[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_zB5zc6DVLjmGQxol1sw2CkzBSa2V_6KCneZ4QdQdqo":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":12,"unpatched_count":12,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":146},"addfreespace","0.1.3","土橋一夫 Kazuo Dobashi","https:\u002F\u002Fprofiles.wordpress.org\u002Fkazunii\u002F","\u003Cp>記事上下に自由な記述ができるフリースペースを加えることができます。上下方向の位置調整も簡単にできます。主に広告リンクのためのスペースを確保することを意図しています。A\u002FBテストも可能。詳しくは http:\u002F\u002Faccountingse.net\u002F2013\u002F09\u002F676\u002F を参照して下さい。\u003C\u002Fp>\n\u003Cp>The free space as for which free description is made to the report upper and lower sides can be added.\u003Cbr \u002F>\nJustification of the up-and-down direction can also be simplified.\u003Cbr \u002F>\nIt has intention of mainly securing the space for an advertising link.\u003C\u002Fp>\n","記事上下に自由な記述ができるフリースペースを加えることができます。You can add freespace.",10,1760,0,"2015-05-14T13:03:00.000Z","4.2.39","3.3","",[],"http:\u002F\u002Faccountingse.net\u002F2013\u002F02\u002F638\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddfreespace.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":25,"display_name":6,"profile_url":7,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"kazunii",2,20,30,84,"2026-04-04T22:33:50.240Z",[],{"attackSurface":33,"codeSignals":121,"taintFlows":138,"riskAssessment":139,"analyzedAt":145},{"hooks":34,"ajaxHandlers":117,"restRoutes":118,"shortcodes":119,"cronEvents":120,"entryPointCount":12,"unprotectedCount":12},[35,41,46,50,54,58,62,66,70,74,78,82,85,89,93,97,101,105,109,113],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","admin_menu","admin_menu_addfreespace","addfreespace.php",33,{"type":42,"name":43,"callback":44,"priority":10,"file":39,"line":45},"filter","the_content","ret_strings_10",142,{"type":42,"name":43,"callback":47,"priority":48,"file":39,"line":49},"ret_strings_11",11,143,{"type":42,"name":43,"callback":51,"priority":52,"file":39,"line":53},"ret_strings_12",12,144,{"type":42,"name":43,"callback":55,"priority":56,"file":39,"line":57},"ret_strings_13",13,145,{"type":42,"name":43,"callback":59,"priority":60,"file":39,"line":61},"ret_strings_14",14,146,{"type":42,"name":43,"callback":63,"priority":64,"file":39,"line":65},"ret_strings_15",15,147,{"type":42,"name":43,"callback":67,"priority":68,"file":39,"line":69},"ret_strings_16",16,148,{"type":42,"name":43,"callback":71,"priority":72,"file":39,"line":73},"ret_strings_17",17,149,{"type":42,"name":43,"callback":75,"priority":76,"file":39,"line":77},"ret_strings_18",18,150,{"type":42,"name":43,"callback":79,"priority":80,"file":39,"line":81},"ret_strings_19",19,151,{"type":42,"name":43,"callback":83,"priority":27,"file":39,"line":84},"ret_strings_20",152,{"type":42,"name":43,"callback":86,"priority":87,"file":39,"line":88},"ret_strings_100",100,153,{"type":42,"name":43,"callback":90,"priority":91,"file":39,"line":92},"ret_strings_200",200,154,{"type":42,"name":43,"callback":94,"priority":95,"file":39,"line":96},"ret_strings_300",300,155,{"type":42,"name":43,"callback":98,"priority":99,"file":39,"line":100},"ret_strings_400",400,156,{"type":42,"name":43,"callback":102,"priority":103,"file":39,"line":104},"ret_strings_500",500,157,{"type":42,"name":43,"callback":106,"priority":107,"file":39,"line":108},"ret_strings_1000",1000,158,{"type":42,"name":43,"callback":110,"priority":111,"file":39,"line":112},"ret_strings_10000",10000,159,{"type":42,"name":43,"callback":114,"priority":115,"file":39,"line":116},"ret_strings_100000",100000,160,[],[],[],[],{"dangerousFunctions":122,"sqlUsage":123,"outputEscaping":125,"fileOperations":12,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":137},[],{"prepared":12,"raw":12,"locations":124},[],{"escaped":12,"rawEcho":126,"locations":127},4,[128,131,133,135],{"file":39,"line":129,"context":130},55,"raw output",{"file":39,"line":132,"context":130},78,{"file":39,"line":134,"context":130},109,{"file":39,"line":136,"context":130},120,[],[],{"summary":140,"deductions":141},"The 'addfreespace' plugin v0.1.3 exhibits a seemingly low-risk profile based on the provided static analysis and vulnerability history. The lack of any identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) significantly reduces the potential attack surface. Furthermore, the absence of dangerous functions, SQL queries not using prepared statements, file operations, and external HTTP requests are all positive security indicators.\n\nHowever, a critical concern emerges from the static analysis: 100% of the identified output escaping is improperly handled. This means that any data rendered by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks. While taint analysis found no unsanitized paths, the lack of proper output escaping on all identified outputs is a significant weakness that could be exploited if any user-controlled data is ever rendered.\n\nGiven the lack of historical vulnerabilities and the minimal attack surface, the plugin's overall security posture appears strong in many areas. Nevertheless, the universal failure to properly escape output presents a clear and actionable risk that requires immediate attention to prevent potential XSS vulnerabilities. Addressing this issue would significantly bolster the plugin's security.",[142],{"reason":143,"points":144},"Improper output escaping on all outputs",8,"2026-03-16T23:38:43.274Z",{"wat":147,"direct":156},{"assetPaths":148,"generatorPatterns":150,"scriptPaths":151,"versionParams":155},[149],"\u002Fwp-content\u002Fplugins\u002Faddfreespace\u002Faddfreespace.css",[],[152,153,154],"\u002Fwp-content\u002Fplugins\u002Faddfreespace\u002Faddfreespace_functions.js","\u002Fwp-content\u002Fplugins\u002Faddfreespace\u002Faddfreespace_const.js","\u002Fwp-content\u002Fplugins\u002Faddfreespace\u002Fjquery.numeric.js",[],{"cssClasses":157,"htmlComments":165,"htmlAttributes":166,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":184},[158,159,160,161,162,163,164],"addfreespace_wrap","explain_addfreespace","addfreespace_simple_wrap","btn_submit","addfreespace_ab_wrap","addfreespace_footer","addfreespace_createdby",[],[167,168,169,170,171,172,173,174,175,176,177,178,179,180],"id=\"addfreespace_wrap\"","id=\"disp_mytitle\"","id=\"addfreespace_simple_wrap\"","id=\"addfreespace_ab_wrap\"","id=\"addfreespace_footer\"","id=\"urikomi\"","id=\"addfreespace_createdby\"","class=\"button LangJaBtn\"","class=\"button LangEnBtn\"","class=\"btn_submit button button-primary\"","id=\"btn_addrow_simple\"","id=\"btn_addrow_ab\"","id=\"addfreespace_simple_tablebody\"","id=\"addfreespace_ab_tablebody\"",[],[183],"ADDFREESPACE_DEBUG",[]]