[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flzJBczjX6oSEoUDR8KaY03nTAoi83XSa2_vyN2pNYw4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":94,"crawl_stats":38,"alternatives":102,"analysis":205,"fingerprints":291},"yamaps","YaMaps for WordPress Plugin","0.6.41","Yuri Baranov","https:\u002F\u002Fprofiles.wordpress.org\u002Fyhunter\u002F","\u003Cp>YaMaps plugin is the simplest way to insert Yandex maps on your site. The plugin has a user-friendly interface. You can visually put placemarks on your Yandex map, move them with your mouse, change icons and much more.\u003C\u002Fp>\n\u003Cp>For use with the new Gutenberg editor, you need add the classic editor block first!\u003C\u002Fp>\n\u003Cp>For the map search to work correctly and find routes, you may need to set an API key (JavaScript API и HTTP Geocoder) on the plugin settings page.\u003C\u002Fp>\n\u003Ch4>Plugin Highlights:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>You can add maps to pages without coding.\u003C\u002Fli>\n\u003Cli>Or you can visually edit the shortcodes in the editor.\u003C\u002Fli>\n\u003Cli>You can add any number of maps to one page.\u003C\u002Fli>\n\u003Cli>You can add multiple markers to one card.\u003C\u002Fli>\n\u003Cli>You can add markers with hyperlinks.\u003C\u002Fli>\n\u003Cli>You can select the icon and it’s color of the marker in the colorpicker.\u003C\u002Fli>\n\u003Cli>You can select type of map (Map, Satellite, Hybrid), map zoom, map controls in the visual editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fm7YncsBrL5g?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Shortcodes Structure\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>yamap center – Map center coordinates\u003C\u002Fli>\n\u003Cli>yamap height – Map height\u003C\u002Fli>\n\u003Cli>yamap zoom – Map zoom (0 to 19)\u003C\u002Fli>\n\u003Cli>yamap scrollzoom – Scrollwheel zoom lock (scrollzoom=”0″ for lock)\u003C\u002Fli>\n\u003Cli>yamap mobiledrag – Map dragging can be disabled for mobile devices (mobiledrag=”0″ for lock)\u003C\u002Fli>\n\u003Cli>yamap type – Map type (yandex#map, yandex#satellite, yandex#hybrid)\u003C\u002Fli>\n\u003Cli>yamap controls – Map controls separated by a semicolon (typeSelector;zoomControl;searchControl;routeEditor;trafficControl;fullscreenControl;geolocationControl)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>yamap container – ID of the existing block in the WP template. The map will be placed in the block with this ID. The new block in the content will not be created.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>yaplacemark coord – Placemark coordinates\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>yaplacemark icon – Placemark icon (Yandex.Map icon type or url of your own image)\u003C\u002Fli>\n\u003Cli>yaplacemark color – Marker color\u003C\u002Fli>\n\u003Cli>yaplacemark name – Placemark hint or content\u003C\u002Fli>\n\u003Cli>\n\u003Cp>yaplacemark url – Linked URL or post with ID will be opened by click on the placemark\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can insert multiple placemark codes inside the maps’s shortcode.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode Example\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[yamap center=\"55.7532,37.6225\" height=\"15rem\" zoom=\"12\" type=\"yandex#map\" controls=\"typeSelector;zoomControl\"][yaplacemark coord=\"55.7532,37.6225\" icon=\"islands#blueRailwayIcon\" color=\"#ff751f\" name=\"Placemark\"][\u002Fyamap]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","The plugin allows you to add Yandex Maps (Яндекс Карты) to pages of your site using a WordPress visual editor.",10000,157674,94,41,"2026-01-15T18:30:00.000Z","6.8.5","4.7","",[20,21,22,23,24],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81","%d0%ba%d0%b0%d1%80%d1%82%d0%b0","%d0%ba%d0%b0%d1%80%d1%82%d1%8b","maps","yandex","http:\u002F\u002Fwww.yhunter.ru\u002Fportfolio\u002Fdev\u002Fyamaps\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyamaps.zip",95,5,0,"2026-02-18 16:26:48","2026-03-15T15:16:48.613Z",[33,48,60,70,82],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-14851","yamaps-for-wordpress-authenticated-contributor-stored-cross-site-scripting-via-shortcode-parameters","YaMaps for WordPress \u003C= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters","The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.6.40","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-19 04:36:20",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb0b84c2a-7297-4d96-8fa7-638b2b9953f4?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2025-13958","yamaps-authenticated-contributor-stored-cross-site-scripting","YaMaps \u003C= 0.6.39 - Authenticated (Contributor+) Stored Cross-Site Scripting","The YaMaps for WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.6.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=0.6.39","0.6.40","2025-12-08 00:00:00","2026-01-06 16:14:46",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9fcd21a6-ca6b-491c-8736-cf6d81883378?source=api-prod",30,{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":65,"updated_date":66,"references":67,"days_to_patch":69},"CVE-2025-32172","yamaps-for-wordpress-authenticated-contributor-stored-cross-site-scripting-2","YaMaps for WordPress \u003C= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting","The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","2025-04-04 00:00:00","2026-01-19 16:44:24",[68],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa1a2b205-9330-4296-9411-58f2f91e1f5e?source=api-prod",291,{"id":71,"url_slug":72,"title":73,"description":74,"plugin_slug":4,"theme_slug":38,"affected_versions":75,"patched_in_version":76,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":77,"updated_date":78,"references":79,"days_to_patch":81},"CVE-2024-43224","yamaps-for-wordpress-authenticated-contributor-stored-cross-site-scripting","YaMaps for WordPress \u003C= 0.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting","The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=0.6.28","0.6.30","2024-08-09 00:00:00","2025-02-11 20:55:10",[80],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6662581b-a057-4b88-951d-824c64f9cdfd?source=api-prod",187,{"id":83,"url_slug":84,"title":85,"description":86,"plugin_slug":4,"theme_slug":38,"affected_versions":87,"patched_in_version":88,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":89,"updated_date":90,"references":91,"days_to_patch":93},"CVE-2023-0270","yamaps-authenticaterd-contributor-stored-cross-site-scripting-via-shortcode","YaMaps \u003C= 0.6.25 - Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode","The YaMaps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 0.6.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=0.6.25","0.6.26","2023-01-17 00:00:00","2024-10-23 08:37:13",[92],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1056804b-c317-4b9f-85ce-41b4ed0ac40a?source=api-prod",645,{"slug":95,"display_name":7,"profile_url":8,"plugin_count":96,"total_installs":97,"avg_security_score":98,"avg_patch_time_days":99,"trust_score":100,"computed_at":101},"yhunter",2,10010,90,231,72,"2026-04-04T09:02:40.737Z",[103,126,148,167,186],{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":16,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":122,"download_link":123,"security_score":124,"vuln_count":47,"unpatched_count":47,"last_vuln_date":125,"fetched_at":31},"wp-yandex-metrika","Yandex.Metrica","1.2.2","Yandex Metrika","https:\u002F\u002Fprofiles.wordpress.org\u002Fyandexmetrika\u002F","\u003Ch4>Yandex.Metrica\u003C\u002Fh4>\n\u003Cp>The free official Yandex.Metrica plugin for WordPress. This plugin helps you install a Yandex.Metrica tag on your site and configure the transfer of E-commerce data without manually editing the site’s code. It also transmits data about product views, additions to the basket, and sales.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Official Yandex.Metrica plugin\u003C\u002Fli>\n\u003Cli>E-commerce event tracking without manually editing the site’s code\u003C\u002Fli>\n\u003Cli>Quick installation\u003C\u002Fli>\n\u003Cli>Support for WordPress versions 5.2.9 and higher\u003C\u002Fli>\n\u003Cli>Scheduled updates\u003C\u002Fli>\n\u003Cli>Prompt support service\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>List of functions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically search for and configure installed Yandex.Metrica tags.\u003C\u002Fli>\n\u003Cli>Quickly add new Yandex.Metrica tags. The following parameters are set by default:\n\u003Cul>\n\u003Cli>E-commerce: Enabled\u003C\u002Fli>\n\u003Cli>Session Replay: Enabled (can be disabled if necessary)\u003C\u002Fli>\n\u003Cli>Click map: enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Transfer of e-commerce events according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fdata\u002Fe-commerce.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Adding an item to the basket\u003C\u002Fli>\n\u003Cli>Pageview of a product profile\u003C\u002Fli>\n\u003Cli>Removing an item from the basket\u003C\u002Fli>\n\u003Cli>Placing an order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Detalization of transferred product data according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fecommerce\u002Fdata.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Event logs with the following error codes:\n\u003Cul>\n\u003Cli>The WordPress version is deprecated\u003C\u002Fli>\n\u003Cli>The site lacks the brand taxonomy indicated by the user\u003C\u002Fli>\n\u003Cli>The theme doesn’t have the hook required for the plugin to work\u003C\u002Fli>\n\u003Cli>The tag number contains characters that aren’t numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n","The free official Yandex.Metrica plugin for WordPress.",60000,262856,70,13,"2025-09-25T10:44:00.000Z","5.2.9","5.6.20",[20,119,120,121,24],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","metrica","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-yandex-metrika\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-yandex-metrika.1.2.2.zip",78,"2025-12-07 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":16,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":144,"download_link":145,"security_score":146,"vuln_count":47,"unpatched_count":29,"last_vuln_date":147,"fetched_at":31},"mihdan-elementor-yandex-maps","Maps from Yandex for Elementor","1.7.1","mihdan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmihdan\u002F","\u003Cp>SEO-friendly Yandex Maps widget for Elementor. Easily add multiple address pins onto the same map with support for different map types (Road Map\u002FSatellite\u002FHybrid\u002FTerrain) and custom map style. Freely edit info window content of your pins with the standard Elementor text editor. And many more custom map options.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FUYAeDlxz9xs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Based on the original \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fextended-google-map-for-elementor\u002F\" rel=\"ugc\">Elementor Google Map Extended\u003C\u002Fa> plugin by InternetCSS.\u003C\u002Fp>\n","Yandex Maps widget for Elementor",7000,51261,98,49,"2025-10-16T12:10:00.000Z","6.6","7.4",[142,143,23,130,24],"api","elementor","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmihdan-elementor-yandex-maps\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmihdan-elementor-yandex-maps.1.7.1.zip",99,"2025-09-29 15:32:06",{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":158,"num_ratings":96,"last_updated":159,"tested_up_to":160,"requires_at_least":161,"requires_php":18,"tags":162,"homepage":164,"download_link":165,"security_score":166,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wt-yandex-metrika","WT Yandex Metrika","1.1","Roman Kusty","https:\u002F\u002Fprofiles.wordpress.org\u002Fkustyrt\u002F","\u003Cp>С помощью этого плагина вы можете c легкость добавить на свой сайт счетчик \u003Cstrong>Яндекс.Метрика\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\" rel=\"nofollow ugc\">Яндекс.Метрика\u003C\u002Fa> — инструмент для оценки посещаемости сайтов, анализа поведения посетителей и эффективности рекламы. Метрика работает по традиционному принципу интернет-счетчиков: код, установленный на страницах вашего сайта, регистрирует каждое посещение, собирая о нем данные.\u003C\u002Fp>\n\u003Ch4>Возможности плагина\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Выбор расположения кода счетчика: Header \u002F Footer\u003C\u002Fli>\n\u003Cli>Отключение счетчика при посещении сайта администратором\u003C\u002Fli>\n\u003Cli>Активация счетчика в панели администратора\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>После установки и активации плагина в \u003Cstrong>настройках сайта\u003C\u002Fstrong> появится раздел \u003Cstrong>WT Яндекс Метрика\u003C\u002Fstrong>, в котором необходимо вставить код счетчика и настроить отображение.\u003C\u002Fp>\n\u003Ch4>Поддержка\u003C\u002Fh4>\n\u003Cp>Домашняя страница и документация плагина: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress\u002F\" rel=\"nofollow ugc\">WT Yandex Metrika\u003C\u002Fa>.\u003Cbr \u002F>\nРазработка и поддержка: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\" rel=\"nofollow ugc\">АИТ “Web Technology”\u003C\u002Fa>.\u003Cbr \u002F>\nСообщество Вконтакте: \u003Ca href=\"https:\u002F\u002Fvk.com\u002Fagency_web_technology\" rel=\"nofollow ugc\">vk.com\u002Fagency_web_technology\u003C\u002Fa>.\u003C\u002Fp>\n","Простое добавление на сайт счетчика Яндекс.Метрика",6000,45465,100,"2020-05-25T14:17:00.000Z","5.4.19","3.9",[20,119,120,163],"yandex-metrika","https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-yandex-metrika.zip",85,{"slug":168,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":175,"downloaded":176,"rating":98,"num_ratings":177,"last_updated":178,"tested_up_to":16,"requires_at_least":179,"requires_php":140,"tags":180,"homepage":18,"download_link":185,"security_score":158,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"captcha-by-yandex-for-contact-form-7","Captcha by Yandex for Contact Form 7","1.2.7","stasionok","https:\u002F\u002Fprofiles.wordpress.org\u002Fstasionok\u002F","\u003Cp>Yandex Captcha protects you against spam and other types of automated abuse. With Contact Form 7’s Yandex Captcha integration module, you can block abusive form submissions by spam bots.\u003C\u002Fp>\n\u003Ch4>Using of a 3rd Party or external service\u003C\u002Fh4>\n\u003Cp>This plugin uses \u003Ca href=\"https:\u002F\u002Fyandex.cloud\u002Fru\u002Fservices\u002Fsmartcaptcha\" rel=\"nofollow ugc\">Yandex SmartCaptcha\u003C\u002Fa> service for its main functionality. Please read \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Flegal\u002Fcloud_terms_smartcaptcha\u002F\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To implement the main plugin functionality, this plugin makes remote requests to yandex smart captcha service (https:\u002F\u002Fsmartcaptcha.cloud.yandex.ru) within three cases:\u003Cbr \u002F>\n – to check yandex captcha sitekey validity\u003Cbr \u002F>\n – to load captcha challenge\u003Cbr \u002F>\n – to check a solving result\u003C\u002Fp>\n","Add antispam Yandex SmartCaptcha for your forms with Contact Form 7",2000,8022,4,"2026-01-12T12:29:00.000Z","5.0",[181,182,183,24,184],"captcha","contact-form-7","%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%ba%d0%b0%d0%bf%d1%87%d0%b0","yandex-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-by-yandex-for-contact-form-7.1.2.7.zip",{"slug":187,"name":188,"version":189,"author":190,"author_profile":191,"description":192,"short_description":193,"active_installs":194,"downloaded":195,"rating":158,"num_ratings":96,"last_updated":196,"tested_up_to":197,"requires_at_least":161,"requires_php":18,"tags":198,"homepage":201,"download_link":202,"security_score":203,"vuln_count":47,"unpatched_count":47,"last_vuln_date":204,"fetched_at":31},"abwp-simple-counter","Simple Counter","1.0.3","abwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fabwp\u002F","\u003Cp>The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.\u003C\u002Fp>\n\u003Cp>Tools webmaster:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebmaster.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Webmaster\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fwebmasters\u002Ftools\u002F\" rel=\"nofollow ugc\">Google Search Console\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Code counters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Metrika\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.",1000,11365,"2024-04-22T19:17:00.000Z","6.5.8",[20,120,199,200,24],"metrika","statistics","https:\u002F\u002Fab-wp.com\u002Fplugins\u002Fsimple-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabwp-simple-counter.1.0.3.zip",71,"2023-12-19 00:00:00",{"attackSurface":206,"codeSignals":257,"taintFlows":283,"riskAssessment":284,"analyzedAt":290},{"hooks":207,"ajaxHandlers":244,"restRoutes":245,"shortcodes":246,"cronEvents":256,"entryPointCount":96,"unprotectedCount":29},[208,214,218,223,226,231,236,240],{"type":209,"name":210,"callback":211,"priority":212,"file":213,"line":166},"filter","mce_external_plugins","yamap_plugin_scripts",999,"includes\\admin.php",{"type":209,"name":215,"callback":216,"priority":212,"file":213,"line":217},"mce_buttons","register_buttons_editor",86,{"type":219,"name":220,"callback":221,"priority":212,"file":213,"line":222},"action","admin_head","yamaps_custom_fonts",87,{"type":219,"name":220,"callback":224,"file":213,"line":225},"yamaps_shortcode_tmpl",88,{"type":219,"name":227,"callback":228,"priority":28,"file":229,"line":230},"wp_enqueue_scripts","YandexMapAPI_script","includes\\api.php",59,{"type":219,"name":232,"callback":233,"file":234,"line":235},"admin_menu","yamaps_options","options.php",23,{"type":219,"name":237,"callback":238,"file":234,"line":239},"admin_init","yamaps_option_settings",335,{"type":219,"name":241,"callback":242,"file":243,"line":59},"plugins_loaded","yamaps_plugin_load_plugin_textdomain","yamap.php",[],[],[247,252],{"tag":248,"callback":249,"file":250,"line":251},"yaplacemark","yaplacemark_func","includes\\shortcodes.php",373,{"tag":253,"callback":254,"file":250,"line":255},"yamap","yamap_func",374,[],{"dangerousFunctions":258,"sqlUsage":259,"outputEscaping":261,"fileOperations":29,"externalRequests":29,"nonceChecks":47,"capabilityChecks":47,"bundledLibraries":282},[],{"prepared":29,"raw":29,"locations":260},[],{"escaped":262,"rawEcho":263,"locations":264},80,8,[265,268,270,272,274,276,278,280],{"file":234,"line":266,"context":267},44,"raw output",{"file":234,"line":269,"context":267},67,{"file":234,"line":271,"context":267},81,{"file":234,"line":273,"context":267},107,{"file":234,"line":275,"context":267},163,{"file":234,"line":277,"context":267},387,{"file":234,"line":279,"context":267},395,{"file":234,"line":281,"context":267},404,[],[],{"summary":285,"deductions":286},"The \"yamaps\" plugin v0.6.41 exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices. There are no identified dangerous functions, all SQL queries are properly prepared, and a high percentage (91%) of output is correctly escaped. Furthermore, the plugin includes nonce and capability checks, which are essential for preventing common WordPress attacks. The absence of file operations and external HTTP requests also reduces the attack surface.\n\nHowever, a significant concern arises from the plugin's vulnerability history, which shows a total of 5 known CVEs, all classified as medium severity and primarily related to Cross-Site Scripting (XSS). Although there are currently no unpatched CVEs for this version, the pattern of past vulnerabilities, particularly XSS, suggests that input sanitization might be an area that requires ongoing vigilance and robust testing. The last recorded vulnerability was in February 2026, which is in the future, indicating a potential data anomaly or that this information is for a future release. The static analysis doesn't reveal any taint flows with unsanitized paths, but the historical XSS issues warrant careful consideration.\n\nIn conclusion, while the current code version demonstrates good practices in many areas, the historical prevalence of XSS vulnerabilities is a notable weakness. Users should ensure they are always running the latest patched version of this plugin and be aware of the potential for similar issues to arise if input handling is not consistently strict. The plugin's limited attack surface and good static analysis results provide a solid foundation, but the historical context demands attention.",[287],{"reason":288,"points":289},"Historical medium severity XSS vulnerabilities",15,"2026-03-16T17:45:48.350Z",{"wat":292,"direct":303},{"assetPaths":293,"generatorPatterns":297,"scriptPaths":298,"versionParams":300},[294,295,296],"\u002Fwp-content\u002Fplugins\u002Fyamaps\u002Fjs\u002Fbtn.js","\u002Fwp-content\u002Fplugins\u002Fyamaps\u002Fjs\u002Fshortcode_parser.js","\u002Fwp-content\u002Fplugins\u002Fyamaps\u002Ftemplates\u002Ftmpl-editor-yamap.html",[],[299],"https:\u002F\u002Fapi-maps.yandex.ru\u002F2.1\u002F",[301,302],"js\u002Fshortcode_parser.js?v=","js\u002Fbtn.js?v=",{"cssClasses":304,"htmlComments":305,"htmlAttributes":306,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":312},[4],[],[307],"data-yamap-options",[],[310,311],"yamap_object","yamap_defaults",[313],"[yamap"]