[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0Fh7687sEWHgWQONG-yP2H3_q1Jm_xo_JlVVzrTkbxU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":34,"fingerprints":155},"ascend-marketing-tools","Ascend Marketing Tools","1.0.2","MicahValentine","https:\u002F\u002Fprofiles.wordpress.org\u002Fmicahvalentine\u002F","\u003Cp>The core feature of the plugin is the high-conversion mobile CTA that is guaranteed to increase your click-to-call and contact rates since it is well designed and customizable. The plugin also allows you to inject any code you need into your headers (like fb pixel and Google Analytics) and allows you to customize the colors and enable icons on the CTA.\u003C\u002Fp>\n","This plugin allows you to add a high-conversion mobile CTA with two buttons, as well as inject any code you need into your theme headers (fb pixel, an …",10,1473,0,"2020-01-21T18:42:00.000Z","5.3.21","3.0.1","5.6",[19,20],"header-code-injector","mobile-cta","http:\u002F\u002Fascendmarketingnow.com\u002Fascend-marketing-tools-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fascend-marketing-tools.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"micahvalentine",1,30,84,"2026-04-05T15:00:42.826Z",[],{"attackSurface":35,"codeSignals":85,"taintFlows":142,"riskAssessment":143,"analyzedAt":154},{"hooks":36,"ajaxHandlers":81,"restRoutes":82,"shortcodes":83,"cronEvents":84,"entryPointCount":13,"unprotectedCount":13},[37,43,48,52,56,60,64,67,72,75,77,79],{"type":38,"name":39,"callback":40,"priority":11,"file":41,"line":42},"filter","plugin_action_links","ttt_wpmdr_add_action_plugin","ascend-marketing.php",70,{"type":44,"name":45,"callback":46,"file":41,"line":47},"action","admin_menu","wpam_add_admin_menu",95,{"type":44,"name":49,"callback":50,"file":41,"line":51},"admin_init","wpam_settings_init",96,{"type":44,"name":53,"callback":54,"file":41,"line":55},"wp_head","hook_pixel",392,{"type":44,"name":57,"callback":58,"file":41,"line":59},"wp_footer","hook_cta_html",411,{"type":44,"name":61,"callback":62,"file":41,"line":63},"wp_enqueue_scripts","hook_cta_css",444,{"type":44,"name":53,"callback":65,"file":41,"line":66},"hook_fontAwesome",457,{"type":44,"name":68,"callback":69,"file":70,"line":71},"plugins_loaded","anonymous","includes\\class-ascend-marketing.php",145,{"type":44,"name":73,"callback":69,"file":70,"line":74},"admin_enqueue_scripts",160,{"type":44,"name":73,"callback":69,"file":70,"line":76},161,{"type":44,"name":61,"callback":69,"file":70,"line":78},176,{"type":44,"name":61,"callback":69,"file":70,"line":80},177,[],[],[],[],{"dangerousFunctions":86,"sqlUsage":87,"outputEscaping":89,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":141},[],{"prepared":13,"raw":13,"locations":88},[],{"escaped":13,"rawEcho":90,"locations":91},29,[92,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,124,125,126,128,129,130,131,133,135,136,137,139,140],{"file":41,"line":93,"context":94},285,"raw output",{"file":41,"line":96,"context":94},287,{"file":41,"line":98,"context":94},288,{"file":41,"line":100,"context":94},290,{"file":41,"line":102,"context":94},291,{"file":41,"line":104,"context":94},295,{"file":41,"line":106,"context":94},297,{"file":41,"line":108,"context":94},299,{"file":41,"line":110,"context":94},301,{"file":41,"line":112,"context":94},303,{"file":41,"line":114,"context":94},305,{"file":41,"line":116,"context":94},318,{"file":41,"line":118,"context":94},335,{"file":41,"line":120,"context":94},358,{"file":41,"line":122,"context":94},360,{"file":41,"line":122,"context":94},{"file":41,"line":122,"context":94},{"file":41,"line":122,"context":94},{"file":41,"line":127,"context":94},361,{"file":41,"line":127,"context":94},{"file":41,"line":127,"context":94},{"file":41,"line":127,"context":94},{"file":41,"line":132,"context":94},389,{"file":41,"line":134,"context":94},404,{"file":41,"line":134,"context":94},{"file":41,"line":134,"context":94},{"file":41,"line":138,"context":94},405,{"file":41,"line":138,"context":94},{"file":41,"line":138,"context":94},[],[],{"summary":144,"deductions":145},"The \"ascend-marketing-tools\" v1.0.2 plugin exhibits a generally good security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, cron events, and file operations suggests a limited attack surface. Furthermore, the code analysis reveals no dangerous functions, no external HTTP requests, and all SQL queries are properly prepared, which are excellent security practices. The taint analysis also shows no critical or high severity flows.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 29 total outputs analyzed and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed on the front-end or back-end of WordPress without proper sanitization or escaping is a prime target for XSS attacks, which could lead to session hijacking, defacement, or malware distribution. The complete absence of nonce and capability checks further exacerbates this risk, as it means even if there were entry points, they would likely be vulnerable to unauthorized access and manipulation.\n\nThe vulnerability history also shows no known CVEs, which is a positive sign. However, this does not negate the critical security flaw identified in the output escaping. The plugin's current version appears to have foundational security strengths in areas like SQL and attack surface management, but the severe oversight in output sanitization presents a critical risk that needs immediate attention.",[146,149,152],{"reason":147,"points":148},"Outputs not properly escaped",20,{"reason":150,"points":151},"No nonce checks",5,{"reason":153,"points":151},"No capability checks","2026-03-17T00:12:10.436Z",{"wat":156,"direct":167},{"assetPaths":157,"generatorPatterns":161,"scriptPaths":162,"versionParams":163},[158,159,160],"\u002Fwp-content\u002Fplugins\u002Fascend-marketing-tools\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fascend-marketing-tools\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fascend-marketing-tools\u002Fjs\u002Fascend-marketing-admin.js",[],[159,160],[164,165,166],"ascend-marketing-tools\u002Fcss\u002Fstyle.css?ver=","ascend-marketing-tools\u002Fjs\u002Fscript.js?ver=","ascend-marketing-tools\u002Fjs\u002Fascend-marketing-admin.js?ver=",{"cssClasses":168,"htmlComments":170,"htmlAttributes":171,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":184},[169],"ascend-marketing-tools-cta",[],[172,173,174,175,176,177,178,179,180],"data-ascend-breakpoint","data-ascend-bg-color","data-ascend-text-color","data-ascend-b1-label","data-ascend-b1-link","data-ascend-b1-icon","data-ascend-b2-label","data-ascend-b2-link","data-ascend-b2-icon",[],[183],"ascendMarketingAdmin",[185],"[ascend_marketing_tools]"]