[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhBlptojEYHKCq_0J9OMgI7SzuBVxxY8jVimcOmZqzLc":3,"$fztDFelsFvrBhXUKKLZpM6x7KSWnC6WDaMWcQpa7iBDY":98,"$fflpCbqZlzF2p3sB77KV9v0k9yOl_nRUzCIDKfxWThdE":103},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":84},"a2zvideoapi","a2zVideoAPI widget","0.7","Sandeep Verma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsvnlabs\u002F","\u003Cp>Some API supported URL:\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmXMf9GOzzOA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.dailymotion.com\u002Fvideo\u002Fx5z91e_lets-play-holi_music\u003Cbr \u002F>\nhttp:\u002F\u002Fvideo.google.com\u002Fvideoplay?docid=-7577046582869136330&hl=en\u003Cbr \u002F>\n\u003Ciframe loading=\"lazy\" title=\"Sign Language - a short film\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F9573920?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.metacafe.com\u002Fwatch\u002F4230785\u002Fghetto_star_weekly_randy_radermacher\u002F\u003Cbr \u002F>\nhttp:\u002F\u002Fblip.tv\u002Ffile\u002F3272712?utm_source=featured_ep&utm_medium=featured_ep\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.hulu.com\u002Fwatch\u002F131066\u002Fsaturday-night-live-we-are-the-world-cold-open\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.viddler.com\u002Fexplore\u002Fcoop\u002Fvideos\u002F54\u002F\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.5min.com\u002FVideo\u002FHow-to-Organize-Your-Life-219728873\u003Cbr \u002F>\nhttp:\u002F\u002Fvids.myspace.com\u002Findex.cfm?fuseaction=vids.individual&videoid=51722257\u003Cbr \u002F>\nhttp:\u002F\u002Fvodpod.com\u002Fwatch\u002F2492783-reactos-install-screencast-tutorial\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.ehow.com\u002Fvideo_4983481_change-ip-address-windows-vista.html\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.break.com\u002Fusercontent\u002F2009\u002F4\u002FHow-to-Run-Linux-on-Windows-Ubuntu-699185.html\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.atom.com\u002Ffunny_videos\u002Fsw_gangsta_rap_chronicles\u002F\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.funnyordie.com\u002Fvideos\u002F4d47a07835\u002Fdanny-mendlow-the-solution-to-racism-and-the-biggest-issue-in-the-world\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Ftraceytilson\u002F3033319841\u002F\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Other Links:\u003Cbr \u002F>\nhttp:\u002F\u002Fcode.google.com\u002Fp\u002Fa2zvideoapi\u002F\u003Cbr \u002F>\nhttp:\u002F\u002Fgithub.com\u002Fsvnlabs\u003C\u002Fp>\n\u003Cp>Download API: http:\u002F\u002Fwww.svnlabs.com\u002Fa2zvideoapi\u002Fa2zVideoAPI.zip\u003Cbr \u002F>\nDownload Plugin: http:\u002F\u002Fblog.svnlabs.com\u002Fa2zVideoAPI.zip\u003C\u002Fp>\n\u003Cp>Follow me:\u003C\u002Fp>\n\u003Cp>Facebook: http:\u002F\u002Fwww.facebook.com\u002Fsvnlabs\u003Cbr \u002F>\nTwitter: http:\u002F\u002Fwww.twitter.com\u002Fsvnlabs\u003C\u002Fp>\n\u003Cp>Subscribe me:\u003Cbr \u002F>\nYoutube: http:\u002F\u002Fwww.youtube.com\u002Fuser\u002Fsvnlabs\u003Cbr \u002F>\nFeeds: http:\u002F\u002Fblog.svnlabs.com\u002Ffeed\u002F\u003C\u002Fp>\n","Some API supported URL:",10,2036,0,"2010-07-03T14:32:00.000Z","2.1","2.0.2","",[4],"http:\u002F\u002Fsvnlabs.com\u002Fa2zvideoapi\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa2zvideoapi.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"svnlabs",1190,80,392,65,"2026-05-20T00:14:02.121Z",[],{"attackSurface":35,"codeSignals":47,"taintFlows":71,"riskAssessment":72,"analyzedAt":83},{"hooks":36,"ajaxHandlers":43,"restRoutes":44,"shortcodes":45,"cronEvents":46,"entryPointCount":13,"unprotectedCount":13},[37],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","widgets_init","widget_a2zvideoapi_init","a2zVideoAPI.php",166,[],[],[],[],{"dangerousFunctions":48,"sqlUsage":49,"outputEscaping":51,"fileOperations":13,"externalRequests":69,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":70},[],{"prepared":13,"raw":13,"locations":50},[],{"escaped":13,"rawEcho":52,"locations":53},7,[54,57,59,61,63,65,67],{"file":41,"line":55,"context":56},69,"raw output",{"file":41,"line":58,"context":56},70,{"file":41,"line":60,"context":56},71,{"file":41,"line":62,"context":56},72,{"file":41,"line":64,"context":56},149,{"file":41,"line":66,"context":56},150,{"file":41,"line":68,"context":56},151,1,[],[],{"summary":73,"deductions":74},"The a2zvideoapi v0.7 plugin exhibits a generally positive security posture based on the provided static analysis.  The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with potential unprotected entry points suggests a limited attack surface. Furthermore, the code signals show no dangerous functions, no raw SQL queries, and no file operations, which are all good security practices. The plugin does make one external HTTP request, which is a minor area to monitor but not inherently problematic without further context.\n\nHowever, a significant concern arises from the \"Output escaping\" metric, where 0% of the 7 total outputs are properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from external sources or user input could be rendered unsafegarded, allowing attackers to inject malicious scripts. The lack of nonces and capability checks, while not directly tied to an identified attack vector in this analysis, is also a weakness that could be exploited if new entry points are introduced or if existing code is modified without proper security considerations.\n\nGiven the \"Vulnerability History\" shows zero known CVEs, this plugin has a clean record. This is a strong indicator of responsible development or perhaps a lack of widespread use and scrutiny. However, the presence of unescaped output is a critical flaw that overshadows the clean history and the limited attack surface. The plugin's strength lies in its limited scope and absence of common vulnerable patterns, but its critical weakness in output escaping demands immediate attention.",[75,78,81],{"reason":76,"points":77},"Unescaped output detected",8,{"reason":79,"points":80},"No nonce checks",5,{"reason":82,"points":80},"No capability checks","2026-03-16T23:33:09.956Z",{"wat":85,"direct":90},{"assetPaths":86,"generatorPatterns":87,"scriptPaths":88,"versionParams":89},[],[],[],[],{"cssClasses":91,"htmlComments":92,"htmlAttributes":93,"restEndpoints":94,"jsGlobals":95,"shortcodeOutput":96},[],[],[],[],[],[97],"echo $before_widget . $title . $embed . $after_widget;",{"error":99,"url":100,"statusCode":101,"statusMessage":102,"message":102},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fa2zvideoapi\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":104},[]]