[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCr8V73uXujyYMWWRb62H9p88UrfcaqYHOUrGY9r1rrM":3,"$fd52edUwjErtyJd5MaW4Urv_NgwOx1AjuQkDJnYwW2t4":156,"$fCAJDHYM3dMhts2_N8_d7_iULIEqZE__uFtGlj7Ty1JU":161},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":9,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":60,"fingerprints":117},"cstris","CS Tris","0.0.2","Carlo Sorrentino","https:\u002F\u002Fprofiles.wordpress.org\u002Fscarlo70\u002F","","This is the classic Tic Tac Toe game, 4 levels of difficulty from chicken to deus. Game is enabled and played as a widged.",10,2065,0,"2025-07-06T18:03:00.000Z","3.3.2","2.0",[18,19,20,21,22],"noughts-and-crosses","tic-tac-toe","tris","tris-game","wick-wack-woe","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcstris\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcstris.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"scarlo70",1,30,94,"2026-05-20T05:43:22.521Z",[37],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":9,"requires_php":50,"tags":51,"homepage":57,"download_link":58,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"wp-tic-tac-toe","Wp Tic-Tac-Toe","1.8","Geeky Nigeria","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnvictor82\u002F","\u003Cp>Wp Tic-Tac-Toe allows visitors to play the game on your website, thereby driving engagement. There are four defined levels; Beginner, Learner, Pro, and Geek. Players can choose to learn with the Beginner & Learner Levels or Play to Beat the AI in Pro and Geek.\u003C\u002Fp>\n\u003Cp>The Game can be added to any page or post via an easily accessible shortcode, [wp-tic-tac-toe] or conveniently set up on a sidebar in Appearance >> Widgets. Add the plugin, and you are ready to play!\u003C\u002Fp>\n\u003Cp>Major features in Wp Tic-Tac-Toe include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Increasing Levels of Difficulty.\u003C\u002Fli>\n\u003Cli>Shortcode for Page\u002FPost Inclusion.  \u003C\u002Fli>\n\u003Cli>Low memory usage.\u003C\u002Fli>\n\u003Cli>Well designed Game Layout\u003C\u002Fli>\n\u003C\u002Ful>\n","Drive engagement to your website with the Tic-Tac-Toe Game.",70,4237,4,"2025-06-30T15:47:00.000Z","6.8.5","8.0",[52,53,54,55,56],"geeky-nigeria","play-tic-tac-toe-on-wordpress","simple-tic-tac-toe-game","tic-tac-toe-game-for-wordpress","wordpress-tic-tac-toe-plugin","https:\u002F\u002Fgeeky.com.ng\u002Fwp-tic-tac-toe-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tic-tac-toe.1.8.zip","2026-04-16T10:56:18.058Z",{"attackSurface":61,"codeSignals":77,"taintFlows":101,"riskAssessment":102,"analyzedAt":116},{"hooks":62,"ajaxHandlers":73,"restRoutes":74,"shortcodes":75,"cronEvents":76,"entryPointCount":13,"unprotectedCount":13},[63,69],{"type":64,"name":65,"callback":66,"file":67,"line":68},"action","widgets_init","anonymous","cstris.php",130,{"type":64,"name":70,"callback":71,"file":67,"line":72},"init","cstris_init",135,[],[],[],[],{"dangerousFunctions":78,"sqlUsage":82,"outputEscaping":84,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":100},[79],{"fn":80,"file":67,"line":68,"context":81},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget(\"cstris_widget\");' ) );",{"prepared":13,"raw":13,"locations":83},[],{"escaped":32,"rawEcho":85,"locations":86},7,[87,90,92,94,96,98,99],{"file":67,"line":88,"context":89},54,"raw output",{"file":67,"line":91,"context":89},57,{"file":67,"line":93,"context":89},101,{"file":67,"line":95,"context":89},121,{"file":67,"line":97,"context":89},122,{"file":67,"line":97,"context":89},{"file":67,"line":97,"context":89},[],[],{"summary":103,"deductions":104},"The \"cstris\" plugin v0.0.2 exhibits a mixed security posture. On one hand, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication or permission checks. Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are positive indicators. However, several significant concerns are present. The use of the `create_function` is a critical code signal indicating potential for dangerous code execution if inputs are not rigorously sanitized. The extremely low percentage of properly escaped output (13%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly in the browser without proper encoding.\n\nThe vulnerability history for this plugin is completely clean, with no recorded CVEs. This, combined with the limited entry points and secure SQL handling, might suggest a relatively safe plugin in terms of known exploits. However, the presence of `create_function` and the overwhelming lack of output escaping represent inherent risks that are not reflected in the vulnerability history. This could mean that the plugin has either not been thoroughly audited for these specific types of vulnerabilities or that potential attackers have not yet discovered or exploited them. The absence of nonce checks and capability checks on any potential entry points (though none were found to exist in this analysis) would be a concern if any were present.",[105,108,111,114],{"reason":106,"points":107},"Use of dangerous function: create_function",15,{"reason":109,"points":110},"Low output escaping percentage",12,{"reason":112,"points":113},"Missing nonce checks",5,{"reason":115,"points":113},"Missing capability checks","2026-03-16T23:18:06.680Z",{"wat":118,"direct":127},{"assetPaths":119,"generatorPatterns":122,"scriptPaths":123,"versionParams":124},[120,121],"\u002Fwp-content\u002Fplugins\u002Fcstris\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcstris\u002Fjs\u002Fcstris.js",[],[121],[125,126],"cstris\u002Fcss\u002Fstyle.css?ver=","cstris\u002Fjs\u002Fcstris.js?ver=",{"cssClasses":128,"htmlComments":131,"htmlAttributes":132,"restEndpoints":150,"jsGlobals":151,"shortcodeOutput":155},[129,130],"cstris_popup","cstris_result",[],[133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149],"id=\"cstris_grid\"","name=\"rc11\"","name=\"rc12\"","name=\"rc13\"","name=\"rc21\"","name=\"rc22\"","name=\"rc23\"","name=\"rc31\"","name=\"rc32\"","name=\"rc33\"","name=\"csgrid_scores\"","name=\"scores2\"","name=\"leve0\"","id=\"leve0\"","id=\"level\"","id=\"leve2\"","id=\"leve3\"",[],[152,153,154],"setbutton","setlevel","cstris_closex",[],{"error":157,"url":158,"statusCode":159,"statusMessage":160,"message":160},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcstris\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":162},[]]