[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2bYjCrMVTN063o5aP5uc6Eh9qLpHgePaRIYZGiVEqPI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":141,"fingerprints":203},"zoom-image-shortcode","Zoomify embed for WP","1.5.2","SdeWijs","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdewijs\u002F","\u003Cp>This Zoomify plugin for WordPress allows you to upload .zif files to your media directory. You can then create the Zoomify imagebox\u003Cbr \u002F>\nwith toolbar by using the shortcode \u003Ccode>[zoomify file=\"fileUrl\" zskinpath=\"Default\u002FDark\u002FLight\" zoomlevel=100]\u003C\u002Fcode> (zoomlevel is optional), where “fileUrl” is the url\u002Fpermalink to the zif-file.\u003Cbr \u002F>\nThe skin parameter has three options: Default, Dark and Light. If the skin parameter is omitted in the shortcode the Default skin will be used.\u003C\u002Fp>\n\u003Cp>For example, if the permalink to your file is http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002F2016\u002F10\u002FmyAwesomemap.zif, the shortcode will look like this\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[zoomify file=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002F2016\u002F10\u002FmyAwesomemap.zif\" zskinpath=\"Default\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If copy-pasting this example does not work, please type out the shortcode manually in your WP editor so the double quotes are properly formatted.\u003C\u002Fp>\n\u003Cp>I am not connected to Zoomify in any way, I coded this plugin for personal use and figured this may come in handy for other Zoomify users.\u003C\u002Fp>\n\u003Cp>Each Zoomify image had it’s own unique identifier, so you can add muiltiple Zoomify images to a page.\u003C\u002Fp>\n","This plugin offers an easy way to embed zoomify .zif files in your WordPress website.",90,4778,100,7,"2023-04-06T10:13:00.000Z","6.2.9","3.0.1","",[20,21,22],"images","shortcode","zoomify","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fzoom-image-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzoom-image-shortcode.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-58863","zoomify-embed-for-wp-authenticated-contributor-stored-cross-site-scripting","Zoomify embed for WP \u003C= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Zoomify embed for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.5.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-11 14:04:20",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F04df6d4b-7beb-4347-9f88-a6cfaad389aa?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":11,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"sdewijs",2,82,30,81,"2026-04-04T13:23:04.598Z",[52,71,90,108,125],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":18,"download_link":68,"security_score":69,"vuln_count":70,"unpatched_count":70,"last_vuln_date":35,"fetched_at":28},"random-images","Random Images","1.0","Sheri Grey","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignsimply\u002F","\u003Cp>The \u003Ccode>[random_images]\u003C\u002Fcode> shortcode will display an unstyled set of random images.\u003C\u002Fp>\n\u003Cp>Six images will display at thumbnail size linked to attachment pages by default.\u003C\u002Fp>\n\u003Cp>To change the number of images and the size:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[random_images total=4 size=medium]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To make the links point to image files instead of attachment pages:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[random_images link=file]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you have any questions, please ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frandom-images\" title=\"Random Images Support Forum\" rel=\"ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n","The [random_images] shortcode displays random attached images.",40,5092,50,6,"2018-12-02T06:50:00.000Z","5.0.25","2.8",[20,53,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-images.1.0.zip",85,0,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":13,"num_ratings":63,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":18,"tags":84,"homepage":88,"download_link":89,"security_score":69,"vuln_count":70,"unpatched_count":70,"last_vuln_date":35,"fetched_at":28},"storyftw","story|ftw","0.1.4","Justin Sternberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fjtsternberg\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002F?utm_source=wordpress-repo&utm_medium=wordpress-repo&utm_term=wordpress-repo&utm_content=wordpress-repo&utm_campaign=wordpress-repo\" rel=\"nofollow ugc\">Story|ftw\u003C\u002Fa> extends the publishing power of your WordPress theme. Allows you to easily tell full screen — no header, footer, or menu — stories with a rich range of content and style elements.\u003C\u002Fp>\n\u003Cp>Publish on WordPress?  Have mobile traffic that continues to rise?  Are you fighting to keep your readers focused on your stories?\u003C\u002Fp>\n\u003Cp>Us too.\u003C\u002Fp>\n\u003Cp>Originally the plugin was created to better capture and convert the ever rising mobile traffic from paid Facebook ads.  During the course of development it has grown in range and scope and bells and whistles.\u003C\u002Fp>\n\u003Cp>We are eager to see what folks might use it for.\u003C\u002Fp>\n\u003Cp>We plan to update the plugin often.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Uses regular WordPress editing features\u003C\u002Fli>\n\u003Cli>Completely eliminates your header and footer and menu.  \u003C\u002Fli>\n\u003Cli>Full screen image backgrounds\u003C\u002Fli>\n\u003Cli>Full screen gif backgrounds\u003C\u002Fli>\n\u003Cli>Full screen video backgrounds (fallback to jpeg or gif on mobile devices)\u003C\u002Fli>\n\u003Cli>Easily add call to action buttons via shortcodes\u003C\u002Fli>\n\u003Cli>Easily embed youtube or vimeo via shortcodes\u003C\u002Fli>\n\u003Cli>Drag and drop page re-ordering\u003C\u002Fli>\n\u003Cli>Add social sharing via shortcodes on any story page\u003C\u002Fli>\n\u003Cli>Easily caption photos and give love to the photographers and artists\u003C\u002Fli>\n\u003Cli>Complete granular control over all colors – stay on brand\u003C\u002Fli>\n\u003Cli>Story re-direct feature.  After your story is complete re-direct to any url\u003C\u002Fli>\n\u003Cli>Easy to add a Table of Contents as well as logo to any story\u003C\u002Fli>\n\u003Cli>Check it out on your tablet or phone – thumb swiping tablet\u002Fmobile optimized navigation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>So What Can It Do? Some Early Implementations…\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.breathingcolor.com\u002Fblog\u002Fspooktacular\u002F?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=bc&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN SELL\u003C\u002Fa> Tell a story and dump your users onto the product page with the re-direct feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Fbloomin-baked-apples?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=it%2Bcan%2Bcook&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN COOK\u003C\u002Fa> A native app like experience for the tablet or phone in the kitchen while cooking.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002F29-lyon?utm_source=http%3A%2F%2Fstoryftw.com%2Fbloomin-baked-apples%3Futm_source%3Dwordpress-plugin-repo%26utm_medium%3Dwordpress-plugin-repo%26utm_term%3Dwordpress-plugin-repo%26utm_content%3Dit%252Bcan%252Bcook%26utm_campaign%3Dwordpress-plugin-repo&utm_medium=http%3A%2F%2Fstoryftw.com%2Fbloomin-baked-apples%3Futm_source%3Dwordpress-plugin-repo%26utm_medium%3Dwordpress-plugin-repo%26utm_term%3Dwordpress-plugin-repo%26utm_content%3Dit%252Bcan%252Bcook%26utm_campaign%3Dwordpress-plugin-repo&utm_term=http%3A%2F%2Fstoryftw.com%2Fbloomin-baked-apples%3Futm_source%3Dwordpress-plugin-repo%26utm_medium%3Dwordpress-plugin-repo%26utm_term%3Dwordpress-plugin-repo%26utm_content%3Dit%252Bcan%252Bcook%26utm_campaign%3Dwordpress-plugin-repo&utm_content=It%2BCan%2BSell%2BRE&utm_campaign=http%3A%2F%2Fstoryftw.com%2Fbloomin-baked-apples%3Futm_source%3Dwordpress-plugin-repo%26utm_medium%3Dwordpress-plugin-repo%26utm_term%3Dwordpress-plugin-repo%26utm_content%3Dit%252Bcan%252Bcook%26utm_campaign%3Dwordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN SELL REAL ESTATE\u003C\u002Fa> Give a better home preview than redfin or zillo.  Let Realtors introduce themselves via video.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Fjames-altucher?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=It%2Bcan%2Bdo%2Blist%2Bposts&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN DO LIST POSTS\u003C\u002Fa> Keep the reader focused! Love this guy’s writing.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Fhappiness?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=It%2Bcan%2Bdo%2Bquotes&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN DO QUOTES\u003C\u002Fa> Everybody loves quotes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Fminimalist-world-cup#minimalist-world-cup?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=It%2Bcan%2BDo%2Bart&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN DO ART\u003C\u002Fa> Is it 2018 yet?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Fprecocious?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=it%2Bcan%2Btell%2Bstories&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN TELL STORIES\u003C\u002Fa> I want to meet this kid.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Fcmb2-metabox-strikes-back?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_term=wordpress-plugin-repo&utm_content=Presentations&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">IT CAN DO PRESENTATIONS\u003C\u002Fa> Justin’s presentation from WordCamp Raleigh.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>So What Would You Like It To Do\u003C\u002Fh3>\n\u003Cp>You tell us. Submit a \u003Ca href=\"http:\u002F\u002Fstoryftw.com\u002Ffeature-request?utm_source=wordpress-plugin-repo&utm_medium=wordpress-plugin-repo&utm_content=feature-request&utm_campaign=wordpress-plugin-repo\" rel=\"nofollow ugc\">Feature Request\u003C\u002Fa>.\u003C\u002Fp>\n","story|ftw is a full screen, mobile first storytelling plugin. It can do text, images, gifs, video backgrounds plus a whole lot more.",20,6157,"2015-02-28T17:43:00.000Z","4.1.42","3.8.0",[85,20,86,21,87],"gallery","mobile","video","http:\u002F\u002Fstoryftw.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstoryftw.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":79,"downloaded":98,"rating":70,"num_ratings":70,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":18,"tags":102,"homepage":106,"download_link":107,"security_score":69,"vuln_count":70,"unpatched_count":70,"last_vuln_date":35,"fetched_at":28},"yd-zoomify","YD Zoomify","0.1.0","Yann at WP&Co","https:\u002F\u002Fprofiles.wordpress.org\u002Fydubois\u002F","\u003Ch4>Zoom on your images!\u003C\u002Fh4>\n\u003Cp>This WordPress plugin allows for simple insertion of a Zoomify zoomable web image in a post content, page or template.\u003C\u002Fp>\n\u003Cp>Zoomify express is a free technology based on Flash: http:\u002F\u002Fwww.zoomify.com\u002F. However, the WordPress content editor tends to break the Flash inclusion code (it deletes the needed parameters).\u003Cbr \u002F>\nThis plugin is a simple way to get around this problem and insert zoomable image code that will display perfectly with all flash-supporting browsers.\u003C\u002Fp>\n\u003Ch4>Active support\u003C\u002Fh4>\n\u003Cp>Drop me a line on my support site to report bugs, ask for specific feature or improvement, or just tell me how you’re using the plugin.\u003Cbr \u002F>\nIt’s still in an active development stage, with new features coming out on a regular basis.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>I have no relationship with Zoomify Inc. Please go to their website http:\u002F\u002Fwww.zoomify.com\u002F if you encounter problems with their product.\u003C\u002Fp>\n\u003Ch3>Revisions\u003C\u002Fh3>\n\u003Cp>0.1.0. Initial beta release\u003C\u002Fp>\n\u003Ch3>Did you like it?\u003C\u002Fh3>\n\u003Cp>Drop me a line on http:\u002F\u002Fwww.yann.com\u002Fwp-plugins\u002Fyd-zoomify\u003C\u002Fp>\n\u003Cp>And… \u003Cem>please\u003C\u002Fem> rate this plugin –>\u003C\u002Fp>\n","Allows for simple insertion of a Zoomify zoomable web image in a post content, page or template.",4372,"2009-04-14T10:06:00.000Z","2.7.1","2.0.0",[103,20,104,105,22],"image","template","zoom","http:\u002F\u002Fwww.yann.com\u002Fwp-plugins\u002Fyd-zoomify","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyd-zoomify.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":70,"num_ratings":70,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":123,"download_link":124,"security_score":69,"vuln_count":70,"unpatched_count":70,"last_vuln_date":35,"fetched_at":28},"bcorp-slider","BCorp Slider","0.1","BCorp","https:\u002F\u002Fprofiles.wordpress.org\u002Fbcorp\u002F","\u003Cp>Powerful transitional slider shortcode for the BCorp Shortcode collection and BCorp Visual Editor.\u003C\u002Fp>\n\u003Cp>Please check http:\u002F\u002Fshortcodes.bcorp.com for examples of usuage.\u003C\u002Fp>\n","Powerful transitional slider shortcode for the BCorp Shortcode collection and BCorp Visual Editor.",10,1546,"2016-01-28T00:28:00.000Z","4.4.34","4.2.0",[103,20,21,122],"shortcodes","http:\u002F\u002Fshortcodes.bcorp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbcorp-slider.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":116,"downloaded":133,"rating":70,"num_ratings":70,"last_updated":134,"tested_up_to":135,"requires_at_least":17,"requires_php":18,"tags":136,"homepage":139,"download_link":140,"security_score":69,"vuln_count":70,"unpatched_count":70,"last_vuln_date":35,"fetched_at":28},"downloadable-gallery","downloadable gallery","1.3","jondor","https:\u002F\u002Fprofiles.wordpress.org\u002Fjondor\u002F","\u003Cp>A shortcode which shows an gallery of downloadable images. The basic idea was to have an easy way to make some images available for download.\u003Cbr \u002F>\nFor a working demo see: http:\u002F\u002Fplugins.funsite.eu\u002Fdownloadable-gallerie\u002F\u003C\u002Fp>\n\u003Ch4>shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[downloadable_images taxonomy=\"gallery\" slug=\"wallpaper\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The default for taxonomy is gallery, the default slug is “wallpaper”. So the above could also be used as\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[downloadable_images]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>I use this plugin together with “Enhanced Media Library” (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenhanced-media-library\u002F) which enables a taxonomy on the\u003Cbr \u002F>\nmedia library (besides other features)\u003C\u002Fp>\n\u003Cp>This plugin implements a custom thumbnail size of 300px width so probably you will have to regenerate thumbnails too. As a minimum for the\u003Cbr \u002F>\nphoto’s shown if they are already uploaded. New uploaded photo’s will generate this thumbnail automatically.\u003C\u002Fp>\n","A shortcode which shows an gallery of downloadeble images",4742,"2017-01-08T14:55:00.000Z","4.7.32",[137,85,20,21,138],"downloadable","show","http:\u002F\u002Fplugins.funsite.eu\u002Fdownloadable-gallerie\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownloadable-gallery.1.3.zip",{"attackSurface":142,"codeSignals":175,"taintFlows":187,"riskAssessment":188,"analyzedAt":202},{"hooks":143,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":174,"entryPointCount":26,"unprotectedCount":70},[144,150,155,160,164],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","wp_enqueue_scripts","gh_zoomify_scripts_styles","gh-zoomify.php",37,{"type":151,"name":152,"callback":153,"file":148,"line":154},"filter","upload_mimes","add_zif_support",49,{"type":145,"name":156,"callback":157,"file":158,"line":159},"admin_menu","gh_zoomify_settings","inc\\gh-zoomify-settings.php",17,{"type":151,"name":161,"callback":162,"file":158,"line":163},"upload_dir","gh_zoomify_js_upload_dir",68,{"type":145,"name":165,"callback":166,"file":158,"line":167},"admin_init","gh_zoomify_site_settings_init",88,[],[],[171],{"tag":22,"callback":172,"file":148,"line":173},"gh_zoomify_shortcode",129,[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":46,"externalRequests":70,"nonceChecks":70,"capabilityChecks":70,"bundledLibraries":186},[],{"prepared":70,"raw":70,"locations":178},[],{"escaped":70,"rawEcho":46,"locations":180},[181,184],{"file":158,"line":182,"context":183},96,"raw output",{"file":158,"line":185,"context":183},97,[],[],{"summary":189,"deductions":190},"The \"zoom-image-shortcode\" plugin v1.5.2 presents a mixed security posture.  On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding external HTTP requests.  It also has a limited attack surface with only one entry point (a shortcode) and no identified AJAX handlers or REST API routes that are unprotected.  Furthermore, the static analysis revealed no critical or high-severity taint flows and no dangerous function usage.  However, significant concerns arise from the complete lack of output escaping and the absence of any nonce or capability checks. This means that any output generated by the plugin's shortcode could potentially be vulnerable to cross-site scripting (XSS) attacks, as user-supplied data is not being sanitized before being displayed. The vulnerability history further exacerbates these concerns, with one medium-severity XSS vulnerability recorded and currently unpatched. This indicates a recurring pattern of insecure handling of user input that could lead to harmful code injection.",[191,194,197,199],{"reason":192,"points":193},"Unpatched medium severity CVE",18,{"reason":195,"points":196},"0% output escaping",15,{"reason":198,"points":116},"0 capability checks",{"reason":200,"points":201},"0 nonce checks",5,"2026-03-16T21:19:01.799Z",{"wat":204,"direct":216},{"assetPaths":205,"generatorPatterns":211,"scriptPaths":212,"versionParams":213},[206,207,208,209,210],"\u002Fwp-content\u002Fplugins\u002Fzoom-image-shortcode\u002Fassets\u002Fjs\u002FZoomifyImageViewerExpress-min.js","\u002Fwp-content\u002Fplugins\u002Fzoom-image-shortcode\u002Fassets\u002Fcss\u002Fzoomify-styles.css","\u002Fwp-content\u002Fplugins\u002Fzoom-image-shortcode\u002Fassets\u002FSkins\u002FDefault\u002F","\u002Fwp-content\u002Fplugins\u002Fzoom-image-shortcode\u002Fassets\u002FSkins\u002FLight\u002F","\u002Fwp-content\u002Fplugins\u002Fzoom-image-shortcode\u002Fassets\u002FSkins\u002FDark\u002F",[],[],[214,215],"zoomify-js","gh-zoomify",{"cssClasses":217,"htmlComments":219,"htmlAttributes":226,"restEndpoints":242,"jsGlobals":243,"shortcodeOutput":245},[218],"zoomify-wrapper",[220,221,222,223,224,225],"\u003C!-- code for header css and JS -->","\u003C!-- Add support for uploading zif files -->","\u003C!-- code for shortcode -->","\u003C!-- Helper functions -->","\u003C!-- Set a custom upload dir -->","\u003C!-- Change Upload Directory for Zoomify JS file -->",[227,228,229,230,231,232,233,234,235,236,237,238,239,240,241],"zskinpath","zinitialzoom","zinitialx","zinitialy","zminzoom","zmaxzoom","znavigatorvisible","ztoolbarvisible","zslidervisible","zlogovisible","zfullpagevisible","zfullpageinitial","zprogressvisible","ztooltipsvisible","zcomparisonpath",[],[244],"Z.showImage",[246,247],"\u003Cdiv id='zoomifyContainer-","' class='zoomify-wrapper'>\u003C\u002Fdiv>"]