[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsypf6qX1_T5Jmp_7rfriQpudun61fHZNV8TCJ2WkHbc":3,"$fWS46DD50BMdSqUCMpFzw4EGM9G8kqq-A1jzanG1Uf_c":151,"$fogxhZ2AS40cDsWteVhgCZAvmbUc0lM61lE3UuOpIIug":156},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":36,"fingerprints":131},"bq-musical-notes","BQ Musical Notes","2.2","bquade","https:\u002F\u002Fprofiles.wordpress.org\u002Fbquade\u002F","\u003Cp>Automatically converts musical notes written as Eb or F#, into notes written with real flat and sharp characters.\u003Cbr \u002F>\nWorks on all posts, pages and comments as well as titles. Does not convert feeds. Can be turned on and off from inside posts and pages.\u003Cbr \u002F>\nProvides a shortcode to insert chord diagrams for stringed instruments with any number of strings.\u003C\u002Fp>\n","Converts musical notes that use 'b' for flat and '#' for sharp into professional looking notes. Provides a shortcode to insert cho …",10,1982,100,1,"2012-07-18T13:38:00.000Z","3.4.2","3","",[20],"musical-notes","http:\u002F\u002Fbqplugins.com\u002Fbq-musical-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbq-musical-notes.2.2.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,20,30,84,"2026-05-20T07:01:41.624Z",[],{"attackSurface":37,"codeSignals":73,"taintFlows":119,"riskAssessment":120,"analyzedAt":130},{"hooks":38,"ajaxHandlers":65,"restRoutes":66,"shortcodes":67,"cronEvents":72,"entryPointCount":14,"unprotectedCount":24},[39,45,48,53,56,59,61,64],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","wp_head","add_inline_styles","bqnotes.php",14,{"type":40,"name":46,"callback":42,"file":43,"line":47},"admin_head",15,{"type":49,"name":50,"callback":51,"file":43,"line":52},"filter","the_title","replace_note_text",17,{"type":49,"name":54,"callback":51,"file":43,"line":55},"the_content",18,{"type":49,"name":57,"callback":51,"file":43,"line":58},"the_excerpt",19,{"type":49,"name":60,"callback":51,"file":43,"line":31},"comment_text",{"type":49,"name":54,"callback":62,"file":43,"line":63},"autobr",29,{"type":49,"name":57,"callback":62,"file":43,"line":32},[],[],[68],{"tag":69,"callback":70,"file":43,"line":71},"bqchord","bq_chord",33,[],{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":77,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":118},[],{"prepared":24,"raw":24,"locations":76},[],{"escaped":24,"rawEcho":78,"locations":79},23,[80,84,85,86,87,89,91,93,94,96,98,100,101,102,103,105,107,109,110,111,113,114,116],{"file":81,"line":82,"context":83},"chord_diagram.html.php",53,"raw output",{"file":81,"line":82,"context":83},{"file":81,"line":82,"context":83},{"file":81,"line":82,"context":83},{"file":81,"line":88,"context":83},55,{"file":81,"line":90,"context":83},61,{"file":81,"line":92,"context":83},72,{"file":81,"line":92,"context":83},{"file":81,"line":95,"context":83},74,{"file":81,"line":97,"context":83},80,{"file":81,"line":99,"context":83},90,{"file":81,"line":99,"context":83},{"file":81,"line":13,"context":83},{"file":81,"line":13,"context":83},{"file":104,"line":11,"context":83},"font.css.php",{"file":104,"line":106,"context":83},12,{"file":104,"line":108,"context":83},13,{"file":104,"line":44,"context":83},{"file":104,"line":31,"context":83},{"file":104,"line":112,"context":83},22,{"file":104,"line":78,"context":83},{"file":104,"line":115,"context":83},24,{"file":117,"line":11,"context":83},"notes.php",[],[],{"summary":121,"deductions":122},"The bq-musical-notes plugin version 2.2 presents a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs), no dangerous functions, no file operations, no external HTTP requests, and all SQL queries utilize prepared statements. This suggests a developer who is aware of common pitfalls in these areas.  However, a significant concern is the complete lack of output escaping for 23 identified output points. This creates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as any user-supplied data displayed on the frontend could be manipulated to execute malicious scripts.  Additionally, the absence of nonce checks and capability checks, while not directly flagged as vulnerabilities in the static analysis, leaves potential entry points (like the shortcode) vulnerable to unauthorized actions or data manipulation if they interact with sensitive backend logic or data. The zero taint analysis flows and zero unprotected entry points are positive indicators, but the unescaped output is a critical oversight that heavily outweighs these strengths. While the plugin's history of no vulnerabilities is reassuring, it doesn't negate the immediate and severe risk posed by the unescaped output.",[123,125,128],{"reason":124,"points":55},"Output escaping is not used for any output",{"reason":126,"points":127},"No nonce checks implemented",5,{"reason":129,"points":127},"No capability checks implemented","2026-04-16T12:45:38.961Z",{"wat":132,"direct":141},{"assetPaths":133,"generatorPatterns":136,"scriptPaths":137,"versionParams":138},[134,135],"\u002Fwp-content\u002Fplugins\u002Fbq-musical-notes\u002Fbqnotes.css","\u002Fwp-content\u002Fplugins\u002Fbq-musical-notes\u002Fbqnotes.js",[],[135],[139,140],"bq-musical-notes\u002Fbqnotes.css?ver=","bq-musical-notes\u002Fbqnotes.js?ver=",{"cssClasses":142,"htmlComments":145,"htmlAttributes":146,"restEndpoints":147,"jsGlobals":148,"shortcodeOutput":149},[143,144],"bqnotes-sharp","bqnotes-flat",[],[],[],[],[150],"\u003Cdiv class=\"bqnotes-chord\">",{"error":152,"url":153,"statusCode":154,"statusMessage":155,"message":155},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbq-musical-notes\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":157,"versions":158},4,[159,165,172,179],{"version":6,"download_url":22,"svn_tag_url":160,"released_at":25,"has_diff":161,"diff_files_changed":162,"diff_lines":25,"trac_diff_url":163,"vulnerabilities":164,"is_current":152},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbq-musical-notes\u002Ftags\u002F2.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbq-musical-notes%2Ftags%2F2.1&new_path=%2Fbq-musical-notes%2Ftags%2F2.2",[],{"version":166,"download_url":167,"svn_tag_url":168,"released_at":25,"has_diff":161,"diff_files_changed":169,"diff_lines":25,"trac_diff_url":170,"vulnerabilities":171,"is_current":161},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbq-musical-notes.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbq-musical-notes\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbq-musical-notes%2Ftags%2F2.0&new_path=%2Fbq-musical-notes%2Ftags%2F2.1",[],{"version":173,"download_url":174,"svn_tag_url":175,"released_at":25,"has_diff":161,"diff_files_changed":176,"diff_lines":25,"trac_diff_url":177,"vulnerabilities":178,"is_current":161},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbq-musical-notes.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbq-musical-notes\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbq-musical-notes%2Ftags%2F1.0&new_path=%2Fbq-musical-notes%2Ftags%2F2.0",[],{"version":180,"download_url":181,"svn_tag_url":182,"released_at":25,"has_diff":161,"diff_files_changed":183,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":184,"is_current":161},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbq-musical-notes.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbq-musical-notes\u002Ftags\u002F1.0\u002F",[],[]]