[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4IrfjeRGKNYFX3xO3lq40BXCY2Svt0Zs6UxKfpT1-EI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":36,"fingerprints":151},"ads-inside-post-aipwp","ADs Inside Post","1.7","Mark J","https:\u002F\u002Fprofiles.wordpress.org\u002Frajika4ever\u002F","\u003Cp>Even Now You Can Add Responsive Adsense Ads..\u003Cbr \u002F>\nA Simple Plugin That Let You Add Adsense Ads Within Post Content. Add ads anywhere you need just you need to add abshort code and there is lot more options. You can add styles to your Ads and you can select the alignment. Using this plugin you can not only add Ads to the post, This plugin give you ability to add any Javascript or HTML code within post.\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"http:\u002F\u002Fwww.mytrickpages.com\u002Faipwpdoc\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n","A Simple Plugin That Let You Add Adsense Ads Within Post Content. Add ads anywhere via a short code. Even Now You Can Add Responsive Adsense Ads..",10,6591,100,1,"2015-03-20T08:06:00.000Z","4.1.42","2.3","",[20,21,22],"ads-inside-post","ads-within-post-content","adsense-ads-inside-post","http:\u002F\u002Fwww.mytrickpages.com\u002FAIPWP","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fads-inside-post-aipwp.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"rajika4ever",30,84,"2026-04-05T09:46:04.638Z",[],{"attackSurface":37,"codeSignals":76,"taintFlows":107,"riskAssessment":140,"analyzedAt":150},{"hooks":38,"ajaxHandlers":70,"restRoutes":71,"shortcodes":72,"cronEvents":75,"entryPointCount":14,"unprotectedCount":26},[39,45,49,55,59,62,66],{"type":40,"name":41,"callback":42,"file":43,"line":44},"filter","mce_external_plugins","add_tinymce_plugin","admin\\functions.php",116,{"type":40,"name":46,"callback":47,"file":43,"line":48},"mce_buttons","register_my_tc_button",117,{"type":50,"name":51,"callback":52,"file":53,"line":54},"action","init","showads","index.php",28,{"type":50,"name":56,"callback":57,"file":53,"line":58},"admin_menu","AIPWP_menu",29,{"type":50,"name":60,"callback":61,"file":53,"line":32},"wp_print_styles","add_stylesheet",{"type":50,"name":63,"callback":64,"file":53,"line":65},"admin_enqueue_scripts","pw_load_scripts",31,{"type":50,"name":67,"callback":68,"file":53,"line":69},"admin_head","Sbutton",33,[],[],[73],{"tag":52,"callback":52,"file":53,"line":74},32,[],{"dangerousFunctions":77,"sqlUsage":78,"outputEscaping":95,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":97,"bundledLibraries":106},[],{"prepared":26,"raw":79,"locations":80},6,[81,85,87,89,91,94],{"file":82,"line":83,"context":84},"admin\\admin.php",35,"$wpdb->get_results() with variable interpolation",{"file":82,"line":86,"context":84},392,{"file":43,"line":88,"context":84},14,{"file":43,"line":90,"context":84},25,{"file":43,"line":92,"context":93},72,"$wpdb->query() with variable interpolation",{"file":43,"line":13,"context":93},{"escaped":96,"rawEcho":97,"locations":98},5,3,[99,102,104],{"file":82,"line":100,"context":101},39,"raw output",{"file":82,"line":103,"context":101},41,{"file":82,"line":105,"context":101},394,[],[108,130],{"entryPoint":109,"graph":110,"unsanitizedCount":14,"severity":129},"AIPWP_options (admin\\admin.php:4)",{"nodes":111,"edges":125},[112,116,120],{"id":113,"type":114,"label":115,"file":82,"line":90},"n0","source","$_POST['AD_ID']",{"id":117,"type":118,"label":119,"file":82,"line":90},"n1","transform","→ delete()",{"id":121,"type":122,"label":123,"file":43,"line":92,"wp_function":124},"n2","sink","query() [SQLi]","query",[126,128],{"from":113,"to":117,"sanitized":127},false,{"from":117,"to":121,"sanitized":127},"high",{"entryPoint":131,"graph":132,"unsanitizedCount":14,"severity":129},"\u003Cadmin> (admin\\admin.php:0)",{"nodes":133,"edges":137},[134,135,136],{"id":113,"type":114,"label":115,"file":82,"line":90},{"id":117,"type":118,"label":119,"file":82,"line":90},{"id":121,"type":122,"label":123,"file":43,"line":92,"wp_function":124},[138,139],{"from":113,"to":117,"sanitized":127},{"from":117,"to":121,"sanitized":127},{"summary":141,"deductions":142},"The \"ads-inside-post-aipwp\" plugin, version 1.7, presents a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode and no AJAX handlers, REST API routes, or cron events. Furthermore, there are no known CVEs associated with this plugin, suggesting a history of relative stability. The plugin also implements capability checks, which is a good practice for controlling access to functionalities.\n\nHowever, the static analysis reveals several concerning aspects. A significant concern is the complete absence of prepared statements for all six SQL queries. This makes the plugin highly vulnerable to SQL injection attacks, as user-supplied data could be directly embedded into database queries. Additionally, the taint analysis identified two flows with unsanitized paths, classified as high severity. While these are not explicitly stated as critical vulnerabilities, they represent potential pathways for attackers to exploit if they can manipulate the data within these flows. The relatively low percentage of properly escaped output (63%) also suggests a potential for cross-site scripting (XSS) vulnerabilities, although the analysis doesn't flag specific instances.\n\nIn conclusion, while the plugin has a limited attack surface and no known past vulnerabilities, the reliance on raw SQL queries and the presence of unsanitized taint flows are significant security weaknesses. These areas require immediate attention to mitigate the risk of SQL injection and potential path traversal or similar vulnerabilities.",[143,145,148],{"reason":144,"points":11},"All SQL queries use raw SQL (not prepared)",{"reason":146,"points":147},"High severity unsanitized taint flows found",12,{"reason":149,"points":79},"Low percentage of properly escaped output","2026-03-17T01:06:34.557Z",{"wat":152,"direct":163},{"assetPaths":153,"generatorPatterns":157,"scriptPaths":158,"versionParams":161},[154,155,156],"\u002Fwp-content\u002Fplugins\u002Fads-inside-post-aipwp\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fads-inside-post-aipwp\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fads-inside-post-aipwp\u002Fbutton.js",[],[159,160],"script.js","button.js",[162],"ads-inside-post-aipwp\u002Fstyle.css?ver=",{"cssClasses":164,"htmlComments":166,"htmlAttributes":167,"restEndpoints":168,"jsGlobals":169,"shortcodeOutput":171},[165],"AIPWP_AD_STYLE",[],[],[],[170],"pw_script_vars",[172],"\u003Cdiv class=\""]