[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3Z25vzUuj8VJ12AcSgegXuKJYOpQfW7aDbsJZoxbdXw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":29,"analysis":30,"fingerprints":103},"dbviewer","dbViewer","1.0.0","shaykisten","https:\u002F\u002Fprofiles.wordpress.org\u002Fshaykisten\u002F","\u003Cp>View your WordPress database tables and data from your WordPress admin dashboard.\u003Cbr \u002F>\nIt is great if you are developing your own plugin and need to see if your tables have been created or if data has been changed in your created table.\u003Cbr \u002F>\nIt can also be used by your normal day to day users to view information like comments, posts and users within their respective database tables.\u003Cbr \u002F>\nYou will also be able to view the tables that are created when you install plugins and how these plugins are storing data.\u003C\u002Fp>\n","View your WordPress database tables and data from your WordPress admin dashboard.",0,816,"","5.9.13","5.8.3","7.4",[],"https:\u002F\u002Fshaykisten.com\u002Fproducts-dbviewer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdbviewer.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},1,30,94,"2026-04-04T11:19:40.858Z",[],{"attackSurface":31,"codeSignals":55,"taintFlows":70,"riskAssessment":91,"analyzedAt":102},{"hooks":32,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":54,"entryPointCount":11,"unprotectedCount":11},[33,39,42,47],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","admin_menu","add_dbViewer_menu_page","dbViewer.php",44,{"type":34,"name":35,"callback":40,"file":37,"line":41},"add_dbViewer_about_page",60,{"type":43,"name":44,"callback":45,"file":37,"line":46},"filter","table_list","dbViewer_get_tables",80,{"type":43,"name":48,"callback":49,"file":37,"line":50},"table_value","dbViewer_get_table",114,[],[],[],[],{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":66,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":69},[],{"prepared":11,"raw":58,"locations":59},3,[60,63,64],{"file":37,"line":61,"context":62},74,"$wpdb->get_results() with variable interpolation",{"file":37,"line":27,"context":62},{"file":37,"line":65,"context":62},95,{"escaped":67,"rawEcho":11,"locations":68},10,[],[],[71],{"entryPoint":72,"graph":73,"unsanitizedCount":11,"severity":90},"\u003CdbViewer_menu_display> (views\\dbViewer_menu_display.php:0)",{"nodes":74,"edges":87},[75,81],{"id":76,"type":77,"label":78,"file":79,"line":80},"n0","source","$_POST","views\\dbViewer_menu_display.php",53,{"id":82,"type":83,"label":84,"file":79,"line":85,"wp_function":86},"n1","sink","echo() [XSS]",57,"echo",[88],{"from":76,"to":82,"sanitized":89},true,"low",{"summary":92,"deductions":93},"Based on the static analysis, the \"dbviewer\" plugin v1.0.0 exhibits a strong security posture in several key areas. The plugin has a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and all entry points are protected by authentication. Crucially, all identified output operations are properly escaped, and there are no file operations or external HTTP requests, which significantly reduces the risk of common web vulnerabilities like XSS and information disclosure.\n\nThe primary area of concern lies in the handling of SQL queries. The analysis shows 3 SQL queries, none of which are using prepared statements. This presents a significant risk of SQL injection vulnerabilities. The lack of nonce checks and capability checks, while not directly exploitable due to the absence of unprotected entry points, are generally considered good security practices that are missing here. The vulnerability history shows no past CVEs, which is positive, but it is important to note that this does not guarantee future security and the current SQL query implementation remains a significant risk.\n\nIn conclusion, while \"dbviewer\" v1.0.0 demonstrates good practices in limiting its attack surface and ensuring output sanitization, the absence of prepared statements for all its SQL queries is a critical weakness that needs immediate attention. The lack of other security checks like nonces and capabilities, while less critical in this specific instance due to the protected attack surface, are still areas for improvement to ensure robust security.",[94,97,100],{"reason":95,"points":96},"SQL queries not using prepared statements",15,{"reason":98,"points":99},"No nonce checks implemented",5,{"reason":101,"points":99},"No capability checks implemented","2026-03-17T05:48:40.075Z",{"wat":104,"direct":110},{"assetPaths":105,"generatorPatterns":107,"scriptPaths":108,"versionParams":109},[106],"\u002Fwp-content\u002Fplugins\u002Fdbviewer\u002FdbViewer.php",[],[],[],{"cssClasses":111,"htmlComments":112,"htmlAttributes":114,"restEndpoints":115,"jsGlobals":116,"shortcodeOutput":117},[],[113],"\u003C!-- dbViewer v1.0.0 -->",[],[],[],[]]