[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ft1kHxP_Nwg5XWCZr3d1Y2WdafhYf8jnkXXWnCP9SBj4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":82},"admin-loaded-display","Admin Loaded Display","1.0.2","brownbrowniebrownerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrownbrowniebrownerson\u002F","\u003Cp>In the admin bar, this plugin, adds a display that shows the registered\u003Cbr \u002F>\nscripts and styles. This can be helpful for site optimization or debugging.\u003Cbr \u002F>\nThe plugin adds the ‘Display Loaded Scripts’ to the admin bar.\u003Cbr \u002F>\nClick the ‘Display Loaded Scripts button’ to see the loaded scripts that\u003Cbr \u002F>\nare currently enqueued. Click ‘styles’ to see the enqueued styles.\u003C\u002Fp>\n","In the admin bar, this plugin, adds a display that shows the registered",0,1235,"","5.7.15","4.0.1","5.6",[18,19],"loaded-scripts","loaded-styles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-loaded-display.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},2,50,93,30,89,"2026-04-04T03:46:34.084Z",[],{"attackSurface":34,"codeSignals":58,"taintFlows":69,"riskAssessment":70,"analyzedAt":81},{"hooks":35,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":11,"unprotectedCount":11},[36,43,47,51],{"type":37,"name":38,"callback":39,"priority":40,"file":41,"line":42},"action","admin_bar_menu","ald_toolbar_menu",999,"admin-loaded-display.php",34,{"type":37,"name":44,"callback":45,"file":41,"line":46},"wp_print_scripts","grab_the_code",88,{"type":37,"name":48,"callback":49,"file":41,"line":50},"admin_enqueue_scripts","ald_enqueue_scripts",101,{"type":37,"name":52,"callback":49,"file":41,"line":53},"wp_enqueue_scripts",102,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":68},[],{"prepared":11,"raw":11,"locations":61},[],{"escaped":11,"rawEcho":63,"locations":64},1,[65],{"file":41,"line":66,"context":67},85,"raw output",[],[],{"summary":71,"deductions":72},"The 'admin-loaded-display' plugin v1.0.2 exhibits a strong security posture based on the provided static analysis. There are no identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the potential attack surface. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests contributes positively to its security. The adherence to prepared statements for all SQL queries is a critical best practice that prevents SQL injection vulnerabilities.\n\nHowever, the analysis does reveal a significant concern: 100% of the identified output contains unescaped data. This means that any data rendered to the user interface could potentially be vulnerable to Cross-Site Scripting (XSS) attacks if the data originates from an untrusted source or is not properly sanitized before output. While the taint analysis shows no specific flows indicating this, the lack of output escaping is a common gateway for XSS. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. Nevertheless, the lack of capability checks and nonces, combined with the unescaped output, suggests that while the plugin may not have been historically exploited, it possesses inherent weaknesses that could be exploited in the future if not addressed.\n\nIn conclusion, the 'admin-loaded-display' plugin demonstrates robust code hygiene in areas like SQL handling and attack surface minimization. However, the complete absence of output escaping is a critical flaw that demands immediate attention. The clean vulnerability history is encouraging, but it doesn't negate the risks posed by the unaddressed XSS vulnerability. Addressing the output escaping would significantly bolster the plugin's security.",[73,76,79],{"reason":74,"points":75},"Unescaped output detected",7,{"reason":77,"points":78},"Missing nonce checks",5,{"reason":80,"points":78},"Missing capability checks","2026-03-17T05:42:00.630Z",{"wat":83,"direct":92},{"assetPaths":84,"generatorPatterns":87,"scriptPaths":88,"versionParams":89},[85,86],"\u002Fwp-content\u002Fplugins\u002Fadmin-loaded-display\u002Fjs\u002Fald_scripts.js","\u002Fwp-content\u002Fplugins\u002Fadmin-loaded-display\u002Fcss\u002Fstyle.css",[],[85],[90,91],"admin-loaded-display\u002Fjs\u002Fald_scripts.js?ver=","admin-loaded-display\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":93,"htmlComments":95,"htmlAttributes":96,"restEndpoints":97,"jsGlobals":98,"shortcodeOutput":100},[94],"ald-box",[],[],[],[99],"ald_loaded",[]]