[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvid0kZcZU2pjwVworTQCxjtgSi5s7niDKsQjnKaBFTo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":37,"fingerprints":102},"1beyt","1Beyt","1.5.2","Javad Ehteshami","https:\u002F\u002Fprofiles.wordpress.org\u002Fham3da\u002F","\u003Cp>This plugin can display a Distich from Persian poets in your weblog by wedget and shortcode.\u003C\u002Fp>\n\u003Cp>The features of this plugin can be listed as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>امکان نمایش یک بیت شعر تصادفی در ویجت\u003C\u002Fli>\n\u003Cli>امکان نمایش بیت با کد کوتاه در هر جای سایت\u003C\u002Fli>\n\u003Cli>تغییر بیت در هر بار مرور\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>You can Donate plugin author \u003Ca href=\"https:\u002F\u002Fham3da.ir\u002Fdonation\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Github\u003C\u002Fh3>\n\u003Cp>Contribute on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fham3da\u002F1beyt\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n","افزونه‌ای برای نمایش یک بیت شعر تصادفی در وردپرس Plugin to display a Distich from Persian poets.",20,3422,0,"2019-06-20T08:44:00.000Z","5.2.24","3.0","",[19,20,21],"persian-poem","poem-widget","random-poem","http:\u002F\u002Fham3da.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F1beyt.1.5.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"ham3da",6,90,88,30,86,"2026-04-04T00:34:57.378Z",[],{"attackSurface":38,"codeSignals":65,"taintFlows":92,"riskAssessment":93,"analyzedAt":101},{"hooks":39,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":63,"entryPointCount":64,"unprotectedCount":13},[40,46,50],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","ob_admin_pages","1beyt.php",29,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_init","check_yek_beyt_ver",83,{"type":41,"name":51,"callback":52,"file":53,"line":54},"widgets_init","ob_widget_init","inc\\widget.php",79,[],[],[58],{"tag":59,"callback":60,"file":61,"line":62},"yek_beyt","yek_byet_func","inc\\ob_shortcode.php",19,[],1,{"dangerousFunctions":66,"sqlUsage":67,"outputEscaping":73,"fileOperations":64,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":91},[],{"prepared":68,"raw":64,"locations":69},4,[70],{"file":44,"line":71,"context":72},77,"$wpdb->query() with variable interpolation",{"escaped":68,"rawEcho":74,"locations":75},8,[76,80,81,83,85,87,88,90],{"file":77,"line":78,"context":79},"help.php",32,"raw output",{"file":53,"line":78,"context":79},{"file":53,"line":82,"context":79},33,{"file":53,"line":84,"context":79},39,{"file":53,"line":86,"context":79},62,{"file":53,"line":86,"context":79},{"file":53,"line":89,"context":79},64,{"file":53,"line":89,"context":79},[],[],{"summary":94,"deductions":95},"The \"1beyt\" plugin v1.5.2 exhibits a generally good security posture based on the static analysis provided. The absence of AJAX handlers, REST API routes, and cron events significantly limits the potential attack surface. The fact that all identified entry points are protected by authorization checks is a strong indicator of secure development practices.  Furthermore, the plugin does not appear to have any known vulnerabilities in its history, which is a positive sign.\n\nHowever, there are areas for concern. The code analysis reveals that only 33% of output escaping is properly handled, suggesting a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed. Additionally, the lack of nonce checks on its single shortcode presents a potential for cross-site request forgery (CSRF) attacks if that shortcode performs any sensitive actions.\n\nWhile the plugin has no recorded vulnerabilities, the unescaped output and missing nonce checks are concerning. These are common weak points that can lead to exploitable vulnerabilities. The plugin's strengths lie in its limited attack surface and lack of known historical issues, but its weaknesses in output sanitization and nonce implementation require attention to ensure a truly secure state.",[96,98],{"reason":97,"points":74},"Low percentage of proper output escaping",{"reason":99,"points":100},"Missing nonce check on shortcode",7,"2026-03-16T22:49:20.757Z",{"wat":103,"direct":108},{"assetPaths":104,"generatorPatterns":105,"scriptPaths":106,"versionParams":107},[],[],[],[],{"cssClasses":109,"htmlComments":111,"htmlAttributes":112,"restEndpoints":113,"jsGlobals":114,"shortcodeOutput":115},[110],"yek_byet",[],[],[],[],[116,117,118,119,120],"\u003Cp id=\"yek_byet\" style=\"text-align: center;\">","\u003Cbr \u002F>","«","»\u003Cbr \u002F>","\u003C\u002Fp>"]