[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjVNKIor7NMuKNphQBFH-K9r_KcTdt1_MONFgrZE5-CA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":36,"fingerprints":134},"atec-system-info","atec System Info","1.2.31","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin provides detailed system information, such as operating system, server, memory, PHP and database details. It will also show PHPinfo, php.ini and PHP extensions.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>This plugin requests the server geo location (country, city) by sending the server IPinfo, a IP2GEO location service at to https:\u002F\u002Fipinfo.io\u002F.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\u003Cbr \u002F>\nTerms: https:\u002F\u002Fipinfo.io\u002Fterms-of-service\u003C\u002Fp>\n","atec System Info (Operating system, server, memory, PHP and database details)",200,11491,100,2,"2025-12-18T09:33:00.000Z","6.9.4","4.9","7.4",[20,21,22],"highly-detailed-system-information-system-health-status","memory-db-and-comprehensive-server-and-php-configuration-details","server-info-os","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-system-info.1.2.31.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":32,"computed_at":34},16,2730,99,1,"2026-04-05T02:59:55.701Z",[],{"attackSurface":37,"codeSignals":72,"taintFlows":122,"riskAssessment":123,"analyzedAt":133},{"hooks":38,"ajaxHandlers":62,"restRoutes":69,"shortcodes":70,"cronEvents":71,"entryPointCount":33,"unprotectedCount":33},[39,45,49,52,56,58],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_menu","closure","atec-system-info.php",28,{"type":40,"name":46,"callback":42,"file":47,"line":48},"admin_enqueue_scripts","includes\\ATEC\\INIT.php",564,{"type":40,"name":50,"callback":42,"file":47,"line":51},"admin_notices",647,{"type":40,"name":53,"callback":42,"priority":54,"file":47,"line":55},"admin_footer",10,688,{"type":40,"name":50,"callback":42,"file":47,"line":57},720,{"type":40,"name":59,"callback":42,"priority":60,"file":61,"line":44},"admin_bar_menu",999,"includes\\ATEC\\MEMORY.php",[63],{"action":64,"nopriv":65,"callback":66,"hasNonce":65,"hasCapCheck":65,"file":67,"line":68},"atec_admin_notice_dismiss",false,"dismiss_notice","includes\\ATEC\\LOADER.php",109,[],[],[],{"dangerousFunctions":73,"sqlUsage":81,"outputEscaping":102,"fileOperations":118,"externalRequests":119,"nonceChecks":14,"capabilityChecks":120,"bundledLibraries":121},[74,79],{"fn":75,"file":76,"line":77,"context":78},"exec","includes\\atec-server-info.php",159,"@exec($cmd, $output, $retval);",{"fn":75,"file":76,"line":80,"context":78},165,{"prepared":82,"raw":82,"locations":83},7,[84,88,90,93,95,98,100],{"file":85,"line":86,"context":87},"includes\\ATEC\\DB.php",120,"$wpdb->query() with variable interpolation",{"file":85,"line":89,"context":87},121,{"file":85,"line":91,"context":92},137,"$wpdb->get_var() with variable interpolation",{"file":85,"line":94,"context":92},160,{"file":85,"line":96,"context":97},171,"$wpdb->get_results() with variable interpolation",{"file":85,"line":99,"context":87},185,{"file":85,"line":101,"context":87},197,{"escaped":103,"rawEcho":104,"locations":105},326,4,[106,110,112,115],{"file":107,"line":108,"context":109},"includes\\ATEC\\CONFIG.php",227,"raw output",{"file":107,"line":111,"context":109},228,{"file":113,"line":114,"context":109},"includes\\ATEC\\SVG.php",552,{"file":116,"line":117,"context":109},"includes\\ATEC\\TOOLS.php",1211,14,3,5,[],[],{"summary":124,"deductions":125},"The \"atec-system-info\" plugin v1.2.31 presents a mixed security posture. While a significant portion of its code adheres to good security practices, such as 99% output escaping and appropriate capability checks, there are notable areas of concern. The presence of the dangerous `exec` function, even if its usage is not immediately clear as vulnerable, warrants careful scrutiny as it can be exploited for remote code execution if not handled with extreme care.\n\nMore critically, the plugin exposes one AJAX handler without any authentication checks. This is a significant security weakness as it allows any user, even unauthenticated ones, to trigger this handler, potentially leading to unauthorized actions or information disclosure. The lack of taint analysis data could be due to the plugin's limited scope or specific coding patterns, but it doesn't negate the identified vulnerabilities.\n\nThe plugin's complete absence of recorded vulnerabilities in its history is a positive sign, suggesting a history of responsible development. However, this should not breed complacency, especially given the identified security flaws. The plugin's strengths lie in its robust output escaping and capability checks, but the unprotected AJAX endpoint and the presence of `exec` are critical weaknesses that significantly elevate its risk profile.",[126,129,131],{"reason":127,"points":128},"Unprotected AJAX handler",8,{"reason":130,"points":82},"Use of dangerous function: exec",{"reason":132,"points":120},"SQL queries without prepared statements (50%)","2026-03-16T20:09:05.768Z",{"wat":135,"direct":144},{"assetPaths":136,"generatorPatterns":139,"scriptPaths":140,"versionParams":141},[137,138],"\u002Fwp-content\u002Fplugins\u002Fatec-system-info\u002Fassets\u002Fcss\u002Fatec-system-info.css","\u002Fwp-content\u002Fplugins\u002Fatec-system-info\u002Fassets\u002Fjs\u002Fatec-system-info.js",[],[138],[142,143],"atec-system-info\u002Fassets\u002Fcss\u002Fatec-system-info.css?ver=","atec-system-info\u002Fassets\u002Fjs\u002Fatec-system-info.js?ver=",{"cssClasses":145,"htmlComments":147,"htmlAttributes":148,"restEndpoints":150,"jsGlobals":151,"shortcodeOutput":153},[146],"atec-plugin-system-info",[],[149],"data-atec-system-info-url",[],[152],"atec_system_info_ajax_object",[154],"[atec_system_info]"]