[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f514qcjJ3EELotr6Np9JHCZMtfo0d9Q5wDsLIxlShxq0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":216},"etoile-theme-companion","Etoile Theme Companion","1.5","Rustaurius","https:\u002F\u002Fprofiles.wordpress.org\u002Frustaurius\u002F","\u003Cp>Companion plugin for themes from Etoile Web Design, such as the Ultimate Showcase theme.\u003C\u002Fp>\n\u003Cp>No support will given for this plugin. All support will be handled via the theme.\u003C\u002Fp>\n","Companion plugin for themes from Etoile Web Design, such as the Ultimate Showcase theme.",80,6704,0,"2017-11-13T21:36:00.000Z","4.9.29","3.5.0","",[19,20],"etoile-web-design","ultimate-showcase","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fetoile-theme-companion.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"rustaurius",21,65800,90,705,72,"2026-04-04T09:20:55.331Z",[],{"attackSurface":36,"codeSignals":122,"taintFlows":176,"riskAssessment":203,"analyzedAt":215},{"hooks":37,"ajaxHandlers":100,"restRoutes":106,"shortcodes":107,"cronEvents":120,"entryPointCount":121,"unprotectedCount":89},[38,44,48,52,56,60,64,68,73,76,79,82,86,91,94,97],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","widgets_init","Update_EWD_UPCP_Theme_Content","etoile-theme-companion.php",13,{"type":39,"name":45,"callback":46,"file":42,"line":47},"admin_head","EWD_UPCP_Theme_Admin_Styles",14,{"type":39,"name":49,"callback":50,"file":42,"line":51},"admin_init","Add_EWD_UPCP_Theme_Admin_Scripts",15,{"type":39,"name":53,"callback":54,"file":42,"line":55},"admin_menu","EWD_UPCP_Theme_Enable_Menu",16,{"type":39,"name":57,"callback":58,"file":42,"line":59},"wp_enqueue_scripts","Add_EWD_UPCP_Theme_Scripts",45,{"type":39,"name":61,"callback":62,"file":42,"line":63},"after_setup_theme","EWD_Theme_Companion_Text_Domain",52,{"type":39,"name":65,"callback":66,"file":42,"line":67},"init","upcp_theme_jumpbox_posttype",293,{"type":69,"name":70,"callback":71,"file":42,"line":72},"filter","pre_get_posts","upcp_theme_jumpboxes_menu_order",321,{"type":39,"name":65,"callback":74,"file":42,"line":75},"upcp_theme_register_jumpbox_shortcode",372,{"type":39,"name":65,"callback":77,"file":42,"line":78},"upcp_theme_testimonial_posttype",384,{"type":69,"name":70,"callback":80,"file":42,"line":81},"upcp_theme_testimonials_menu_order",412,{"type":39,"name":83,"callback":84,"file":42,"line":85},"add_meta_boxes","upcp_theme_add_testimonials_metaboxes",417,{"type":39,"name":87,"callback":88,"priority":89,"file":42,"line":90},"save_post","upcp_theme_testimonials_meta_save",1,458,{"type":39,"name":65,"callback":92,"file":42,"line":93},"upcp_theme_register_testimonials_shortcode",543,{"type":39,"name":40,"callback":95,"file":42,"line":96},"upcp_theme_load_testimonials_widget",628,{"type":39,"name":65,"callback":98,"file":42,"line":99},"upcp_theme_register_callout_shortcode",674,[101],{"action":102,"nopriv":103,"callback":104,"hasNonce":103,"hasCapCheck":103,"file":42,"line":105},"upcp_theme_get_products",false,"EWD_UPCP_Theme_Get_Products",235,[],[108,112,116],{"tag":109,"callback":110,"file":42,"line":111},"jumpboxes","upcp_theme_jumpbox_shortcode",370,{"tag":113,"callback":114,"file":42,"line":115},"testimonials","upcp_theme_testimonials_shortcode",541,{"tag":117,"callback":118,"file":42,"line":119},"callout","upcp_theme_callout_shortcode",672,[],4,{"dangerousFunctions":123,"sqlUsage":124,"outputEscaping":126,"fileOperations":13,"externalRequests":13,"nonceChecks":174,"capabilityChecks":174,"bundledLibraries":175},[],{"prepared":13,"raw":13,"locations":125},[],{"escaped":127,"rawEcho":128,"locations":129},26,23,[130,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,164,166,168,169,171,173],{"file":42,"line":131,"context":132},134,"raw output",{"file":42,"line":134,"context":132},165,{"file":42,"line":136,"context":132},166,{"file":42,"line":138,"context":132},167,{"file":42,"line":140,"context":132},186,{"file":42,"line":142,"context":132},233,{"file":42,"line":144,"context":132},426,{"file":42,"line":146,"context":132},431,{"file":42,"line":148,"context":132},433,{"file":42,"line":150,"context":132},563,{"file":42,"line":152,"context":132},565,{"file":42,"line":154,"context":132},570,{"file":42,"line":156,"context":132},574,{"file":42,"line":158,"context":132},576,{"file":42,"line":160,"context":132},590,{"file":42,"line":162,"context":132},591,{"file":42,"line":162,"context":132},{"file":42,"line":165,"context":132},594,{"file":42,"line":167,"context":132},595,{"file":42,"line":167,"context":132},{"file":42,"line":170,"context":132},599,{"file":42,"line":172,"context":132},605,{"file":42,"line":172,"context":132},2,[],[177,195],{"entryPoint":178,"graph":179,"unsanitizedCount":13,"severity":194},"Update_EWD_UPCP_Theme_Content (etoile-theme-companion.php:62)",{"nodes":180,"edges":191},[181,186],{"id":182,"type":183,"label":184,"file":42,"line":185},"n0","source","$_POST['featured_products_type']",84,{"id":187,"type":188,"label":189,"file":42,"line":185,"wp_function":190},"n1","sink","update_option() [Settings Manipulation]","update_option",[192],{"from":182,"to":187,"sanitized":193},true,"low",{"entryPoint":196,"graph":197,"unsanitizedCount":13,"severity":194},"\u003Cetoile-theme-companion> (etoile-theme-companion.php:0)",{"nodes":198,"edges":201},[199,200],{"id":182,"type":183,"label":184,"file":42,"line":185},{"id":187,"type":188,"label":189,"file":42,"line":185,"wp_function":190},[202],{"from":182,"to":187,"sanitized":193},{"summary":204,"deductions":205},"The \"etoile-theme-companion\" v1.5 plugin demonstrates a generally good security posture with several positive indicators. Notably, the absence of any known CVEs, even historical ones, suggests a history of responsible development or a lack of past significant vulnerabilities. The plugin also exhibits strong practices regarding SQL queries, utilizing prepared statements exclusively, and shows no file operations or external HTTP requests, which are common attack vectors. However, there are specific areas of concern that lower its overall security. The presence of an unprotected AJAX handler significantly increases the attack surface, as this entry point is exposed to unauthenticated users. While the taint analysis shows no unsanitized paths, the moderate rate of properly escaped output (53%) indicates a risk of cross-site scripting (XSS) vulnerabilities in the remaining 47% of outputs. The limited number of nonce and capability checks, coupled with the unprotected AJAX handler, suggests that authenticated actions might not be sufficiently verified against unauthorized access.\n\nIn conclusion, while the plugin's developer has implemented several critical security best practices, the exposed AJAX handler and the percentage of unescaped output present tangible risks. The lack of historical vulnerabilities is a positive sign, but it does not negate the immediate concerns identified in the static analysis. To achieve a more robust security profile, addressing the unprotected AJAX handler and improving output escaping should be prioritized.",[206,209,212],{"reason":207,"points":208},"Unprotected AJAX handler found",10,{"reason":210,"points":211},"Only 53% of outputs properly escaped",5,{"reason":213,"points":214},"Limited nonce\u002Fcapability checks for entry points",3,"2026-03-16T21:28:20.400Z",{"wat":217,"direct":233},{"assetPaths":218,"generatorPatterns":223,"scriptPaths":224,"versionParams":228},[219,220,221,222],"\u002Fwp-content\u002Fplugins\u002Fetoile-theme-companion\u002Fcss\u002FAdmin.css","\u002Fwp-content\u002Fplugins\u002Fetoile-theme-companion\u002Fjs\u002FAdmin.js","\u002Fwp-content\u002Fplugins\u002Fetoile-theme-companion\u002Fjs\u002FfeaturedProds.js","\u002Fwp-content\u002Fplugins\u002Fetoile-theme-companion\u002Fjs\u002FtextOnPic.js",[],[225,226,227],"etoile-theme-companion\u002Fjs\u002FAdmin.js","etoile-theme-companion\u002Fjs\u002FfeaturedProds.js","etoile-theme-companion\u002Fjs\u002FtextOnPic.js",[229,230,231,232],"etoile-theme-companion\u002Fcss\u002FAdmin.css?ver=","etoile-theme-companion\u002Fjs\u002FAdmin.js?ver=","etoile-theme-companion\u002Fjs\u002FfeaturedProds.js?ver=","etoile-theme-companion\u002Fjs\u002FtextOnPic.js?ver=",{"cssClasses":234,"htmlComments":250,"htmlAttributes":254,"restEndpoints":278,"jsGlobals":279,"shortcodeOutput":281},[235,236,237,238,239,240,241,242,243,244,245,246,247,248,249],"ewd-ust-dashboard-top-upgrade","ewd-ust-dashboard-top-upgrade-left","ewd-ust-dashboard-pro","upcp-postbox-collapsible","ewd-dashboard-h3","ewd-us-clear","upcp-theme-options-page-tabbed","upcp-theme-options-submenu-div","upcp-theme-options-submenu","upcp-theme-options-page-tabbed-nav","options-subnav-tab","options-subnav-tab-active","upcp-theme-option-set","upcp-theme-options-page-tab-title","upcp-theme-selected-products-type",[251,252,253,253],"\u003C!-- ewd-ust-dashboard-top-upgrade-left -->","\u003C!-- ewd-ust-dashboard-top-upgrade -->","\u003C!-- ewd-us-clear -->",[255,256,257,258,259,260,261,262,261,263,264,265,266,267,268,269,270,271,272,273,274,275,276,273,277],"id=\"ewd-ust-dashboard-top-upgrade\"","id=\"ewd-ust-dashboard-top-upgrade-left\"","id=\"ewd-ust-dashboard-pro\"","class=\"postbox upcp-pro upcp-postbox-collapsible\"","class='hndle ewd-dashboard-h3'","class=\"inside\"","class=\"ewd-us-clear\"","class=\"purchaseButton\"","class=\"wrap upcp-theme-options-page-tabbed\"","class=\"upcp-theme-options-submenu-div\"","class=\"upcp-theme-options-submenu upcp-theme-options-page-tabbed-nav\"","id=\"Products_Menu\"","class=\"MenuTab options-subnav-tab\"","class=\"options-subnav-tab-active\"","onclick=\"ShowOptionTab('Products');\"","class=\"upcp-theme-options-page-tabbed-content\"","class='upcp-theme-option-set'","id='Products'","id='label-premium-options'","class='upcp-theme-options-page-tab-title'","class='upcp-theme-selected-products-type'","name='Current_Featured_Products_Type'","name='featured_products_type'",[],[280],"admin_js_local",[]]