[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fb4yR_4hafvFGpaSGFWuq4hHBSmZXTXgkxDNqfjdWstg":3,"$fBH4ASTxhevAhZcNcDnhY6l49AURKuUxBil23jSKMw0Y":116,"$famx9U-nr0akzpbG3u2bFQbZT8av1PvJi3KDjUQxnO30":121},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":36,"fingerprints":101},"edithtmldom","1.0","ulmdesign","https:\u002F\u002Fprofiles.wordpress.org\u002Fulmdesign\u002F","\u003Cp>Get DOM url or file and remove or replace contents in few minutes.\u003Cbr \u002F>\nThis plugin has been designed on the basis of API Simple HTML DOM Parser of http:\u002F\u002Fsourceforge.net\u002Fprojects\u002Fsimplehtmldom\u002F\u003Cbr \u002F>\nComplete Support visit this page http:\u002F\u002Fulmdesign.mediamaster.eu\u002Fedithtmldom\u002F and http:\u002F\u002Fulmdesign.mediamaster.eu\u002Fedithtmldom\u002Fsupport.html\u003C\u002Fp>\n","Get DOM url or file and remove or replace contents in few minutes.",10,2111,0,"2014-09-05T14:11:00.000Z","4.0.38","3.0","",[18,19,20,21,22],"control-structure-html","edit-new-class","get-dom-url","modify-content","replace-tag-html","http:\u002F\u002Fulmdesign.mediamaster.eu\u002Fedithtmldom\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedithtmldom.1.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,30,84,"2026-05-19T20:58:24.299Z",[],{"attackSurface":37,"codeSignals":68,"taintFlows":88,"riskAssessment":89,"analyzedAt":100},{"hooks":38,"ajaxHandlers":60,"restRoutes":61,"shortcodes":62,"cronEvents":66,"entryPointCount":67,"unprotectedCount":12},[39,45,48,51,56],{"type":40,"name":41,"callback":42,"file":43,"line":44},"filter","the_content","do_shortcode","edithtmldom.php",46,{"type":40,"name":46,"callback":42,"file":43,"line":47},"widget_text",47,{"type":40,"name":49,"callback":42,"file":43,"line":50},"wp_list_pages",48,{"type":52,"name":53,"callback":54,"file":43,"line":55},"action","admin_init","eHTML_register_options_group",68,{"type":52,"name":57,"callback":58,"file":43,"line":59},"admin_menu","edithtmldom_opt_page",100,[],[],[63],{"tag":64,"callback":4,"file":43,"line":65},"modifycontents",45,[],1,{"dangerousFunctions":69,"sqlUsage":70,"outputEscaping":72,"fileOperations":31,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":87},[],{"prepared":67,"raw":12,"locations":71},[],{"escaped":12,"rawEcho":73,"locations":74},5,[75,78,80,83,85],{"file":43,"line":76,"context":77},81,"raw output",{"file":43,"line":79,"context":77},83,{"file":81,"line":82,"context":77},"simple_html_dom.php",157,{"file":81,"line":84,"context":77},162,{"file":81,"line":86,"context":77},233,[],[],{"summary":90,"deductions":91},"The 'edithtmldom' v1.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode identified, and no known historical vulnerabilities (CVEs) have been recorded, suggesting a generally cautious development approach. The plugin also utilizes prepared statements for its single SQL query, which is a good security practice.\n\nHowever, there are significant concerns that outweigh the strengths. The most critical finding is that 100% of its output is not properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress environment. Furthermore, the absence of nonce checks and capability checks on its entry points means that any user, regardless of their role or privileges, could potentially trigger actions or expose sensitive information if the shortcode's functionality can be leveraged maliciously.\n\nThe lack of taint analysis results is not necessarily a positive sign; it could simply mean that the analysis tool did not find any flows or that the analysis was not performed comprehensively enough to detect potential issues in the limited code provided. Given the critical output escaping deficiency and lack of authorization checks, the plugin's current security is concerning despite its clean vulnerability history.",[92,95,98],{"reason":93,"points":94},"All output is unescaped (XSS risk)",8,{"reason":96,"points":97},"No nonce checks on entry points",7,{"reason":99,"points":97},"No capability checks on entry points","2026-04-16T12:53:02.536Z",{"wat":102,"direct":107},{"assetPaths":103,"generatorPatterns":104,"scriptPaths":105,"versionParams":106},[],[],[],[],{"cssClasses":108,"htmlComments":109,"htmlAttributes":110,"restEndpoints":112,"jsGlobals":113,"shortcodeOutput":114},[],[],[111],"wp-editor-container",[],[],[115],"[modifycontents]",{"error":117,"url":118,"statusCode":119,"statusMessage":120,"message":120},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fedithtmldom\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":5,"total_versions":67,"versions":122},[123],{"version":5,"download_url":24,"svn_tag_url":124,"released_at":26,"has_diff":125,"diff_files_changed":126,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":127,"is_current":117},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fedithtmldom\u002Ftags\u002F1.0\u002F",false,[],[]]