[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPH3VHTUYs2mDZ4BiLQyphtGaZ98g6EgHwHsSbIhzQos":3,"$ftn8pbMprzgvJ6y9zPgKeLZvolx05zsRX243LaFrpId0":140,"$fxwhQ-41gLe0I3OvUivc1rxaKo-n7ce0AWr20RMv9iak":145},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":111},"xm-stilfinder","xm Stilfinder","1.35","xmagentur","https:\u002F\u002Fprofiles.wordpress.org\u002Fxmagentur\u002F","\u003Cp>This Plugin allows you to categorize Images from you media library and Display in a selection dialogue via shortcode.\u003C\u002Fp>\n\u003Cp>This is how it works:\u003Cbr \u002F>\n1. Install formidable\u003Cbr \u002F>\n2. Create a Submission form in formidable. It Needs a hidden Input field. Note the form slug and the Input field’s slug.\u003Cbr \u002F>\n3. On a blank WordPress page, enter the shortcode [xm-stilfinder formslug=”your-formidable-form-slug” fieldslug_images=”your-hidden-input-field-slug” per_page=”25″ module_height=93 close_button_url=\u002F] – Change the values formslug and fieldslug_images\u003Cbr \u002F>\n4. Go to your media library \u002F Stile\u003Cbr \u002F>\n5. Here you can establish Stile (Styles)\u003Cbr \u002F>\n6. On the WordPress page where you previously entered the short code, the Stilfinder will appear.\u003Cbr \u002F>\n7. This Plugin uses the Software hammer.min.js , available online under https:\u002F\u002Fhammerjs.github.io\u002Fgetting-started\u002F\u003C\u002Fp>\n","Categorize Images and filter them in a front-end dialogue with form Submission. Uses formidable forms.",0,219,"2026-03-19T14:57:00.000Z","6.9.4","6.8","7.0",[18],"categorize-and-select-styles","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxm-stilfinder.1.35.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},2,10,30,94,"2026-05-20T10:32:14.756Z",[],{"attackSurface":34,"codeSignals":94,"taintFlows":104,"riskAssessment":105,"analyzedAt":110},{"hooks":35,"ajaxHandlers":78,"restRoutes":79,"shortcodes":88,"cronEvents":92,"entryPointCount":27,"unprotectedCount":93},[36,42,46,51,55,59,63,67,70,74],{"type":37,"name":38,"callback":39,"priority":11,"file":40,"line":41},"action","init","xmstilfinder_register_taxonomy","xm-stilfinder.php",61,{"type":37,"name":43,"callback":44,"priority":28,"file":40,"line":45},"set_object_terms","xmstilfinder_terms_set_hook",163,{"type":47,"name":48,"callback":49,"priority":28,"file":40,"line":50},"filter","attachment_fields_to_edit","xmstilfinder_attachment_fields_to_edit",334,{"type":47,"name":52,"callback":53,"priority":28,"file":40,"line":54},"wp_prepare_attachment_for_js","xmstilfinder_prepare_attachment_for_js",345,{"type":37,"name":56,"callback":57,"file":40,"line":58},"rest_api_init","xmstilfinder_register_rest_field",477,{"type":47,"name":60,"callback":61,"priority":28,"file":40,"line":62},"attachment_fields_to_save","xmstilfinder_attachment_fields_to_save",532,{"type":37,"name":64,"callback":65,"file":40,"line":66},"admin_enqueue_scripts","xmstilfinder_admin_assets",571,{"type":37,"name":56,"callback":68,"file":40,"line":69},"closure",672,{"type":37,"name":71,"callback":72,"file":40,"line":73},"wp_enqueue_scripts","xmstilfinder_frontend_assets",1289,{"type":47,"name":75,"callback":76,"priority":28,"file":40,"line":77},"frm_email_message","xmstilfinder_convert_urls_to_gallery_using_field_key",1298,[],[80],{"namespace":81,"route":82,"methods":83,"callback":85,"permissionCallback":86,"file":40,"line":87},"xm-stilfinder\u002Fv1","\u002Fmedia",[84],"GET","xmstilfinder_rest_media","__return_true",673,[89],{"tag":4,"callback":90,"file":40,"line":91},"xmstilfinder_shortcode",1216,[],1,{"dangerousFunctions":95,"sqlUsage":96,"outputEscaping":99,"fileOperations":11,"externalRequests":11,"nonceChecks":93,"capabilityChecks":102,"bundledLibraries":103},[],{"prepared":97,"raw":11,"locations":98},8,[],{"escaped":100,"rawEcho":11,"locations":101},118,[],3,[],[],{"summary":106,"deductions":107},"The \"xm-stilfinder\" v1.35 plugin demonstrates a strong security posture in several key areas. The static analysis reveals a complete absence of dangerous functions, file operations, and external HTTP requests, which are common vectors for exploitation. Furthermore, all SQL queries are properly prepared, and all output is correctly escaped, mitigating the risks of SQL injection and Cross-Site Scripting (XSS) respectively. The plugin also incorporates nonce checks and capability checks, suggesting an awareness of WordPress security best practices.\n\nHowever, the analysis does identify one specific area of concern: one REST API route lacks permission callbacks. This means that this REST API endpoint is accessible without any authentication or authorization checks, potentially exposing it to unauthorized access or manipulation. While there are no recorded vulnerabilities or known CVEs for this plugin, this single unprotected entry point represents a potential security weakness that could be leveraged if an attacker discovers it and finds a way to exploit it.\n\nIn conclusion, \"xm-stilfinder\" v1.35 is generally well-secured, with strong coding practices observed in critical areas like SQL handling and output escaping. The lack of known vulnerabilities is a positive indicator. The primary weakness lies in the unprotected REST API route, which, though a single point, requires attention to ensure the plugin's overall security is maintained.",[108],{"reason":109,"points":28},"Unprotected REST API route","2026-04-16T14:45:42.867Z",{"wat":112,"direct":123},{"assetPaths":113,"generatorPatterns":117,"scriptPaths":118,"versionParams":119},[114,115,116],"\u002Fwp-content\u002Fplugins\u002Fxm-stilfinder\u002Fstilfinder-backend.js","\u002Fwp-content\u002Fplugins\u002Fxm-stilfinder\u002Fstilfinder-frontend.js","\u002Fwp-content\u002Fplugins\u002Fxm-stilfinder\u002Fstilfinder-admin.css",[],[114,115],[120,121,122],"xm-stilfinder\u002Fstilfinder-backend.js?ver=","xm-stilfinder\u002Fstilfinder-frontend.js?ver=","xm-stilfinder\u002Fstilfinder-admin.css?ver=",{"cssClasses":124,"htmlComments":127,"htmlAttributes":132,"restEndpoints":134,"jsGlobals":136,"shortcodeOutput":138},[125,126],"stilfinder-backend","stilfinder-admin-wrap",[128,129,130,131],"\u003C!-- .stilfinder-backend -->","\u003C!-- END .stilfinder-backend -->","\u003C!-- .stilfinder-admin-wrap -->","\u003C!-- END .stilfinder-admin-wrap -->",[133],"data-stilfinder-id",[135],"\u002Fwp-json\u002Fxmstilfinder\u002Fv1\u002Fmedia",[137],"window.xmstilfinder_vars",[139],"\u003Cdiv class=\"stilfinder-frontend\">",{"error":141,"url":142,"statusCode":143,"statusMessage":144,"message":144},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fxm-stilfinder\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":93,"versions":146},[147],{"version":6,"download_url":20,"svn_tag_url":148,"released_at":22,"has_diff":149,"diff_files_changed":150,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":151,"is_current":141},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fxm-stilfinder\u002Ftags\u002F1.35\u002F",false,[],[]]