[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhnCsRsk_qeLiFZ8Wu1zxBVXfbUyJTEt6XfqXBDvfJvw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":35,"fingerprints":83},"expert-html-section","Expert HTML Section","1.0","expertoftech","https:\u002F\u002Fprofiles.wordpress.org\u002Fexpertoftech\u002F","\u003Cp>After installing you should have shortcodes like ‘[expert_html id=”111″]’. simply copy shortcode from plugin menu and use anywhere.\u003C\u002Fp>\n","The plugin create a html section menu and shortcode to use very easily in post, page and theme files. the html section can be able to contain any type …",10,820,0,"2020-06-30T04:10:00.000Z","5.4.19","4.7","7.0",[19,20,4,21,22],"expert-html","expert-html-block","expert-plugin","html-section","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpert-html-section.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T17:09:39.104Z",[],{"attackSurface":36,"codeSignals":60,"taintFlows":70,"riskAssessment":71,"analyzedAt":82},{"hooks":37,"ajaxHandlers":52,"restRoutes":53,"shortcodes":54,"cronEvents":59,"entryPointCount":30,"unprotectedCount":13},[38,44,48],{"type":39,"name":40,"callback":41,"priority":30,"file":42,"line":43},"action","init","register_sections","expert-html-section.php",27,{"type":45,"name":46,"callback":47,"file":42,"line":31},"filter","manage_edit-expert_html_section_columns","edit_html_sections_columns",{"type":39,"name":49,"callback":50,"priority":11,"file":42,"line":51},"manage_expert_html_section_posts_custom_column","manage_html_sections_columns",31,[],[],[55],{"tag":56,"callback":57,"file":42,"line":58},"expert_html","expert_html_section_shortcode",130,[],{"dangerousFunctions":61,"sqlUsage":62,"outputEscaping":64,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":69},[],{"prepared":13,"raw":13,"locations":63},[],{"escaped":13,"rawEcho":30,"locations":65},[66],{"file":42,"line":67,"context":68},97,"raw output",[],[],{"summary":72,"deductions":73},"The expert-html-section plugin version 1.0 presents a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no direct SQL queries, no file operations, and no external HTTP requests. The complete absence of known CVEs and a clean vulnerability history is also a strong indicator of good security development practices. However, several critical concerns emerge from the code analysis. The fact that 100% of output is not properly escaped presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the presence of a shortcode, which is a primary entry point for user-supplied data to be rendered on the front-end. Furthermore, the complete lack of nonce checks and capability checks on the identified entry point (the shortcode) means that any user, regardless of their role or permissions, could potentially trigger actions or inject content through this shortcode, leading to unauthorized actions or data manipulation.",[74,77,80],{"reason":75,"points":76},"Output is not properly escaped",8,{"reason":78,"points":79},"Missing nonce checks on shortcode",5,{"reason":81,"points":79},"Missing capability checks on shortcode","2026-03-17T01:08:21.790Z",{"wat":84,"direct":89},{"assetPaths":85,"generatorPatterns":86,"scriptPaths":87,"versionParams":88},[],[],[],[],{"cssClasses":90,"htmlComments":91,"htmlAttributes":92,"restEndpoints":93,"jsGlobals":94,"shortcodeOutput":95},[],[],[],[],[],[96],"[expert_html id=\""]