[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feU853xsoHjlzDeN5ymJBGtbTCFAAnM1ltL03kxpoCfc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":105},"delete-bad-behavior-log","Delete Bad Behavior Log","0.5","parasmani","https:\u002F\u002Fprofiles.wordpress.org\u002Fparasmani\u002F","\u003Cp>This plugin deletes log entries created by Bad Behavior plugin. Bad Behavior plugin does not have option for deleting log entries.\u003C\u002Fp>\n","Delete Log entries of Bad Behavior plugin",70,4472,100,1,"2012-09-20T07:15:00.000Z","3.4.2","3.0","",[20,21],"empty-bad-behavior-log","empty-log","http:\u002F\u002Fwww.blogdemy.com\u002Fwordpress-plugins\u002Fdelete-bad-behavior-log-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-bad-behavior-log.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},4,140,89,30,86,"2026-04-04T15:57:49.638Z",[],{"attackSurface":38,"codeSignals":50,"taintFlows":63,"riskAssessment":90,"analyzedAt":104},{"hooks":39,"ajaxHandlers":46,"restRoutes":47,"shortcodes":48,"cronEvents":49,"entryPointCount":25,"unprotectedCount":25},[40],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","bd_delete_bad_behavior_menu","delete-bad-behavior-log.php",11,[],[],[],[],{"dangerousFunctions":51,"sqlUsage":52,"outputEscaping":54,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":62},[],{"prepared":25,"raw":25,"locations":53},[],{"escaped":25,"rawEcho":55,"locations":56},2,[57,60],{"file":44,"line":58,"context":59},53,"raw output",{"file":44,"line":61,"context":59},77,[],[64,81],{"entryPoint":65,"graph":66,"unsanitizedCount":14,"severity":80},"bd_create_form_btn (delete-bad-behavior-log.php:75)",{"nodes":67,"edges":77},[68,72],{"id":69,"type":70,"label":71,"file":44,"line":61},"n0","source","$_SERVER['REQUEST_URI']",{"id":73,"type":74,"label":75,"file":44,"line":61,"wp_function":76},"n1","sink","echo() [XSS]","echo",[78],{"from":69,"to":73,"sanitized":79},false,"medium",{"entryPoint":82,"graph":83,"unsanitizedCount":14,"severity":89},"\u003Cdelete-bad-behavior-log> (delete-bad-behavior-log.php:0)",{"nodes":84,"edges":87},[85,86],{"id":69,"type":70,"label":71,"file":44,"line":61},{"id":73,"type":74,"label":75,"file":44,"line":61,"wp_function":76},[88],{"from":69,"to":73,"sanitized":79},"low",{"summary":91,"deductions":92},"The \"delete-bad-behavior-log\" plugin version 0.5 presents a mixed security posture. On one hand, the plugin boasts a clean vulnerability history with no known CVEs and avoids common security pitfalls like raw SQL queries, file operations, and external HTTP requests. The absence of a large attack surface, including no AJAX handlers, REST API routes, shortcodes, or cron events, is also a positive indicator of a reduced attack vector. This suggests a generally cautious approach to development and a focus on a specific, limited functionality.\n\nHowever, the static analysis reveals significant concerns regarding output escaping. With 100% of its detected outputs not being properly escaped, the plugin is highly vulnerable to Cross-Site Scripting (XSS) attacks. Even though the taint analysis shows no critical or high severity flows with unsanitized paths, the presence of two such flows, combined with the complete lack of output escaping, strongly implies a high likelihood of XSS vulnerabilities. The absence of capability checks and nonce checks further exacerbates these risks, as any user could potentially trigger these unescaped outputs. Therefore, while the plugin has a clean history and a small attack surface, the severe lack of output sanitization poses a critical security risk that requires immediate attention.",[93,96,99,102],{"reason":94,"points":95},"Outputs not properly escaped",8,{"reason":97,"points":98},"Taint analysis shows unsanitized paths",7,{"reason":100,"points":101},"No nonce checks",5,{"reason":103,"points":101},"No capability checks","2026-03-16T21:35:31.795Z",{"wat":106,"direct":112},{"assetPaths":107,"generatorPatterns":109,"scriptPaths":110,"versionParams":111},[108],"\u002Fwp-content\u002Fplugins\u002Fdelete-bad-behavior-log\u002Fdelete-bad-behavior-log.php",[],[],[],{"cssClasses":113,"htmlComments":114,"htmlAttributes":116,"restEndpoints":117,"jsGlobals":118,"shortcodeOutput":119},[],[115],"\u003C!--\t\u003Cp> If you find this plugin useful, you can help by doing following.\n\t\u003Cul>\n\t\t\u003Cli>Rate it on wordpress plugin directory\u003C\u002Fli>\n\t\t\u003Cli>Share it on social media\u003C\u002Fli>\n\t\u003C\u002Ful>\t-->",[],[],[],[]]