[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foG38_-xDQoEns4FLw-fWGIEmyBvsWrSPOMjn6wD8Uns":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":35,"fingerprints":140},"custom-nextpage","Custom Nextpage","1.1.1","webnist","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebnist\u002F","\u003Cp>MultiPage is a customizable plugin.\u003Cbr \u002F>\nCan any title on the page.\u003C\u002Fp>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwebnist\" rel=\"nofollow ugc\">Webnist\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Funderstandard\u002F\" rel=\"nofollow ugc\">understandard\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","MultiPage is a customizable plugin",200,9718,96,6,"2021-12-14T05:22:00.000Z","4.2.39","3.6","",[20],"nextpage-multipage","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-nextpage\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-nextpage.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},2,400,30,84,"2026-04-05T02:02:58.930Z",[],{"attackSurface":36,"codeSignals":102,"taintFlows":130,"riskAssessment":131,"analyzedAt":139},{"hooks":37,"ajaxHandlers":90,"restRoutes":95,"shortcodes":96,"cronEvents":101,"entryPointCount":29,"unprotectedCount":24},[38,43,47,50,56,59,62,65,68,71,75,79,83,85,88],{"type":39,"name":40,"callback":41,"file":42,"line":32},"action","loop_start","change_nextpage","custom-nextpage.php",{"type":44,"name":45,"callback":45,"file":42,"line":46},"filter","wp_link_pages",86,{"type":39,"name":48,"callback":48,"file":42,"line":49},"wp_enqueue_scripts",87,{"type":39,"name":51,"callback":52,"priority":53,"file":54,"line":55},"admin_print_scripts-post.php","admin_print_scripts",999,"includes\\class-admin-editor.php",9,{"type":39,"name":57,"callback":52,"priority":53,"file":54,"line":58},"admin_print_scripts-post-new.php",10,{"type":44,"name":60,"callback":60,"file":54,"line":61},"tiny_mce_version",11,{"type":44,"name":63,"callback":63,"file":54,"line":64},"mce_external_plugins",12,{"type":44,"name":66,"callback":66,"file":54,"line":67},"mce_buttons_3",13,{"type":44,"name":69,"callback":69,"file":54,"line":70},"mce_external_languages",14,{"type":39,"name":72,"callback":73,"file":54,"line":74},"admin_footer","editor_dialog",16,{"type":39,"name":76,"callback":77,"file":54,"line":78},"admin_enqueue_scripts","quicktags",18,{"type":39,"name":80,"callback":80,"file":81,"line":82},"admin_menu","includes\\class-admin-menu.php",7,{"type":39,"name":76,"callback":76,"file":81,"line":84},8,{"type":39,"name":86,"callback":87,"file":81,"line":55},"admin_init","add_general_custom_fields",{"type":44,"name":86,"callback":89,"file":81,"line":58},"add_custom_whitelist_options_fields",[91],{"action":92,"nopriv":93,"callback":92,"hasNonce":94,"hasCapCheck":93,"file":81,"line":61},"reset_css",false,true,[],[97],{"tag":98,"callback":99,"file":42,"line":100},"nextpage","shortcode",89,[],{"dangerousFunctions":103,"sqlUsage":104,"outputEscaping":106,"fileOperations":125,"externalRequests":24,"nonceChecks":125,"capabilityChecks":24,"bundledLibraries":126},[],{"prepared":24,"raw":24,"locations":105},[],{"escaped":61,"rawEcho":84,"locations":107},[108,111,113,115,117,119,121,123],{"file":42,"line":109,"context":110},231,"raw output",{"file":42,"line":112,"context":110},247,{"file":81,"line":114,"context":110},54,{"file":81,"line":116,"context":110},57,{"file":81,"line":118,"context":110},267,{"file":81,"line":120,"context":110},278,{"file":81,"line":122,"context":110},292,{"file":81,"line":124,"context":110},310,1,[127],{"name":128,"version":25,"knownCves":129},"TinyMCE",[],[],{"summary":132,"deductions":133},"The 'custom-nextpage' plugin version 1.1.1 presents a generally good security posture based on the provided static analysis. There are no identified dangerous functions, all SQL queries utilize prepared statements, and there are no known vulnerabilities in its history. The absence of external HTTP requests and taint analysis showing no unsanitized flows are also positive indicators. However, a significant concern arises from the output escaping, where only 58% of outputs are properly escaped. This means a notable portion of user-generated or dynamic content displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks if not handled carefully by the theme or other plugins. Additionally, the plugin has a capability check present, but it's not consistently applied across all entry points, leaving some potential for privilege escalation or unauthorized access if an attacker can manipulate the entry points.",[134,136],{"reason":135,"points":84},"Low percentage of properly escaped outputs",{"reason":137,"points":138},"Capability checks not consistently applied",5,"2026-03-16T20:27:48.126Z",{"wat":141,"direct":148},{"assetPaths":142,"generatorPatterns":144,"scriptPaths":145,"versionParams":146},[143],"\u002Fwp-content\u002Fplugins\u002Fcustom-nextpage\u002Fcss\u002Fcustom-nextpage-style.css",[],[],[147],"custom-nextpage\u002Fcss\u002Fcustom-nextpage-style.css?ver=",{"cssClasses":149,"htmlComments":157,"htmlAttributes":159,"restEndpoints":161,"jsGlobals":162,"shortcodeOutput":163},[150,151,152,153,154,155,156],"custom-page-links","page-link-box","page-links","first","previous","numpages","dots",[158],"\u003C!--nextpage-->",[160],"title",[],[],[164,158,165,166],"\u003Cp class=\"custom-page-links\">\n","\u003Cdiv class=\"page-link-box\">\n","\u003Cul class=\"page-links\">\n"]