[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9SHDw2QWzo65gzAZpzgKWbbo7pH2T4GDz6PnoMy_psA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":14,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":147,"fingerprints":351},"xmasb-quotes","XmasB Quotes","1.6.1","XmasB","https:\u002F\u002Fprofiles.wordpress.org\u002Fxmasb\u002F","\u003Cp>XmasB Quotes lets you add and show randow quotes to your wordpress blog with ease. It uses the db to store quotes.\u003Cbr \u002F>\nYou can specify an image for each quote, deafult image for quotes, or disable images.\u003Cbr \u002F>\nNow with the option to use quotes as links!\u003C\u002Fp>\n\u003Cp>Please rate this plugin if you like it!\u003C\u002Fp>\n\u003Cp>For support and questions please visit \u003Ca href=\"http:\u002F\u002Fxmasb.com\u002Fxmasbquotes\" rel=\"nofollow ugc\">the plugin page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>XmasB Quotes is available in the following languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English (base language – feel free to make suggestions if you want\u003C\u002Fli>\n\u003Cli>Belarusian – by \u003Ca href=\"http:\u002F\u002Fwww.fatcow.com\" rel=\"nofollow ugc\">Fat Cow\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch – by Rene at \u003Ca href=\"http:\u002F\u002Fwpwebshop.com\u002Fpremium-wordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress Webshop\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French – by Farida at \u003Ca href=\"http:\u002F\u002Fwww.traducteurs.com\u002F\" rel=\"nofollow ugc\">Traducteurs.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German – by \u003Ca href=\"http:\u002F\u002Fwww.alariel.de\u002Fblog\u002F\" rel=\"nofollow ugc\">Alariel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian – by \u003Ca href=\"http:\u002F\u002Fgidibao.net\u002F\" rel=\"nofollow ugc\">gidibao\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Norwegian – by \u003Ca href=\"http:\u002F\u002Fzhayena.net\u002F\" rel=\"nofollow ugc\">Kristin K. Wangen\u003C\u002Fa> \u002F \u003Ca href=\"http:\u002F\u002Fxmasb.com\" rel=\"nofollow ugc\">Yngve Thoresen\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian – by Flector at \u003Ca href=\"http:\u002F\u002Fwww.wordpressplugins.ru\u002F\" rel=\"nofollow ugc\">WordPressPlugins.ru\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish – by \u003Ca href=\"http:\u002F\u002Fwww.elquintosuyo.com\u002F\" rel=\"nofollow ugc\">Carlos\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Swedish – by \u003Ca href=\"http:\u002F\u002Frabatt.se\u002F\" rel=\"nofollow ugc\">Rabatt\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and questions please visit \u003Ca href=\"http:\u002F\u002Fxmasb.com\u002Fxmasbquotes\" rel=\"nofollow ugc\">the plugin page\u003C\u002Fa>\u003C\u002Fp>\n","Add random quotes with image to your Wordpress blog with this widget.",100,21054,80,1,"2012-01-03T07:45:00.000Z","3.3.2","2.0.2","",[20,21,22,23,24],"image","quotes","sidebar","widget","xmasb","http:\u002F\u002Fxmasb.com\u002Fxmasbquotes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmasb-quotes.1.6.1.zip",63,"2025-08-26 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-53220","xmasb-quotes-reflected-cross-site-scripting","XmasB Quotes \u003C= 1.6.1 - Reflected Cross-Site Scripting","The XmasB Quotes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.6.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-03 20:21:28",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9ce0cc7a-c5ab-4a65-9f1b-7b2f83e36bdd?source=api-prod",{"slug":24,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,68,"2026-04-05T03:00:44.139Z",[50,73,93,112,128],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":70,"vuln_count":14,"unpatched_count":71,"last_vuln_date":72,"fetched_at":29},"image-widget","Image Widget","4.4.11","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Cp>Image Widget is a simple plugin that uses the native WordPress media manager to add image widgets to your site.\u003C\u002Fp>\n\u003Ch4>Image Widget Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Handles image resizing and alignment\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Add title and description\u003C\u002Fli>\n\u003Cli>Versatile – all fields are optional\u003C\u002Fli>\n\u003Cli>Upload, link to external image, or select an image from your media collection\u003C\u002Fli>\n\u003Cli>Customize the look & feel with filter hooks or theme overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quality You Can Trust\u003C\u002Fh4>\n\u003Cp>Image Widget is developed and maintained by \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F1aor\" rel=\"nofollow ugc\">The Events Calendar\u003C\u002Fa>, the same folks behind \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F19me\" rel=\"nofollow ugc\">The Events Calendar, Event Tickets, and a full suite of premium plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported by our team and contributions from community members. If you see a question in the forum you can help with or have a great idea and want to code it up or submit a patch, that would be awesome! Not only will we shower you with praise and thanks, it’s also a good way to get to know us and lead into options for paid work if you freelance.\u003C\u002Fp>\n\u003Ch4>Pull Requests & Translations\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthe-events-calendar\u002Fimage-widget\" rel=\"nofollow ugc\">Check us out on GitHub\u003C\u002Fa> to pull request changes.\u003C\u002Fp>\n\u003Cp>Translations can be submitted \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fimage-widget\" rel=\"nofollow ugc\">here on WordPress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The Image Widget comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “image-widget” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>New in 3.2: You may now also use the “sp_template_image-widget_widget.php” filter to override the default template behavior for .php template files. Eg: if you wanted widget.php to reside in a folder called my-custom-templates\u002F and wanted it to be called my-custom-name.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('sp_template_image-widget_widget.php', 'my_template_filter');\nfunction my_template_filter($template) {\n    return get_template_directory() . '\u002Fmy-custom-templates\u002Fmy-custom-name.php';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>There are a number of filters in the code that will allow you to override data as you see fit. The best way to learn what filters are available is always by simply searching the code for ‘apply_filters’. But all the same, here are a few of the more essential filters:\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_title\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This is actually a pretty typical filter in widgets and is applied to the widget title.\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_text\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Another very typical widget filter that is applied to the description body text. This filter also takes 2 additional arguments for $args and $instance so that you can learn more about the specific widget instance in the process of filtering the content.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attachment_id\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the attachment id of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_url\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url of the image displayed in the widget.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nTHIS IS DEPRECATED AND WILL EVENTUALLY BE DELETED\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_width\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display width of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_height\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display height of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxwidth\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-width style of the image. Hint: override this to use this in responsive designs 🙂\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to ‘100%’).\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxheight\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-height style of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to null)\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_size\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the selected image ‘size’ corresponding to WordPress registered sizes.\u003Cbr \u002F>\nIf this is set to ‘tribe_image_widget_custom’ then the width and height are used instead.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_align\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display alignment of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_alt\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the alt text of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url that the image links to.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link_target\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the link target of the image link.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of image attributes used in the image output. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_link_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of attributes used in the image link. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Ch4>Have You Supported the Image Widget?\u003C\u002Fh4>\n\u003Cp>If so, then THANK YOU! Also, feel free to add this line to your wp-config.php file to prevent the image widget from displaying a message after upgrades.\u003C\u002Fp>\n\u003Cp>define( ‘I_HAVE_SUPPORTED_THE_IMAGE_WIDGET’, true );\u003C\u002Fp>\n\u003Cp>For more info on the philosophy here, check out our \u003Ca href=\"http:\u002F\u002Ftri.be\u002Fdefine-i-have-donated-true\u002F\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>\u003C\u002Fp>\n","A simple image widget that uses the native WordPress media manager to add image widgets to your site.",100000,4620377,98,287,"2024-11-20T20:44:00.000Z","6.7.5","3.5",[66,67,20,22,23],"ad","banner","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget.4.4.11.zip",91,0,"2024-11-22 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":11,"num_ratings":83,"last_updated":84,"tested_up_to":63,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":90,"download_link":91,"security_score":70,"vuln_count":14,"unpatched_count":71,"last_vuln_date":92,"fetched_at":29},"newpost-catch","Newpost Catch","1.3.22","Tetsuya Imamura","https:\u002F\u002Fprofiles.wordpress.org\u002Fs56bouya\u002F","\u003Cp>Thumbnails in new articles setting widget.\u003C\u002Fp>\n","Thumbnails in new articles setting widget.",10000,288091,2,"2025-03-03T00:21:00.000Z","5.6","7.2",[20,88,89,22,23],"images","posts","http:\u002F\u002Fwww.imamura.biz\u002Fblog\u002Fnewpost-catch\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnewpost-catch.1.3.22.zip","2025-02-20 15:03:22",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":81,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":110,"download_link":111,"security_score":11,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"simple-image-widget","Simple Image Widget","4.4.2","Cedaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fcedaro\u002F","\u003Cp>Simple Image Widget is what the name implies — the easiest way to add images to your sidebars. Display advertisements, calls-to-action, or even build a slider based on image widgets.\u003C\u002Fp>\n\u003Cp>Despite its simplicity, Simple Image Widget is built with extensibility in mind, making it super easy to spin off new image-based widgets, or customize the widget ouput using the available template hierarchy.\u003C\u002Fp>\n\u003Ch3>Additional Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsimple-image-widget#postform\" rel=\"ugc\">Write a review\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcedaro\u002Fsimple-image-widget\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcedaroco\" rel=\"nofollow ugc\">Follow @cedaroco\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.cedaro.com\u002F?utm_source=wordpress.org&utm_medium=link&utm_content=simple-image-widget-readme&utm_campaign=plugins\" rel=\"nofollow ugc\">Visit Cedaro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple widget that makes it a breeze to add images to your sidebars.",854415,90,39,"2025-07-20T14:44:00.000Z","6.8.5","4.9",[51,108,109,22,23],"media","media-manager","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-image-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-image-widget.4.4.2.zip",{"slug":113,"name":52,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":83,"last_updated":122,"tested_up_to":105,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":126,"download_link":127,"security_score":11,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"image-widget-rb","1.0.12","rbplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Frbplugins\u002F","\u003Cp>With Image Widget plugin you can in few simple steps publish images grid on sidebar of your blog page or post. For management of the images implemented set of simple and smart options. It’s not gonna take to much time to manage your media resources. Configuration of the gallery widget it’s very simple task with our image widget.\u003Cbr \u002F>\nImage Widget have few functionality modes. You can easily change view of the image widget thumbnails layout. Upload images to the image widget take just few minutes and few clicks. You can use external plugins which have integration with Image Widget RB as source of the settings for the gallery and images sets.\u003Cbr \u002F>\nConfigure styles and view in external gallery plugin, select required gallery elements and publish it in image widget, as target content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features Image Widget\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple image widget interface;\u003C\u002Fli>\n\u003Cli>Simple image management tools;\u003C\u002Fli>\n\u003Cli>Media resources could be upload in few clicks;\u003C\u002Fli>\n\u003Cli>Multi columns image widget configuration;\u003C\u002Fli>\n\u003Cli>Unlimited images amount;\u003C\u002Fli>\n\u003Cli>Image grid widget view;\u003C\u002Fli>\n\u003Cli>Import of the image widget content from the external integrated plugins;\u003C\u002Fli>\n\u003Cli>No limits for image widgets amount on page;\u003C\u002Fli>\n\u003Cli>No limits for image widgets on sidebar;\u003C\u002Fli>\n\u003Cli>Additional parameters for images in image widget media manager;\u003C\u002Fli>\n\u003Cli>Image widget with lightbox;\u003C\u002Fli>\n\u003Cli>Fast navigation in lightbox;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s not require any special skills or code modifications to image widget on your website. Just install image widget plugin on your website, open settings to enable main functionality. Just install plugin from the directory and activate image widget function in widget settings.\u003C\u002Fp>\n\u003Cp>If you have some ideas of new functionality or options for this image widget plugin please drop a line to our contact form or support section.\u003C\u002Fp>\n","Image Widget - most simple and fast way to create image widget to your sidebar",4000,54014,60,"2025-09-25T07:24:00.000Z","3.1",[125,20,51,22,23],"gallery-widget","https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fimage-widget-rb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget-rb.1.0.12.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":11,"num_ratings":138,"last_updated":139,"tested_up_to":140,"requires_at_least":64,"requires_php":18,"tags":141,"homepage":144,"download_link":145,"security_score":146,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"swifty-image-widget","Swifty Image Widget","1.1.1","Goran87","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoran87\u002F","\u003Cp>Super simple but powerful widget that allows adding single or multiple images to your widget positions, using native media uploader. You can add caption for each image to act as testimonial, or you can use it as banner advertising module because its not being blocked with Ad Blocker. It doesn’t load any javascript on front end so its super fast. Use drag and drop to rearrange images.\u003C\u002Fp>\n\u003Cp>Check out demo in sidebar \u003Ca href=\"http:\u002F\u002Fitsgoran.com\u002Fwp\u002Fswifty-image-widget\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Major features in Swifty Image Widget include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily select image from your media collection\u003C\u002Fli>\n\u003Cli>Add one or add multiple images\u003C\u002Fli>\n\u003Cli>Chose full size, one from registered sizes by your theme or define your custom size\u003C\u002Fli>\n\u003Cli>Add caption that will show below image (optional)\u003C\u002Fli>\n\u003Cli>Add link (optional)\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable rel nofollow\u003C\u002Fli>\n\u003Cli>Drag and Drop to rearrange images\u003C\u002Fli>\n\u003Cli>Arrange images\u002Fbanners next to each other or below each other\u003C\u002Fli>\n\u003Cli>Not being blocked by AdBlocker\u003C\u002Fli>\n\u003Cli>Just one css file (0.5kb) called for front styling, no scripts.\u003C\u002Fli>\n\u003Cli>Super Light and Super Fast\u003C\u002Fli>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>Secure and written with best practices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check my other plugins at www.wpgens.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have any suggestions\u002Ffeedback to improve Swifty Image Widget, please get in touch with me via email goran@wpgens.com .\u003C\u002Fp>\n\u003Cp>Also be sure to check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswifty-bar\u002F\" rel=\"ugc\">Swifty Bar\u003C\u002Fa>. Plugin that you will fall in love with 🙂\u003C\u002Fp>\n","Super simple but powerful widget that allows adding single or multiple images to your widget positions, using native media uploader.",1000,26632,12,"2023-08-09T13:13:00.000Z","6.3.8",[142,51,143,22,23],"image-list","resize","https:\u002F\u002Fwww.wpgens.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswifty-image-widget.1.1.1.zip",85,{"attackSurface":148,"codeSignals":180,"taintFlows":264,"riskAssessment":334,"analyzedAt":350},{"hooks":149,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":71,"unprotectedCount":71},[150,156,160,164,168,173],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","init","widget_xmasb_quotes_init","xmasbquotes.php",33,{"type":151,"name":157,"callback":158,"file":154,"line":159},"template_redirect","xmasb_quotes_public_head_inclusion",36,{"type":151,"name":161,"callback":162,"file":154,"line":163},"admin_print_scripts","xmasb_quotes_admin_head_inclusion",37,{"type":151,"name":165,"callback":166,"file":154,"line":167},"admin_menu","xmasb_quotes_add_pages",40,{"type":169,"name":170,"callback":171,"file":154,"line":172},"filter","the_content","filter_xmasb_quotes_random_quote",42,{"type":151,"name":152,"callback":174,"file":154,"line":175},"xmasb_quotes_lang_init",47,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":188,"fileOperations":83,"externalRequests":71,"nonceChecks":71,"capabilityChecks":71,"bundledLibraries":263},[],{"prepared":183,"raw":14,"locations":184},13,[185],{"file":154,"line":186,"context":187},595,"$wpdb->get_results() with variable interpolation",{"escaped":14,"rawEcho":163,"locations":189},[190,193,195,197,199,201,203,205,207,209,211,213,214,216,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261],{"file":154,"line":191,"context":192},111,"raw output",{"file":154,"line":194,"context":192},123,{"file":154,"line":196,"context":192},143,{"file":154,"line":198,"context":192},332,{"file":154,"line":200,"context":192},338,{"file":154,"line":202,"context":192},344,{"file":154,"line":204,"context":192},350,{"file":154,"line":206,"context":192},356,{"file":154,"line":208,"context":192},362,{"file":154,"line":210,"context":192},368,{"file":154,"line":212,"context":192},389,{"file":154,"line":212,"context":192},{"file":154,"line":215,"context":192},391,{"file":154,"line":215,"context":192},{"file":154,"line":218,"context":192},466,{"file":154,"line":220,"context":192},470,{"file":154,"line":222,"context":192},491,{"file":154,"line":224,"context":192},497,{"file":154,"line":226,"context":192},515,{"file":154,"line":228,"context":192},574,{"file":154,"line":230,"context":192},585,{"file":154,"line":232,"context":192},598,{"file":154,"line":234,"context":192},617,{"file":154,"line":236,"context":192},622,{"file":154,"line":238,"context":192},628,{"file":154,"line":240,"context":192},634,{"file":154,"line":242,"context":192},640,{"file":154,"line":244,"context":192},646,{"file":154,"line":246,"context":192},697,{"file":154,"line":248,"context":192},707,{"file":154,"line":250,"context":192},728,{"file":154,"line":252,"context":192},735,{"file":154,"line":254,"context":192},796,{"file":154,"line":256,"context":192},805,{"file":154,"line":258,"context":192},821,{"file":154,"line":260,"context":192},863,{"file":154,"line":262,"context":192},933,[],[265,313],{"entryPoint":266,"graph":267,"unsanitizedCount":46,"severity":312},"xmasb_quotes_management_page (xmasbquotes.php:412)",{"nodes":268,"edges":305},[269,274,280,283,287,290,295,299,303],{"id":270,"type":271,"label":272,"file":154,"line":273},"n0","source","$_REQUEST (x4)",438,{"id":275,"type":276,"label":277,"file":154,"line":278,"wp_function":279},"n1","sink","query() [SQLi]",461,"query",{"id":281,"type":271,"label":282,"file":154,"line":273},"n2","$_REQUEST (x16)",{"id":284,"type":276,"label":285,"file":154,"line":218,"wp_function":286},"n3","echo() [XSS]","echo",{"id":288,"type":271,"label":289,"file":154,"line":273},"n4","$_REQUEST (x8)",{"id":291,"type":276,"label":292,"file":154,"line":293,"wp_function":294},"n5","get_results() [SQLi]",484,"get_results",{"id":296,"type":271,"label":297,"file":154,"line":298},"n6","$_REQUEST (x2)",524,{"id":300,"type":301,"label":302,"file":154,"line":298},"n7","transform","→ xmasb_quotes_print_quote()",{"id":304,"type":276,"label":285,"file":154,"line":196,"wp_function":286},"n8",[306,308,309,310,311],{"from":270,"to":275,"sanitized":307},false,{"from":281,"to":284,"sanitized":307},{"from":288,"to":291,"sanitized":307},{"from":296,"to":300,"sanitized":307},{"from":300,"to":304,"sanitized":307},"high",{"entryPoint":314,"graph":315,"unsanitizedCount":333,"severity":312},"\u003Cxmasbquotes> (xmasbquotes.php:0)",{"nodes":316,"edges":327},[317,318,319,320,321,323,324,325,326],{"id":270,"type":271,"label":272,"file":154,"line":273},{"id":275,"type":276,"label":277,"file":154,"line":278,"wp_function":279},{"id":281,"type":271,"label":282,"file":154,"line":273},{"id":284,"type":276,"label":285,"file":154,"line":218,"wp_function":286},{"id":288,"type":271,"label":322,"file":154,"line":273},"$_REQUEST (x9)",{"id":291,"type":276,"label":292,"file":154,"line":293,"wp_function":294},{"id":296,"type":271,"label":297,"file":154,"line":298},{"id":300,"type":301,"label":302,"file":154,"line":298},{"id":304,"type":276,"label":285,"file":154,"line":196,"wp_function":286},[328,329,330,331,332],{"from":270,"to":275,"sanitized":307},{"from":281,"to":284,"sanitized":307},{"from":288,"to":291,"sanitized":307},{"from":296,"to":300,"sanitized":307},{"from":300,"to":304,"sanitized":307},31,{"summary":335,"deductions":336},"The xmasb-quotes plugin v1.6.1 exhibits a concerning security posture despite some good practices. While the plugin has a seemingly small attack surface with no directly identified AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks, this is contradicted by significant code signals indicating potential weaknesses.  The high percentage of improperly escaped output (97%) is a major red flag, suggesting a strong likelihood of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, the taint analysis reveals two flows with unsanitized paths, both flagged as high severity. This, combined with a history of medium severity XSS vulnerabilities, indicates a pattern of insecure input handling that could be exploited.\n\nThe plugin's vulnerability history, which includes a recently disclosed medium severity XSS vulnerability that remains unpatched, further exacerbates these concerns. The fact that the last vulnerability was reported in August 2025, and it's still unpatched, suggests a lack of proactive security maintenance. While the high usage of prepared statements for SQL queries is a positive aspect, it is overshadowed by the critical issues in output escaping and taint flows. In conclusion, despite a low external attack surface, the internal code analysis and vulnerability history point to significant risks, particularly regarding XSS and unsanitized input, necessitating immediate attention and updates.",[337,340,342,345,348],{"reason":338,"points":339},"Unpatched CVE",20,{"reason":341,"points":138},"High severity taint flows",{"reason":343,"points":344},"Improper output escaping (3% proper)",15,{"reason":346,"points":347},"Capability checks missing",5,{"reason":349,"points":347},"Nonce checks missing","2026-03-16T20:55:18.503Z",{"wat":352,"direct":361},{"assetPaths":353,"generatorPatterns":356,"scriptPaths":357,"versionParams":358},[354,355],"\u002Fwp-content\u002Fplugins\u002Fxmasb-quotes\u002Fjs\u002Fxmasb-quotes.js","\u002Fwp-content\u002Fplugins\u002Fxmasb-quotes\u002Fcss\u002Fxmasb-quotes.css",[],[354],[359,360],"xmasb-quotes\u002Fcss\u002Fxmasb-quotes.css?ver=","xmasb-quotes\u002Fjs\u002Fxmasb-quotes.js?ver=",{"cssClasses":362,"htmlComments":364,"htmlAttributes":369,"restEndpoints":370,"jsGlobals":371,"shortcodeOutput":372},[363],"xmasb_quotes_image",[365,366,367,368,365],"XmasB Quotes: Image \"","\" (by author) not found.","XmasB Quotes: Default Image \"","\" not found.",[],[],[],[373],"\u003Cdiv class=\"xmasb_quotes_image\">\n\t\t\t\u003Cimg src=\""]