[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwYjVvvFutXsTnC9uigdujjO6YnR4TDTSoGnhGvsE8kk":3,"$fm41yu0DcbDn8_uSBI26PRdRyYz71f3emMLSvL3SruRU":264,"$fHw0yHJ9-8RsK8bszryG5BshI7oBoBskhTbiQkYpoHfY":269},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"discovery_status":23,"vulnerabilities":24,"developer":25,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":240},"acosmin-north-extensions","North Extensions","1.0.0","acosmin","https:\u002F\u002Fprofiles.wordpress.org\u002Facosmin\u002F","\u003Cp>Adds front page sections (Instagram, Ads), a post title design option and other extensions to North WordPress theme.\u003C\u002Fp>\n","Adds front page sections (Instagram, Ads), a post title design option and other extensions to North WordPress theme.",0,2074,"2017-06-24T05:43:00.000Z","4.8.28","4.6","",[],"http:\u002F\u002Fwww.acosmin.com\u002Ftheme\u002Fnorth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facosmin-north-extensions.1.0.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},6,2270,30,84,"2026-05-20T07:43:17.225Z",[],{"attackSurface":33,"codeSignals":174,"taintFlows":230,"riskAssessment":231,"analyzedAt":239},{"hooks":34,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":11,"unprotectedCount":11},[35,42,47,52,56,61,65,69,72,76,80,84,88,91,95,99,101,105,107,110,113,117,120,123,126,129,132,135,138,141,144,148,151,155,157,159,161,164,166,168],{"type":36,"name":37,"callback":38,"priority":39,"file":40,"line":41},"action","customize_register","northe_customizer",15,"customizer\u002Finit.php",17,{"type":36,"name":43,"callback":44,"file":45,"line":46},"admin_enqueue_scripts","northe_scripts_admin","inc\u002Fenqueue-backend.php",31,{"type":36,"name":48,"callback":49,"file":50,"line":51},"admin_menu","northe_title_design_metabox","modules\u002Ftitle-design\u002Finit.php",9,{"type":36,"name":53,"callback":54,"file":50,"line":55},"save_post","northe_title_design_save_meta",10,{"type":57,"name":58,"callback":59,"priority":55,"file":50,"line":60},"filter","the_title","northe_title_design_output",11,{"type":36,"name":62,"callback":63,"priority":55,"file":64,"line":39},"northe__section_ads","northe__section_ads_output","sections\u002Fads\u002Fads-tmpl.php",{"type":57,"name":66,"callback":67,"priority":55,"file":68,"line":55},"north___section_category_defaults","northe_s_category___ad_default","sections\u002Fcategory\u002Fcategory.php",{"type":57,"name":70,"callback":71,"priority":55,"file":68,"line":60},"north___section_category_options","northe_s_category___ad_option",{"type":57,"name":73,"callback":74,"priority":55,"file":68,"line":75},"north___section_category_update","northe_s_category___ad_update",12,{"type":57,"name":77,"callback":78,"priority":55,"file":68,"line":79},"north___section_category_fields","northe_s_category___ad_fields",13,{"type":36,"name":81,"callback":82,"priority":28,"file":68,"line":83},"north__sec_tmpl_cat_side_widgets","northe_s_category__ad_display",14,{"type":36,"name":85,"callback":86,"priority":28,"file":87,"line":55},"widgets_init","northe_sections","sections\u002Finit.php",{"type":57,"name":89,"callback":90,"priority":39,"file":87,"line":60},"north_customizer_js_settings","northe_sections___new",{"type":36,"name":92,"callback":93,"priority":55,"file":94,"line":39},"northe__section_instagram","northe__section_instagram_start","sections\u002Finstagram\u002Finstagram-tmpl.php",{"type":36,"name":92,"callback":96,"priority":97,"file":94,"line":98},"northe__section_instagram_header",20,16,{"type":36,"name":92,"callback":100,"priority":28,"file":94,"line":41},"northe__section_instagram_init",{"type":36,"name":92,"callback":102,"priority":103,"file":94,"line":104},"northe__section_instagram_end",999,18,{"type":36,"name":96,"callback":106,"priority":55,"file":94,"line":97},"northe__section_instagram_header_start",{"type":36,"name":96,"callback":108,"priority":97,"file":94,"line":109},"northe__section_instagram_header_title",21,{"type":36,"name":96,"callback":111,"priority":28,"file":94,"line":112},"northe__section_instagram_header_description",22,{"type":36,"name":96,"callback":114,"priority":115,"file":94,"line":116},"northe__section_instagram_header_link",40,23,{"type":36,"name":96,"callback":118,"priority":103,"file":94,"line":119},"northe__section_instagram_header_end",24,{"type":36,"name":100,"callback":121,"priority":55,"file":94,"line":122},"northe__section_instagram_init_start",26,{"type":36,"name":100,"callback":124,"priority":97,"file":94,"line":125},"northe__section_instagram_init_title",27,{"type":36,"name":100,"callback":127,"priority":28,"file":94,"line":128},"northe__section_instagram_init_items",28,{"type":36,"name":100,"callback":130,"priority":103,"file":94,"line":131},"northe__section_instagram_init_end",29,{"type":36,"name":48,"callback":133,"file":134,"line":125},"add_admin_menu","settings-pages\u002Finstagram.php",{"type":36,"name":136,"callback":137,"file":134,"line":128},"admin_init","settings_init",{"type":57,"name":139,"callback":140,"priority":55,"file":134,"line":28},"plugin_action_links","add_action_links",{"type":36,"name":43,"callback":142,"file":134,"line":143},"scripts",32,{"type":36,"name":145,"callback":146,"priority":55,"file":147,"line":39},"northe__widget_ads","northe__widget_ads_output","widgets\u002Fads\u002Fads-tmpl.php",{"type":36,"name":85,"callback":149,"priority":115,"file":150,"line":55},"northe_widgets","widgets\u002Finit.php",{"type":36,"name":152,"callback":153,"priority":55,"file":154,"line":39},"northe__widget_instagram","northe__widget_instagram_title","widgets\u002Finstagram\u002Finstagram-tmpl.php",{"type":36,"name":152,"callback":156,"priority":97,"file":154,"line":98},"northe__widget_instagram_start",{"type":36,"name":152,"callback":158,"priority":28,"file":154,"line":41},"northe__widget_instagram_wrap",{"type":36,"name":152,"callback":160,"priority":115,"file":154,"line":104},"northe__widget_instagram_button",{"type":36,"name":152,"callback":162,"priority":103,"file":154,"line":163},"northe__widget_instagram_end",19,{"type":36,"name":158,"callback":165,"priority":55,"file":154,"line":109},"northe__widget_instagram_wrap_start",{"type":36,"name":158,"callback":167,"priority":97,"file":154,"line":112},"northe__widget_instagram_display",{"type":36,"name":158,"callback":169,"priority":103,"file":154,"line":116},"northe__widget_instagram_wrap_end",[],[],[],[],{"dangerousFunctions":175,"sqlUsage":180,"outputEscaping":182,"fileOperations":11,"externalRequests":227,"nonceChecks":228,"capabilityChecks":26,"bundledLibraries":229},[176],{"fn":177,"file":50,"line":178,"context":179},"preg_replace(\u002Fe)",145,"preg_replace('\u002F\u003Cem>(.*?)\u003C\\\u002Fe",{"prepared":11,"raw":11,"locations":181},[],{"escaped":183,"rawEcho":163,"locations":184},97,[185,188,190,192,195,197,199,201,204,206,208,209,211,213,215,218,220,223,225],{"file":64,"line":186,"context":187},41,"raw output",{"file":64,"line":189,"context":187},42,{"file":64,"line":191,"context":187},43,{"file":193,"line":194,"context":187},"sections\u002Fads\u002Fads.php",116,{"file":193,"line":196,"context":187},127,{"file":193,"line":198,"context":187},129,{"file":68,"line":200,"context":187},102,{"file":202,"line":203,"context":187},"sections\u002Finstagram\u002Finstagram.php",141,{"file":202,"line":205,"context":187},155,{"file":202,"line":207,"context":187},157,{"file":147,"line":122,"context":187},{"file":210,"line":200,"context":187},"widgets\u002Fads\u002Fads.php",{"file":210,"line":212,"context":187},113,{"file":210,"line":214,"context":187},115,{"file":216,"line":217,"context":187},"widgets\u002Fbase.php",56,{"file":216,"line":219,"context":187},337,{"file":221,"line":222,"context":187},"widgets\u002Finstagram\u002Finstagram.php",109,{"file":221,"line":224,"context":187},123,{"file":221,"line":226,"context":187},125,3,1,[],[],{"summary":232,"deductions":233},"The \"acosmin-north-extensions\" plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis.  The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a limited attack surface.  Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and performing a high percentage (84%) of output escaping, which mitigates common vulnerabilities like SQL injection and Cross-Site Scripting (XSS). The presence of nonce and capability checks further enhances its security, ensuring proper authorization for its operations.\n\nHowever, a potential concern lies within the use of a dangerous function, specifically `preg_replace(\u002Fe)`. While the static analysis doesn't explicitly detail a vulnerable flow, this pattern is historically associated with Remote Code Execution (RCE) vulnerabilities when not handled with extreme caution and proper sanitization of user-supplied data. The plugin's vulnerability history is currently clean, with no recorded CVEs, which is positive. However, this could be due to the plugin being relatively new or simply not having been targeted or audited extensively. The presence of external HTTP requests, while not inherently a vulnerability, warrants careful scrutiny to ensure they do not introduce risks like SSRF or data leakage.\n\nIn conclusion, the plugin has a good foundation with a small attack surface and robust data handling for SQL. The primary area for caution is the `preg_replace(\u002Fe)` usage and the external HTTP requests. A thorough dynamic analysis and security audit, focusing on how these specific elements are utilized with user input, would be highly recommended to confirm the absence of exploitable vulnerabilities.",[234,236],{"reason":235,"points":55},"Use of dangerous function preg_replace(\u002Fe)",{"reason":237,"points":238},"External HTTP requests present",2,"2026-04-16T14:42:11.882Z",{"wat":241,"direct":252},{"assetPaths":242,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[243,244,245],"\u002Fwp-content\u002Fplugins\u002Facosmin-north-extensions\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Facosmin-north-extensions\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Facosmin-north-extensions\u002Fassets\u002Fjs\u002Finstagram.js",[],[],[249,250,251],"acosmin-north-extensions\u002Fassets\u002Fcss\u002Fadmin.css?ver=","acosmin-north-extensions\u002Fassets\u002Fjs\u002Fadmin.js?ver=","acosmin-north-extensions\u002Fassets\u002Fjs\u002Finstagram.js?ver=",{"cssClasses":253,"htmlComments":257,"htmlAttributes":258,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":263},[254,255,256],"northe-instagram-widget","button-connect","northe-instagarm-connected",[],[259],"id=\"northe-instagram-settings_access-token\"",[],[262],"northe_instagram_admin",[],{"error":265,"url":266,"statusCode":267,"statusMessage":268,"message":268},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Facosmin-north-extensions\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":228,"versions":270},[271],{"version":6,"download_url":19,"svn_tag_url":272,"released_at":21,"has_diff":273,"diff_files_changed":274,"diff_lines":21,"trac_diff_url":21,"vulnerabilities":275,"is_current":265},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Facosmin-north-extensions\u002Ftags\u002F1.0.0\u002F",false,[],[]]