[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyFJYn-jc2QHeJPAz8PSWiLeqAjoSWSUVO2kQfn2PlcM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":31,"analysis":32,"fingerprints":117},"easy-fc","Easy Flashcards","1.0","florinmuscalu","https:\u002F\u002Fprofiles.wordpress.org\u002Fflorinmuscalu\u002F","\u003Cp>Create a txt file containing the flashcards you wish to integrate. Example:\u003C\u002Fp>\n\u003Cp>genk.txt:\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n    “q1”:{“q”:”2 to the 10th?”, “a”:”1024″},\u003Cbr \u002F>\n    “q2”:{“q”:”Value of PI?”,   “a”:”3.14″}\u003Cbr \u002F>\n    }\u003C\u002Fp>\n\u003Cp>Load the file to your website.\u003Cbr \u002F>\nThen, in the page, add the flashcard:\u003C\u002Fp>\n\u003Cp>[easyfc title=”General Knowledge” file=”wp-content\u002Fuploads\u002F2020\u002F12\u002Fgenk.txt”\u002F]\u003C\u002Fp>\n\u003Cp>And that’s it. If you want to customize the look, modify easyfc.css.\u003C\u002Fp>\n","Easy fc allows you to easily create and integrate flashcards in your page.",10,1050,0,"2020-12-05T20:04:00.000Z","5.5.18","3.3","5.2.4",[19],"flashcads","https:\u002F\u002Fflorinm.ro\u002Fflashcards\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-fc.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},1,30,84,"2026-04-05T17:27:14.298Z",[],{"attackSurface":33,"codeSignals":61,"taintFlows":104,"riskAssessment":105,"analyzedAt":116},{"hooks":34,"ajaxHandlers":53,"restRoutes":54,"shortcodes":55,"cronEvents":60,"entryPointCount":27,"unprotectedCount":13},[35,41,45,49],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","wp_enqueue_scripts","easyfc_scripts","easyfc.php",144,{"type":36,"name":42,"callback":43,"file":39,"line":44},"init","set_default_options",147,{"type":36,"name":46,"callback":47,"file":39,"line":48},"admin_menu","easy_fc_info_menu",148,{"type":36,"name":50,"callback":51,"file":39,"line":52},"admin_init","update_easy_fc_info",179,[],[],[56],{"tag":57,"callback":58,"file":39,"line":59},"easyfc","easyfc_build",145,[],{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":27,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":103},[],{"prepared":13,"raw":13,"locations":64},[],{"escaped":13,"rawEcho":66,"locations":67},17,[68,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101],{"file":39,"line":69,"context":70},243,"raw output",{"file":39,"line":72,"context":70},247,{"file":39,"line":74,"context":70},251,{"file":39,"line":76,"context":70},255,{"file":39,"line":78,"context":70},259,{"file":39,"line":80,"context":70},263,{"file":39,"line":82,"context":70},267,{"file":39,"line":84,"context":70},271,{"file":39,"line":86,"context":70},275,{"file":39,"line":88,"context":70},279,{"file":39,"line":90,"context":70},283,{"file":39,"line":92,"context":70},287,{"file":39,"line":94,"context":70},291,{"file":39,"line":96,"context":70},295,{"file":39,"line":98,"context":70},299,{"file":39,"line":100,"context":70},303,{"file":39,"line":102,"context":70},307,[],[],{"summary":106,"deductions":107},"The \"easy-fc\" v1.0 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no recorded vulnerabilities or external HTTP requests. The attack surface is also quite small and appears to be protected, with no AJAX handlers or REST API routes found to be unprotected. However, significant concerns arise from the complete lack of output escaping for all 17 identified output points. This could lead to Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is reflected directly in the output without proper sanitization. Additionally, the absence of nonce and capability checks on its entry points (including the shortcode) is a notable weakness, potentially allowing unauthorized actions or information disclosure depending on the shortcode's functionality. The absence of any taint analysis findings or historical vulnerabilities is positive but does not negate the direct risks identified in the static analysis.\n\nWhile the plugin's design appears to be clean in terms of SQL injection and external threats, the lack of output escaping and authorization checks on its entry points presents clear risks. The overall security is compromised by these oversights. Future development should prioritize implementing robust output escaping mechanisms and ensuring proper authorization checks are in place for all user-facing functionalities, especially the shortcode. Until these issues are addressed, the plugin should be considered a moderate risk, particularly concerning XSS vulnerabilities.",[108,111,114],{"reason":109,"points":110},"Output escaping is completely missing",8,{"reason":112,"points":113},"No nonce checks on entry points",5,{"reason":115,"points":113},"No capability checks on entry points","2026-03-17T01:14:04.165Z",{"wat":118,"direct":127},{"assetPaths":119,"generatorPatterns":122,"scriptPaths":123,"versionParams":124},[120,121],"\u002Fwp-content\u002Fplugins\u002Feasy-fc\u002Feasyfc.js","\u002Fwp-content\u002Fplugins\u002Feasy-fc\u002Feasyfc.css",[],[120],[125,126],"easyfc.js?ver=1.3","easyfc.css?ver=1.3",{"cssClasses":128,"htmlComments":146,"htmlAttributes":147,"restEndpoints":149,"jsGlobals":150,"shortcodeOutput":154},[129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145],"flashcard_start","flashcart_btn_start","flashcard_main","flashcard_header","flipCard","card","side","front","back","flashcard_footer","flashcard_buttons","flashcard_btn_correct","flashcard_btn_wrong","flashcard_btn_reset","flashcard_finish","flashcard_btn_yes","flashcard_btn_no",[],[148],"data-fc_id",[],[151,152,153],"fc_options","instance","sets",[155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,172,176,177],"\u003Cdiv id=\"fc_start\" class=\"flashcard_start\">","\u003Cbutton id=\"fc_start_btn\" class=\"flashcart_btn_start\">","\u003Cdiv id=\"fc_main\" class=\"flashcard_main\">","\u003Cdiv class=\"flashcard_header\">","\u003Cdiv id=\"fc_flip\" class=\"flipCard\">","\u003Cdiv id=\"fc_content\" class=\"card\" onclick=\"this.classList.toggle('flipped');\">","\u003Cdiv id=\"fc_content_front\" class=\"side front\">\u003C\u002Fdiv>","\u003Cdiv id=\"fc_content_back\" class=\"side back\">\u003C\u002Fdiv>","\u003Cdiv id=\"fc_footer\" class=\"flashcard_footer\">\u003C\u002Fdiv>","\u003Cdiv class=\"flashcard_buttons\">","\u003Cbutton id=\"fc_btn_corect\" class=\"flashcard_btn_correct\">","\u003Cbutton id=\"fc_btn_gresit\" class=\"flashcard_btn_wrong\">","\u003Cbutton id=\"fc_btn_reset\" class=\"flashcard_btn_reset\">","\u003Cdiv id=\"fc_finish\" class=\"flashcard_finish\" style=\"display:none\">","\u003Cp id=\"fc_message\">\u003C\u002Fp>","\u003Cdiv id=\"fc_repeat\">","\u003Cp>","\u003Cdiv>","\u003Cbutton id=\"fc_repeat_btn\" class=\"flashcard_btn_yes\">","\u003Cbutton id=\"fc_repeat_btn_nu_\" class=\"flashcard_btn_no\">","\u003Cdiv id=\"fc_repeat_test\">","\u003Cbutton id=\"fc_repeat_test_btn\" class=\"flashcard_btn_yes\">","\u003Cbutton id=\"fc_repeat_btn_nu1_\" class=\"flashcard_btn_no\">"]