[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUUOVkm9KYEunNisPAlBNZ3qTXcf51LGsO-o_i1FhLXQ":3,"$f_f_-pqlilKkF0v-b0wV-3L2KtNnTdzSvLzGkMFtiZYw":105,"$fcMr6RAi2yCArlIE7VVHwqdWnI_fzwo4EJUSIpx8UPrY":110},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":39,"fingerprints":85},"delay-rss-feeds","Delay RSS Feeds","1.3","Atul Bansal","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechofweb\u002F","\u003Cp>When you add delay between your live website and your RSS feed, you get a little time window to catch any accidental error on a live website and fix it.\u003C\u002Fp>\n\u003Cp>The error could be any grammatical mistake in your article.\u003C\u002Fp>\n\u003Cp>RSS feeds are also used by Content Thieves and Content scraping websites. They use it to monitor your website and copy your content and paste it on thier websites or blogs.\u003C\u002Fp>\n\u003Cp>Sometimes these content scraping websites beat you in Google search results.\u003C\u002Fp>\n\u003Cp>Why to take a chance in search results?\u003C\u002Fp>\n\u003Cp>Install Delay RSS Feeds WordPress Plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>You can check your feed status by going to yourserver.com\u002Ffeed\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can choose any time unit out of and set its corresponding value:\u003Cbr \u002F>\nSECONDS\u003Cbr \u002F>\nMINUTES\u003Cbr \u002F>\nHOURS\u003C\u002Fp>\n","Beat Content Thieves and Content Scrapping Websites by delaying posts in your RSS feed.",10,1433,0,"2021-01-07T11:14:00.000Z","5.6.17","5.0","5.2",[19,20,21,22,23],"delay-rss","delay-rss-feed","pause-feed","pause-rss","wordpress-rss-feed","https:\u002F\u002Fbloggerpng.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelay-rss-feeds.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"techofweb",3,620,30,84,"2026-05-20T02:06:15.417Z",[],{"attackSurface":40,"codeSignals":61,"taintFlows":77,"riskAssessment":78,"analyzedAt":84},{"hooks":41,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":13,"unprotectedCount":13},[42,48,52],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_menu","delay_rss_feeds_add_admin_menu","delay-rss-feeds.php",15,{"type":43,"name":49,"callback":50,"file":46,"line":51},"admin_init","delay_rss_feeds_settings_init",44,{"type":53,"name":54,"callback":55,"file":46,"line":56},"filter","posts_where","drf_publish_later_on_feed",118,[],[],[],[],{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":76},[],{"prepared":13,"raw":13,"locations":64},[],{"escaped":13,"rawEcho":66,"locations":67},4,[68,71,73,74],{"file":46,"line":69,"context":70},64,"raw output",{"file":46,"line":72,"context":70},86,{"file":46,"line":72,"context":70},{"file":46,"line":75,"context":70},98,[],[],{"summary":79,"deductions":80},"The plugin \"delay-rss-feeds\" v1.3 exhibits a generally strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication, and no cron events were found. Furthermore, the absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and the lack of file operations or external HTTP requests are all positive indicators.  However, a significant concern emerges from the output escaping analysis, where 100% of the outputs are not properly escaped. This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or dynamic content could be injected and executed within the browser. The vulnerability history being clear of CVEs is a positive sign, suggesting a history of security attention or a lack of past exploitation, but it does not negate the risks identified in the current code.\n\nIn conclusion, while the plugin has a clean slate regarding known vulnerabilities and implements good practices like prepared statements, the pervasive lack of output escaping presents a critical security weakness. This oversight could lead to serious XSS vulnerabilities that could compromise user sessions or inject malicious scripts. The plugin is otherwise well-contained in terms of its attack surface and external interactions, but the unescaped output is a glaring and exploitable flaw that significantly elevates its risk profile.",[81],{"reason":82,"points":83},"100% of outputs are not properly escaped",8,"2026-03-16T23:09:05.333Z",{"wat":86,"direct":91},{"assetPaths":87,"generatorPatterns":88,"scriptPaths":89,"versionParams":90},[],[],[],[],{"cssClasses":92,"htmlComments":93,"htmlAttributes":94,"restEndpoints":102,"jsGlobals":103,"shortcodeOutput":104},[],[],[95,96,97,98,99,100,101],"name='delay_rss_feeds_settings[delay_rss_feeds_enable]'","name='delay_rss_feeds_settings[delay_rss_feeds_time_unit]'","name='delay_rss_feeds_settings[delay_rss_feeds_time_wait]'","value='1'","value='SECOND'","value='MINUTE'","value='HOUR'",[],[],[],{"error":106,"url":107,"statusCode":108,"statusMessage":109,"message":109},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdelay-rss-feeds\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":111},[]]