[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwsNnl8o1_f8haCEOZdeLrT9y03RcK3zzNnMoS50aifs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":32,"analysis":33,"fingerprints":198},"advert-wzt","advert广告","0.0.4","沃之涛","https:\u002F\u002Fprofiles.wordpress.org\u002Fkelerkgibo\u002F","\u003Cp>This plugin is part of our long-term WordPress engineering practice.\u003Cbr \u002F>\n本插件提供多种广告展示功能，部分功能基于 Vue 开发（相关资源位于插件本地 assets 目录下的 js 文件中），开源代码地址：https:\u002F\u002Fgitee.com\u002Fwo-zhitao\u002Fadware。\u003Cbr \u002F>\n在使用我们插件的同时请阅读我们的第三方用户服务协议条款：\u003Ca href=\"https:\u002F\u002Fwww.seoceo.cn\u002Findex\u002Findex\u002Fserver\" title=\"服务协议条款\" rel=\"friend nofollow ugc\">服务协议条款\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>重要说明：\u003C\u002Fp>\n\u003Cp>服务类远程调用说明（插件功能依赖的必要服务接口）：\u003Cbr \u002F>\nhttps:\u002F\u002Fapi.seoceo.cn\u002Fapi\u002Fmoney\u002Flog2：用于授权秘钥验证，在用户点击 “立即授权” 时加载，需传入网站域名、类型和授权秘钥，需用户完成授权后使用。\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fapi.seoceo.cn\u002Fapi\u002Findex\u002Fpay_money https:\u002F\u002Fwww.seoceo.cn\u002Findex\u002Findex\u002Fpay_money：用于查询授权状态，在设置保存时加载，需传入域名和类型，仅已授权用户可使用。\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fapi.seoceo.cn\u002Fapi\u002Fmoney\u002Flevel8：用于验证用户购买状态及获取最新版本号，在加载后台插件页面时加载，需传入网站域名，需用户购买后使用。\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fapi.seoceo.cn\u002Fapi\u002Frank\u002Fgonggao：用于获取公告信息，在后台插件页面加载时加载，需传入类型和页数，无需用户授权即可使用。\u003C\u002Fp>\n\u003Cp>插件使用需遵守第三方用户服务协议：\u003Ca href=\"https:\u002F\u002Fwww.seoceo.cn\u002Findex\u002Findex\u002Fserver\" title=\"服务协议条款\" rel=\"nofollow ugc\">服务协议条款\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>远程资源说明：\u003Cbr \u002F>\n引入远程图片的说明（客服服务使用）：https:\u002F\u002Fapi.seoceo.cn\u002Fstatic\u002Findex\u002Fimages\u002Fmxl\u002Fwxqun_qrcode.png\u003Cbr \u002F>\n使用的域名：api.seoceo.cn\u003Cbr \u002F>\n该图片是微信群二维码图片，有效期是7天，用于解决客户问题的服务，我们很难去保证插件能够7天更新一次，但是我们客服人员会7天更换一次微信群二维码图片\u003Cbr \u002F>\n该图片放在服务器上是更换需要，图片上的二维码需要有微信app扫码进入群聊，用于解决插件使用过程中遇见的问题\u003C\u002Fp>\n\u003Cp>客户服务交流论坛：https:\u002F\u002Fwww.seoceo.cn\u002Ffswd（需登录后使用，用于解决插件使用问题）\u003C\u002Fp>\n\u003Cp>部分功能是vue打包的（assets下的js文件），开源地址：https:\u002F\u002Fgitee.com\u002Fwo-zhitao\u002Fadware\u003C\u002Fp>\n\u003Cp>温馨提示：若遇 BUG 请联系官网：\u003Ca href=\"https:\u002F\u002Fwww.seoceo.cn\" title=\"沃之涛官网\" rel=\"nofollow ugc\">www.seoceo.cn\u003C\u002Fa>\u003C\u002Fp>\n","包含开屏广告、对联广告、侧边广告、banner 广告等功能。",0,445,"","6.9.4","5.3","7.4",[18],"%e5%af%b9%e8%81%94%e5%b9%bf%e5%91%8a%ef%bc%8c%e5%bc%80%e5%b1%8f%e5%b9%bf%e5%91%8a%ef%bc%8cbanner-%e5%b9%bf%e5%91%8a%ef%bc%8c%e4%be%a7%e8%be%b9%e5%b9%bf%e5%91%8a","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvert-wzt.0.0.4.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"kelerkgibo",8,1270,99,98,78,"2026-04-04T19:08:36.060Z",[],{"attackSurface":34,"codeSignals":86,"taintFlows":126,"riskAssessment":189,"analyzedAt":197},{"hooks":35,"ajaxHandlers":65,"restRoutes":83,"shortcodes":84,"cronEvents":85,"entryPointCount":46,"unprotectedCount":11},[36,42,47,51,55,58,62],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","plugins_loaded","advert_init","advert.php",25,{"type":37,"name":43,"callback":44,"file":45,"line":46},"wp_enqueue_scripts","advert_enqueue","inc\\header.php",6,{"type":37,"name":48,"callback":44,"file":49,"line":50},"admin_enqueue_scripts","inc\\index.php",7,{"type":37,"name":52,"callback":53,"file":49,"line":54},"admin_menu","advert_addpages",9,{"type":37,"name":38,"callback":56,"file":49,"line":57},"advert_gonggao",11,{"type":59,"name":60,"callback":60,"file":49,"line":61},"filter","advert_dhdfkdksj",16,{"type":59,"name":63,"callback":63,"file":49,"line":64},"advert_dssdd",17,[66,72,74,76,78,80],{"action":67,"nopriv":68,"callback":67,"hasNonce":69,"hasCapCheck":68,"file":70,"line":71},"advert_get_vip",false,true,"inc\\post.php",5,{"action":73,"nopriv":68,"callback":73,"hasNonce":69,"hasCapCheck":68,"file":70,"line":46},"advert_vip",{"action":75,"nopriv":68,"callback":75,"hasNonce":69,"hasCapCheck":68,"file":70,"line":50},"advert_guanggao",{"action":77,"nopriv":68,"callback":77,"hasNonce":69,"hasCapCheck":68,"file":70,"line":26},"advert_get_guanggao",{"action":79,"nopriv":68,"callback":79,"hasNonce":69,"hasCapCheck":68,"file":70,"line":54},"advert_get_gonggao",{"action":81,"nopriv":68,"callback":81,"hasNonce":69,"hasCapCheck":68,"file":70,"line":82},"advert_gonggao_read",10,[],[],[],{"dangerousFunctions":87,"sqlUsage":88,"outputEscaping":95,"fileOperations":11,"externalRequests":50,"nonceChecks":46,"capabilityChecks":11,"bundledLibraries":125},[],{"prepared":89,"raw":90,"locations":91},2,1,[92],{"file":49,"line":93,"context":94},42,"$wpdb->get_var() with variable interpolation",{"escaped":41,"rawEcho":96,"locations":97},13,[98,101,103,105,107,109,111,113,115,117,119,121,123],{"file":70,"line":99,"context":100},59,"raw output",{"file":70,"line":102,"context":100},62,{"file":70,"line":104,"context":100},66,{"file":70,"line":106,"context":100},106,{"file":70,"line":108,"context":100},108,{"file":70,"line":110,"context":100},144,{"file":70,"line":112,"context":100},146,{"file":70,"line":114,"context":100},154,{"file":70,"line":116,"context":100},161,{"file":70,"line":118,"context":100},213,{"file":70,"line":120,"context":100},215,{"file":70,"line":122,"context":100},220,{"file":70,"line":124,"context":100},222,[],[127,155,165],{"entryPoint":128,"graph":129,"unsanitizedCount":11,"severity":154},"advert_vip (inc\\post.php:36)",{"nodes":130,"edges":151},[131,136,142,146],{"id":132,"type":133,"label":134,"file":70,"line":135},"n0","source","$_SERVER",40,{"id":137,"type":138,"label":139,"file":70,"line":140,"wp_function":141},"n1","sink","wp_remote_get() [SSRF]",49,"wp_remote_get",{"id":143,"type":133,"label":144,"file":70,"line":145},"n2","$_POST",38,{"id":147,"type":138,"label":148,"file":70,"line":149,"wp_function":150},"n3","update_option() [Settings Manipulation]",55,"update_option",[152,153],{"from":132,"to":137,"sanitized":69},{"from":143,"to":147,"sanitized":69},"low",{"entryPoint":156,"graph":157,"unsanitizedCount":11,"severity":154},"advert_get_gonggao (inc\\post.php:117)",{"nodes":158,"edges":163},[159,161],{"id":132,"type":133,"label":144,"file":70,"line":160},128,{"id":137,"type":138,"label":139,"file":70,"line":162,"wp_function":141},130,[164],{"from":132,"to":137,"sanitized":69},{"entryPoint":166,"graph":167,"unsanitizedCount":11,"severity":154},"\u003Cpost> (inc\\post.php:0)",{"nodes":168,"edges":184},[169,171,172,174,175,177,180,182],{"id":132,"type":133,"label":170,"file":70,"line":135},"$_SERVER (x2)",{"id":137,"type":138,"label":139,"file":70,"line":140,"wp_function":141},{"id":143,"type":133,"label":173,"file":70,"line":145},"$_POST (x4)",{"id":147,"type":138,"label":148,"file":70,"line":149,"wp_function":150},{"id":176,"type":133,"label":134,"file":70,"line":135},"n4",{"id":178,"type":138,"label":148,"file":70,"line":179,"wp_function":150},"n5",95,{"id":181,"type":133,"label":173,"file":70,"line":160},"n6",{"id":183,"type":138,"label":139,"file":70,"line":162,"wp_function":141},"n7",[185,186,187,188],{"from":132,"to":137,"sanitized":69},{"from":143,"to":147,"sanitized":69},{"from":176,"to":178,"sanitized":69},{"from":181,"to":183,"sanitized":69},{"summary":190,"deductions":191},"The \"advert-wzt\" plugin version 0.0.4 exhibits a generally good security posture based on the provided static analysis. All identified entry points, including AJAX handlers, are protected by either nonce checks or, implicitly, capability checks (though the latter are explicitly listed as 0, the presence of 6 nonce checks suggests these are the primary authentication mechanisms). The absence of critical or high-severity taint flows is a significant positive indicator, suggesting that user-supplied data is being handled with reasonable care.  Furthermore, the plugin has no recorded vulnerability history, indicating a strong track record of security. \n\nHowever, there are areas for improvement. While the majority of SQL queries utilize prepared statements, 33% do not, which could be a potential risk if these queries handle user-controlled input without proper sanitization. Similarly, a notable portion of output (34%) is not properly escaped, leaving room for cross-site scripting (XSS) vulnerabilities if that output includes user-supplied data. The presence of 7 external HTTP requests without explicit mention of sanitization or validation could also pose a risk if the plugin interacts with untrusted external resources. \n\nIn conclusion, \"advert-wzt\" v0.0.4 demonstrates strengths in its protected entry points and lack of historical vulnerabilities. Nevertheless, the unescaped output and raw SQL queries represent potential weaknesses that should be addressed to further harden the plugin's security.",[192,194],{"reason":193,"points":71},"SQL queries not using prepared statements",{"reason":195,"points":196},"Output not properly escaped",4,"2026-03-17T05:49:19.729Z",{"wat":199,"direct":214},{"assetPaths":200,"generatorPatterns":206,"scriptPaths":207,"versionParams":208},[201,202,203,204,205],"\u002Fwp-content\u002Fplugins\u002Fadvert-wzt\u002Finc\u002Fcss\u002Fprism.css","\u002Fwp-content\u002Fplugins\u002Fadvert-wzt\u002Finc\u002Fcss\u002Fheader.css","\u002Fwp-content\u002Fplugins\u002Fadvert-wzt\u002Fassets\u002Fcss\u002Fadvert.css","\u002Fwp-content\u002Fplugins\u002Fadvert-wzt\u002Fassets\u002Fjs\u002Fadvert.js","\u002Fwp-content\u002Fplugins\u002Fadvert-wzt\u002Finc\u002Fjs\u002Fheader.js",[],[205,204],[209,210,211,212,213],"advert-wzt\u002Finc\u002Fcss\u002Fprism.css?ver=","advert-wzt\u002Finc\u002Fcss\u002Fheader.css?ver=","advert-wzt\u002Fassets\u002Fcss\u002Fadvert.css?ver=","advert-wzt\u002Fassets\u002Fjs\u002Fadvert.js?ver=","advert-wzt\u002Finc\u002Fjs\u002Fheader.js?ver=",{"cssClasses":215,"htmlComments":217,"htmlAttributes":218,"restEndpoints":220,"jsGlobals":221,"shortcodeOutput":223},[216],"advert_is_mianze",[],[219],"advert_wztkj_url",[],[222,219],"advertData",[]]