add custom links to the admin bar.\u003C\u002Fli>\n\u003Cli>White Label Emails.\u003C\u002Fli>\n\u003Cli>Multi-site Network Support – Global option\u002FIndividual blog option.\u003C\u002Fli>\n\u003Cli>And much more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F-20oTKNIn2o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","WPShapere is a WordPress plugin to customize the WordPress Admin theme and elements as your wish.",300,6016,100,3,"2025-06-29T08:27:00.000Z","6.8.5","6.0","5.6",[20,21,22,23,24],"admin","admin-theme","white-label","wordpress-admin","wordpress-admin-theme","https:\u002F\u002Fwpshapere.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpshapere-lite.1.4.1.zip",78,1,"2025-06-27 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-53317","wpshapere-wordpress-admin-theme-cross-site-request-forgery","WPShapere - WordPress admin theme \u003C= 1.4.1 - Cross-Site Request Forgery","The WPShapere Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-07-02 19:32:25",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa2edfda3-7c60-424e-bcf7-384958a4eaa9?source=api-prod",[],false,0,{"slug":51,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"acmeedesign",330,87,30,85,"2026-05-20T01:27:53.404Z",[58,79,98,113,131],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":55,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"slate-admin-theme","Slate Admin Theme","1.2.4","ryansommers","https:\u002F\u002Fprofiles.wordpress.org\u002Fryansommers\u002F","\u003Cp>Slate provides a clean, simplified design for your WordPress Admin area.\u003C\u002Fp>\n\u003Cp>Our goal was to simplify the visual design with a primary focus on the content writing experience.\u003C\u002Fp>\n\u003Cp>If you like Slate, please consider leaving a review here on WordPress. Thank you!\u003C\u002Fp>\n","A clean, simplified WordPress Admin theme.",6000,141183,94,44,"2022-01-31T18:42:00.000Z","5.9.13","4.0","",[75,21,22,76,24],"admin-page","wordpress-admin-panel","http:\u002F\u002Fsevenbold.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslate-admin-theme.1.2.4.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":13,"num_ratings":14,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":73,"tags":92,"homepage":95,"download_link":96,"security_score":97,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"wp-clean-admin-theme","Clean WP Admin Theme – Simple design","1.0.3","Jose Vega","https:\u002F\u002Fprofiles.wordpress.org\u002Fjosevega\u002F","\u003Cp>Beautiful design for WP Admin, you can use this plugin to simplify the looks. The WP Admin will look very clean and simple.\u003C\u002Fp>\n\u003Cp>You can install the plugin and it works automatically.\u003C\u002Fp>\n\u003Cp>If you don´t like the main color, you can change it in Settings > General options.\u003C\u002Fp>\n\u003Ch4>Multisite compatible.\u003C\u002Fh4>\n\u003Cp>If you define a constant in wp-config.php, the setting will be applied to all sites automatically and the options field won´t be displayed: \u003Ccode>define('WPCAT_MAIN_COLOR', '#000');\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Recommended plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WP Sheet Editor is a free plugin that allows you to edit WordPress posts, pages, and WooCommerce products using a spreadsheet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages\u002F\" rel=\"ugc\">Download “wp sheet editor” plugin\u003C\u002Fa>\u003C\u002Fp>\n","Beautiful design for WP Admin, Clean Admin Theme for wp-admin.",200,8441,"2024-05-21T01:03:00.000Z","6.5.8","3.6",[21,93,94,22,24],"flat-admin-theme","modern-admin-theme","https:\u002F\u002Fwpfrontendadmin.com\u002F?utm_source=wp-admin&utm_medium=plugins-list&utm_campaign=clean-admin-theme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-clean-admin-theme.1.0.3.zip",92,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":28,"last_updated":109,"tested_up_to":110,"requires_at_least":72,"requires_php":73,"tags":111,"homepage":73,"download_link":112,"security_score":55,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"webseo-admin-theme","Webseo Admin Theme","2.1","nguyenhuytap","https:\u002F\u002Fprofiles.wordpress.org\u002Fnguyenhuytap\u002F","\u003Cp>Webseo provides a clean, simplified design for your WordPress Admin area.\u003C\u002Fp>\n\u003Cp>Our goal was to simplify the visual design with a primary focus on the content writing experience.\u003C\u002Fp>\n\u003Cp>If you like Webseo, please consider leaving a review here on WordPress. Thank you!\u003C\u002Fp>\n","Webseo provides a clean, simplified design for your WordPress Admin area.",10,8930,40,"2017-12-18T15:54:00.000Z","4.9.29",[75,21,22,76,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebseo-admin-theme.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":108,"num_ratings":28,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":73,"tags":126,"homepage":129,"download_link":130,"security_score":55,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"cool-admin-theme-lite-for-wp","Cool Admin Theme Lite for WP","1.0.0","Cool Admin Theme for WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatforwp\u002F","\u003Cp>Cool Admin Theme Lite for WP is a super lightweight and clean interface for your WordPress Admin Pages. With a clean design proposal, this plugin tries to modernize the wordpress admin interface.\u003C\u002Fp>\n\u003Cp>Finally, it is also possible to make the admin interface a little more fun by activating the emojify function, which replaces the icons in the side menu with emojis.\u003C\u002Fp>\n\u003Ch3>Features of this version (Lite)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>New cool style for Admin Pages\u003C\u002Fli>\n\u003Cli>Emojify Admin Menu with predefined emojis\u003C\u002Fli>\n\u003Cli>Enqueue your custom CSS to add more emojis or whatever\u003C\u002Fli>\n\u003Cli>Translation Ready\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Feature of PRO Version\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All features of the lite version more:\u003C\u002Fli>\n\u003Cli>Hide WordPress logo from admin navigation bar\u003C\u002Fli>\n\u003Cli>Use your own logo in admin top navigation bar \u003C\u002Fli>\n\u003Cli>Replace WordPress logo by yours in login page\u003C\u002Fli>\n\u003Cli>Change the background color of login page\u003C\u002Fli>\n\u003Cli>Replace WP logo by your on post edit page (Gutenberg)\u003C\u002Fli>\n\u003Cli>Add a custom favicon in admin area\u003C\u002Fli>\n\u003Cli>Remove non-functional WP widgets from dashboard\u003C\u002Fli>\n\u003Cli>Choose emojis for admin bar from picker\u003C\u002Fli>\n\u003Cli>Replace or hide WordPress text on footer\u003C\u002Fli>\n\u003Cli>Hide WordPress version disclaimer on footer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>– Check it out at \u003Ca href=\"https:\u002F\u002Fwpadmintheme.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwpadmintheme.com\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Use the Cool Admin Theme Lite for WP to make your administration area cleaner, more fresh and cool, ofcourse.",20,1722,"2020-08-27T14:00:00.000Z","5.3.21","4.7",[127,24,128],"cool-admin-theme-for-wordpress","wp-admin-theme","https:\u002F\u002Fgithub.com\u002Fjeffsmonteiro\u002Fcatliteforwp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcool-admin-theme-lite-for-wp.1.0.0.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":72,"requires_php":73,"tags":145,"homepage":150,"download_link":151,"security_score":55,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"aquila-admin-theme","Aquila Admin Theme","3.1.1","GuyPrimavera","https:\u002F\u002Fprofiles.wordpress.org\u002Fguyprimavera\u002F","\u003Cp>A Material Design inspired customisable color scheme and re-design for WordPress Admin (v4.0 onwards). Aquila also cleans up the admin area from unnecessary or potentially confusing items for the end-user.\u003C\u002Fp>\n\u003Cp>Many updates have been made to the admin area, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin area complete re-design.\u003C\u002Fli>\n\u003Cli>Use your own logo instead of the WordPress logo in the admin area and login screen.\u003C\u002Fli>\n\u003Cli>Customisable color scheme with color picker.\u003C\u002Fli>\n\u003Cli>Roboto typeface to match Material Design guidelines.\u003C\u002Fli>\n\u003Cli>“Posts” renamed to “Blog” (can be changed back in Aquila Settings).\u003C\u002Fli>\n\u003Cli>Dashboard metaboxes removed and cleaned up.\u003C\u002Fli>\n\u003Cli>User “Profile” area cleaned up and simplified.\u003C\u002Fli>\n\u003Cli>New custom icon pack.\u003C\u002Fli>\n\u003Cli>Current user role added as an admin body class.\u003C\u002Fli>\n\u003Cli>Removed “How are you..” from the top-right corner.\u003C\u002Fli>\n\u003Cli>Re-designed login screen.\u003C\u002Fli>\n\u003Cli>Admin bar de-cluttered.\u003C\u002Fli>\n\u003Cli>New dashboard widgets.\u003C\u002Fli>\n\u003Cli>WordPress and plugins support links on dashboard.\u003C\u002Fli>\n\u003Cli>“Update” notifications hidden from Editors.\u003C\u002Fli>\n\u003Cli>“Post Format” removed from posts.\u003C\u002Fli>\n\u003Cli>Multisite support.\u003C\u002Fli>\n\u003Cli>Gutenberg support.\u003C\u002Fli>\n\u003Cli>View server information directly on the dashboard.\u003C\u002Fli>\n\u003Cli>Media Library support for clear PNG images.\u003C\u002Fli>\n\u003Cli>Aquila Settings page to control most of these options.\u003C\u002Fli>\n\u003C\u002Ful>\n","Material Design inspired admin theme with a customisable color scheme. Add your own custom logo to match your website.",3000,69700,88,35,"2021-05-31T14:29:00.000Z","5.7.15",[21,146,147,148,149],"material-design-admin-theme","material-design-wordpress","material-design-wordpress-admin","material-wordpress","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faquila-admin-theme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faquila-admin-theme.3.1.1.zip",{"attackSurface":153,"codeSignals":310,"taintFlows":418,"riskAssessment":444,"analyzedAt":456},{"hooks":154,"ajaxHandlers":306,"restRoutes":307,"shortcodes":308,"cronEvents":309,"entryPointCount":49,"unprotectedCount":49},[155,161,165,168,172,174,177,182,186,189,193,197,201,204,207,211,214,218,222,226,230,235,240,244,247,250,254,258,261,265,268,272,276,279,282,286,290,293,296,298,302],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","after_setup_theme","aofLoaddefault","includes\\acmee-framework\\inc\\aof.class.php",25,{"type":156,"name":162,"callback":163,"file":159,"line":164},"aof_tab_start","formwrapStart",26,{"type":156,"name":162,"callback":166,"file":159,"line":167},"saveBtn",27,{"type":156,"name":169,"callback":170,"file":159,"line":171},"aof_tab_close","formwrapEnd",28,{"type":156,"name":169,"callback":166,"file":159,"line":173},29,{"type":156,"name":175,"callback":176,"file":159,"line":54},"aof_after_heading","adminNotices",{"type":156,"name":178,"callback":179,"file":180,"line":181},"admin_menu","wps_premium_menu","includes\\premium-version.class.php",18,{"type":156,"name":178,"callback":183,"file":184,"line":185},"add_impexp_menu","includes\\wps-impexp.class.php",19,{"type":156,"name":187,"callback":188,"file":184,"line":121},"plugins_loaded","wps_settings_action",{"type":156,"name":178,"callback":190,"file":191,"line":192},"wps_sub_menus","includes\\wpshapere.class.php",24,{"type":156,"name":194,"callback":195,"priority":196,"file":191,"line":160},"wp_dashboard_setup","initialize_dash_widgets",999,{"type":198,"name":199,"callback":200,"priority":196,"file":191,"line":167},"filter","admin_title","custom_admin_title",{"type":156,"name":202,"callback":203,"file":191,"line":171},"init","initFunctionss",{"type":156,"name":205,"callback":206,"priority":28,"file":191,"line":54},"admin_bar_menu","add_wpshapere_menus",{"type":156,"name":205,"callback":208,"priority":209,"file":191,"line":210},"wps_save_adminbar_nodes",9990,31,{"type":156,"name":212,"callback":208,"priority":209,"file":191,"line":213},"wp_before_admin_bar_render",32,{"type":156,"name":194,"callback":215,"priority":216,"file":191,"line":217},"manage_widget_functions",9999,33,{"type":156,"name":219,"callback":220,"priority":106,"file":191,"line":221},"login_enqueue_scripts","wpshapereloginAssets",36,{"type":156,"name":223,"callback":224,"file":191,"line":225},"login_head","wpshapeLogincss",37,{"type":156,"name":227,"callback":228,"priority":28,"file":191,"line":229},"login_header","wps_login_form_wrap_start",38,{"type":156,"name":231,"callback":232,"priority":233,"file":191,"line":234},"login_footer","wps_login_form_wrap_close",99,39,{"type":156,"name":236,"callback":237,"priority":238,"file":191,"line":239},"admin_enqueue_scripts","wpshapereAssets",99999,41,{"type":156,"name":241,"callback":242,"file":191,"line":243},"admin_head","wpshapeOptionscss",42,{"type":156,"name":212,"callback":245,"priority":216,"file":191,"line":246},"wps_remove_bar_links",43,{"type":156,"name":205,"callback":248,"priority":233,"file":191,"line":249},"update_avatar_size",45,{"type":198,"name":251,"callback":252,"file":191,"line":253},"login_headerurl","wpshapere_login_url",46,{"type":198,"name":255,"callback":256,"file":191,"line":257},"login_headertext","wpshapere_login_title",47,{"type":156,"name":241,"callback":259,"file":191,"line":260},"generalFns",48,{"type":156,"name":262,"callback":263,"priority":238,"file":191,"line":264},"wp_head","frontendActions",49,{"type":156,"name":175,"callback":266,"file":191,"line":267},"wps_help_link",50,{"type":198,"name":269,"callback":270,"file":191,"line":271},"login_title","login_page_title",51,{"type":198,"name":273,"callback":274,"file":191,"line":275},"automatic_updater_disabled","__return_true",84,{"type":198,"name":277,"callback":278,"file":191,"line":53},"auto_core_update_send_email","__return_false",{"type":198,"name":280,"callback":278,"file":191,"line":281},"screen_options_show_screen",167,{"type":198,"name":283,"callback":284,"file":191,"line":285},"admin_footer_text","wpsbrandFooter",178,{"type":198,"name":287,"callback":288,"priority":233,"file":191,"line":289},"update_footer","wpsremoveVersion",180,{"type":198,"name":291,"callback":278,"file":191,"line":292},"show_admin_bar",516,{"type":156,"name":236,"callback":294,"priority":233,"file":295,"line":210},"aofAssets","main-settings.php",{"type":156,"name":178,"callback":297,"file":295,"line":260},"createOptionsmenu",{"type":156,"name":299,"callback":300,"file":295,"line":301},"admin_init","SaveSettings",59,{"type":156,"name":187,"callback":303,"file":304,"line":305},"wps_load_textdomain","wpshapere-lite.php",71,[],[],[],[],{"dangerousFunctions":311,"sqlUsage":354,"outputEscaping":356,"fileOperations":49,"externalRequests":28,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":417},[312,316,319,322,324,327,330,332,334,336,338,340,343,346,349,352],{"fn":313,"file":159,"line":314,"context":315},"unserialize",156,"$settings = unserialize($settings);",{"fn":313,"file":159,"line":317,"context":318},216,"$get_options = unserialize(get_site_option( $option_id ));",{"fn":313,"file":159,"line":320,"context":321},224,"$get_options = unserialize(get_option( $option_id ));",{"fn":313,"file":184,"line":97,"context":323},"$data = unserialize($import_data); \u002F\u002Fto avoid double serialization",{"fn":313,"file":325,"line":185,"context":326},"includes\\wps-options.php","$wps_options = (is_serialized(get_option(WPSHAPERE_LITE_OPTIONS_SLUG))) ? unserialize(get_option(WPS",{"fn":313,"file":325,"line":328,"context":329},22,"$wps_options = (is_serialized(get_site_option(WPSHAPERE_LITE_OPTIONS_SLUG))) ? unserialize(get_site_",{"fn":313,"file":325,"line":54,"context":331},"$adminbar_items = (is_serialized(get_option(WPS_ADMINBAR_LIST_SLUG))) ? unserialize(get_option(WPS_A",{"fn":313,"file":325,"line":217,"context":333},"$adminbar_items = (is_serialized(get_site_option(WPS_ADMINBAR_LIST_SLUG))) ? unserialize(get_site_op",{"fn":313,"file":325,"line":225,"context":335},"$admin_users_array = (is_serialized(get_option(WPS_ADMIN_USERS_SLUG))) ? unserialize(get_option(WPS_",{"fn":313,"file":325,"line":239,"context":337},"$dash_widgets_list = (is_serialized(get_option('wps_widgets_list'))) ? unserialize(get_option('wps_w",{"fn":313,"file":325,"line":69,"context":339},"$dash_widgets_list = (is_serialized(get_site_option('wps_widgets_list'))) ? unserialize(get_site_opt",{"fn":313,"file":191,"line":341,"context":342},160,"$admin_generaloptions = (is_serialized( $admin_general_options_data )) ? unserialize( $admin_general",{"fn":313,"file":191,"line":344,"context":345},326,"$get_wps_option_data = (is_serialized(get_option($option_id))) ? unserialize(get_option($option_id))",{"fn":313,"file":191,"line":347,"context":348},329,"$get_wps_option_data = (is_serialized(get_site_option($option_id))) ? unserialize(get_site_option($o",{"fn":313,"file":191,"line":350,"context":351},463,"$remove_dash_widgets = (is_serialized($dash_widgets_removal_data)) ? unserialize($dash_widgets_remov",{"fn":313,"file":191,"line":353,"context":351},489,{"prepared":49,"raw":49,"locations":355},[],{"escaped":14,"rawEcho":217,"locations":357},[358,361,363,365,367,369,371,373,375,377,379,381,383,385,387,389,391,393,395,397,398,399,400,401,402,404,405,407,409,411,412,414,415],{"file":159,"line":359,"context":360},57,"raw output",{"file":159,"line":362,"context":360},67,{"file":159,"line":364,"context":360},261,{"file":159,"line":366,"context":360},265,{"file":159,"line":368,"context":360},270,{"file":159,"line":370,"context":360},277,{"file":159,"line":372,"context":360},284,{"file":159,"line":374,"context":360},294,{"file":159,"line":376,"context":360},311,{"file":159,"line":378,"context":360},327,{"file":159,"line":380,"context":360},342,{"file":159,"line":382,"context":360},365,{"file":159,"line":384,"context":360},433,{"file":159,"line":386,"context":360},440,{"file":159,"line":388,"context":360},446,{"file":159,"line":390,"context":360},451,{"file":159,"line":392,"context":360},468,{"file":159,"line":394,"context":360},633,{"file":159,"line":396,"context":360},637,{"file":180,"line":225,"context":360},{"file":180,"line":108,"context":360},{"file":184,"line":225,"context":360},{"file":184,"line":249,"context":360},{"file":184,"line":271,"context":360},{"file":184,"line":403,"context":360},52,{"file":184,"line":359,"context":360},{"file":184,"line":406,"context":360},61,{"file":184,"line":408,"context":360},63,{"file":184,"line":410,"context":360},64,{"file":184,"line":362,"context":360},{"file":184,"line":413,"context":360},72,{"file":191,"line":301,"context":360},{"file":191,"line":416,"context":360},240,[],[419,436],{"entryPoint":420,"graph":421,"unsanitizedCount":49,"severity":435},"wps_settings_action (includes\\wps-impexp.class.php:82)",{"nodes":422,"edges":432},[423,428],{"id":424,"type":425,"label":426,"file":184,"line":427},"n0","source","$_POST",86,{"id":429,"type":430,"label":431,"file":184,"line":97,"wp_function":313},"n1","sink","unserialize() [Object Injection]",[433],{"from":424,"to":429,"sanitized":434},true,"low",{"entryPoint":437,"graph":438,"unsanitizedCount":49,"severity":435},"\u003Cwps-impexp.class> (includes\\wps-impexp.class.php:0)",{"nodes":439,"edges":442},[440,441],{"id":424,"type":425,"label":426,"file":184,"line":427},{"id":429,"type":430,"label":431,"file":184,"line":97,"wp_function":313},[443],{"from":424,"to":429,"sanitized":434},{"summary":445,"deductions":446},"The \"wpshapere-lite\" v1.4.1 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks. Furthermore, all SQL queries are securely handled using prepared statements, and there are no file operations or external HTTP requests that pose an immediate threat. The presence of nonce and capability checks, though limited, is a good practice.\n\nHowever, significant concerns arise from the presence of dangerous functions, specifically `unserialize`, which is often a precursor to deserialization vulnerabilities if user-controlled data is involved. The low percentage of properly escaped output (8%) is a critical weakness, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially since the taint analysis found no unsanitized paths, suggesting the vulnerability might be in how data is handled *after* reaching an entry point or within the unescaped outputs themselves. The vulnerability history further reinforces these concerns, with one unpatched medium-severity CVE indicating a past issue that has not been remediated.\n\nIn conclusion, while the plugin's attack surface is commendably small and its SQL handling is robust, the reliance on `unserialize` and the widespread lack of output escaping, coupled with an unpatched CVE, present substantial security risks. Users should be aware of the potential for XSS and deserialization vulnerabilities, and the need for immediate patching or mitigation of the existing CVE is paramount.",[447,450,453],{"reason":448,"points":449},"Unpatched CVE exists (medium severity)",15,{"reason":451,"points":452},"High percentage of unescaped output (8%)",8,{"reason":454,"points":455},"Presence of dangerous function (unserialize)",5,"2026-03-16T20:22:58.737Z",{"wat":458,"direct":475},{"assetPaths":459,"generatorPatterns":465,"scriptPaths":466,"versionParams":468},[460,461,462,463,464],"\u002Fwp-content\u002Fplugins\u002Fwpshapere-lite\u002Fassets\u002Fcss\u002Fdefault","\u002Fwp-content\u002Fplugins\u002Fwpshapere-lite\u002Fassets\u002Fcss\u002Fpomegranate","\u002Fwp-content\u002Fplugins\u002Fwpshapere-lite\u002Fassets\u002Fcss\u002Fblack-white","\u002Fwp-content\u002Fplugins\u002Fwpshapere-lite\u002Fassets\u002Fcss\u002Fbeach","\u002Fwp-content\u002Fplugins\u002Fwpshapere-lite\u002Fassets\u002Fcss\u002Fafrica",[],[467],"\u002Fwp-content\u002Fplugins\u002Fwpshapere-lite\u002Fassets\u002Fjs\u002Floginjs.js",[469,470,471,472,473,474],"wpshapere-lite\u002Fassets\u002Fcss\u002Fdefault?ver=","wpshapere-lite\u002Fassets\u002Fcss\u002Fpomegranate?ver=","wpshapere-lite\u002Fassets\u002Fcss\u002Fblack-white?ver=","wpshapere-lite\u002Fassets\u002Fcss\u002Fbeach?ver=","wpshapere-lite\u002Fassets\u002Fcss\u002Fafrica?ver=","wpshapere-lite\u002Fassets\u002Fjs\u002Floginjs.js?ver=",{"cssClasses":476,"htmlComments":483,"htmlAttributes":484,"restEndpoints":485,"jsGlobals":486,"shortcodeOutput":488},[477,478,479,480,481,482],"wps-login-container","wps-login-bg","wps-icon-login","wps-icon-email","wps-icon-pwd","wps_kb_link",[],[],[],[487],"WPSHAPERE",[],{"error":434,"url":490,"statusCode":491,"statusMessage":492,"message":492},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwpshapere-lite\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":494},[495,501,509],{"version":6,"download_url":26,"svn_tag_url":496,"released_at":38,"has_diff":48,"diff_files_changed":497,"diff_lines":38,"trac_diff_url":498,"vulnerabilities":499,"is_current":434},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpshapere-lite\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpshapere-lite%2Ftags%2F1.4&new_path=%2Fwpshapere-lite%2Ftags%2F1.4.1",[500],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":502,"download_url":503,"svn_tag_url":504,"released_at":38,"has_diff":48,"diff_files_changed":505,"diff_lines":38,"trac_diff_url":506,"vulnerabilities":507,"is_current":48},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpshapere-lite.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpshapere-lite\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpshapere-lite%2Ftags%2F1.0&new_path=%2Fwpshapere-lite%2Ftags%2F1.4",[508],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":510,"download_url":511,"svn_tag_url":512,"released_at":38,"has_diff":48,"diff_files_changed":513,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":514,"is_current":48},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpshapere-lite.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpshapere-lite\u002Ftags\u002F1.0\u002F",[],[515],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38}]