[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB7dlhgMwTKAOw6Z7JnNKLujQqd4WabzLuNMQ4lAwT7w":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":9,"tested_up_to":9,"requires_at_least":9,"requires_php":9,"tags":13,"homepage":14,"download_link":15,"security_score":16,"vuln_count":12,"unpatched_count":12,"last_vuln_date":17,"fetched_at":18,"vulnerabilities":19,"developer":20,"crawl_stats":17,"alternatives":27,"analysis":28,"fingerprints":94},"css-naked-day","CSS Naked Day","0.4","fergbrain","https:\u002F\u002Fprofiles.wordpress.org\u002Ffergbrain\u002F","",10,2007,0,[],"http:\u002F\u002Fwww.andrewferguson.net\u002Fwordpress-plugins\u002F#naked","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcss-naked-day.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":21,"total_installs":22,"avg_security_score":23,"avg_patch_time_days":24,"trust_score":25,"computed_at":26},7,1260,89,30,86,"2026-04-04T15:34:54.138Z",[],{"attackSurface":29,"codeSignals":35,"taintFlows":51,"riskAssessment":79,"analyzedAt":93},{"hooks":30,"ajaxHandlers":31,"restRoutes":32,"shortcodes":33,"cronEvents":34,"entryPointCount":12,"unprotectedCount":12},[],[],[],[],[],{"dangerousFunctions":36,"sqlUsage":42,"outputEscaping":44,"fileOperations":45,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":50},[37],{"fn":38,"file":39,"line":40,"context":41},"unserialize","afdn_cssNaked.php",42,"$getOptions = unserialize(get_option(\"afdn_cssNaked\"));",{"prepared":12,"raw":12,"locations":43},[],{"escaped":12,"rawEcho":45,"locations":46},1,[47],{"file":39,"line":48,"context":49},62,"raw output",[],[52,71],{"entryPoint":53,"graph":54,"unsanitizedCount":45,"severity":70},"afdn_cssNaked_myOptionsSubpanel (afdn_cssNaked.php:30)",{"nodes":55,"edges":67},[56,61],{"id":57,"type":58,"label":59,"file":39,"line":60},"n0","source","$_POST",38,{"id":62,"type":63,"label":64,"file":39,"line":65,"wp_function":66},"n1","sink","update_option() [Settings Manipulation]",40,"update_option",[68],{"from":57,"to":62,"sanitized":69},false,"low",{"entryPoint":72,"graph":73,"unsanitizedCount":45,"severity":70},"\u003Cafdn_cssNaked> (afdn_cssNaked.php:0)",{"nodes":74,"edges":77},[75,76],{"id":57,"type":58,"label":59,"file":39,"line":60},{"id":62,"type":63,"label":64,"file":39,"line":65,"wp_function":66},[78],{"from":57,"to":62,"sanitized":69},{"summary":80,"deductions":81},"The 'css-naked-day' plugin version 0.4 exhibits a concerning security posture despite an absence of known vulnerabilities and a limited attack surface. The static analysis reveals a significant weakness: the presence of the `unserialize` function without any clear security controls. This function is notoriously dangerous as it can lead to Remote Code Execution (RCE) if an attacker can control the serialized data that is unserialized. Furthermore, the analysis indicates that 100% of output is not properly escaped, meaning that any dynamic content displayed by the plugin is vulnerable to Cross-Site Scripting (XSS) attacks. While the plugin avoids common pitfalls like raw SQL queries or unauthenticated AJAX\u002FREST endpoints, the identified risks are substantial. The lack of any recorded CVEs is a positive indicator, but it does not negate the critical security flaws present in the code itself. This plugin should be considered high risk due to the potential for RCE and XSS until these issues are addressed.",[82,85,88,91],{"reason":83,"points":84},"Dangerous unserialize function used",15,{"reason":86,"points":87},"Output not properly escaped",8,{"reason":89,"points":90},"No nonce checks",5,{"reason":92,"points":90},"No capability checks","2026-03-16T23:19:38.275Z",{"wat":95,"direct":100},{"assetPaths":96,"generatorPatterns":97,"scriptPaths":98,"versionParams":99},[],[],[],[],{"cssClasses":101,"htmlComments":102,"htmlAttributes":103,"restEndpoints":104,"jsGlobals":105,"shortcodeOutput":109},[],[],[],[],[106,107,108],"DustinsNakedDay_isToday","DustinsNakedDay_allPages","DustinsNakedDay_getNaked",[]]