[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOXwroP20tJJXJI3Qxg3g3lLXjuS-D6OyGM-gpE57wec":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":30,"analysis":31,"fingerprints":74},"egn-validator-for-egn-bg","ЕГН проверка от Egn.bg","1.0","Kostov","https:\u002F\u002Fprofiles.wordpress.org\u002Fbluezme\u002F","\u003Cp>egn.bg API integration. Include Egn Validator widget.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external API in order to validate Bulgarian Personal Identification Numbers (EGN).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>What service is used and why:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin uses the public API at \u003Ca href=\"https:\u002F\u002Fegn.bg\" rel=\"nofollow ugc\">https:\u002F\u002Fegn.bg\u003C\u002Fa> to check if an entered Bulgarian Personal Identification Number (EGN) is valid.\u003Cbr \u002F>\nThis is necessary for the plugin’s main functionality — validating EGNs directly at the time of input.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003Cbr \u002F>\nEvery time a user enters an EGN for validation, the plugin sends the provided EGN string to the endpoint:\u003Cbr \u002F>\n  https:\u002F\u002Fegn.bg\u002Fapi\u002Fegn\u002Fvalidate\u003Cbr \u002F>\nNo data is stored locally in the WordPress database. The EGN is sent only for the purpose of validation and is not retained by the plugin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Who provides the service:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe service is provided by \u003Ca href=\"https:\u002F\u002Fegn.bg\" rel=\"nofollow ugc\">egn.bg\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Terms of service and privacy policy:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can review the service’s policies here:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Terms of Service: \u003Ca href=\"https:\u002F\u002Fegn.bg\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fegn.bg\u002Fterms\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>Privacy Policy: \u003Ca href=\"https:\u002F\u002Fegn.bg\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fegn.bg\u002Fprivacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","egn.bg API integration. Include Egn Validator widget.",0,559,"2025-08-29T17:13:00.000Z","6.9.4","5.0","",[18],"egn-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fegn-validator-for-egn-bg.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"bluezme",2,30,94,"2026-04-04T11:12:48.852Z",[],{"attackSurface":32,"codeSignals":57,"taintFlows":66,"riskAssessment":67,"analyzedAt":73},{"hooks":33,"ajaxHandlers":44,"restRoutes":54,"shortcodes":55,"cronEvents":56,"entryPointCount":26,"unprotectedCount":11},[34,40],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","widgets_init","egn_bg_register_widgets","egn-validator-for-egn-bg.php",23,{"type":35,"name":41,"callback":42,"file":38,"line":43},"wp_enqueue_scripts","egn_bg_enqueue_scripts",32,[45,52],{"action":46,"nopriv":47,"callback":48,"hasNonce":49,"hasCapCheck":47,"file":50,"line":51},"egn_bg_validate",false,"validate",true,"includes\\class-ajax-handler.php",6,{"action":46,"nopriv":49,"callback":48,"hasNonce":49,"hasCapCheck":47,"file":50,"line":53},7,[],[],[],{"dangerousFunctions":58,"sqlUsage":59,"outputEscaping":61,"fileOperations":11,"externalRequests":64,"nonceChecks":64,"capabilityChecks":11,"bundledLibraries":65},[],{"prepared":11,"raw":11,"locations":60},[],{"escaped":62,"rawEcho":11,"locations":63},41,[],1,[],[],{"summary":68,"deductions":69},"The plugin \"egn-validator-for-egn-bg\" v1.0 exhibits a strong security posture based on the provided static analysis.  All identified entry points, specifically the two AJAX handlers, have proper nonce checks. Crucially, all SQL queries are executed using prepared statements, and all output is properly escaped, mitigating common risks like SQL injection and cross-site scripting (XSS). The absence of direct file operations and the limited scope of external HTTP requests also contribute positively to its security.\n\nHowever, a key concern is the lack of capability checks on the AJAX handlers. While nonce checks prevent CSRF attacks to some extent, they do not restrict *who* can trigger these actions. This means any authenticated user, regardless of their role or permissions, could potentially interact with these AJAX endpoints. The single external HTTP request, while not inherently a vulnerability, warrants further investigation to ensure it is not making requests to untrusted sources or is being handled securely.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the positive static analysis findings, suggests a development process that prioritizes security.  Nonetheless, the missing capability checks represent a potential weakness that could be exploited in conjunction with other social engineering or privilege escalation techniques if an attacker gains a foothold within the WordPress environment.  Overall, the plugin is well-built from a technical security perspective, but the lack of role-based access control on its AJAX endpoints is a notable area for improvement.",[70],{"reason":71,"points":72},"Missing capability checks on AJAX handlers",10,"2026-03-17T07:15:47.151Z",{"wat":75,"direct":84},{"assetPaths":76,"generatorPatterns":79,"scriptPaths":80,"versionParams":81},[77,78],"\u002Fwp-content\u002Fplugins\u002Fegn-validator-for-egn-bg\u002Fcss\u002Fegn-bg.css","\u002Fwp-content\u002Fplugins\u002Fegn-validator-for-egn-bg\u002Fjs\u002Fegn-bg.js",[],[78],[82,83],"egn-validator-for-egn-bg\u002Fcss\u002Fegn-bg.css?ver=","egn-validator-for-egn-bg\u002Fjs\u002Fegn-bg.js?ver=",{"cssClasses":85,"htmlComments":86,"htmlAttributes":87,"restEndpoints":88,"jsGlobals":89,"shortcodeOutput":91},[],[],[],[],[90],"egnBgAjax",[]]