[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAyrSGMs5RFRfGB0xVQ3Jy36LWI-WKDubvZWEkeKy7DQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":87},"broadcast-companion-youtube","Broadcast Companion (YouTube)","1.0.2","JayBee","https:\u002F\u002Fprofiles.wordpress.org\u002Fjburleigh1\u002F","\u003Cp>Broadcast Companion, used in combination with the theme \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbroadcast-lite\u002F\" rel=\"ugc\">Broadcast Lite\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.streamweasels.com\u002Ftwitch-wordpress-themes\u002Fbroadcast-pro\u002F?utm_source=wordpress&utm_medium=broadcast-companion-youtube&utm_campaign=readme\" rel=\"nofollow ugc\">Broadcast PRO\u003C\u002Fa> will integrate YouTube data into your theme. Every time your website is loaded, this plugin makes a request to YouTube to check if you are online. If you are online, data from YouTube is presented in the theme.\u003C\u002Fp>\n\u003Cp>The following data is displayed from YouTube:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Online \u002F Offline status from Twitch\u003C\u002Fli>\n\u003Cli>Active game \u002F category\u003C\u002Fli>\n\u003Cli>Viewer count\u003C\u002Fli>\n\u003Cli>Videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup\u003C\u002Fh3>\n\u003Cp>This plugin keeps an active connection to the YouTube API, which requires you to add a YouTube API key. Instructions on where to find this data are included in the plugin, but you can also find those instructions \u003Ca href=\"https:\u002F\u002Fsupport.streamweasels.com\u002Farticle\u002F26-how-to-setup-a-youtube-api-key\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin is for use with the Broadcast Lite theme and provides the youtube.com API functionality.",10,959,0,"2022-06-22T12:54:00.000Z","6.0.11","5.0","5.2.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbroadcast-companion-youtube.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"jburleigh1",7,1110,570,69,"2026-04-04T14:47:54.715Z",[],{"attackSurface":34,"codeSignals":59,"taintFlows":75,"riskAssessment":76,"analyzedAt":86},{"hooks":35,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":58,"entryPointCount":13,"unprotectedCount":13},[36,42,47,51],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_notices","bcyt_youtube_error_notice","bc-companion-notice.php",8,{"type":37,"name":43,"callback":44,"file":45,"line":46},"admin_menu","bcyt_youtube_companion_menu","bc-companion.php",21,{"type":37,"name":48,"callback":49,"file":45,"line":50},"wp_enqueue_scripts","bcyt_youtube_companion_js",33,{"type":37,"name":52,"callback":53,"file":45,"line":54},"admin_init","bcyt_companion_admin_init",50,[],[],[],[],{"dangerousFunctions":60,"sqlUsage":61,"outputEscaping":63,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":74},[],{"prepared":13,"raw":13,"locations":62},[],{"escaped":64,"rawEcho":65,"locations":66},9,3,[67,70,72],{"file":45,"line":68,"context":69},79,"raw output",{"file":45,"line":71,"context":69},89,{"file":45,"line":73,"context":69},100,[],[],{"summary":77,"deductions":78},"The broadcast-companion-youtube plugin v1.0.2 demonstrates a generally strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, or shortcodes, which significantly reduces the potential attack surface. The code also shows excellent practices regarding SQL queries, with 100% using prepared statements, and no dangerous functions, file operations, or external HTTP requests were detected.  However, a concern arises from the 25% of output that is not properly escaped, leaving a potential for cross-site scripting (XSS) vulnerabilities if the unescaped data originates from user input or untrusted sources. The absence of nonce checks and capability checks on any potential entry points (though none were found) is also a weakness, as it implies a lack of robust authorization and security validation mechanisms should new entry points be introduced or discovered in future versions. The plugin has no recorded vulnerability history, which is a positive indicator, suggesting a history of secure development or minimal exposure. Despite the lack of current known vulnerabilities and the minimal attack surface, the unescaped output represents a tangible risk that should be addressed to achieve a more secure state.",[79,82,84],{"reason":80,"points":81},"Unescaped output detected",5,{"reason":83,"points":81},"No nonce checks implemented",{"reason":85,"points":81},"No capability checks implemented","2026-03-17T01:31:38.263Z",{"wat":88,"direct":96},{"assetPaths":89,"generatorPatterns":92,"scriptPaths":93,"versionParams":94},[90,91],"\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion-youtube\u002Fbc-companion-notice.php","\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion-youtube\u002Fbc-companion-main.js",[],[91],[95],"bc-companion-main.js?ver=1.0.2",{"cssClasses":97,"htmlComments":98,"htmlAttributes":99,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":104},[],[],[],[],[102,103],"bcytYouTubeID","bcytApiKey",[]]