[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fx9Uv5yQPmBv7TnT1TuLA7MPItoRl7ihMDAKNf1enx64":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":35,"fingerprints":95},"atec-dir-scan","atec Dir Scan","1.4.29","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin scans the complete WordPress directory for files\u002Fdirectories and displays the result in a scrollable directory tree with the number of files and size per directory.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Ch3>Integrity check\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Ch3>3rd party scripts\u003C\u002Fh3>\n\u003Cp>The plugin uses “basicLightbox” to preview images.\u003Cbr \u002F>\nSource code @ https:\u002F\u002Fgithub.com\u002Felecterious\u002FbasicLightbox\u002F\u003C\u002Fp>\n\u003Cp>The plugin uses “jsTree” to display directory trees.\u003Cbr \u002F>\nSource code @ https:\u002F\u002Fwww.jstree.com\u002F\u003C\u002Fp>\n","atec Dir Scan & Statistics (Number of files and size per directory)",40,4570,100,2,"2026-01-08T13:14:00.000Z","6.9.4","4.9","7.4",[20,21],"including-file-count-and-file-size","navigate-through-the-whole-directory-tree-of-your-wp-installation","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-dir-scan.1.4.29.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":31,"computed_at":33},16,2730,99,1,"2026-04-04T03:49:42.444Z",[],{"attackSurface":36,"codeSignals":70,"taintFlows":87,"riskAssessment":88,"analyzedAt":94},{"hooks":37,"ajaxHandlers":60,"restRoutes":67,"shortcodes":68,"cronEvents":69,"entryPointCount":32,"unprotectedCount":32},[38,44,48,51,55,57],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_menu","closure","atec-dir-scan.php",29,{"type":39,"name":45,"callback":41,"file":46,"line":47},"admin_enqueue_scripts","includes\\ATEC\\INIT.php",564,{"type":39,"name":49,"callback":41,"file":46,"line":50},"admin_notices",647,{"type":39,"name":52,"callback":41,"priority":53,"file":46,"line":54},"admin_footer",10,688,{"type":39,"name":49,"callback":41,"file":46,"line":56},720,{"type":39,"name":45,"callback":41,"file":58,"line":59},"includes\\atec-wpds-install.php",6,[61],{"action":62,"nopriv":63,"callback":64,"hasNonce":63,"hasCapCheck":63,"file":65,"line":66},"atec_admin_notice_dismiss",false,"dismiss_notice","includes\\ATEC\\LOADER.php",109,[],[],[],{"dangerousFunctions":71,"sqlUsage":72,"outputEscaping":74,"fileOperations":84,"externalRequests":32,"nonceChecks":14,"capabilityChecks":85,"bundledLibraries":86},[],{"prepared":24,"raw":24,"locations":73},[],{"escaped":75,"rawEcho":14,"locations":76},264,[77,81],{"file":78,"line":79,"context":80},"includes\\ATEC\\SVG.php",557,"raw output",{"file":82,"line":83,"context":80},"includes\\ATEC\\TOOLS.php",1211,14,5,[],[],{"summary":89,"deductions":90},"The 'atec-dir-scan' plugin v1.4.29 presents a mixed security profile. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and ensuring nearly all output is properly escaped. The absence of known vulnerabilities and common vulnerability types in its history is a significant strength, suggesting a relatively stable and well-maintained codebase. Furthermore, the plugin does not bundle any external libraries, mitigating risks associated with outdated dependencies.\n\nHowever, a significant concern arises from the plugin's attack surface. It exposes one AJAX handler that lacks authentication checks. This unprotected entry point could potentially be exploited by unauthenticated users to interact with the plugin in unintended ways, leading to information disclosure or even more severe consequences if the AJAX handler performs sensitive operations. The static analysis did not reveal any critical or high-severity taint flows, which is reassuring, but the presence of an unprotected AJAX handler remains a critical oversight.\n\nIn conclusion, while 'atec-dir-scan' v1.4.29 excels in areas like SQL handling and output escaping, and has a clean vulnerability history, the single unprotected AJAX handler is a notable weakness. This single point of potential compromise significantly elevates the risk profile, requiring immediate attention and remediation.",[91],{"reason":92,"points":93},"AJAX handler without authentication",8,"2026-03-16T22:18:00.718Z",{"wat":96,"direct":105},{"assetPaths":97,"generatorPatterns":100,"scriptPaths":101,"versionParams":102},[98,99],"\u002Fwp-content\u002Fplugins\u002Fatec-dir-scan\u002Fincludes\u002FATEC\u002Fjs\u002Fmenu-toggle.js","\u002Fwp-content\u002Fplugins\u002Fatec-dir-scan\u002Fincludes\u002FATEC\u002Fcss\u002Fadmin-menu.css",[],[98],[103,104],"atec-dir-scan\u002Fincludes\u002FATEC\u002Fjs\u002Fmenu-toggle.js?ver=","atec-dir-scan\u002Fincludes\u002FATEC\u002Fcss\u002Fadmin-menu.css?ver=",{"cssClasses":106,"htmlComments":108,"htmlAttributes":109,"restEndpoints":113,"jsGlobals":115,"shortcodeOutput":117},[107],"atec-admin-bar-row",[],[110,111,112],"data-atec-slug","data-atec-action","data-atec-nav",[114],"\u002Fwp-json\u002Fatec-dir-scan\u002Fv1\u002Fscan",[116],"atec_wpds_ajax_cb",[]]