[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLMJ4Mcc5cqZgM5HDmqOepC8TTL6pPrtjO5tqxveuv_A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":54,"fingerprints":170},"domains-switcher","Domains Switcher","1.4","SimonaIlie","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimonailie\u002F","\u003Cp>Simple plugin which helps one update database fields for domain information. You can read more here: http:\u002F\u002Felfdreamer.blogspot.com\u002F2011\u002F02\u002Fwordpress-plugin-domains-update.html\u003C\u002Fp>\n","Edit database to change wordpress site's domains",20,2332,0,"2011-10-03T14:37:00.000Z","3.2.1","",[18,19],"change-domains","edit-wordpress-database","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdomains-switcher.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"simonailie",4,60,30,84,"2026-04-04T15:23:30.796Z",[33],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":13,"downloaded":41,"rating":13,"num_ratings":13,"last_updated":42,"tested_up_to":43,"requires_at_least":44,"requires_php":45,"tags":46,"homepage":51,"download_link":52,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"domain-swapper","Domain-swapper","1.2.0","Myridia Company","https:\u002F\u002Fprofiles.wordpress.org\u002Fveto\u002F","\u003Cp>With Domain Swapper, you can access a single WordPress site using multiple domains, such as domain1.foo.com, domain2.foo.com, domain3.foo.com, etc.\u003Cbr \u002F>\nhttps:\u002F\u002Fdomain-swapper.myridia.com\u003C\u002Fp>\n\u003Ch3>Whom it will help?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This for developers sharing to help them share local site on a domain.\u003C\u002Fli>\n\u003Cli>You can use for multi language.\u003C\u002Fli>\n\u003Cli>Hook different content to each domain\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup\u003C\u002Fh3>\n","Domain Swapper is a plugin which lets to access one  WordPress site with different domains.",623,"2025-12-12T06:01:00.000Z","6.9.4","6.7","8.2.0",[18,47,48,49,50],"dynamic-host","host-switcher","multihost","multiplehosts","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdomain-swapper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdomain-swapper.zip",100,{"attackSurface":55,"codeSignals":76,"taintFlows":122,"riskAssessment":163,"analyzedAt":169},{"hooks":56,"ajaxHandlers":63,"restRoutes":72,"shortcodes":73,"cronEvents":74,"entryPointCount":75,"unprotectedCount":13},[57],{"type":58,"name":59,"callback":60,"file":61,"line":62},"action","admin_menu","set_menu","main.php",22,[64,69],{"action":65,"nopriv":66,"callback":65,"hasNonce":67,"hasCapCheck":66,"file":61,"line":68},"get_tables_name",false,true,251,{"action":70,"nopriv":66,"callback":70,"hasNonce":67,"hasCapCheck":66,"file":61,"line":71},"get_columns_name",279,[],[],[],2,{"dangerousFunctions":77,"sqlUsage":78,"outputEscaping":81,"fileOperations":13,"externalRequests":13,"nonceChecks":75,"capabilityChecks":13,"bundledLibraries":121},[],{"prepared":79,"raw":13,"locations":80},5,[],{"escaped":13,"rawEcho":82,"locations":83},21,[84,87,89,90,92,94,96,98,100,102,104,106,108,109,110,111,113,115,117,118,119],{"file":61,"line":85,"context":86},63,"raw output",{"file":61,"line":88,"context":86},114,{"file":61,"line":88,"context":86},{"file":61,"line":91,"context":86},115,{"file":61,"line":93,"context":86},118,{"file":61,"line":95,"context":86},122,{"file":61,"line":97,"context":86},169,{"file":61,"line":99,"context":86},170,{"file":61,"line":101,"context":86},188,{"file":61,"line":103,"context":86},189,{"file":61,"line":105,"context":86},246,{"file":61,"line":107,"context":86},266,{"file":61,"line":107,"context":86},{"file":61,"line":107,"context":86},{"file":61,"line":107,"context":86},{"file":61,"line":112,"context":86},267,{"file":61,"line":114,"context":86},288,{"file":61,"line":116,"context":86},292,{"file":61,"line":116,"context":86},{"file":61,"line":116,"context":86},{"file":61,"line":120,"context":86},293,[],[123,149],{"entryPoint":124,"graph":125,"unsanitizedCount":13,"severity":148},"get_columns_name (main.php:280)",{"nodes":126,"edges":145},[127,132,138,141],{"id":128,"type":129,"label":130,"file":61,"line":131},"n0","source","$_POST",284,{"id":133,"type":134,"label":135,"file":61,"line":136,"wp_function":137},"n1","sink","get_results() [SQLi]",285,"get_results",{"id":139,"type":129,"label":140,"file":61,"line":114},"n2","$_POST['table'] (x3)",{"id":142,"type":134,"label":143,"file":61,"line":114,"wp_function":144},"n3","echo() [XSS]","echo",[146,147],{"from":128,"to":133,"sanitized":67},{"from":139,"to":142,"sanitized":67},"low",{"entryPoint":150,"graph":151,"unsanitizedCount":13,"severity":148},"\u003Cmain> (main.php:0)",{"nodes":152,"edges":160},[153,156,158,159],{"id":128,"type":129,"label":154,"file":61,"line":155},"$_POST (x2)",41,{"id":133,"type":134,"label":135,"file":61,"line":157,"wp_function":137},257,{"id":139,"type":129,"label":140,"file":61,"line":114},{"id":142,"type":134,"label":143,"file":61,"line":114,"wp_function":144},[161,162],{"from":128,"to":133,"sanitized":67},{"from":139,"to":142,"sanitized":67},{"summary":164,"deductions":165},"The \"domains-switcher\" v1.4 plugin exhibits a generally good security posture, primarily due to its avoidance of dangerous functions, proper use of prepared statements for SQL queries, and the absence of known vulnerabilities. The plugin also correctly implements nonce checks for its AJAX entry points, which is a crucial security measure.  Furthermore, there are no identified taint flows indicating unsanitized paths or external HTTP requests, which reduces the risk of certain types of attacks.\n\nHowever, a significant concern arises from the complete lack of output escaping. This means that any data displayed back to the user, especially if it originates from user input or external sources, is not being properly sanitized. This opens the door to potential Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in users' browsers. Additionally, while capability checks are present for the AJAX handlers, their absence on other potential entry points (though none are identified in the static analysis beyond AJAX) could be a future risk if new entry points are added without proper authorization. The vulnerability history being clean is a positive sign, suggesting the developers have a good track record or are proactive with security, but it doesn't negate the risks identified in the current code.\n\nIn conclusion, \"domains-switcher\" v1.4 has a solid foundation regarding SQL and general code safety. The absence of exploitable taint flows and known CVEs are strong positives. The critical weakness lies in the universal lack of output escaping, which poses a tangible XSS risk. Addressing this would significantly bolster the plugin's security.",[166],{"reason":167,"points":168},"0% output escaping",8,"2026-03-16T22:51:58.222Z",{"wat":171,"direct":177},{"assetPaths":172,"generatorPatterns":174,"scriptPaths":175,"versionParams":176},[173],"\u002Fwp-content\u002Fplugins\u002Fdomains-switcher\u002Fimages\u002Finfo.png",[],[],[],{"cssClasses":178,"htmlComments":181,"htmlAttributes":182,"restEndpoints":184,"jsGlobals":196,"shortcodeOutput":198},[179,180],"domains_switcher_info","wrap",[],[183],"data-table",[185,186,187,188,189,190,191,192,193,194,195],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fpages","\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts","\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia","\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers","\u002Fwp-json\u002Fwp\u002Fv2\u002Fcomments","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftags","\u002Fwp-json\u002Fwp\u002Fv2\u002Fcategories","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftypes","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftaxonomies","\u002Fwp-json\u002Fwp\u002Fv2\u002Fstatuses","\u002Fwp-json\u002Fwp\u002Fv2\u002Fsettings",[197],"$",[]]