[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7rI1Siak33iG3E4BzORIVL9B8A3c2OEYJIoXbB60Kqc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":73},"debug-console-php","Debug Console for PHP","3.5","Brad Kent","https:\u002F\u002Fprofiles.wordpress.org\u002Fbkdotcom\u002F","\u003Cp>Adds debug \u002F logging output that by default shows query, cache, and other helpful debugging information.\u003C\u002Fp>\n\u003Cp>WebSite:   https:\u002F\u002Fbradkent.com\u002Fphp\u002Fdebug\u003C\u002Fp>\n\u003Cp>Adds helpful logging methods and utilties\u003C\u002Fp>\n\u003Cp>Logging methods:\u003Cbr \u002F>\n – log\u003Cbr \u002F>\n – info\u003Cbr \u002F>\n – warn\u003Cbr \u002F>\n – error\u003Cbr \u002F>\n – group\u003Cbr \u002F>\n – groupCollapsed\u003Cbr \u002F>\n – assert\u003Cbr \u002F>\n – count\u003Cbr \u002F>\n – table\u003Cbr \u002F>\n – trace\u003Cbr \u002F>\n – time\u003C\u002Fp>\n\u003Cp>inspect values (objects, methods, properties, constants, etc)\u003C\u002Fp>\n\u003Cp>Send error notifications to email \u002F discord \u002F slack \u002F teams\u003C\u002Fp>\n\u003Cp>Other output options\u003Cbr \u002F>\n – log file,\u003Cbr \u002F>\n – javascript (browser console),\u003Cbr \u002F>\n – ServerLog (browser extension),\u003Cbr \u002F>\n – ChromeLogger (browser extension)\u003Cbr \u002F>\n – FirePHP (browser extension)\u003C\u002Fp>\n","Log, Debug, Inspect (\"Debug Bar\" on steroids)",0,210,"2025-08-20T04:02:00.000Z","6.8.5","","7.0",[18],"debug-logging-developer","https:\u002F\u002Fbradkent.com\u002Fphp\u002Fdebug","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-console-php.3.5.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"bkdotcom",1,30,94,"2026-04-05T19:22:21.239Z",[],{"attackSurface":33,"codeSignals":39,"taintFlows":62,"riskAssessment":63,"analyzedAt":72},{"hooks":34,"ajaxHandlers":35,"restRoutes":36,"shortcodes":37,"cronEvents":38,"entryPointCount":11,"unprotectedCount":11},[],[],[],[],[],{"dangerousFunctions":40,"sqlUsage":41,"outputEscaping":43,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":58},[],{"prepared":11,"raw":11,"locations":42},[],{"escaped":11,"rawEcho":44,"locations":45},5,[46,50,52,54,56],{"file":47,"line":48,"context":49},"src\\Settings.php",160,"raw output",{"file":47,"line":51,"context":49},161,{"file":47,"line":53,"context":49},167,{"file":47,"line":55,"context":49},171,{"file":47,"line":57,"context":49},211,[59],{"name":60,"version":22,"knownCves":61},"Guzzle",[],[],{"summary":64,"deductions":65},"The \"debug-console-php\" plugin v3.5 exhibits a generally strong security posture based on the provided static analysis.  The absence of any identifiable attack surface (AJAX handlers, REST API routes, shortcodes, cron events) significantly reduces the potential entry points for attackers.  Furthermore, the plugin demonstrates good practice by using prepared statements for all SQL queries, eliminating the risk of SQL injection vulnerabilities through this vector.  The clean taint analysis, with zero flows indicating unsanitized paths, also suggests a lack of immediate, exploitable code vulnerabilities in this area.\n\nHowever, a critical concern arises from the output escaping. With 5 total outputs and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from the plugin, if not sanitized, could be manipulated by attackers to inject malicious scripts.  While the vulnerability history is clean, this does not negate the risks identified in the code analysis. The presence of the Guzzle library as a bundled dependency, without information on its version or any potential known vulnerabilities, introduces a potential indirect risk if the library itself is outdated or has security flaws.\n\nIn conclusion, while the plugin has laudable strengths in its limited attack surface and secure database interactions, the widespread lack of output escaping represents a significant and immediate security risk. The absence of historical vulnerabilities is positive but should not overshadow the clear evidence of potential XSS flaws in the current version. Addressing the output escaping is paramount to improving the plugin's security.",[66,69],{"reason":67,"points":68},"Unescaped output found",8,{"reason":70,"points":71},"Bundled library Guzzle without version info",3,"2026-03-17T06:55:31.785Z",{"wat":74,"direct":79},{"assetPaths":75,"generatorPatterns":76,"scriptPaths":77,"versionParams":78},[],[],[],[],{"cssClasses":80,"htmlComments":81,"htmlAttributes":82,"restEndpoints":83,"jsGlobals":84,"shortcodeOutput":85},[],[],[],[],[],[]]