[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqKE3Em7ADE3NBQh__uQ474-iD_XtmO-CDsj0aooG9Wc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":61,"fingerprints":113},"auto-delete-system-status-logs","Auto Delete System Status Logs for WooCommerce","1.1.1","Tushar Satani","https:\u002F\u002Fprofiles.wordpress.org\u002Ftusharknovator\u002F","\u003Cp>Auto Delete System Status Logs for WooCommerce plugin that utilizes to remove automatically from WooCommerce > Status > Logs  files.\u003C\u002Fp>\n\u003Cp>Set the certain period in the plugin settings to automatically status delete logs of WooCommerce.\u003C\u002Fp>\n\u003Cp>Go through Settings \u002F Auto Delete Status Logs and set number of days.\u003C\u002Fp>\n\u003Cp>Click the “Clear All” button to clear all status logs of WooCommerce at once, and you’re done.\u003C\u002Fp>\n\u003Cp>It will reduce the server’s disc usage.\u003C\u002Fp>\n","Auto Delete System Status Logs for WooCommerce plugin that utilizes to remove automatically from WooCommerce > Status > Logs  files.",100,2057,3,"2024-04-25T08:23:00.000Z","6.5.8","4.0","7.4",[19,20,21],"autodelete","savedisk","statuslogs","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-delete-system-status-logs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-delete-system-status-logs.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"tusharknovator",4,140,94,30,90,"2026-04-04T23:31:47.121Z",[38],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":11,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bbpress-auto-delete-spam-replies","bbPress: Auto Delete Spam Replies","1.0.1","Hudson Atwell","https:\u002F\u002Fprofiles.wordpress.org\u002Fadbox\u002F","\u003Cp>Use this plugin to automatically detect and remove bbPress replies marked as spam from the database.\u003C\u002Fp>\n\u003Cp>This plugin was developed to help improve database optimization.\u003C\u002Fp>\n\u003Ch4>About the Plugin\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FG2AEf5VEGIk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Automatically delete bbPress spam replies older than X days.",10,2365,1,"2016-12-29T18:59:00.000Z","3.7.41","3.4","",[54,19,55,56,57],"akismet","bbpress","remove","spam","http:\u002F\u002Fwww.hudsonatwell.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress-auto-delete-spam-replies.zip",85,{"attackSurface":62,"codeSignals":87,"taintFlows":100,"riskAssessment":101,"analyzedAt":112},{"hooks":63,"ajaxHandlers":81,"restRoutes":82,"shortcodes":83,"cronEvents":84,"entryPointCount":25,"unprotectedCount":25},[64,70,74,77],{"type":65,"name":66,"callback":67,"file":68,"line":69},"filter","cron_schedules","sys_autodelete_statuslogs_add_every_twentyfour_hours","index.php",22,{"type":71,"name":67,"callback":72,"file":68,"line":73},"action","sys_autodelete_statuslogs_every_twentyfour_hours_event_func",84,{"type":71,"name":75,"callback":76,"file":68,"line":32},"admin_menu","sys_autodelete_statuslogs_register_options_page",{"type":71,"name":78,"callback":79,"file":68,"line":80},"admin_init","sys_autodelete_statuslogs_register_settings",151,[],[],[],[85],{"hook":67,"callback":67,"file":68,"line":86},35,{"dangerousFunctions":88,"sqlUsage":89,"outputEscaping":91,"fileOperations":92,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":99},[],{"prepared":25,"raw":25,"locations":90},[],{"escaped":25,"rawEcho":92,"locations":93},2,[94,97],{"file":68,"line":95,"context":96},163,"raw output",{"file":68,"line":98,"context":96},171,[],[],{"summary":102,"deductions":103},"The 'auto-delete-system-status-logs' plugin, version 1.1.1, demonstrates a generally good security posture due to the absence of critical code signals like dangerous functions, raw SQL queries, and any recorded vulnerabilities.  The static analysis also indicates a very small attack surface, with no AJAX handlers, REST API routes, or shortcodes, which significantly reduces potential exploitation vectors.  The presence of a cron event is the only identified entry point, but the analysis doesn't specify if it's protected.  \n\nHowever, there are notable concerns. The analysis reveals that 100% of the plugin's outputs are not properly escaped. This represents a significant risk, as it opens the door to Cross-Site Scripting (XSS) vulnerabilities. Any data processed or displayed by the plugin without proper sanitization could be manipulated by an attacker to inject malicious scripts. Furthermore, the plugin performs file operations without explicit detail on their nature or whether they are secured, which could pose a risk if not handled carefully. The lack of nonces and capability checks on the identified cron event (if it's indeed the only entry point besides the implicit cron scheduler) is also a potential weakness, allowing for unauthorized execution.\n\nGiven the clean vulnerability history, this plugin appears to have been developed with security in mind, or has been fortunate enough to not have been targeted or discovered with vulnerabilities. The absence of dangerous functions and the use of prepared statements for SQL are strong positives. However, the unescaped output is a critical oversight that severely undermines the plugin's security. The deduction should primarily focus on this and the potential for insecure file operations and missing checks on the cron event.",[104,107,109],{"reason":105,"points":106},"All outputs are unescaped",6,{"reason":108,"points":31},"File operations present without clear security",{"reason":110,"points":111},"Cron event without explicit auth checks",5,"2026-03-16T21:14:46.670Z",{"wat":114,"direct":119},{"assetPaths":115,"generatorPatterns":116,"scriptPaths":117,"versionParams":118},[],[],[],[],{"cssClasses":120,"htmlComments":129,"htmlAttributes":136,"restEndpoints":138,"jsGlobals":139,"shortcodeOutput":141},[121,122,123,124,125,126,127,128],"sys-autodelete-autoexpired-main","sys-autodelete-autoexpired","sys-autodelete-clearlog-form","sys-autodelete-form-field","sys-autodelete-input-field","sysautodelete-divider","sysautodelete-title","sysautodelete-clearbtn",[130,131,132,133,134,135]," calculate datetime","plugin setting link","Hook into that action that'll fire every three minutes"," clear all log on button click from option page"," option page of Auto Delete Status Logs"," Creating setting page of Auto Delete Status Logs",[137],"sys_autodelete_set_interval",[],[140],"sysautodelete_showMessage",[]]