[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fftuTFn487GgRZeWO9mFRpOUPbiwJ1psmfxwHu7zsXf8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":33,"fingerprints":193},"atec-profiler","atec Profiler","1.1.32","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin adds two profiler script to the must-use-plugin folder (mu-plugins), to measure the execution time of the plugins and the theme. These measures can be used to detect bottlenecks and ultimately improve the performance of your site.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Ch3>Integrity check\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Measure plugins & theme execution time plus page processing time",60,1966,100,1,"2026-01-08T13:17:00.000Z","6.9.4","4.9","7.4",[20],"measure-plugins-theme-execution-time-plus-page-processing-time","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-profiler.1.1.32.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":14,"trust_score":30,"computed_at":31},16,2730,99,"2026-04-04T03:48:22.024Z",[],{"attackSurface":34,"codeSignals":118,"taintFlows":143,"riskAssessment":187,"analyzedAt":192},{"hooks":35,"ajaxHandlers":108,"restRoutes":115,"shortcodes":116,"cronEvents":117,"entryPointCount":14,"unprotectedCount":14},[36,42,46,50,53,57,59,65,68,72,76,80,84,87,90,93,95,99,104,107],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","closure","atec-profiler.php",29,{"type":43,"name":44,"callback":39,"file":40,"line":45},"filter","all_plugins",31,{"type":37,"name":47,"callback":39,"file":48,"line":49},"admin_enqueue_scripts","includes\\ATEC\\INIT.php",564,{"type":37,"name":51,"callback":39,"file":48,"line":52},"admin_notices",647,{"type":37,"name":54,"callback":39,"priority":55,"file":48,"line":56},"admin_footer",10,688,{"type":37,"name":51,"callback":39,"file":48,"line":58},720,{"type":43,"name":60,"callback":61,"priority":62,"file":63,"line":64},"pre_determine_locale","profileLocale",999,"install\\_atec-mu-hooks-profiler.php",30,{"type":37,"name":66,"callback":67,"file":63,"line":45},"all","profileHook",{"type":43,"name":69,"callback":70,"priority":55,"file":63,"line":71},"pre_http_request","captureHttpStart",32,{"type":37,"name":73,"callback":74,"file":63,"line":75},"requests-curl.after_send","captureHttpEnd",33,{"type":37,"name":77,"callback":78,"file":63,"line":79},"shutdown","onShutdown",34,{"type":37,"name":77,"callback":81,"file":82,"line":83},"logStats","install\\_atec-mu-pages-profiler.php",41,{"type":37,"name":85,"callback":39,"file":86,"line":79},"plugin_loaded","install\\_atec-mu-processes-profiler.php",{"type":37,"name":88,"callback":39,"file":86,"line":89},"setup_theme",36,{"type":37,"name":91,"callback":39,"file":86,"line":92},"after_setup_theme",37,{"type":37,"name":77,"callback":39,"file":86,"line":94},39,{"type":37,"name":96,"callback":97,"priority":98,"file":86,"line":83},"plugins_loaded","wrapHookCallbacks",9999,{"type":43,"name":100,"callback":101,"priority":62,"file":102,"line":103},"gettext","trackGettext","install\\_atec-mu-translations-profiler.php",28,{"type":43,"name":105,"callback":106,"priority":55,"file":102,"line":41},"override_load_textdomain","trackLoadTextdomain",{"type":37,"name":77,"callback":78,"file":102,"line":64},[109],{"action":110,"nopriv":111,"callback":112,"hasNonce":111,"hasCapCheck":111,"file":113,"line":114},"atec_admin_notice_dismiss",false,"dismiss_notice","includes\\ATEC\\LOADER.php",109,[],[],[],{"dangerousFunctions":119,"sqlUsage":120,"outputEscaping":122,"fileOperations":140,"externalRequests":14,"nonceChecks":141,"capabilityChecks":124,"bundledLibraries":142},[],{"prepared":23,"raw":23,"locations":121},[],{"escaped":123,"rawEcho":124,"locations":125},335,5,[126,130,132,134,137],{"file":127,"line":128,"context":129},"includes\\ATEC\\CHECK.php",73,"raw output",{"file":127,"line":131,"context":129},111,{"file":127,"line":133,"context":129},124,{"file":135,"line":136,"context":129},"includes\\ATEC\\SVG.php",557,{"file":138,"line":139,"context":129},"includes\\ATEC\\TOOLS.php",1211,19,2,[],[144,161,169,179],{"entryPoint":145,"graph":146,"unsanitizedCount":14,"severity":160},"onShutdown (install\\_atec-mu-hooks-profiler.php:82)",{"nodes":147,"edges":158},[148,153],{"id":149,"type":150,"label":151,"file":63,"line":152},"n0","source","$_SERVER",84,{"id":154,"type":155,"label":156,"file":63,"line":114,"wp_function":157},"n1","sink","file_put_contents() [File Write]","file_put_contents",[159],{"from":149,"to":154,"sanitized":111},"medium",{"entryPoint":162,"graph":163,"unsanitizedCount":14,"severity":160},"\u003C_atec-mu-hooks-profiler> (install\\_atec-mu-hooks-profiler.php:0)",{"nodes":164,"edges":167},[165,166],{"id":149,"type":150,"label":151,"file":63,"line":152},{"id":154,"type":155,"label":156,"file":63,"line":114,"wp_function":157},[168],{"from":149,"to":154,"sanitized":111},{"entryPoint":170,"graph":171,"unsanitizedCount":14,"severity":160},"onShutdown (install\\_atec-mu-translations-profiler.php:56)",{"nodes":172,"edges":177},[173,175],{"id":149,"type":150,"label":151,"file":102,"line":174},65,{"id":154,"type":155,"label":156,"file":102,"line":176,"wp_function":157},91,[178],{"from":149,"to":154,"sanitized":111},{"entryPoint":180,"graph":181,"unsanitizedCount":14,"severity":160},"\u003C_atec-mu-translations-profiler> (install\\_atec-mu-translations-profiler.php:0)",{"nodes":182,"edges":185},[183,184],{"id":149,"type":150,"label":151,"file":102,"line":174},{"id":154,"type":155,"label":156,"file":102,"line":176,"wp_function":157},[186],{"from":149,"to":154,"sanitized":111},{"summary":188,"deductions":189},"The \"atec-profiler\" plugin v1.1.32 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, with 100% using prepared statements, and a high percentage (99%) of output being properly escaped, significantly mitigating common web vulnerabilities like SQL injection and XSS.  The absence of known CVEs and a clean vulnerability history also suggest a generally well-maintained codebase.\n\nHowever, a significant concern is the presence of an unprotected AJAX handler, representing a critical entry point into the plugin's functionality without any authentication or authorization checks. While the taint analysis did reveal flows with unsanitized paths, the severity was noted as none (critical\u002Fhigh), which is a positive sign, but the mere presence of unsanitized paths warrants attention.  The limited number of known vulnerabilities could be a testament to good development or simply a lack of extensive public scrutiny.  Therefore, while the plugin has strong foundations in secure coding for database interactions and output handling, the unprotected AJAX endpoint poses a direct and immediate risk that needs to be addressed.",[190],{"reason":191,"points":55},"Unprotected AJAX handler","2026-03-16T21:45:19.598Z",{"wat":194,"direct":202},{"assetPaths":195,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[196,197,198],"\u002Fwp-content\u002Fplugins\u002Fatec-profiler\u002Fatec-profiler.php","\u002Fwp-content\u002Fplugins\u002Fatec-profiler\u002Fincludes\u002FATEC\u002FLOADER.php","\u002Fwp-content\u002Fplugins\u002Fatec-profiler\u002Fincludes\u002FATEC\u002FINIT.php",[],[],[],{"cssClasses":203,"htmlComments":205,"htmlAttributes":206,"restEndpoints":208,"jsGlobals":210,"shortcodeOutput":213},[204],"atec-admin-bar-row",[],[207],"data-atec",[209],"\u002Fwp-json\u002Fatec-profiler\u002Fv1\u002Fsettings",[211,212],"atec_profiler_settings","atec_profiler_admin_ajax",[214],"[atec_profiler_output]"]