[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdemnXVTuvEqS9aYBy9ZkyOkAftxR_CqOVi1xfWDsNIg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":80},"dash-notifier","Dash Notifier","1.2","LiteSpeed Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Flitespeedtech\u002F","\u003Cp>This plugin can be used by developers and system administrators to add a notification banner to their clients’ WordPress Dashboard. It’s useful for broadcasting important messages as well as suggesting plugins that clients’ might find useful, and is handled through an API.\u003C\u002Fp>\n\u003Cp>To add a new banner, predefine a PHP constant called \u003Ccode>DASH_NOTIFIER_MSG\u003C\u002Fcode> before the \u003Ccode>setup_theme\u003C\u002Fcode> hook, like so:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'DASH_NOTIFIER_MSG', json_encode( array( 'msg' => 'Your message to display in banner', 'plugin' => 'your_plugin_slug', 'plugin_name' => 'Your Plugin Name' ) ) ) ;\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can define ‘DASH_NOTIFIER_MSG’ in your own plugin or in \u003Ccode>functions.php\u003C\u002Fcode>, as long as it is before \u003Ccode>setup_theme\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>The \u003Ccode>plugin\u003C\u002Fcode> parameter is optional. If set, an install button will be included with the message, allowing the client to install the plugin in one click.\u003C\u002Fp>\n\u003Cp>The \u003Ccode>plugin_name\u003C\u002Fcode> parameter is also optional. If \u003Ccode>plugin\u003C\u002Fcode> is provided but \u003Ccode>plugin_name\u003C\u002Fcode> is not, the name will default to the official name found in the WordPress Plugin Directory.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Example\u003C\u002Fstrong>: If the plugin you’d like to recommend is \u003Ccode>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhello-dolly\u002F\u003C\u002Fcode>, replace \u003Ccode>your_plugin_slug\u003C\u002Fcode> with \u003Ccode>hello-dolly\u003C\u002Fcode> and \u003Ccode>Your Plugin Name\u003C\u002Fcode> with \u003Ccode>Hello Dolly\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE\u003C\u002Fstrong>: Your clients must have this plugin installed in order for the notification banner to be displayed.\u003C\u002Fp>\n","Developers and Sysadmins, use this plugin to add a notification to clients' WordPress Dashboards via API.",20000,43809,0,"2021-03-26T20:42:00.000Z","5.7.15","4.0","",[19,20],"dashboard-notify","plugin-installer","https:\u002F\u002Fgithub.com\u002Flitespeedtech\u002Fwp-dashboard-notifier","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdash-notifier.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"litespeedtech",2,7020000,84,210,68,"2026-04-03T18:44:38.695Z",[],{"attackSurface":37,"codeSignals":61,"taintFlows":72,"riskAssessment":73,"analyzedAt":79},{"hooks":38,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":13,"unprotectedCount":13},[39,45,49,53],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","setup_theme","dash_notifier_save_msg","dash-notifier.php",38,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_print_styles","dash_notifier_new_msg",44,{"type":40,"name":50,"callback":51,"file":43,"line":52},"admin_init","dash_notifier_admin_init",47,{"type":40,"name":54,"callback":55,"file":43,"line":56},"admin_notices","dash_notifier_show_msg",315,[],[],[],[],{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":66,"externalRequests":13,"nonceChecks":66,"capabilityChecks":66,"bundledLibraries":71},[],{"prepared":13,"raw":13,"locations":64},[],{"escaped":13,"rawEcho":66,"locations":67},1,[68],{"file":43,"line":69,"context":70},349,"raw output",[],[],{"summary":74,"deductions":75},"The \"dash-notifier\" v1.2 plugin exhibits a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits the plugin's attack surface.  Furthermore, the code signals indicate a good adherence to secure coding practices, with no dangerous functions, all SQL queries using prepared statements, and the presence of nonce and capability checks.\n\nHowever, a critical concern arises from the output escaping. With 1 total output and 0% properly escaped, this presents a significant risk. Any data displayed to users that originates from potentially untrusted sources could be vulnerable to Cross-Site Scripting (XSS) attacks.  The single file operation also warrants attention, although without further context, its inherent risk is unclear.\n\nThe plugin's vulnerability history is clean, with zero known CVEs. This, combined with the limited attack surface and good coding practices, suggests the plugin has historically been developed with security in mind.  Despite the clean history, the unescaped output remains a glaring weakness that needs immediate remediation to ensure a robust security profile.",[76],{"reason":77,"points":78},"Output escaping is not properly implemented",8,"2026-03-16T17:32:27.027Z",{"wat":81,"direct":90},{"assetPaths":82,"generatorPatterns":85,"scriptPaths":86,"versionParams":87},[83,84],"\u002Fwp-content\u002Fplugins\u002Fdash-notifier\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fdash-notifier\u002Fjs\u002Fscript.js",[],[84],[88,89],"dash-notifier\u002Fcss\u002Fstyle.css?ver=","dash-notifier\u002Fjs\u002Fscript.js?ver=",{"cssClasses":91,"htmlComments":95,"htmlAttributes":97,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":103},[92,93,94],"dash-notifier-notice","dash-notifier-message","dash-notifier-action",[96],"\u003C!-- dash-notifier message -->",[98,99],"data-dash-notifier-action","data-dash-notifier-nonce",[],[102],"window.dashNotifier",[]]