[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnCe05J8PhrV2lTd1RPgln_Q0gAx2L0yE4kFGjjWQkNU":3,"$fIbB3vwdU73H9Mb-LyYn6BFUHFPwIiUnQwfBoi9N3ljc":162,"$fQc3xjowoXKUM9OH8Bc6kQ6RioTDuY4BBlD-mH9zr2Bk":167},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":16,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":35,"analysis":51,"fingerprints":123},"dat-pass","Dat Pass","1.1.6","Fox Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fnhomcaodem\u002F","\u003Cp>Content is locked.\u003Cbr \u002F>\nUse shortcodes in your posts:\u003Cbr \u002F>\n[datpass pass=”Your Password”] Content is locked [\u002Fdatpass]\u003C\u002Fp>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘Dat Pass’\u003C\u002Fli>\n\u003Cli>Activate Dat Pass from your Plugins page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>Dat-pass\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the Dat Pass plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n","Content is locked.",60,1873,0,"2021-08-22T05:15:00.000Z","5.8.13","","5.8",[19,20,4,21],"add-password-content","content-is-locked","ihoan","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdat-pass.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"nhomcaodem",6,170,30,84,"2026-05-20T13:19:46.859Z",[36],{"slug":37,"name":38,"version":39,"author":7,"author_profile":8,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":45,"requires_at_least":16,"requires_php":46,"tags":47,"homepage":16,"download_link":50,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"slide-img","Slide IMG","1.1","\u003Cp>Create photo slideshows for the website.\u003C\u002Fp>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘Slide IMG’\u003C\u002Fli>\n\u003Cli>Activate Slide IMG from your Plugins page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>Slide-IMG\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the Slide IMG plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n","Create photo slideshows for the website.",10,885,"2021-01-02T13:29:00.000Z","5.6.17","5.6.3",[48,21,37,49],"caodem","slideshow","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslide-img.zip",{"attackSurface":52,"codeSignals":83,"taintFlows":111,"riskAssessment":112,"analyzedAt":122},{"hooks":53,"ajaxHandlers":73,"restRoutes":74,"shortcodes":75,"cronEvents":81,"entryPointCount":82,"unprotectedCount":13},[54,60,64,69],{"type":55,"name":56,"callback":57,"file":58,"line":59},"action","wp_enqueue_scripts","Dat_pass_addjscss_head","dat-pass.php",18,{"type":55,"name":61,"callback":62,"file":58,"line":63},"plugins_loaded","Dat_pass_load_textdomain",28,{"type":55,"name":65,"callback":66,"file":67,"line":68},"admin_menu","datpass_add_options_link","inc\\datpass-admin.php",38,{"type":55,"name":70,"callback":71,"file":67,"line":72},"admin_init","datpass_register_settings",43,[],[],[76],{"tag":77,"callback":78,"file":79,"line":80},"datpass","Dat_pass_shortcode","inc\\datpass-content.php",41,[],1,{"dangerousFunctions":84,"sqlUsage":85,"outputEscaping":87,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":110},[],{"prepared":13,"raw":13,"locations":86},[],{"escaped":13,"rawEcho":88,"locations":89},12,[90,93,95,96,97,99,100,102,103,104,106,108],{"file":67,"line":91,"context":92},7,"raw output",{"file":67,"line":94,"context":92},17,{"file":67,"line":94,"context":92},{"file":67,"line":94,"context":92},{"file":67,"line":98,"context":92},32,{"file":79,"line":88,"context":92},{"file":79,"line":101,"context":92},13,{"file":79,"line":59,"context":92},{"file":79,"line":59,"context":92},{"file":79,"line":105,"context":92},20,{"file":79,"line":107,"context":92},21,{"file":79,"line":109,"context":92},24,[],[],{"summary":113,"deductions":114},"The dat-pass plugin v1.1.6 presents a mixed security posture. On the positive side, the plugin exhibits good practices by avoiding dangerous functions, making all SQL queries using prepared statements, and having no recorded vulnerabilities (CVEs). The static analysis also shows no file operations, external HTTP requests, or bundled libraries, which limits potential attack vectors. However, a significant concern arises from the complete lack of output escaping, meaning that any data processed or displayed by the plugin could potentially be rendered as raw HTML or scripts, leading to cross-site scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks and capability checks, especially given there's one shortcode entry point, is a notable weakness. While the static analysis reports no critical taint flows, the lack of proper output sanitization creates an environment where such flows could easily be exploited if any user-supplied data is involved in outputting content.\n\nIn conclusion, while the plugin's avoidance of known malicious code patterns and its clean vulnerability history are commendable, the glaring omission of output escaping and insufficient authorization checks on its entry points represent substantial security risks. The plugin is highly susceptible to XSS attacks if user-controlled data is ever involved in its output. Addressing the output escaping issue should be the immediate priority, followed by implementing capability checks for the shortcode to ensure proper authorization.",[115,118,120],{"reason":116,"points":117},"No output escaping",16,{"reason":119,"points":91},"No nonce checks",{"reason":121,"points":91},"No capability checks","2026-03-16T21:37:17.393Z",{"wat":124,"direct":131},{"assetPaths":125,"generatorPatterns":127,"scriptPaths":128,"versionParams":129},[126],"\u002Fwp-content\u002Fplugins\u002Fdat-pass\u002Fcss\u002Fdatpass-style.css",[],[],[130],"datpass-css?ver=1.1",{"cssClasses":132,"htmlComments":142,"htmlAttributes":143,"restEndpoints":149,"jsGlobals":150,"shortcodeOutput":151},[133,134,135,136,137,138,139,140,141],"datbox","dathinh","datform","dattitle","datghic","datinput","datnhap","datnut","datloi",[],[144,145,146,147,148],"id=\"datnhap\"","name=\"dat_input\"","id=\"datnut\"","name=\"dat_submit","placeholder=\"PASSWORD\"",[],[],[152,153,154,155,156,157,158,159,160,161],"\u003Cdiv class=\"datbox","\u003Cdiv class=\"dathinh\">\u003Cimg src=\"","\u003Cdiv class=\"datform\">","\u003Cdiv class=\"dattitle\">Content is locked","\u003Cdiv class=\"datghic\">You need to enter a password to unlock this content","\u003Cform action=\"#datpass","\u003Cinput id=\"datnhap\" class=\"datnhap","\u003Cinput id=\"datnut\" class=\"datnut\" type=\"submit\"","\u003Cstyle>\n\tinput.datnhap{background-image: url(","\u003Cdiv class=\"datloi\">",{"error":163,"url":164,"statusCode":165,"statusMessage":166,"message":166},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdat-pass\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":168},[]]