[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcZ7_xsUcVVDjYnzAQhhpw-WvDTetCHzU7N3vnbbWRbQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":30,"analysis":31,"fingerprints":87},"embed-kindle","Embed Kindle","1.0.1","akky","https:\u002F\u002Fprofiles.wordpress.org\u002Fakky\u002F","\u003Cp>This is a plugin to provide a short tag to embed Amazon’s e-book viewer widget Kindle Reader in your posts.\u003C\u002Fp>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Cp>[embed_kindle asin=”B004UW29IK”]\u003C\u002Fp>\n\u003Cp>You may set your Amazon affiliate ID on admin setting.\u003C\u002Fp>\n\u003Cp>PHP 5.3 or above required.\u003C\u002Fp>\n\u003Cp>The admin menu is internationalized, currently supports English and Japanese (translation to your language is welcome).\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n","Version 1.0.1 Tags: Kindle, embed, Kindle Reader, Kindle viewer, viewer, affiliate, e-book, Amazon, Amazon Kindle, sample, e-book, ebook, digital book …",10,2522,0,"2012-11-02T09:36:00.000Z","",[],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fembed-kindle","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-kindle.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":24,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":19,"computed_at":29},"Yakkyofy",4,80,87,30,"2026-04-05T18:44:53.748Z",[],{"attackSurface":32,"codeSignals":59,"taintFlows":74,"riskAssessment":75,"analyzedAt":86},{"hooks":33,"ajaxHandlers":50,"restRoutes":51,"shortcodes":52,"cronEvents":57,"entryPointCount":58,"unprotectedCount":13},[34,40,43,47],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","admin_init","initializeI18n","includes\\Akky\\EmbedKindle.php",22,{"type":35,"name":41,"callback":42,"file":38,"line":28},"wp_print_scripts","addScripts",{"type":35,"name":44,"callback":45,"file":38,"line":46},"admin_menu","registerMenu",35,{"type":35,"name":36,"callback":48,"file":38,"line":49},"registerSettings",39,[],[],[53],{"tag":54,"callback":55,"file":38,"line":56},"embed_kindle","shortCode",26,[],1,{"dangerousFunctions":60,"sqlUsage":61,"outputEscaping":63,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":73},[],{"prepared":13,"raw":13,"locations":62},[],{"escaped":13,"rawEcho":64,"locations":65},3,[66,69,71],{"file":38,"line":67,"context":68},136,"raw output",{"file":38,"line":70,"context":68},180,{"file":38,"line":72,"context":68},186,[],[],{"summary":76,"deductions":77},"The 'embed-kindle' plugin v1.0.1 exhibits a generally good security posture with no known vulnerabilities and a limited attack surface. The static analysis reveals no dangerous functions, no direct SQL queries (all use prepared statements), and no file operations or external HTTP requests, which are all positive indicators. Taint analysis also found no critical or high-severity issues, suggesting that data handling within the plugin is not introducing obvious vulnerabilities.\n\nHowever, there are significant concerns regarding output escaping. With 100% of observed outputs being unescaped, this presents a considerable risk. If any user-controlled data is rendered directly on the frontend, it could lead to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks and capability checks on its single shortcode, while not immediately exploitable due to the lack of complex interactions or sensitive data handling identified in the static analysis, represents a missed security control that could be exploited in conjunction with other weaknesses or in future plugin updates.\n\nThe plugin's history of zero known CVEs is a strong positive, suggesting diligent development or a lack of targeting. However, the static analysis findings, particularly the unescaped output and lack of nonces\u002Fcapabilities on its entry point, indicate that the plugin's security is not as robust as it could be. While the current impact might be low, these weaknesses create potential pathways for attacks if the plugin's functionality or the data it handles evolves.",[78,81,84],{"reason":79,"points":80},"Unescaped output found",8,{"reason":82,"points":83},"Shortcode lacks nonce checks",5,{"reason":85,"points":83},"Shortcode lacks capability checks","2026-03-17T00:07:36.646Z",{"wat":88,"direct":94},{"assetPaths":89,"generatorPatterns":90,"scriptPaths":91,"versionParams":93},[],[],[92],"http:\u002F\u002Fkindleweb.s3.amazonaws.com\u002Fapp\u002FKindleReader-min.js",[],{"cssClasses":95,"htmlComments":97,"htmlAttributes":98,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":103},[96],"embed-kindle-warning",[],[99],"data-affiliate_id",[],[102],"KindleReader",[104,105,106,107,108,109,110],"\u003Cdiv id='kindleReaderDiv","\u003Cscript type=\"text\u002Fjavascript\">KindleReader.LoadSample({","containerID","asin","assoctag","')\u003C\u002Fscript>","\u003Cdiv class=\"embed-kindle-warning\""]