[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fV_QSuHvDDZSXHg5jG1g19GysBSNR6GcXxekFQkF_UWE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":114},"corona-virus-alert-bar","Coronavirus Alert Bar","1.0.4","Ryan Bracey","https:\u002F\u002Fprofiles.wordpress.org\u002Fbraceomatic88\u002F","\u003Cp>Quickly add an alert bar for COVID-19 information to your website\u003C\u002Fp>\n\u003Cp>For a non COVID-19 specific alert bar, please check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-alert-bar\u002F\" rel=\"ugc\">WordPress Alert Bar\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom Colors to match your site branding\u003C\u002Fli>\n\u003Cli>Ability to include coronavirus icon\u003C\u002Fli>\n\u003Cli>Custom title, message and call to action ( all items are optional and fully conditional)\u003C\u002Fli>\n\u003Cli>Ability to display banner across your entire site or just the homepage\u003C\u002Fli>\n\u003C\u002Ful>\n","Quickly add an alert bar for COVID-19 information to your website",50,3519,100,2,"2021-05-10T17:45:00.000Z","5.7.15","4.7.0","5.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcorona-virus-alert-bar.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"braceomatic88",70,89,30,86,"2026-04-04T06:53:29.363Z",[],{"attackSurface":36,"codeSignals":66,"taintFlows":101,"riskAssessment":102,"analyzedAt":113},{"hooks":37,"ajaxHandlers":62,"restRoutes":63,"shortcodes":64,"cronEvents":65,"entryPointCount":23,"unprotectedCount":23},[38,44,48,53,57,59],{"type":39,"name":40,"callback":41,"priority":13,"file":42,"line":43},"action","wp_enqueue_scripts","mbcvab_enqueue_public_assets","coronavirus-alert-bar.php",13,{"type":39,"name":45,"callback":46,"file":42,"line":47},"customize_register","mbcvab_add_section",22,{"type":39,"name":49,"callback":50,"priority":51,"file":42,"line":52},"wp_head","mbcvab",99,208,{"type":39,"name":54,"callback":55,"file":42,"line":56},"wp_footer","mbcvab_closer_script",212,{"type":39,"name":54,"callback":55,"file":42,"line":58},235,{"type":39,"name":49,"callback":60,"file":42,"line":61},"mbcvab_index_css_styles",282,[],[],[],[],{"dangerousFunctions":67,"sqlUsage":68,"outputEscaping":70,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":100},[],{"prepared":23,"raw":23,"locations":69},[],{"escaped":23,"rawEcho":71,"locations":72},14,[73,76,78,80,82,83,85,87,89,91,92,94,96,98],{"file":42,"line":74,"context":75},217,"raw output",{"file":42,"line":77,"context":75},221,{"file":42,"line":79,"context":75},224,{"file":42,"line":81,"context":75},227,{"file":42,"line":81,"context":75},{"file":42,"line":84,"context":75},240,{"file":42,"line":86,"context":75},244,{"file":42,"line":88,"context":75},247,{"file":42,"line":90,"context":75},250,{"file":42,"line":90,"context":75},{"file":42,"line":93,"context":75},287,{"file":42,"line":95,"context":75},288,{"file":42,"line":97,"context":75},289,{"file":42,"line":99,"context":75},293,[],[],{"summary":103,"deductions":104},"The 'corona-virus-alert-bar' plugin exhibits a seemingly strong security posture from static analysis, with no identified attack surface points like AJAX handlers, REST API routes, or shortcodes that lack authorization checks. The code also shows no dangerous functions, file operations, external HTTP requests, or bundled libraries, which are all positive indicators. Furthermore, all SQL queries are prepared statements, and there are no recorded vulnerabilities or CVEs in its history, suggesting a history of responsible development and maintenance.\n\nHowever, a significant concern arises from the complete lack of output escaping (0% properly escaped). This is a critical oversight, as it means any data processed and displayed by the plugin, if it originates from user input or other untrusted sources, could be susceptible to Cross-Site Scripting (XSS) attacks. While taint analysis shows no identified unsanitized flows, this is likely due to the limited scope of analysis or the absence of complex data processing within the plugin. The complete absence of nonces and capability checks across all entry points, although there are no identified entry points, means that if any such points were to be introduced in the future without proper security, they would be inherently unprotected.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and avoids common risky practices like raw SQL and dangerous functions, the critical lack of output escaping represents a significant and immediate security risk that could lead to XSS vulnerabilities. The absence of built-in security checks like nonces and capability checks also poses a latent risk if the plugin's functionality expands in the future.",[105,108,111],{"reason":106,"points":107},"Output escaping is missing",20,{"reason":109,"points":110},"No nonce checks",5,{"reason":112,"points":110},"No capability checks","2026-03-16T21:58:20.676Z",{"wat":115,"direct":123},{"assetPaths":116,"generatorPatterns":120,"scriptPaths":121,"versionParams":122},[117,118,119],"\u002Fwp-content\u002Fplugins\u002Fcorona-virus-alert-bar\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcorona-virus-alert-bar\u002Fcss\u002Fall.css","\u002Fwp-content\u002Fplugins\u002Fcorona-virus-alert-bar\u002Fimages\u002Fcorona-virus.svg",[],[],[],{"cssClasses":124,"htmlComments":129,"htmlAttributes":130,"restEndpoints":136,"jsGlobals":137,"shortcodeOutput":138},[125,126,127,128],"cv-alert-bar","cv-alert-icon","cv-alert-message","cv-alert-title",[],[131,132,133,134,135],"data-background-color","data-border-color","data-text-color","data-link-color","data-cta-target-blank",[],[],[]]