[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEhGdsRzgGp0N7JOCZyt14BwjeWSJZ66cJ92P8WVUUUs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":131},"broadcast-companion","Broadcast Companion (Twitch)","3.0.6","JayBee","https:\u002F\u002Fprofiles.wordpress.org\u002Fjburleigh1\u002F","\u003Cp>Broadcast Companion, used in combination with the theme \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbroadcast-lite\u002F\" rel=\"ugc\">Broadcast Lite\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.streamweasels.com\u002Ftwitch-wordpress-themes\u002Fbroadcast-pro\u002F?utm_source=wordpress&utm_medium=broadcast-companion-twiitch&utm_campaign=readme\" rel=\"nofollow ugc\">Broadcast PRO\u003C\u002Fa> will integrate Twitch, YouTube and Kick data into your theme. Every time your website is loaded, this plugin makes a request to check if you are online on these services. If you are online, data from Twitch is presented in the theme.\u003C\u002Fp>\n\u003Cp>The following data is displayed from Twitch:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Online \u002F Offline status from Twitch\u003C\u002Fli>\n\u003Cli>Active game \u002F category\u003C\u002Fli>\n\u003Cli>Viewer count\u003C\u002Fli>\n\u003Cli>Videos (clips, highlights and past broadcasts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup\u003C\u002Fh3>\n\u003Cp>This plugin keeps an active connection to the Twitch API, which requires you to add a Client ID and Client secret from Twitch. Instructions on where to find this data are included in the plugin, but you can also find those instructions \u003Ca href=\"https:\u002F\u002Fsupport.streamweasels.com\u002Farticle\u002F12-how-to-setup-a-client-id-and-client-secret\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin is for use with the Broadcast Lite theme and provides the Twitch, YouTube and Kick integration.",100,9643,3,"2023-07-15T06:25:00.000Z","6.2.9","5.0","5.2.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbroadcast-companion.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":21,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"jburleigh1",7,1110,570,69,"2026-04-04T22:06:06.015Z",[],{"attackSurface":35,"codeSignals":79,"taintFlows":116,"riskAssessment":117,"analyzedAt":130},{"hooks":36,"ajaxHandlers":68,"restRoutes":73,"shortcodes":74,"cronEvents":75,"entryPointCount":78,"unprotectedCount":78},[37,43,48,52,56,60,65],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_notices","bc_twitch_error_notice","bc-companion-notice.php",18,{"type":38,"name":44,"callback":45,"file":46,"line":47},"admin_menu","bc_companion_menu","bc-companion.php",14,{"type":38,"name":49,"callback":50,"file":46,"line":51},"admin_enqueue_scripts","bc_admin_js",29,{"type":38,"name":53,"callback":54,"file":46,"line":55},"wp_enqueue_scripts","bc_companion_js",40,{"type":38,"name":57,"callback":58,"file":46,"line":59},"admin_init","bc_companion_admin_init",143,{"type":38,"name":61,"callback":62,"file":63,"line":64},"init","closure","bc-twitch-api.php",99,{"type":38,"name":66,"callback":67,"file":63,"line":11},"bc_cron","bc_run_cron",[69],{"action":70,"nopriv":71,"callback":70,"hasNonce":71,"hasCapCheck":71,"file":41,"line":72},"bc_twitch_display_dismissible_admin_notice",false,26,[],[],[76],{"hook":66,"callback":66,"file":63,"line":77},104,1,{"dangerousFunctions":80,"sqlUsage":81,"outputEscaping":83,"fileOperations":22,"externalRequests":78,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":115},[],{"prepared":22,"raw":22,"locations":82},[],{"escaped":84,"rawEcho":47,"locations":85},36,[86,89,91,93,95,97,99,101,103,105,107,109,111,113],{"file":46,"line":87,"context":88},199,"raw output",{"file":46,"line":90,"context":88},212,{"file":46,"line":92,"context":88},225,{"file":46,"line":94,"context":88},238,{"file":46,"line":96,"context":88},251,{"file":46,"line":98,"context":88},274,{"file":46,"line":100,"context":88},287,{"file":46,"line":102,"context":88},300,{"file":46,"line":104,"context":88},319,{"file":46,"line":106,"context":88},337,{"file":46,"line":108,"context":88},352,{"file":46,"line":110,"context":88},362,{"file":46,"line":112,"context":88},373,{"file":46,"line":114,"context":88},388,[],[],{"summary":118,"deductions":119},"The broadcast-companion plugin v3.0.6 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerabilities. The absence of file operations and bundled libraries also reduces the attack surface from common exploit vectors. However, significant concerns arise from the static analysis. The presence of one unprotected AJAX handler is a critical security flaw, as it represents a direct entry point for unauthenticated attackers. While the output escaping is relatively good at 72%, the remaining 28% unescaped outputs could still lead to cross-site scripting (XSS) vulnerabilities depending on the nature of the data. The lack of nonce and capability checks on the identified AJAX handler further exacerbates this risk. The plugin's clean vulnerability history is a positive indicator of past development diligence, but it does not mitigate the immediate risks identified in the current code. In conclusion, while the plugin benefits from robust SQL handling and a clean vulnerability record, the unprotected AJAX endpoint is a severe oversight that requires immediate attention.",[120,123,126,128],{"reason":121,"points":122},"Unprotected AJAX handler",10,{"reason":124,"points":125},"Unescaped output detected (28%)",4,{"reason":127,"points":28},"Missing nonce check on AJAX",{"reason":129,"points":28},"Missing capability check on AJAX","2026-03-16T21:09:30.714Z",{"wat":132,"direct":148},{"assetPaths":133,"generatorPatterns":139,"scriptPaths":140,"versionParams":142},[134,135,136,137,138],"\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion\u002Fbc-companion-admin.css","\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion\u002Fbc-companion-admin.js","\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion\u002Fbc-companion-main.js","\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion\u002Fbc-companion-youtube.js","\u002Fwp-content\u002Fplugins\u002Fbroadcast-companion\u002Fbc-companion-kick.js",[],[141],"https:\u002F\u002Fembed.twitch.tv\u002Fembed\u002Fv1.js",[143,144,145,146,147],"broadcast-companion-admin-js?ver=3.0.6","broadcast-companion-admin-css?ver=3.0.6","bc-companion-main.js?ver=3.0.5","bc-companion-youtube.js?ver=3.0.5","bc-companion-kick.js?ver=3.0.5",{"cssClasses":149,"htmlComments":150,"htmlAttributes":159,"restEndpoints":162,"jsGlobals":163,"shortcodeOutput":177},[],[151,152,153,154,155,156,157,158],"\u003C!-- http:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fregister_setting -->","\u003C!-- With input validation: -->","\u003C!-- register_setting( 'my-settings-group', 'my-plugin-settings', 'my_settings_validate_and_sanitize' ); -->","\u003C!-- The second argument ($option_name) is the option name. It’s the one we use with functions like get_option() and update_option() -->","\u003C!-- http:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fadd_settings_section -->","\u003C!-- add_settings_section( $id, $title, $callback, $page ); -->","\u003C!-- http:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fadd_settings_field -->","\u003C!-- add_settings_field( $id, $title, $callback, $page, $section, $args ); -->",[160,161],"data-streamweasels-bc-channel","data-streamweasels-bc-settings",[],[164,165,166,167,168,169,170,171,172,173,174,175,176],"bcTwitchUsername","bcTwitchId","bcTwitchEmbed","bcTwitchEmbedChat","bcVideoSettings","bcClipPeriod","bcClipPeriodDate","swPlaceholder","bcTwitchClientId","bcTwitchClientAuthToken","bcytYouTubeID","bcytApiKey","bcktKickID",[]]