[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqOkX6wzqzxp8vn9Sd11CwoYY43yCI6aqbS3lINcuhRw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":32,"analysis":33,"fingerprints":176},"dx-contribute","DX-Contribute","1.4.0","daxiawp","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaxiawp\u002F","\u003Cp>create a Submission page, allowing visitors through the page shortcut Contributor.\u003C\u002Fp>\n\u003Cp>创建一个投稿页面，允许匿名用户在线快捷投稿。\u003C\u002Fp>\n\u003Cp>详情请浏览：\u003Ca href=\"http:\u002F\u002Fwww.daxiawp.com\u002Fdx-contribute.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.daxiawp.com\u002Fdx-contribute.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","The shortcut Submission wordpress plugin. 快捷投稿插件",10,7547,0,"2013-01-03T08:46:00.000Z","3.5.2","3.1","",[19],"contribute","http:\u002F\u002Fwww.daxiawp.com\u002Fdx-contribute.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-contribute.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},3,320,30,84,"2026-04-04T19:53:55.464Z",[],{"attackSurface":34,"codeSignals":74,"taintFlows":122,"riskAssessment":162,"analyzedAt":175},{"hooks":35,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":72,"entryPointCount":73,"unprotectedCount":13},[36,42,45,49,53,58,62],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","menu_page","dx-contribute.php",21,{"type":37,"name":43,"callback":19,"file":40,"line":44},"init",22,{"type":37,"name":43,"callback":46,"priority":47,"file":40,"line":48},"theme",9999,23,{"type":37,"name":50,"callback":51,"file":40,"line":52},"DXC_form_bottom","contact",24,{"type":54,"name":55,"callback":56,"file":40,"line":57},"filter","the_content","contribute_metadata",25,{"type":37,"name":59,"callback":60,"file":40,"line":61},"publish_post","publish",26,{"type":37,"name":38,"callback":63,"file":64,"line":65},"_daxiawp_theme_menu_page","theme.php",4,[],[],[69],{"tag":5,"callback":70,"file":40,"line":71},"contribute_page",20,[],1,{"dangerousFunctions":75,"sqlUsage":76,"outputEscaping":78,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":121},[],{"prepared":13,"raw":13,"locations":77},[],{"escaped":73,"rawEcho":41,"locations":79},[80,84,86,88,90,91,92,93,95,97,99,101,103,106,107,109,111,113,115,117,119],{"file":81,"line":82,"context":83},"contribute-page.php",6,"raw output",{"file":81,"line":85,"context":83},7,{"file":81,"line":87,"context":83},13,{"file":81,"line":89,"context":83},15,{"file":81,"line":71,"context":83},{"file":81,"line":57,"context":83},{"file":81,"line":29,"context":83},{"file":81,"line":94,"context":83},66,{"file":81,"line":96,"context":83},77,{"file":81,"line":98,"context":83},81,{"file":40,"line":100,"context":83},69,{"file":40,"line":102,"context":83},79,{"file":104,"line":105,"context":83},"options-form.php",76,{"file":104,"line":98,"context":83},{"file":104,"line":108,"context":83},86,{"file":104,"line":110,"context":83},103,{"file":104,"line":112,"context":83},105,{"file":104,"line":114,"context":83},116,{"file":104,"line":116,"context":83},130,{"file":104,"line":118,"context":83},141,{"file":64,"line":120,"context":83},37,[],[123,141,150],{"entryPoint":124,"graph":125,"unsanitizedCount":73,"severity":140},"contribute (dx-contribute.php:46)",{"nodes":126,"edges":137},[127,132],{"id":128,"type":129,"label":130,"file":40,"line":131},"n0","source","$_GET",65,{"id":133,"type":134,"label":135,"file":40,"line":100,"wp_function":136},"n1","sink","echo() [XSS]","echo",[138],{"from":128,"to":133,"sanitized":139},false,"medium",{"entryPoint":142,"graph":143,"unsanitizedCount":73,"severity":149},"\u003Cdx-contribute> (dx-contribute.php:0)",{"nodes":144,"edges":147},[145,146],{"id":128,"type":129,"label":130,"file":40,"line":131},{"id":133,"type":134,"label":135,"file":40,"line":100,"wp_function":136},[148],{"from":128,"to":133,"sanitized":139},"low",{"entryPoint":151,"graph":152,"unsanitizedCount":73,"severity":149},"\u003Coptions-form> (options-form.php:0)",{"nodes":153,"edges":160},[154,157],{"id":128,"type":129,"label":155,"file":104,"line":156},"$_POST",18,{"id":133,"type":134,"label":158,"file":104,"line":71,"wp_function":159},"update_option() [Settings Manipulation]","update_option",[161],{"from":128,"to":133,"sanitized":139},{"summary":163,"deductions":164},"The \"dx-contribute\" plugin v1.4.0 exhibits a mixed security posture. While it has a very small attack surface and no recorded vulnerability history, several code signals raise concerns. The complete lack of nonce checks and capability checks is a significant weakness, especially given that it has an entry point via a shortcode.  Although there are no directly exploitable critical or high-severity taint flows identified in the static analysis, the presence of unsanitized paths in taint analysis suggests potential for more subtle vulnerabilities that could be triggered through user input. Furthermore, the extremely low percentage of properly escaped output is a major concern, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-controlled data is likely being rendered without adequate sanitization. The absence of dangerous functions and the use of prepared statements for SQL queries are positive indicators, but they do not mitigate the risks posed by missing authorization and output escaping.",[165,167,169,172],{"reason":166,"points":11},"Missing nonce checks on entry points",{"reason":168,"points":11},"Missing capability checks on entry points",{"reason":170,"points":171},"Low percentage of properly escaped output",8,{"reason":173,"points":174},"Unsanitized paths in taint analysis",5,"2026-03-16T23:57:51.595Z",{"wat":177,"direct":183},{"assetPaths":178,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[179],"\u002Fwp-content\u002Fplugins\u002Fdx-contribute\u002Ficon.png",[],[],[],{"cssClasses":184,"htmlComments":188,"htmlAttributes":189,"restEndpoints":205,"jsGlobals":206,"shortcodeOutput":208},[185,186,187],"daxiawp-contact","DXC-input","DXC-exclude-cat",[],[190,191,192,193,194,195,196,197,198,199,200,201,202,203,204],"id=\"contribute-metadata\"","id=\"contribute-site\"","name=\"DXC-title-num\"","name=\"DXC-textarea-num\"","name=\"DXC-textarea-rows\"","name=\"DXC-category\"","name=\"DXC-select-cat\"","name=\"DXC-exclude-cat\"","name=\"DXC-user\"","name=\"DXC-interval\"","name=\"DXC-css\"","name=\"DXC-success\"","name=\"DXC-meta-on\"","name=\"DXC-mail\"","name=\"DXC-metapo\"",[],[207],"DX_Contribute",[209,210,211],"\u003Cdiv class=\"daxiawp-contact\">","\u003Cdiv id=\"contribute-metadata\">","\u003Cdiv id=\"contribute-site\">"]