[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6eYxbvpc3rzPNoTmBuZ390PSz8BHOMJ06Ym9FwFuLyw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":148},"customizr-addons","Customizr Addons","1.1.2","presscustomizr","https:\u002F\u002Fprofiles.wordpress.org\u002Fnikeo\u002F","\u003Cp>\u003Cstrong>Addons for the Customizr WordPress theme.\u003C\u002Fstrong>\u003Cbr \u002F>\nThe Customizr Addons is a WordPress plugin designed specifically for the Customizr WordPress theme. It is the companion of the Customizr theme for all current and future features considered as “plugin territory”. It includes a social share bar.\u003C\u002Fp>\n","Lightweight addons plugin for the Customizr WordPress theme.",70,4255,0,"2021-07-20T14:35:00.000Z","5.8.13","3.4","",[19,20],"customizr","customizr-theme","http:\u002F\u002Fpresscustomizr.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomizr-addons.1.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"nikeo",4,80070,90,620,72,"2026-04-04T22:02:09.630Z",[],{"attackSurface":37,"codeSignals":92,"taintFlows":136,"riskAssessment":137,"analyzedAt":147},{"hooks":38,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":91,"entryPointCount":13,"unprotectedCount":13},[39,45,49,55,58,62,67,71,76,80,84],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_notices","czra_admin_notice","customizr-addons.php",45,{"type":40,"name":46,"callback":47,"file":43,"line":48},"plugins_loaded","czra_plugin_lang",57,{"type":40,"name":50,"callback":51,"priority":52,"file":53,"line":54},"customize_controls_print_footer_scripts","czra_extend_visibilities",100,"inc\\czr\\czra-czr.php",8,{"type":40,"name":50,"callback":56,"file":53,"line":57},"czra_various_dom_ready",10,{"type":40,"name":59,"callback":60,"file":53,"line":61},"customize_controls_enqueue_scripts","czra_customize_controls_js_css",12,{"type":40,"name":63,"callback":64,"file":65,"line":66},"wp","czra_sharrre_front_actions","inc\\sharrre\\czra-sharrre.php",23,{"type":40,"name":68,"callback":69,"file":65,"line":70},"wp_enqueue_scripts","czra_addons_style_scripts",25,{"type":72,"name":73,"callback":74,"file":65,"line":75},"filter","czr_fn_single_post_option_map","czra_register_sharrre_settings",27,{"type":40,"name":77,"callback":78,"file":65,"line":79},"wp_head","czra_write_sharre_style",41,{"type":72,"name":81,"callback":82,"file":65,"line":83},"tc_single_post_section_class","czra_maybe_add_sharrre_class",44,{"type":40,"name":85,"callback":86,"file":65,"line":87},"__after_single_entry_inner","czra_maybe_print_sharrre_template",47,[],[],[],[],{"dangerousFunctions":93,"sqlUsage":94,"outputEscaping":96,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":135},[],{"prepared":13,"raw":13,"locations":95},[],{"escaped":54,"rawEcho":75,"locations":97},[98,101,102,104,105,106,107,109,110,112,113,115,116,118,119,120,121,122,123,124,125,127,128,130,131,132,134],{"file":99,"line":29,"context":100},"inc\\sharrre\\sharrre-template.php","raw output",{"file":99,"line":29,"context":100},{"file":99,"line":103,"context":100},7,{"file":99,"line":103,"context":100},{"file":99,"line":57,"context":100},{"file":99,"line":57,"context":100},{"file":99,"line":108,"context":100},13,{"file":99,"line":108,"context":100},{"file":99,"line":111,"context":100},60,{"file":99,"line":111,"context":100},{"file":99,"line":114,"context":100},79,{"file":99,"line":114,"context":100},{"file":117,"line":29,"context":100},"inc\\sharrre-template.php",{"file":117,"line":29,"context":100},{"file":117,"line":103,"context":100},{"file":117,"line":103,"context":100},{"file":117,"line":57,"context":100},{"file":117,"line":57,"context":100},{"file":117,"line":108,"context":100},{"file":117,"line":108,"context":100},{"file":117,"line":126,"context":100},16,{"file":117,"line":126,"context":100},{"file":117,"line":129,"context":100},62,{"file":117,"line":114,"context":100},{"file":117,"line":114,"context":100},{"file":117,"line":133,"context":100},98,{"file":117,"line":133,"context":100},[],[],{"summary":138,"deductions":139},"The \"customizr-addons\" v1.1.2 plugin exhibits a strong security posture in several key areas. The static analysis reveals no direct attack surface through AJAX handlers, REST API routes, shortcodes, or cron events, which is a significant positive. Furthermore, the absence of dangerous functions, file operations, external HTTP requests, and the fact that all SQL queries are prepared statements are excellent security practices. This suggests the developers have prioritized secure coding in these fundamental aspects.\n\nHowever, there are areas of concern. The low percentage (23%) of properly escaped output is a significant weakness. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as unsanitized user input could be directly rendered in the browser. The complete lack of nonce checks and capability checks, while not directly tied to a specific attack vector in this static analysis, leaves the plugin open to potential permission issues or cross-site request forgery (CSRF) if new entry points were introduced or if external interactions were added in the future. The absence of any recorded vulnerabilities in its history is positive, but it does not mitigate the identified output escaping issue.\n\nIn conclusion, while the plugin demonstrates good practices in limiting its attack surface and handling database interactions securely, the widespread lack of output escaping presents a substantial risk. This deficiency could be exploited to inject malicious scripts. The absence of nonce and capability checks, while not a direct vulnerability in this version's reported state, represents a potential future risk if the plugin's functionality expands. Addressing the output escaping issue should be the highest priority.",[140,142,145],{"reason":141,"points":54},"Insufficient output escaping",{"reason":143,"points":144},"Missing nonce checks",5,{"reason":146,"points":144},"Missing capability checks","2026-03-16T21:38:44.842Z",{"wat":149,"direct":162},{"assetPaths":150,"generatorPatterns":155,"scriptPaths":156,"versionParams":157},[151,152,153,154],"\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fczr\u002Fcss\u002Fczr-control-footer.css","\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fczr\u002Fjs\u002Fczr-control-footer.js","\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fsharrre\u002Fjs\u002Fjquery.sharrre.min.js","\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fsharrre\u002Fjs\u002Fsharrre.js",[],[152,153,154],[158,159,160,161],"\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fczr\u002Fcss\u002Fczr-control-footer.css?ver=","\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fczr\u002Fjs\u002Fczr-control-footer.js?ver=","\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fsharrre\u002Fjs\u002Fjquery.sharrre.min.js?ver=","\u002Fwp-content\u002Fplugins\u002Fcustomizr-addons\u002Fassets\u002Fsharrre\u002Fjs\u002Fsharrre.js?ver=",{"cssClasses":163,"htmlComments":165,"htmlAttributes":166,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":171},[164],"czra-czr-controls-style",[],[],[],[169,170],"CZR_addons_plugin","CZR_AD",[]]