[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIVK3W2IoJ1nwAiLdVWT218S0ZdqAMauAAZ3JG23mCcE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":40,"fingerprints":225},"christian-hymns","Christian Hymns","2.2","clodoaldoevangelista","https:\u002F\u002Fprofiles.wordpress.org\u002Fclodoaldoevangelista\u002F","\u003Cp>Several hymns for traditional Christian worship. Learn to sing with letters and Melody.\u003C\u002Fp>\n","Several hymns for traditional Christian worship. Learn to sing with letters and Melody.",10,1924,100,1,"2023-03-23T22:38:00.000Z","6.1.10","4.0","",[20,21,22,23,24],"baptist-hymns","evangelic-music","hinos-cristaos","musica-evangelica","to-sing-end-prise-god","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fchristian-hymns\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchristian-hymns.2.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},5,40,88,30,86,"2026-04-04T09:14:23.256Z",[],{"attackSurface":41,"codeSignals":75,"taintFlows":178,"riskAssessment":213,"analyzedAt":224},{"hooks":42,"ajaxHandlers":71,"restRoutes":72,"shortcodes":73,"cronEvents":74,"entryPointCount":28,"unprotectedCount":28},[43,49,53,58,63,67],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_notices","ChristianHymns_noticePhpVersionWrong","christian-hymns.php",62,{"type":44,"name":50,"callback":51,"file":47,"line":52},"plugins_loaded","ChristianHymns_i18n_init",87,{"type":44,"name":54,"callback":55,"file":56,"line":57},"admin_init","registerSettings","ChristianHymns_OptionsManager.php",248,{"type":44,"name":59,"callback":60,"file":61,"line":62},"init","christian_hymns_atualiza_fun","ChristianHymns_Plugin.php",95,{"type":44,"name":64,"callback":65,"file":61,"line":66},"admin_menu","addSettingsSubMenuPage",112,{"type":44,"name":68,"callback":69,"file":70,"line":34},"wp_footer","addScriptWrapper","ChristianHymns_ShortCodeScriptLoader.php",[],[],[],[],{"dangerousFunctions":76,"sqlUsage":77,"outputEscaping":92,"fileOperations":176,"externalRequests":28,"nonceChecks":28,"capabilityChecks":176,"bundledLibraries":177},[],{"prepared":14,"raw":33,"locations":78},[79,83,86,88,90],{"file":80,"line":81,"context":82},"scripts\\install\\create_page_list.php",4,"$wpdb->get_var() with variable interpolation",{"file":84,"line":85,"context":82},"scripts\\uinstall\\delete_posts.php",6,{"file":84,"line":87,"context":82},15,{"file":84,"line":89,"context":82},23,{"file":84,"line":91,"context":82},31,{"escaped":81,"rawEcho":93,"locations":94},42,[95,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,147,149,150,151,153,154,156,157,160,161,163,165,168,170,172,174],{"file":47,"line":96,"context":97},51,"raw output",{"file":56,"line":99,"context":97},300,{"file":56,"line":101,"context":97},302,{"file":56,"line":103,"context":97},313,{"file":56,"line":105,"context":97},336,{"file":56,"line":107,"context":97},346,{"file":56,"line":109,"context":97},361,{"file":56,"line":111,"context":97},362,{"file":56,"line":113,"context":97},363,{"file":56,"line":115,"context":97},364,{"file":56,"line":117,"context":97},365,{"file":56,"line":119,"context":97},369,{"file":56,"line":121,"context":97},370,{"file":56,"line":123,"context":97},371,{"file":56,"line":125,"context":97},372,{"file":56,"line":127,"context":97},373,{"file":56,"line":129,"context":97},374,{"file":56,"line":131,"context":97},378,{"file":56,"line":133,"context":97},379,{"file":56,"line":135,"context":97},380,{"file":56,"line":137,"context":97},381,{"file":56,"line":139,"context":97},382,{"file":56,"line":141,"context":97},383,{"file":56,"line":143,"context":97},393,{"file":56,"line":145,"context":97},535,{"file":56,"line":145,"context":97},{"file":56,"line":148,"context":97},540,{"file":56,"line":148,"context":97},{"file":56,"line":148,"context":97},{"file":56,"line":152,"context":97},550,{"file":56,"line":152,"context":97},{"file":155,"line":87,"context":97},"scripts\\install\\actives-plugins.php",{"file":155,"line":36,"context":97},{"file":158,"line":159,"context":97},"scripts\\pages\\list.php",55,{"file":158,"line":159,"context":97},{"file":158,"line":162,"context":97},72,{"file":158,"line":164,"context":97},74,{"file":166,"line":167,"context":97},"scripts\\pages\\player.php",36,{"file":84,"line":169,"context":97},9,{"file":84,"line":171,"context":97},18,{"file":84,"line":173,"context":97},26,{"file":84,"line":175,"context":97},34,2,[],[179,203],{"entryPoint":180,"graph":181,"unsanitizedCount":14,"severity":202},"settingsPage (ChristianHymns_OptionsManager.php:264)",{"nodes":182,"edges":198},[183,188,192],{"id":184,"type":185,"label":186,"file":56,"line":187},"n0","source","$_POST[$aOptionKey]",275,{"id":189,"type":190,"label":191,"file":56,"line":187},"n1","transform","→ updateOption()",{"id":193,"type":194,"label":195,"file":56,"line":196,"wp_function":197},"n2","sink","update_option() [Settings Manipulation]",162,"update_option",[199,201],{"from":184,"to":189,"sanitized":200},false,{"from":189,"to":193,"sanitized":200},"low",{"entryPoint":204,"graph":205,"unsanitizedCount":14,"severity":202},"\u003CChristianHymns_OptionsManager> (ChristianHymns_OptionsManager.php:0)",{"nodes":206,"edges":210},[207,208,209],{"id":184,"type":185,"label":186,"file":56,"line":187},{"id":189,"type":190,"label":191,"file":56,"line":187},{"id":193,"type":194,"label":195,"file":56,"line":196,"wp_function":197},[211,212],{"from":184,"to":189,"sanitized":200},{"from":189,"to":193,"sanitized":200},{"summary":214,"deductions":215},"The 'christian-hymns' plugin v2.2 presents a mixed security posture. On the positive side, the plugin has a remarkably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed. Crucially, there are no known CVEs associated with this plugin, and its vulnerability history is clean, suggesting a generally well-maintained or less targeted codebase.  However, the static analysis reveals significant areas for improvement. The most concerning aspect is the output escaping, with only 9% of 46 outputs being properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, 17% of SQL queries are not using prepared statements, posing a risk of SQL injection.  The taint analysis shows two flows with unsanitized paths, which, while not classified as critical or high severity in this report, warrant attention as potential entry points for malicious input if not handled carefully. The lack of nonce checks and limited capability checks further contribute to potential vulnerabilities if any direct user input manipulation or unauthorized access were possible through other means.",[216,218,220,222],{"reason":217,"points":11},"Low output escaping percentage",{"reason":219,"points":33},"SQL queries not using prepared statements",{"reason":221,"points":33},"Taint flows with unsanitized paths",{"reason":223,"points":33},"Lack of nonce checks","2026-03-17T00:48:50.666Z",{"wat":226,"direct":239},{"assetPaths":227,"generatorPatterns":234,"scriptPaths":235,"versionParams":236},[228,229,230,231,232,233],"\u002Fwp-content\u002Fplugins\u002Fchristian-hymns\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fchristian-hymns\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fchristian-hymns\u002Fscripts\u002Finstall\u002Fcreate_categories.php","\u002Fwp-content\u002Fplugins\u002Fchristian-hymns\u002Fscripts\u002Finstall\u002Fcreate_page_list.php","\u002Fwp-content\u002Fplugins\u002Fchristian-hymns\u002Fscripts\u002Funinstall\u002Fdelete_categories.php","\u002Fwp-content\u002Fplugins\u002Fchristian-hymns\u002Fscripts\u002Funinstall\u002Fdelete_posts.php",[],[229],[237,238],"christian-hymns\u002Fcss\u002Fstyle.css?ver=","christian-hymns\u002Fjs\u002Fscript.js?ver=",{"cssClasses":240,"htmlComments":241,"htmlAttributes":242,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":252},[],[],[],[],[245,246,247,248,249,250,251],"CHRISTIAN_HYMNS","CHRISTIAN_HYMNS_URL","CHRISTIAN_HYMNS_DIR","CHRISTIAN_HYMNS_SITE","CHRISTIAN_HYMNS_PLUGIN_VERSION","CHRISTIAN_HYMNS_PLUGIN_DIR_PATH","CHRISTIAN_HYMNS_PLUGIN_BASENAME",[]]