[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ2DUZ1rrVv6TBsfunmczJU9x6fdUmkUd8UlXo3HVc2k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":108,"fingerprints":222},"blockskit","Blockskit","1.2.2","BlockskitDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fblockskitdev\u002F","\u003Cp>An easy plugin to import starter sites and add different effects to the image.\u003C\u002Fp>\n","An easy plugin to import starter sites and add different effects to the image.",8000,88023,0,"2025-12-21T10:23:00.000Z","6.9.4","5.9","7.4.9",[19,20,21,22,23],"block","demo-data","demo-data-importer","image-block","one-click-demo-import","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblockskit.1.2.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"blockskitdev",39,17470,97,30,92,"2026-04-04T07:10:59.706Z",[39,53,67,78,94],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":13,"last_updated":49,"tested_up_to":15,"requires_at_least":50,"requires_php":50,"tags":51,"homepage":24,"download_link":52,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"keon-toolset","Keon Toolset","2.4.5","keonthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeonthemes\u002F","\u003Cp>A demo importer plugin that makes importing starter sites effortless for building your website!\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","Import dummy data for themes developed by Keon Themes.",30000,1490109,"2026-01-07T05:31:00.000Z","4.6",[20,21,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeon-toolset.2.4.5.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":13,"last_updated":63,"tested_up_to":64,"requires_at_least":50,"requires_php":50,"tags":65,"homepage":24,"download_link":66,"security_score":36,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"kortez-toolset","Kortez Toolset","1.1.2","kortezthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fkortezthemes\u002F","\u003Cp>A easy plugin to import dummy data for themes by Kortez Themes.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Kortez Toolset is inspired by Keon Toolset. Some of the codes used in this plugin are used from Keon Toolset as they are under GPL license.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","Import dummy data for themes developed by Kortez Themes.",1000,19408,"2024-09-06T13:09:00.000Z","6.4.8",[20,21,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkortez-toolset.zip",{"slug":68,"name":69,"version":70,"author":7,"author_profile":8,"description":71,"short_description":72,"active_installs":26,"downloaded":73,"rating":13,"num_ratings":13,"last_updated":74,"tested_up_to":64,"requires_at_least":50,"requires_php":50,"tags":75,"homepage":24,"download_link":76,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"blockskit-import","Blockskit Import","0.0.6","\u003Cp>A easy plugin to import starter sites.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Blockskit Import is inspired by Keon Toolset. Some of the codes used in this plugin are used from Keon Toolset as they are under GPL license.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","A easy plugin to import starter sites.",5891,"2024-02-12T12:03:00.000Z",[20,21,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblockskit-import.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":24,"download_link":93,"security_score":36,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cyclone-demo-importer","Cyclone Demo Importer","2.9.60","Cyclone Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyclonetheme\u002F","\u003Cp>A easy plugin to import dummy data for themes by Cyclone Themes.\u003C\u002Fp>\n","Import Dummy data for themes developed by Cyclone Themes.",10000,537787,"2024-06-18T09:59:00.000Z","6.5.8","4.9","5.6",[20,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyclone-demo-importer.2.9.60.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":61,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":50,"tags":106,"homepage":24,"download_link":107,"security_score":36,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"candid-advanced-toolset","Candid Advanced Toolset","1.1.0","candidthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcandidthemes\u002F","\u003Cp>A easy plugin to import dummy data for themes by Candid Themes.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All the images used on the plugins are GPL compatible\u003C\u002Fli>\n\u003C\u002Ful>\n","Import Dummy data for themes developed by Candid Themes.",45719,"2025-03-10T10:20:00.000Z","6.7.5","6.3",[20,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcandid-advanced-toolset.zip",{"attackSurface":109,"codeSignals":190,"taintFlows":214,"riskAssessment":215,"analyzedAt":221},{"hooks":110,"ajaxHandlers":168,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":188,"unprotectedCount":189},[111,116,122,125,130,136,140,142,144,148,152,156,160,164],{"type":112,"name":113,"callback":114,"file":115,"line":32},"action","init","create_block_bk_block_init","blockskit.php",{"type":112,"name":117,"callback":118,"priority":119,"file":120,"line":121},"admin_enqueue_scripts","enqueue_styles",10,"import\\base-install\\base-install.php",19,{"type":112,"name":117,"callback":123,"priority":119,"file":120,"line":124},"enqueue_scripts",20,{"type":112,"name":126,"callback":127,"file":128,"line":129},"switch_theme","flush_transient","import\\demo\\functions.php",29,{"type":131,"name":132,"callback":133,"priority":124,"file":134,"line":135},"filter","advanced_import_demo_lists","bk_import_demo_import_lists","import\\demo-import.php",64,{"type":131,"name":137,"callback":138,"priority":119,"file":134,"line":139},"admin_menu","import_menu",65,{"type":131,"name":117,"callback":118,"priority":119,"file":134,"line":141},67,{"type":131,"name":117,"callback":123,"priority":119,"file":134,"line":143},68,{"type":131,"name":145,"callback":146,"priority":119,"file":134,"line":147},"advanced_export_include_options","bk_import_include_options",69,{"type":112,"name":149,"callback":150,"priority":35,"file":134,"line":151},"advanced_import_replace_post_ids","bk_import_replace_attachment_ids",70,{"type":112,"name":137,"callback":153,"priority":26,"file":154,"line":155},"override_admin_menu","includes\\class-bk-advanced-import-override.php",23,{"type":112,"name":117,"callback":157,"file":158,"line":159},"admin_scripts","includes\\class-blockskit-pro-upgrade-notice.php",11,{"type":112,"name":161,"callback":162,"file":158,"line":163},"admin_init","check_pro_install",12,{"type":112,"name":165,"callback":166,"file":158,"line":167},"admin_notices","admin_notice_blockskit_pro",33,[169,174,178,181],{"action":170,"nopriv":171,"callback":170,"hasNonce":172,"hasCapCheck":172,"file":120,"line":173},"install_base_theme",false,true,18,{"action":175,"nopriv":171,"callback":176,"hasNonce":171,"hasCapCheck":171,"file":134,"line":177},"bk_import_getting_started","install_advanced_import",66,{"action":179,"nopriv":171,"callback":179,"hasNonce":172,"hasCapCheck":172,"file":158,"line":180},"remind_me_later_blockskit_pro",13,{"action":182,"nopriv":171,"callback":183,"hasNonce":172,"hasCapCheck":172,"file":158,"line":184},"upgrade_blockskit_pro_notice_dismiss","upgrade_dismiss",14,[],[],[],4,1,{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":194,"fileOperations":13,"externalRequests":189,"nonceChecks":188,"capabilityChecks":212,"bundledLibraries":213},[],{"prepared":13,"raw":13,"locations":193},[],{"escaped":195,"rawEcho":196,"locations":197},32,7,[198,200,202,204,206,208,210],{"file":154,"line":26,"context":199},"raw output",{"file":154,"line":201,"context":199},168,{"file":154,"line":203,"context":199},169,{"file":154,"line":205,"context":199},216,{"file":154,"line":207,"context":199},217,{"file":154,"line":209,"context":199},304,{"file":154,"line":211,"context":199},333,6,[],[],{"summary":216,"deductions":217},"The 'blockskit' v1.2.2 plugin exhibits a generally good security posture with several strengths. The absence of any recorded vulnerabilities in its history, including critical or high-severity ones, suggests a mature and well-maintained codebase. Furthermore, the plugin demonstrates strong adherence to secure coding practices by exclusively using prepared statements for SQL queries, performing a high percentage of output escaping, and implementing nonce and capability checks on a significant number of its entry points. The lack of file operations and dangerous functions is also a positive indicator.\n\nHowever, a significant concern arises from the static analysis, specifically the presence of one AJAX handler that lacks authentication checks. This represents a direct attack vector that could potentially be exploited by unauthenticated users to interact with the plugin's functionality, leading to unintended consequences. While the taint analysis shows no critical or high-severity flows, this single unprotected AJAX endpoint is a notable weakness that needs immediate attention. The overall risk is moderate, leaning towards low due to the historical absence of vulnerabilities and good coding practices in most areas, but the unprotected AJAX handler introduces a specific, actionable risk.",[218],{"reason":219,"points":220},"Unprotected AJAX handler identified",8,"2026-03-16T17:56:04.393Z",{"wat":223,"direct":234},{"assetPaths":224,"generatorPatterns":227,"scriptPaths":228,"versionParams":229},[225,226],"\u002Fwp-content\u002Fplugins\u002Fblockskit\u002Fimport\u002Fbase-install\u002Fassets\u002Fbase-install.css","\u002Fwp-content\u002Fplugins\u002Fblockskit\u002Fimport\u002Fbase-install\u002Fassets\u002Fbase-install.js",[],[226],[230,231,232,233],"blockskit\u002Fstyle.css?ver=","blockskit\u002Fscript.js?ver=","blockskit\u002Fimport\u002Fbase-install\u002Fassets\u002Fbase-install.css?ver=","blockskit\u002Fimport\u002Fbase-install\u002Fassets\u002Fbase-install.js?ver=",{"cssClasses":235,"htmlComments":249,"htmlAttributes":250,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":255},[236,237,238,239,240,241,242,243,244,245,246,247,248],"base-install-notice-outer","base-install-notice-inner","base-install-prompt","base-install-content","base-install-title","base-install-btn","install-base-theme","close-base-notice","close-base-button","base-install-success","base-go-pro-blockskit-prompt","blockskit-notice-title","blockskit-title",[],[251],"data-slug",[],[254],"direct_install",[]]