[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGWtSw4qTGWRKMgsoXcnlsW65umjm3dAfb8eZIZ5vUB4":3,"$fNYrq1KRg3eMRDqCsfsIH71spkH2QH329uwdMg4N2uZw":124,"$fLaN_mzZpzkcRa_2SSpVDJerpt7sDMKzJkzflS9wC2RM":129},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":63},"cykelpartner-xml-products-viewer","Cykelpartner XML Products Viewer","1.0.8","cykelpartner","https:\u002F\u002Fprofiles.wordpress.org\u002Fcykelpartner\u002F","\u003Cp>Get produkt from Cykelpartner.dk via affiliate network Partner Ads.\u003C\u002Fp>\n\u003Cp>A plugin for showing affiliate products.\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Get produkt from Cykelpartner.dk via affiliate network Partner Ads. A plugin for showing affiliate products.",10,3862,0,"2014-04-23T08:38:00.000Z","3.9.40","3.3","",[],"http:\u002F\u002Fwww.cykelpartner.dk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.8.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},1,30,84,"2026-05-20T10:32:20.681Z",[],{"attackSurface":33,"codeSignals":39,"taintFlows":55,"riskAssessment":56,"analyzedAt":62},{"hooks":34,"ajaxHandlers":35,"restRoutes":36,"shortcodes":37,"cronEvents":38,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":40,"sqlUsage":41,"outputEscaping":43,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":54},[],{"prepared":13,"raw":13,"locations":42},[],{"escaped":13,"rawEcho":44,"locations":45},3,[46,50,52],{"file":47,"line":48,"context":49},"cp.php",56,"raw output",{"file":47,"line":51,"context":49},62,{"file":47,"line":53,"context":49},66,[],[],{"summary":57,"deductions":58},"The \"cykelpartner-xml-products-viewer\" v1.0.8 plugin presents a mixed security picture. On the positive side, the static analysis reveals no identified dangerous functions, no SQL queries that are not prepared, no file operations, no external HTTP requests, and no bundled libraries. The attack surface is also reported as zero for AJAX handlers, REST API routes, shortcodes, and cron events, with zero unprotected entry points. This suggests a plugin that, at first glance, adheres to several secure coding practices and has a minimal exposed attack surface.\n\nHowever, a significant concern arises from the output escaping analysis. With 3 total outputs and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any data processed by the plugin and then displayed to users without proper sanitization or escaping is a prime target for malicious script injection. The absence of any taint analysis flows with unsanitized paths is somewhat reassuring, but this could be an artifact of the analysis tools or the limited scope of the plugin's functionality.\n\nThe plugin's vulnerability history is exceptionally clean, with zero known CVEs, unpatched vulnerabilities, or recorded common vulnerability types. This is a strong indicator of consistent security over time, or potentially a lack of past scrutiny. Despite the lack of historical vulnerabilities and a seemingly small attack surface, the critical deficiency in output escaping means the plugin should not be considered entirely secure. The primary risk lies in the potential for XSS attacks due to unescaped output.",[59],{"reason":60,"points":61},"Output escaping: 0% properly escaped",15,"2026-03-16T23:38:33.013Z",{"wat":64,"direct":70},{"assetPaths":65,"generatorPatterns":67,"scriptPaths":68,"versionParams":69},[66],"\u002Fwp-content\u002Fplugins\u002Fcykelpartner-xml-products-viewer\u002Fstyle.css",[],[],[],{"cssClasses":71,"htmlComments":73,"htmlAttributes":78,"restEndpoints":119,"jsGlobals":120,"shortcodeOutput":121},[72],"wrap",[74,75,76,77,77],"\u002F*\n * @package Cykelpartner produktfremviser\n * @Author: Cykelpartner.dk - Dennis Drejer\n * @version 1.0.8\n *\u002F","\u002F*\nPlugin Name: Cykelpartner produktfremviser\nPlugin URI: http:\u002F\u002Fwww.cykelpartner.dk\u002F\nDescription: Get produkt from Cykelpartner.dk via affiliate network Partner Ads. A plugin for showing affiliate products. Go to the plugin options page to see usage.\nAuthor: Cykelpartner.dk - Dennis Drejer\nVersion: 1.0.8\nAuthor URI: http:\u002F\u002Fwww.cykelpartner.dk\u002F\n\n*\u002F","\u003C!--\nTradedoubler Affiliate ID","\u003C!--\nnetwork",[79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,87,88,89,90,91,92,93,94,95,96,97,98,99,100,87,88,89,90,91,101,91,102,91,103,91,104,91,105,91,106,91,107,91,108,91,109,93,94,95,96,97,98,99,100,110,111,112,113,114,115,116,117,118],"name=\"cp_td\"","name=\"cp_pa\"","name=\"cp_cache_timeout\"","name=\"action\"","value=\"update\"","name=\"page_options\"","value=\"cp_td,cp_pa,cp_cache_timeout\"","class=\"button-primary\"","name=\"network\"","value=\"NETVÆRK\"","name=\"query\"","value=\"SØGEORD1|SØGEORD2\"","name=\"sorting\"","value=\"FELT\"","name=\"exclude\"","value=\"UDELUK1|UDELUK2\"","name=\"template\"","value=\"FILNAVN\"","name=\"newlineafter\"","value=\"ANTAL_PRODUKTER_FØR_LINJESKIFT\"","name=\"limit\"","value=\"ANTAL_PRODUKTER\"","value=\"productsid\"","value=\"productsname\"","value=\"productsdescription\"","value=\"productsprice\"","value=\"productsurl\"","value=\"productsimageurl\"","value=\"categoryname\"","value=\"brand\"","value=\"currency\"","[PRODUCTSID]","[PRODUCTSNAME]","[PRODUCTSDESCRIPTION]","[PRODUCTSPRICE]","[PRODUCTSURL]","[PRODUCTSIMAGEURL]","[CATEGORYNAME]","[BRAND]","[CURRENCY]",[],[],[122,123,123],"[CPxml","[CPxml ",{"error":125,"url":126,"statusCode":127,"statusMessage":128,"message":128},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcykelpartner-xml-products-viewer\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":130,"versions":131},7,[132,139,146,153,160,167,174],{"version":133,"download_url":20,"svn_tag_url":134,"released_at":22,"has_diff":135,"diff_files_changed":136,"diff_lines":22,"trac_diff_url":137,"vulnerabilities":138,"is_current":135},"0.8","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.8\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.7&new_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.8",[],{"version":140,"download_url":141,"svn_tag_url":142,"released_at":22,"has_diff":135,"diff_files_changed":143,"diff_lines":22,"trac_diff_url":144,"vulnerabilities":145,"is_current":135},"0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.6&new_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.7",[],{"version":147,"download_url":148,"svn_tag_url":149,"released_at":22,"has_diff":135,"diff_files_changed":150,"diff_lines":22,"trac_diff_url":151,"vulnerabilities":152,"is_current":135},"0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.5&new_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.6",[],{"version":154,"download_url":155,"svn_tag_url":156,"released_at":22,"has_diff":135,"diff_files_changed":157,"diff_lines":22,"trac_diff_url":158,"vulnerabilities":159,"is_current":135},"0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.4&new_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.5",[],{"version":161,"download_url":162,"svn_tag_url":163,"released_at":22,"has_diff":135,"diff_files_changed":164,"diff_lines":22,"trac_diff_url":165,"vulnerabilities":166,"is_current":135},"0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.3&new_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.4",[],{"version":168,"download_url":169,"svn_tag_url":170,"released_at":22,"has_diff":135,"diff_files_changed":171,"diff_lines":22,"trac_diff_url":172,"vulnerabilities":173,"is_current":135},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.2&new_path=%2Fcykelpartner-xml-products-viewer%2Ftags%2F0.3",[],{"version":175,"download_url":176,"svn_tag_url":177,"released_at":22,"has_diff":135,"diff_files_changed":178,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":179,"is_current":135},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcykelpartner-xml-products-viewer.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcykelpartner-xml-products-viewer\u002Ftags\u002F0.2\u002F",[],[]]