[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsWmgURUCRbqdMhGCVn6Q9qAGpSjgogw_q_QQ6Bseiqk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":57,"fingerprints":140},"auto-content-links","Auto Content Links","1.4","rgubby","https:\u002F\u002Fprofiles.wordpress.org\u002Frgubby\u002F","\u003Cp>Ever find yourself turning same words over and over again into links in your content? Well not any longer! Auto Content Links allows you to set up specific words in your content, and replace them with a link to wherever you want.\u003C\u002Fp>\n","Replace specific words in your content with a link",30,5105,0,"2010-12-19T12:48:00.000Z","3.0.5","3.0","",[19,20,21],"auto-content-link","link-replacement","word-replacement","http:\u002F\u002Fredyellow.co.uk\u002Fplugins\u002Fauto-content-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-content-links.1.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":11,"trust_score":32,"computed_at":33},5,180,88,86,"2026-04-04T10:36:11.794Z",[35],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":55,"download_link":56,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"text-obfuscator","Text Obfuscator","1.4.1","confuzzledduck","https:\u002F\u002Fprofiles.wordpress.org\u002Fconfuzzledduck\u002F","\u003Cp>Text Obfuscator is a simple plugin for replacing words and phrases in post or page content and comments with alternative words and phrases. Initially designed to remove names from personal blog posts, it can be used to correct common spelling errors or automatically expand abbreviations.\u003C\u002Fp>\n\u003Cp>Each string can be configured to replace text on input saving the modified text to the database, or on output preserving the content in the database as it was entered by the user.\u003C\u002Fp>\n\u003Cp>More information and support is available at \u003Ca href=\"http:\u002F\u002Fwww.flutt.co.uk\u002Fdevelopment\u002Fwordpress-plugins\u002Ftext-obfuscator\u002F\" rel=\"nofollow ugc\">Flutt.co.uk\u003C\u002Fa>.\u003C\u002Fp>\n","Replaces words and phrases in your posts' content with alternative words and phrases.",20,5124,100,2,"2016-01-09T09:36:00.000Z","4.4.34","2.7",[51,52,53,54,21],"anonymous","auto-correct","change","replace","http:\u002F\u002Fwww.flutt.co.uk\u002Fdevelopment\u002Fwordpress-plugins\u002Ftext-obfuscator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftext-obfuscator.1.4.1.zip",{"attackSurface":58,"codeSignals":84,"taintFlows":128,"riskAssessment":129,"analyzedAt":139},{"hooks":59,"ajaxHandlers":80,"restRoutes":81,"shortcodes":82,"cronEvents":83,"entryPointCount":13,"unprotectedCount":13},[60,66,72,76],{"type":61,"name":62,"callback":63,"file":64,"line":65},"filter","the_content","autoContentLinksContent","auto-content-links.php",14,{"type":67,"name":68,"callback":69,"file":70,"line":71},"action","admin_init","adminInit","control_panel.php",35,{"type":67,"name":73,"callback":74,"file":70,"line":75},"admin_menu","addAdminPage",37,{"type":67,"name":77,"callback":78,"file":70,"line":79},"admin_head","registerHead",39,[],[],[],[],{"dangerousFunctions":85,"sqlUsage":86,"outputEscaping":88,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":127},[],{"prepared":13,"raw":13,"locations":87},[],{"escaped":13,"rawEcho":89,"locations":90},18,[91,94,96,98,100,102,104,106,108,109,111,113,115,117,119,121,123,125],{"file":70,"line":92,"context":93},154,"raw output",{"file":70,"line":95,"context":93},155,{"file":70,"line":97,"context":93},156,{"file":70,"line":99,"context":93},157,{"file":70,"line":101,"context":93},158,{"file":70,"line":103,"context":93},163,{"file":70,"line":105,"context":93},168,{"file":70,"line":107,"context":93},177,{"file":70,"line":30,"context":93},{"file":70,"line":110,"context":93},181,{"file":70,"line":112,"context":93},182,{"file":70,"line":114,"context":93},183,{"file":70,"line":116,"context":93},188,{"file":70,"line":118,"context":93},194,{"file":70,"line":120,"context":93},201,{"file":70,"line":122,"context":93},206,{"file":70,"line":124,"context":93},207,{"file":70,"line":126,"context":93},244,[],[],{"summary":130,"deductions":131},"The \"auto-content-links\" plugin v1.4 exhibits a generally strong security posture based on the provided static analysis. There are no identified dangerous functions, SQL queries are all prepared, and there are no file operations or external HTTP requests, which are common sources of vulnerabilities. The absence of known CVEs and historical vulnerabilities further reinforces this positive outlook.\n\nHowever, a significant concern arises from the complete lack of output escaping (0% properly escaped). This means that any dynamic content generated by the plugin is vulnerable to cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into the website. Additionally, the absence of nonce checks and capability checks across all entry points, although the entry points themselves are reported as zero, indicates a potential weakness if any entry points were to be introduced or discovered later, as there would be no built-in authentication or authorization mechanisms.\n\nIn conclusion, while the plugin demonstrates good practices in areas like SQL handling and avoiding risky functions, the critical failure in output escaping presents a severe XSS risk. The lack of authentication checks on entry points is a potential future risk. The absence of any reported vulnerabilities historically is a positive sign, but it does not mitigate the immediate risk posed by unescaped output.",[132,135,137],{"reason":133,"points":134},"0% of outputs properly escaped",15,{"reason":136,"points":29},"0 nonce checks",{"reason":138,"points":29},"0 capability checks","2026-03-16T22:22:53.753Z",{"wat":141,"direct":147},{"assetPaths":142,"generatorPatterns":143,"scriptPaths":144,"versionParams":145},[],[],[],[146],"auto-content-links\u002Fauto-content-links.php?ver=1.4",{"cssClasses":148,"htmlComments":149,"htmlAttributes":150,"restEndpoints":151,"jsGlobals":152,"shortcodeOutput":153},[],[],[],[],[],[]]