[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhOpPO1HSvx91FfNBbal6MWSo7R7ePmimV4HLmkVO8IU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":53,"fingerprints":108},"cotacao-euro-hoje","Cotação Euro","1.1","febeckers","https:\u002F\u002Fprofiles.wordpress.org\u002Ffebeckers\u002F","\u003Cp>Cotação do Euro em relação ao Real (moeda do Brasil). Tenha a cotação do euro em seu site – atualizado diariamente direto do site do Banco Central do Brasil.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n","Cotação do Euro em relação ao Real (moeda do Brasil). Tenha a cotação do euro em seu site - atualizado diariamente direto do site do Banco Central do  &hellip;",10,3345,0,"2015-07-18T12:09:00.000Z","3.4.2","3.0.1","",[19,20],"cotacao-euro","euro-hoje","http:\u002F\u002Fwww.cotacaoeurohoje.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcotacao-euro-hoje.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},2,30,84,"2026-04-05T21:42:04.000Z",[33],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":13,"num_ratings":13,"last_updated":43,"tested_up_to":44,"requires_at_least":16,"requires_php":45,"tags":46,"homepage":51,"download_link":52,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"cotacao-moedas-hoje","Cotação Moedas","1.0.2","Miguel Ninno Daipré","https:\u002F\u002Fprofiles.wordpress.org\u002Fmigueldaipre\u002F","\u003Cp>Tenha a Cotação do Dólar, Euro e Iene diretamente no cabeçalho do seu site ou utilize o shortcode para adicionar a cotação em qualquer lugar do seu site. É possível escolher as moedas que serão mostradas, as informações de preços são obtidos diariamente do Banco Central do Brasil, é mostrado tanto o valor de compra como o valor de venda da moeda em relação ao Real (R$).\u003Cbr \u002F>\nNovas moedas serão adicionadas. Aguarde atualizações\u003C\u002Fp>\n","Cotação do Dólar, Euro e Iene em relação ao Real (R$). Todos os dados são buscados do Banco Central do Brasil diariamente pelo Web Service.",100,11160,"2019-10-10T16:48:00.000Z","5.1.22","5.6",[47,48,49,20,50],"cotacao","cotacao-moedas","dolar-hoje","iene-hoje","https:\u002F\u002Fgithub.com\u002Fmigueldaipre\u002Fwp-cotacao-moedas-hoje","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcotacao-moedas-hoje.zip",{"attackSurface":54,"codeSignals":66,"taintFlows":93,"riskAssessment":94,"analyzedAt":107},{"hooks":55,"ajaxHandlers":62,"restRoutes":63,"shortcodes":64,"cronEvents":65,"entryPointCount":13,"unprotectedCount":13},[56],{"type":57,"name":58,"callback":59,"file":60,"line":61},"action","widgets_init","anonymous","index.php",115,[],[],[],[],{"dangerousFunctions":67,"sqlUsage":71,"outputEscaping":73,"fileOperations":13,"externalRequests":91,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":92},[68],{"fn":69,"file":60,"line":61,"context":70},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"cotaocaEuro\");'));",{"prepared":13,"raw":13,"locations":72},[],{"escaped":13,"rawEcho":74,"locations":75},8,[76,79,81,83,85,86,88,89],{"file":60,"line":77,"context":78},45,"raw output",{"file":60,"line":80,"context":78},50,{"file":60,"line":82,"context":78},52,{"file":60,"line":84,"context":78},54,{"file":60,"line":84,"context":78},{"file":60,"line":87,"context":78},55,{"file":60,"line":87,"context":78},{"file":60,"line":90,"context":78},60,1,[],[],{"summary":95,"deductions":96},"The \"cotacao-euro-hoje\" v1.1 plugin exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) and the plugin demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively. It also avoids file operations and external HTTP requests, which can sometimes be vectors for attack.  However, several concerning signals were identified in the static analysis.\n\nThe primary concern is the complete absence of output escaping for all identified output points. This means that any data displayed by the plugin, if it originates from an untrusted source (even if not evident in the provided data), could potentially be manipulated to execute arbitrary code or display malicious content to users, leading to cross-site scripting (XSS) vulnerabilities. Additionally, the use of the `create_function` construct is a deprecated and inherently risky practice, often associated with security vulnerabilities in older PHP code. The lack of any nonce or capability checks on the identified entry points, although the number of entry points is zero, still indicates a potential oversight if any entry points were to be introduced without proper security.\n\nGiven the clean vulnerability history and the absence of taint flows or known CVEs, it suggests that the plugin might not have been actively targeted or that previous versions did not contain exploitable flaws. However, the static analysis findings point to inherent weaknesses that could be exploited if an attacker discovers a way to inject data into the plugin's output or if new entry points are added without robust security measures. Therefore, while the plugin has no known history of being compromised, the identified code signals present a clear and present risk.",[97,100,102,105],{"reason":98,"points":99},"All outputs are unescaped",15,{"reason":101,"points":74},"Use of dangerous function: create_function",{"reason":103,"points":104},"No nonce checks",5,{"reason":106,"points":104},"No capability checks","2026-03-17T00:53:38.531Z",{"wat":109,"direct":116},{"assetPaths":110,"generatorPatterns":112,"scriptPaths":113,"versionParams":114},[111],"\u002Fwp-content\u002Fplugins\u002Fcotacao-euro-hoje\u002Fcss\u002Fcotacaoeuro.css",[],[],[115],"cotacao-euro-hoje\u002Fcss\u002Fcotacaoeuro.css?ver=",{"cssClasses":117,"htmlComments":119,"htmlAttributes":120,"restEndpoints":121,"jsGlobals":122,"shortcodeOutput":123},[118],"cotacaoeuro",[],[],[],[],[]]