[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fi9kyF8ud04mYEqXyfeWhn8B4M9Q-gYoCFqaU2OB1HjE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":190},"async-background-worker","Async Background Worker","1.0","todiadiyatmo","https:\u002F\u002Fprofiles.wordpress.org\u002Ftodiadiatmo\u002F","\u003Cp>Async Background Worker, more information please visit this page \u003Ca href=\"https:\u002F\u002Ftonjoo.github.io\u002Fasync-background-worker\u002F\" title=\"Documentation\" rel=\"nofollow ugc\">https:\u002F\u002Ftonjoo.github.io\u002Fasync-background-worker\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Sample Usage\u003C\u002Fh3>\n\u003Ch4>What is it ?\u003C\u002Fh4>\n\u003Cp>WordPress background worker plugin that enable WordPress to interact with beanstalkd work queue.\u003C\u002Fp>\n\u003Ch4>Why we need a worker ?\u003C\u002Fh4>\n\u003Cp>We can run a very long task in the background, for example we need to import 100.000 row into WordPress databases. Instead of doing the 100.000 import in one job, we can separate the job into many smaller job which is safer.\u003C\u002Fp>\n\u003Ch4>WP-CLI\u003C\u002Fh4>\n\u003Cp>Make sure you have WP CLI installed on your system\u003C\u002Fp>\n\u003Ch4>Support Forum\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fforum.tonjoostudio.com\u002Fthread-category\u002Fasync-background-worker\u002F\" title=\"Support\" rel=\"nofollow ugc\">https:\u002F\u002Fforum.tonjoostudio.com\u002Fthread-category\u002Fasync-background-worker\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Add job to queue\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Add new job to new worker queue using \u003Ccode>add_async_job\u003C\u002Fcode> command\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$job = new stdClass();  \n\u002F\u002F the function to run  \n$job->function = 'function_to_execute_on_background';  \n\u002F\u002F our user entered data  \n$job->user_data = array('data'=>'some_data');\nadd_async_job($job);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Implement function\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function function_to_execute_on_background($data) {\n    \u002F\u002Fdo something usefull\n    echo \"Background job executed successfully\\n\";\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Run \u003Ccode>wp background-worker listen\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Command\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>wp background-worker\u003C\u002Fcode>\u003Cbr \u002F>\nRun Async Background Worker once.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>wp background-worker listen\u003C\u002Fcode>\u003Cbr \u002F>\nRun Async Background Worker in loop (contiously), this is what you want for background worker. WordPress framework is restart in each loop.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>wp background-worker listen-daemon\u003C\u002Fcode>\u003Cbr \u002F>\nRun Async Background Worker in loop (contiously) without restart the WordPress framework. \u003Cstrong>NOTE\u003C\u002Fstrong> if you use this mode, any code change will not be reflected. You must restart the Async Background Worker each time you change code. This save memory and speed up thing.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Async Background Worker, more information please visit this page [https:\u002F\u002Ftonjoo.github.io\u002Fasync-background-worker\u002F](https:\u002F\u002Ftonjoo.github.",10,1253,0,"2017-12-27T10:22:00.000Z","4.9.29","4.4","",[4,19],"background-worker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasync-background-worker.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"todiadiatmo",4,7350,87,956,70,"2026-04-04T11:53:41.301Z",[],{"attackSurface":35,"codeSignals":57,"taintFlows":144,"riskAssessment":171,"analyzedAt":189},{"hooks":36,"ajaxHandlers":47,"restRoutes":53,"shortcodes":54,"cronEvents":55,"entryPointCount":56,"unprotectedCount":56},[37,43],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_enqueue_scripts","wp_background_worker_admin_scripts","admin-page.php",3,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_menu","background_worker_menu_page",9,[48],{"action":49,"nopriv":50,"callback":51,"hasNonce":50,"hasCapCheck":50,"file":41,"line":52},"retry_background_worker_job",false,"retry_background_worker_job_ajax_callback",320,[],[],[],1,{"dangerousFunctions":58,"sqlUsage":71,"outputEscaping":96,"fileOperations":13,"externalRequests":13,"nonceChecks":97,"capabilityChecks":13,"bundledLibraries":143},[59,63,67],{"fn":60,"file":41,"line":61,"context":62},"unserialize",178,"$payload = unserialize( @$job->payload );",{"fn":60,"file":64,"line":65,"context":66},"async-background-worker.php",187,"$job_data = unserialize( @$job->payload );",{"fn":68,"file":64,"line":69,"context":70},"exec",302,"exec( $cmd ,$output );",{"prepared":46,"raw":11,"locations":72},[73,76,78,80,82,84,87,90,91,93],{"file":41,"line":74,"context":75},33,"$wpdb->get_var() with variable interpolation",{"file":41,"line":77,"context":75},34,{"file":41,"line":79,"context":75},35,{"file":41,"line":81,"context":75},49,{"file":41,"line":83,"context":75},61,{"file":41,"line":85,"context":86},66,"$wpdb->get_results() with variable interpolation",{"file":41,"line":88,"context":89},75,"$wpdb->query() with variable interpolation",{"file":64,"line":29,"context":75},{"file":64,"line":92,"context":89},168,{"file":64,"line":94,"context":95},177,"$wpdb->get_row() with variable interpolation",{"escaped":97,"rawEcho":98,"locations":99},2,21,[100,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141],{"file":41,"line":101,"context":102},78,"raw output",{"file":41,"line":104,"context":102},80,{"file":41,"line":106,"context":102},83,{"file":41,"line":108,"context":102},97,{"file":41,"line":110,"context":102},98,{"file":41,"line":112,"context":102},104,{"file":41,"line":114,"context":102},109,{"file":41,"line":116,"context":102},112,{"file":41,"line":118,"context":102},123,{"file":41,"line":120,"context":102},126,{"file":41,"line":122,"context":102},137,{"file":41,"line":124,"context":102},145,{"file":41,"line":126,"context":102},182,{"file":41,"line":128,"context":102},183,{"file":41,"line":130,"context":102},192,{"file":41,"line":132,"context":102},195,{"file":41,"line":134,"context":102},215,{"file":41,"line":136,"context":102},220,{"file":41,"line":138,"context":102},224,{"file":41,"line":140,"context":102},244,{"file":41,"line":142,"context":102},297,[],[145,163],{"entryPoint":146,"graph":147,"unsanitizedCount":13,"severity":162},"background_worker_page_handler (admin-page.php:14)",{"nodes":148,"edges":159},[149,154],{"id":150,"type":151,"label":152,"file":41,"line":153},"n0","source","$_GET",27,{"id":155,"type":156,"label":157,"file":41,"line":126,"wp_function":158},"n1","sink","echo() [XSS]","echo",[160],{"from":150,"to":155,"sanitized":161},true,"low",{"entryPoint":164,"graph":165,"unsanitizedCount":13,"severity":162},"\u003Cadmin-page> (admin-page.php:0)",{"nodes":166,"edges":169},[167,168],{"id":150,"type":151,"label":152,"file":41,"line":153},{"id":155,"type":156,"label":157,"file":41,"line":126,"wp_function":158},[170],{"from":150,"to":155,"sanitized":161},{"summary":172,"deductions":173},"The async-background-worker plugin version 1.0 exhibits a mixed security posture. While it has no recorded vulnerability history and a small attack surface in terms of REST API routes, shortcodes, and cron events, significant concerns arise from its static analysis.  The presence of a single AJAX handler without any authentication or capability checks represents a critical entry point that an attacker could potentially leverage. Furthermore, the use of dangerous functions like `unserialize` and `exec` within the codebase, coupled with a very low percentage of properly escaped output, indicates a high risk of code injection and data manipulation vulnerabilities. The plugin also lacks nonces for its identified AJAX handler, which is a fundamental security measure for AJAX endpoints.\n\nThe lack of any recorded CVEs is a positive sign, suggesting that the plugin may have been relatively secure in the past or has not been a target. However, the current code analysis reveals practices that are fundamentally insecure and could lead to critical vulnerabilities, irrespective of past history. The absence of capability checks on the identified AJAX handler is a severe oversight.  In conclusion, while the plugin has a clean history, the static analysis findings point to serious immediate security risks that require urgent attention, primarily concerning the unprotected AJAX endpoint and the use of dangerous functions with inadequate output sanitization.",[174,176,179,181,184,186],{"reason":175,"points":11},"Unprotected AJAX handler",{"reason":177,"points":178},"Dangerous function: unserialize",8,{"reason":180,"points":178},"Dangerous function: exec",{"reason":182,"points":183},"Low percentage of properly escaped output",7,{"reason":185,"points":11},"No capability checks on AJAX handler",{"reason":187,"points":188},"Missing nonce checks on AJAX",5,"2026-03-17T00:03:54.843Z",{"wat":191,"direct":197},{"assetPaths":192,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[193],"\u002Fwp-content\u002Fplugins\u002Fasync-background-worker\u002Fadmin-page.php",[],[],[],{"cssClasses":198,"htmlComments":199,"htmlAttributes":200,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":203},[],[],[],[],[],[]]