[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQDez-p-63iR4kVXOyR69kTqfK9uXyYpemLOb9iY_kLg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":31,"analysis":32,"fingerprints":160},"cron-demo","Cron Developers Demo","1.1","Roland Rust","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdprx\u002F","\u003Cp>This is a demo for WordPress plugin developers. It demonstrates the pseudo cron scheduling feature.\u003C\u002Fp>\n","This is a demo for WordPress plugin developers. It demonstrates the pseudo cron scheduling feature.",10,4026,0,"2007-08-28T17:06:00.000Z","",[],"http:\u002F\u002Fwordpress.designpraxis.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcron-demo.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":24,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"wpdprx",9,180,88,30,86,"2026-04-05T02:06:33.743Z",[],{"attackSurface":33,"codeSignals":69,"taintFlows":92,"riskAssessment":149,"analyzedAt":159},{"hooks":34,"ajaxHandlers":61,"restRoutes":62,"shortcodes":63,"cronEvents":64,"entryPointCount":13,"unprotectedCount":13},[35,41,45,49,52,57],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","init","dprx_crondemo_init_locale","cron-demo.php",23,{"type":36,"name":42,"callback":43,"file":39,"line":44},"deactivate_cron-demo\u002Fcron-demo.php","dprx_crondemo_deactivate",31,{"type":36,"name":46,"callback":47,"file":39,"line":48},"admin_menu","dprx_crondemo_add_admin_pages",40,{"type":36,"name":37,"callback":50,"file":39,"line":51},"dprx_crondemo_setoptions",47,{"type":53,"name":54,"callback":55,"file":39,"line":56},"filter","cron_schedules","dprx_crondemo_more_reccurences",74,{"type":36,"name":58,"callback":59,"file":39,"line":60},"dprx_crondemo_hook","dprx_crondemo_trigger_schedule",81,[],[],[],[65,67],{"hook":58,"callback":58,"file":39,"line":66},61,{"hook":58,"callback":58,"file":39,"line":68},68,{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":73,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":91},[],{"prepared":13,"raw":13,"locations":72},[],{"escaped":13,"rawEcho":74,"locations":75},7,[76,79,81,83,85,87,89],{"file":39,"line":77,"context":78},111,"raw output",{"file":39,"line":80,"context":78},112,{"file":39,"line":82,"context":78},117,{"file":39,"line":84,"context":78},125,{"file":39,"line":86,"context":78},141,{"file":39,"line":88,"context":78},143,{"file":39,"line":90,"context":78},145,[],[93,111,132],{"entryPoint":94,"graph":95,"unsanitizedCount":109,"severity":110},"dprx_crondemo_options_page (cron-demo.php:90)",{"nodes":96,"edges":106},[97,101],{"id":98,"type":99,"label":100,"file":39,"line":82},"n0","source","$_SERVER['REQUEST_URI'] (x2)",{"id":102,"type":103,"label":104,"file":39,"line":82,"wp_function":105},"n1","sink","echo() [XSS]","echo",[107],{"from":98,"to":102,"sanitized":108},false,2,"medium",{"entryPoint":112,"graph":113,"unsanitizedCount":130,"severity":131},"dprx_crondemo_setoptions (cron-demo.php:48)",{"nodes":114,"edges":127},[115,118,121,125],{"id":98,"type":99,"label":116,"file":39,"line":117},"$_POST['dprx_crondemo_mail']",55,{"id":102,"type":103,"label":119,"file":39,"line":117,"wp_function":120},"update_option() [Settings Manipulation]","update_option",{"id":122,"type":99,"label":123,"file":39,"line":124},"n2","$_POST['dprx_crondemo_inseconds'] (x2)",58,{"id":126,"type":103,"label":119,"file":39,"line":124,"wp_function":120},"n3",[128,129],{"from":98,"to":102,"sanitized":108},{"from":122,"to":126,"sanitized":108},3,"low",{"entryPoint":133,"graph":134,"unsanitizedCount":148,"severity":131},"\u003Ccron-demo> (cron-demo.php:0)",{"nodes":135,"edges":144},[136,137,138,139,140,142],{"id":98,"type":99,"label":116,"file":39,"line":117},{"id":102,"type":103,"label":119,"file":39,"line":117,"wp_function":120},{"id":122,"type":99,"label":123,"file":39,"line":124},{"id":126,"type":103,"label":119,"file":39,"line":124,"wp_function":120},{"id":141,"type":99,"label":100,"file":39,"line":82},"n4",{"id":143,"type":103,"label":104,"file":39,"line":82,"wp_function":105},"n5",[145,146,147],{"from":98,"to":102,"sanitized":108},{"from":122,"to":126,"sanitized":108},{"from":141,"to":143,"sanitized":108},5,{"summary":150,"deductions":151},"The \"cron-demo\" plugin v1.1 exhibits a mixed security posture. On one hand, the absence of known vulnerabilities, SQL injection flaws, and external HTTP requests is positive. The fact that all SQL queries utilize prepared statements is also a strong security practice.  However, a significant concern arises from the complete lack of output escaping. This means that any data outputted by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks if it originates from untrusted user input or external sources. Additionally, the lack of any capability checks or nonce checks on the identified cron events, while the attack surface for these is currently zero, represents a potential future risk if new entry points are added without proper authorization checks.\n\nThe vulnerability history is clean, with no recorded CVEs. This suggests that the plugin has historically been well-maintained or has not attracted significant security scrutiny. However, the absence of vulnerabilities does not guarantee future security. The static analysis reveals a lack of output escaping as the most critical immediate risk. The plugin's strengths lie in its robust handling of database interactions and its lack of historical vulnerabilities. The primary weakness is the output sanitization, which needs immediate attention to mitigate XSS risks.",[152,155,157],{"reason":153,"points":154},"No output escaping",15,{"reason":156,"points":148},"Cron events lack capability checks",{"reason":158,"points":148},"Cron events lack nonce checks","2026-03-17T00:25:43.878Z",{"wat":161,"direct":167},{"assetPaths":162,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[163],"\u002Fwp-content\u002Fplugins\u002Fcron-demo\u002Flocale\u002F",[],[],[],{"cssClasses":168,"htmlComments":169,"htmlAttributes":171,"restEndpoints":178,"jsGlobals":179,"shortcodeOutput":180},[],[170],"\u003C!-- Thanks! -->",[172,173,174,175,176,177],"name=\"dprx_crondemo_mail\"","name=\"dprx_crondemo_inseconds\"","name=\"dprx_crondemo_recc\"","name=\"dprx_crondemo_stop\"","name=\"dprx_crondemo_submit\"","value=\"Cron Demo Schedule\"",[],[],[181,182,183,184,185],"\u003Cp>\u003Cb>Cron Demo is scheduled!\u003C\u002Fb>\u003C\u002Fp>","\u003Cp>Cron Demo is NOT scheduled!\u003C\u002Fp>","\u003Cp>Send an Email testing the cron feature:\u003C\u002Fp>","\u003Cp>Email address\u003C\u002Fp>","\u003Cp>Seconds from now until this schedule should be triggered:\u003C\u002Fp>"]