[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f38NnIFHo8RqVF2c85kmFrQzoQsgGoMpxsQ3UX7kboI4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":35,"fingerprints":129},"arrow-keys-navigation","Arrow Keys Navigation","1.0.1","ernestortiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fernestortiz\u002F","\u003Cp>This plugin enables navigation to next and previous posts (and custom posts) using the right and left arrows on keyboard.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>If you want to help me in writing more code or better poetry, please invite me to a beer (or coffee, maybe) by sending your thanks to my PayPal account (ernestortizcu@yahoo.es). Thanks in advance.\u003C\u002Fp>\n","This plugin enables left and right key post (and custom post) navigation.",50,2267,100,1,"2016-09-08T14:45:00.000Z","4.5.33","3.0.1","",[20,21],"arrow-key-navigation","key-navigation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farrow-keys-navigation.1.0.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},4,110,30,84,"2026-04-05T09:27:50.350Z",[],{"attackSurface":36,"codeSignals":70,"taintFlows":86,"riskAssessment":113,"analyzedAt":128},{"hooks":37,"ajaxHandlers":57,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":69,"unprotectedCount":69},[38,44,49,53],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","wp_head","ajaxes_js","ajaxes.php",49,{"type":39,"name":45,"callback":46,"file":47,"line":48},"plugins_loaded","akeynav_init","akeynav.php",18,{"type":39,"name":50,"callback":51,"file":47,"line":52},"wp_enqueue_scripts","akeynav_frontend_scripts",29,{"type":39,"name":54,"callback":55,"file":47,"line":56},"wp_footer","akeynav_wildcard",53,[58,63],{"action":59,"nopriv":60,"callback":61,"hasNonce":60,"hasCapCheck":60,"file":42,"line":62},"akeynav_reqs",false,"akeynav_reqs_callback",7,{"action":59,"nopriv":64,"callback":61,"hasNonce":60,"hasCapCheck":60,"file":42,"line":65},true,8,[],[],[],2,{"dangerousFunctions":71,"sqlUsage":72,"outputEscaping":74,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":85},[],{"prepared":24,"raw":24,"locations":73},[],{"escaped":24,"rawEcho":29,"locations":75},[76,79,81,83],{"file":42,"line":77,"context":78},32,"raw output",{"file":42,"line":80,"context":78},42,{"file":42,"line":82,"context":78},43,{"file":47,"line":84,"context":78},51,[],[87,104],{"entryPoint":88,"graph":89,"unsanitizedCount":14,"severity":103},"akeynav_reqs_callback (ajaxes.php:11)",{"nodes":90,"edges":101},[91,96],{"id":92,"type":93,"label":94,"file":42,"line":95},"n0","source","$_POST",22,{"id":97,"type":98,"label":99,"file":42,"line":77,"wp_function":100},"n1","sink","echo() [XSS]","echo",[102],{"from":92,"to":97,"sanitized":60},"medium",{"entryPoint":105,"graph":106,"unsanitizedCount":14,"severity":112},"\u003Cajaxes> (ajaxes.php:0)",{"nodes":107,"edges":110},[108,109],{"id":92,"type":93,"label":94,"file":42,"line":95},{"id":97,"type":98,"label":99,"file":42,"line":77,"wp_function":100},[111],{"from":92,"to":97,"sanitized":60},"low",{"summary":114,"deductions":115},"The \"arrow-keys-navigation\" plugin v1.0.1 exhibits a mixed security posture. On the positive side, it shows no known historical vulnerabilities and avoids dangerous functions, raw SQL queries, file operations, and external HTTP requests. The absence of these common attack vectors suggests a degree of care in its development.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication or capability checks, representing a direct attack surface. Furthermore, all identified output actions (4 total) are not properly escaped, creating a strong potential for cross-site scripting (XSS) vulnerabilities. The taint analysis also identified two flows with unsanitized paths, though they were not classified as critical or high severity, they still indicate a lack of input validation.\n\nGiven the lack of past vulnerabilities, it's possible the plugin has not been extensively tested or targeted. However, the presence of unprotected AJAX endpoints and unescaped output are critical weaknesses that could be easily exploited. The plugin's strengths lie in its avoidance of common risky practices, but its weaknesses in input sanitization and output escaping present immediate security risks that should be addressed.",[116,119,121,124,126],{"reason":117,"points":118},"Unprotected AJAX handlers",10,{"reason":120,"points":65},"No output escaping",{"reason":122,"points":123},"Flows with unsanitized paths",5,{"reason":125,"points":62},"No nonce checks on AJAX",{"reason":127,"points":123},"No capability checks","2026-03-16T22:00:10.164Z",{"wat":130,"direct":139},{"assetPaths":131,"generatorPatterns":134,"scriptPaths":135,"versionParams":136},[132,133],"\u002Fwp-content\u002Fplugins\u002Farrow-keys-navigation\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Farrow-keys-navigation\u002Fjs\u002Fqueries.js",[],[133],[137,138],"arrow-keys-navigation\u002Fcss\u002Fstyle.css?ver=","arrow-keys-navigation\u002Fjs\u002Fqueries.js?ver=",{"cssClasses":140,"htmlComments":141,"htmlAttributes":142,"restEndpoints":144,"jsGlobals":145,"shortcodeOutput":148},[],[],[143],"id='akeynav_wildcard'",[],[146,147],"ajaxurl","ajaxnonce",[]]