[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ft8KmKHQ20VgKOsL_YLwJjLsq5Byv8bLLMraeUDINLNw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":38,"fingerprints":105},"ecommerce-featured-reviews","Featured Reviews for Woocommerce","1.1","Karam Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsony7596\u002F","\u003Cp>Customer Reviews are most important part for any product. If we have some best reviews at top then there are more chances to get more sales.\u003Cbr \u002F>\nThis plugin will helps to change review order, You can easily move any review to top or bottom.\u003Cbr \u002F>\nYou have to setup order number in reviews. Number can we in minus zero and plus. Based on number product reviews get position. Less number will be at top.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin features:-\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Make any review at top or bottom.\u003C\u002Fli>\n\u003Cli>Based on number reviews get arranged.\u003C\u002Fli>\n\u003Cli>Number can be in minus zero and plus.\u003C\u002Fli>\n\u003Cli>Less number will be at top.\u003C\u002Fli>\n\u003Cli>Easy to use.\u003C\u002Fli>\n\u003Cli>Easy to customize. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How to use this plugin:-\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FcAJNQQDAdUY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need More Features:-\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.miraclewebsoft.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>\u003C\u002Fp>\n","This plugin will helps to change review order, You can easily move any review to top or bottom, for that you have to setup order number in reviews.",0,1110,100,2,"2019-11-30T07:40:00.000Z","5.2.24","3.6","5.7",[20,21,22,23,24],"comments-order-setup","featured-reviews-for-woocommerce","priority-reviews","review-order","reviews-rearrange","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fecommerce-featured-reviews.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sony7596",1,30,84,"2026-04-04T07:46:13.554Z",[],{"attackSurface":39,"codeSignals":77,"taintFlows":97,"riskAssessment":98,"analyzedAt":104},{"hooks":40,"ajaxHandlers":73,"restRoutes":74,"shortcodes":75,"cronEvents":76,"entryPointCount":11,"unprotectedCount":11},[41,47,51,57,61,65,69],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","edit_comment","wfr_save_meta_box_postdata","featured-reviews-for-woocommerce.php",38,{"type":42,"name":48,"callback":49,"file":45,"line":50},"admin_menu","wfr_add_meta_box",39,{"type":52,"name":53,"callback":54,"priority":55,"file":45,"line":56},"filter","comment_text","wfr_comment_text",10,40,{"type":52,"name":58,"callback":59,"file":45,"line":60},"comment_row_actions","wfr_comment_row_actions",41,{"type":42,"name":62,"callback":63,"file":45,"line":64},"admin_print_scripts","wfr_print_scripts",42,{"type":52,"name":66,"callback":67,"file":45,"line":68},"comment_class","wfr_comment_class",45,{"type":42,"name":70,"callback":71,"file":45,"line":72},"wp_enqueue_scripts","wfr_enqueue",46,[],[],[],[],{"dangerousFunctions":78,"sqlUsage":79,"outputEscaping":81,"fileOperations":11,"externalRequests":11,"nonceChecks":33,"capabilityChecks":95,"bundledLibraries":96},[],{"prepared":11,"raw":11,"locations":80},[],{"escaped":33,"rawEcho":82,"locations":83},5,[84,87,89,91,93],{"file":45,"line":85,"context":86},148,"raw output",{"file":45,"line":88,"context":86},149,{"file":45,"line":90,"context":86},150,{"file":45,"line":92,"context":86},153,{"file":45,"line":94,"context":86},156,3,[],[],{"summary":99,"deductions":100},"The ecommerce-featured-reviews plugin version 1.1 exhibits a strong security posture based on the provided static analysis. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events with exploitable attack surfaces significantly reduces the potential for direct malicious access. Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and includes nonce checks and capability checks, which are crucial for preventing common attack vectors.\n\nWhile the static analysis reveals a clean code base with no dangerous functions, file operations, or external HTTP requests, a notable concern arises from the output escaping. With only 17% of outputs being properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This means user-supplied data, if not handled carefully in the remaining 83% of outputs, could be injected and executed in a user's browser, potentially leading to session hijacking or other malicious actions. The lack of any recorded vulnerabilities in its history is a positive indicator, suggesting a generally well-maintained codebase, but this should not overshadow the identified output escaping weakness.\n\nIn conclusion, the plugin's strengths lie in its limited attack surface and secure handling of database operations and authentication mechanisms. However, the widespread lack of output escaping presents a substantial risk that needs to be addressed promptly. The absence of past vulnerabilities is encouraging but does not mitigate the current potential for XSS attacks. Addressing the output escaping issue should be the highest priority.",[101],{"reason":102,"points":103},"Low percentage of properly escaped output",15,"2026-03-17T06:49:58.223Z",{"wat":106,"direct":117},{"assetPaths":107,"generatorPatterns":111,"scriptPaths":112,"versionParams":113},[108,109,110],"\u002Fwp-content\u002Fplugins\u002Fecommerce-featured-reviews\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fecommerce-featured-reviews\u002Ffront.js","\u002Fwp-content\u002Fplugins\u002Fecommerce-featured-reviews\u002Fapp.js",[],[],[114,115,116],"ecommerce-featured-reviews\u002Fstyle.css?ver=","ecommerce-featured-reviews\u002Ffront.js?ver=","ecommerce-featured-reviews\u002Fapp.js?ver=",{"cssClasses":118,"htmlComments":122,"htmlAttributes":123,"restEndpoints":125,"jsGlobals":126,"shortcodeOutput":128},[119,120,121],"featured","order_comment","o-",[],[124],"data-comment_id",[],[127],"woocommerce_reviews",[]]