[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fe4UajayX7aNBauK3hI6UibTTMNeOL8CsJ8rnjjAu9hQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":132,"fingerprints":210},"conversejs","ConverseJS","4.2.0","brjhcxnnwqjevwc","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrjhcxnnwqjevwc\u002F","\u003Cp>Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.\u003C\u002Fp>\n\u003Cp>It’s similar to Facebook chat, but also supports multi-user chatrooms.\u003C\u002Fp>\n\u003Cp>Converse.js can connect to any accessible XMPP\u002FJabber server, either from a public provider such as chatme.im, or to one you have set up yourself.\u003C\u002Fp>\n\u003Cp>For more information, check out \u003Ca href=\"https:\u002F\u002Fconversejs.org\u002F\" rel=\"nofollow ugc\">conversejs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmotostorie.blog\u002F\" rel=\"nofollow ugc\">MotoStorie\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Special Thanks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>To my sister for having tolerated\u003C\u002Fli>\n\u003Cli>My work for the economic support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Single-user chat\u003C\u002Fli>\n\u003Cli>Multi-user chatrooms \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0045.html\" rel=\"nofollow ugc\">XEP 45\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Direct invitations to chat rooms \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0249.html\" rel=\"nofollow ugc\">XEP 249\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>vCard support \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0054.html\" rel=\"nofollow ugc\">XEP 54\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Service discovery \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0030.html\" rel=\"nofollow ugc\">XEP 30\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>In-band registration \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0077.html\" rel=\"nofollow ugc\">XEP 77\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact rosters and groups\u003C\u002Fli>\n\u003Cli>Contact subscriptions\u003C\u002Fli>\n\u003Cli>Roster item exchange \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Ftmp\u002Fxep-0144-1.1.html\" rel=\"nofollow ugc\">XEP 144\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chat statuses (online, busy, away, offline)\u003C\u002Fli>\n\u003Cli>Custom status messages\u003C\u002Fli>\n\u003Cli>Typing and chat state notifications \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0085.html\" rel=\"nofollow ugc\">XEP 85\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Desktop notification messages\u003C\u002Fli>\n\u003Cli>Messages appear in all connected chat clients \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0280.html\" rel=\"nofollow ugc\">XEP 280\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Third person “\u002Fme” messages \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0245.html\" rel=\"nofollow ugc\">XEP 245\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>XMPP Ping \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0199.html\" rel=\"nofollow ugc\">XEP 199\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Server-side archiving of messages \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0313.html\" rel=\"nofollow ugc\">XEP 313\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Client state indication \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0352.html\" rel=\"nofollow ugc\">XEP 352\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Off-the-record encryption\u003C\u002Fli>\n\u003Cli>Translated into 16 languages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hand-crafted, and made with love, in Padova, Italy.\u003C\u002Fp>\n\u003Cp>Based on \u003Ca href=\"http:\u002F\u002Fconversejs.org\u002F\" rel=\"nofollow ugc\">Converse.js\u003C\u002Fa>.\u003C\u002Fp>\n","Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.",10,17379,72,5,"","6.4.8","4.6","7.3",[20,21,22,23,24],"chat","converse","irc","jabber","xmpp","https:\u002F\u002Fconversejs.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconversejs.4.2.0.zip",100,0,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},2,40,93,30,89,"2026-04-04T05:22:58.936Z",[40,59,78,97,116],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":15,"tags":52,"homepage":55,"download_link":56,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":58},"p3chat","P3chat","1.2.1","Sergey.S.Betke","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeysbetkenovgaroru\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fabout\" rel=\"nofollow ugc\">Sergey S. Betke\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat\" rel=\"nofollow ugc\">http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides support for \u003Ca href=\"http:\u002F\u002Fp3chat.com\" rel=\"nofollow ugc\">online chat p3chat service\u003C\u002Fa> (online chat, offline messages)\u003Cbr \u002F>\non Your wordpress website.\u003C\u002Fp>\n\u003Ch3>ToDo\u003C\u002Fh3>\n\u003Cp>The next version or later:\u003C\u002Fp>\n\u003Col>\n\u003Cli>images for buttons\u003C\u002Fli>\n\u003Cli>auto registration at p3chat.com (by open-id)\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin provides support for p3chat.com online chat service on Your wordpress website.",3182,"2011-09-08T10:40:00.000Z","3.2.1","3.0.0",[20,23,53,54,24],"msn","msnp","http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fp3chat.zip",85,"2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":34,"downloaded":67,"rating":27,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":15,"tags":72,"homepage":76,"download_link":77,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":58},"chathispano","ChatHispano","1.2.2","Toni Garcia","https:\u002F\u002Fprofiles.wordpress.org\u002Ftonigarcia\u002F","\u003Cp>English:\u003Cbr \u002F>\nThe plugin allows a webmaster to insert webchat to chat in the ChatHispano Chat\u002FIRC Network.\u003C\u002Fp>\n\u003Cp>Spanish:\u003Cbr \u002F>\nEste plugin permite a un webmaster insertar un webchat para chatear en la red de IRC\u002FChat de ChatHispano.\u003C\u002Fp>\n","Integra los servicios de la red de IRC & Chat de ChatHispano en tu WordPress. Inserta un Webchat en tu Web para chatear y conocer a la gente.",3403,1,"2020-05-25T11:35:00.000Z","5.4.19","5.4",[20,73,22,74,75],"gente","network","webchat","http:\u002F\u002Fgithub.com\u002FIRCHispano","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchathispano.1.2.2.zip",{"slug":79,"name":80,"version":43,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":86,"num_ratings":68,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":15,"tags":90,"homepage":95,"download_link":96,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":58},"custom-google-talk-chatback","Custom Google Talk Chatback","MrVictor","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrvictor\u002F","\u003Cp>Embed links to your Google Talk Chatback. Display different things when online or offline. The plugin is made to be highly customizable.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom “start chat link” and “offline text”. Use text or image.\u003C\u002Fli>\n\u003Cli>Display things depending on if the user is online or offline\u003C\u002Fli>\n\u003Cli>Widget, Shortcode and Template Tag support\u003C\u002Fli>\n\u003Cli>Translatable (send them to us if you make any)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>Go to the \u003Ca href=\"http:\u002F\u002Fintervaro.se\u002Fcustom-google-talk-chatback-wordpress-plugin\" rel=\"nofollow ugc\">Plugin Home Page over at Intervaro Web Agency\u003C\u002Fa> to give feedback or propose a feature!\u003C\u002Fp>\n\u003Cp>Special thanks to \u003Ca href=\"http:\u002F\u002Fisraelwebdev.wordpress.com\u002F2009\u002F02\u002F05\u002Fgoogle-talk-status-api-in-php\" rel=\"nofollow ugc\">Israelwebdev\u003C\u002Fa> who made the script that makes it possible to check if a user is online or offline.\u003C\u002Fp>\n","Easily embed Goole Talk Chatback on your site for online chat support. Widget, Shortcode and Template Tag support!",9471,80,"2011-05-22T09:52:00.000Z","3.1.4","2.5",[91,92,93,94,23],"google","google-talk","google-talk-chatback","gtalk","http:\u002F\u002Fintervaro.se\u002Fcustom-google-talk-chatback-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-google-talk-chatback.1.2.1.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":27,"num_ratings":33,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":112,"download_link":113,"security_score":114,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":115},"ejabberd-account-tools","Ejabberd Account Tools","2.11","Beherit","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeherit\u002F","\u003Cp>Provides a set of useful tools for the ejabberd server, both for the frontend and backend spaces of websites running on the WordPress engine. You will be able to place on any page e.g. new account registration form, account password reset form, webpresence support. From the administration panel side you will gain access to e.g. blocking accounts, unblocking IP addresses from the fail2ban database and sending system messages to specific users. The plugin for communication with the ejabberd server uses the ReST API from the mod_http_api module, you only need to properly configure the ejabberd server in accordance with the guidelines from the plugin settings, type the url address of the ejabberd server ReST API and insert shortcodes on any page.\u003C\u002Fp>\n","Provides a set of useful tools for the ejabberd server, both for the frontend and backend spaces",16239,"2025-02-12T15:54:00.000Z","6.6.5","5.9","8.0",[111,23,24],"ejabberd","https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Fejabberd-account-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fejabberd-account-tools.2.11.zip",92,"2026-03-15T14:54:45.397Z",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":28,"num_ratings":28,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":15,"tags":128,"homepage":130,"download_link":131,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":58},"geekshed-embed","GeekShed Embed","2.0.1","Ryan Murphy","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanmurphy\u002F","\u003Cp>GeekShed Embed allows a user to easily embed a \u003Ca href=\"http:\u002F\u002Fgeekshed.net\" rel=\"nofollow ugc\">GeekShed IRC\u003C\u002Fa> channel (chat room) onto their website. In additions to creating it via the options page, there are also two shortcodes that allow for use in page and\u002For post. Two other shortcodes are also included; one will display a list of users currently in the room, and the other will display a small userbadge with the number of chatters in the room.\u003C\u002Fp>\n\u003Cp>Comments, questions, suggestions? Post them at\u003C\u002Fp>\n","Easily add a GeekShed IRC channel (chat room) onto your site. Also includes shortcodes for other items provided by GeekShed",2907,"2012-07-16T16:43:00.000Z","3.4.2","2.7.0",[20,129,22],"geekshed","http:\u002F\u002Fgeekshed.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeekshed-embed.2.0.1.zip",{"attackSurface":133,"codeSignals":168,"taintFlows":199,"riskAssessment":200,"analyzedAt":209},{"hooks":134,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":28,"unprotectedCount":28},[135,141,145,149,152,155,160],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","plugins_loaded","init","conversejs.php",60,{"type":136,"name":142,"callback":143,"file":139,"line":144},"wp_enqueue_scripts","get_converse_head",66,{"type":136,"name":146,"callback":147,"file":139,"line":148},"admin_menu","converse_menu",71,{"type":136,"name":150,"callback":151,"file":139,"line":13},"admin_init","register_converse_mysettings",{"type":136,"name":150,"callback":153,"file":139,"line":154},"conversejs_add_privacy_policy_content",73,{"type":156,"name":157,"callback":158,"file":139,"line":159},"filter","user_contactmethods","add_user_conversejs_xmpp",74,{"type":156,"name":161,"callback":162,"priority":11,"file":139,"line":163},"wp_resource_hints","add_resource_hints",75,[],[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":176,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":68,"bundledLibraries":198},[],{"prepared":28,"raw":68,"locations":171},[172],{"file":173,"line":174,"context":175},"uninstall.php",12,"$wpdb->get_col() with variable interpolation",{"escaped":34,"rawEcho":177,"locations":178},9,[179,182,184,186,188,190,192,194,196],{"file":139,"line":180,"context":181},354,"raw output",{"file":139,"line":183,"context":181},365,{"file":139,"line":185,"context":181},372,{"file":139,"line":187,"context":181},386,{"file":139,"line":189,"context":181},393,{"file":139,"line":191,"context":181},400,{"file":139,"line":193,"context":181},422,{"file":139,"line":195,"context":181},463,{"file":139,"line":197,"context":181},543,[],[],{"summary":201,"deductions":202},"Based on the provided static analysis, ConverseJS v4.2.0 presents a strong initial security posture. The absence of any identified CVEs, critical taint flows, or dangerous functions is highly positive. The attack surface is zero, meaning no direct entry points like AJAX handlers, REST API routes, or shortcodes are exposed without protection. This indicates a good practice of either not exposing these functionalities or ensuring they are appropriately secured.\n\nHowever, the analysis does highlight a few areas for concern. The presence of one SQL query that does not use prepared statements is a significant risk. Unprepared SQL queries are susceptible to SQL injection vulnerabilities, which could allow attackers to manipulate database queries and potentially gain unauthorized access or data. While the percentage of properly escaped output is high at 82%, the remaining 18% of unescaped outputs could still lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved.\n\nIn conclusion, ConverseJS v4.2.0 exhibits good security practices in many areas, particularly regarding its limited attack surface and lack of historical vulnerabilities. Nevertheless, the identified raw SQL query and potential for unescaped output represent critical vulnerabilities that need immediate attention to maintain a robust security profile.",[203,206],{"reason":204,"points":205},"Raw SQL query without prepared statements",7,{"reason":207,"points":208},"18% of output not properly escaped",4,"2026-03-16T23:30:03.314Z",{"wat":211,"direct":220},{"assetPaths":212,"generatorPatterns":215,"scriptPaths":216,"versionParams":217},[213,214],"\u002Fwp-content\u002Fplugins\u002Fconversejs\u002Fcss\u002Fconverse.min.css","\u002Fwp-content\u002Fplugins\u002Fconversejs\u002Fjs\u002Fconverse.min.js",[],[214],[218,219],"conversejs\u002Fcss\u002Fconverse.min.css?ver=","conversejs\u002Fjs\u002Fconverse.min.js?ver=",{"cssClasses":221,"htmlComments":228,"htmlAttributes":231,"restEndpoints":239,"jsGlobals":240,"shortcodeOutput":241},[222,223,224,225,226,227],"converse-login-container","converse-connected-container","chat-sidebar","converse-roster-view","converse-muc-view","converse-chat-view",[229,230],"\u003C!-- Converse.js chat initialization -->","\u003C!-- ChatMe XMPP User Registration -->",[232,233,234,235,236,237,238],"data-conversejs-bosh-service-url","data-conversejs-auto-join-rooms","data-conversejs-registration-domain","data-conversejs-default-domain","data-conversejs-providers-link","data-conversejs-placeholder","data-conversejs-theme",[],[21],[242],"[conversejs_chat]"]