[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fI49EHvrGPaO_1zetF5hLKS672UpWUPs5hh9axVU4Cjo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":48,"fingerprints":245},"eychat","Eyoung Chat – Ey聊天极简版","1.0","yuyaoit","https:\u002F\u002Fprofiles.wordpress.org\u002Fyuyaoit\u002F","\u003Cp>一个网页版本的聊天室，提供了网页群聊的通讯功能。在线成员可以群聊，可以相互@发言，支持PC浏览器和手机浏览器自适应；\u003Cbr \u002F>\n可以设置聊天记录的保存，推流技术使用websocket协议，响应速度快，支持迸发高。\u003C\u002Fp>\n","Eyoung Chat System (Ey聊天极简版), 为WordPress网站提供网页版的在线即时沟通工具，提供了网页群聊的通讯功能.",10,4997,0,"2022-05-24T06:11:00.000Z","5.9.13","4.8","",[19,20,21,22,23],"%e7%be%a4%e8%81%8a","%e8%81%8a%e5%a4%a9","webim","%e6%b2%9f%e9%80%9a","%e4%ba%92%e5%8a%a8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feychat.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,20,93,30,89,"2026-04-05T04:18:23.873Z",[37],{"slug":38,"name":39,"version":6,"author":7,"author_profile":8,"description":40,"short_description":41,"active_installs":11,"downloaded":42,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":43,"homepage":17,"download_link":45,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":47},"eyoung","Eyoung Service Online System – Eyoung在线客服系统","\u003Cp>Eyoung在线客服系统插件是网页版的客服聊天系统，是一对一沟通服务的客服插件；客服人员可以查看所有登录网站的用户并对其主动发起沟通，亦可查看该用户当前浏览的页面；深度挖掘用户浏览习惯的交互工具。在功能层面可灵活配置各种风格，适用于不同风格的网站模版中，并可配置包括QQ、微信、电话、Email等常用沟通工具。\u003C\u002Fp>\n","Eyoung Service Online System (Eyoung在线客服系统), 为WordPress网站提供网页版的在线即时沟通工具,是一对一沟通服务的客服插件.",5423,[20,21,44,22,23],"%e5%9c%a8%e7%ba%bf%e5%ae%a2%e6%9c%8d","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feyoung.1.2.2.zip",100,"2026-03-15T10:48:56.248Z",{"attackSurface":49,"codeSignals":187,"taintFlows":226,"riskAssessment":227,"analyzedAt":244},{"hooks":50,"ajaxHandlers":83,"restRoutes":184,"shortcodes":185,"cronEvents":186,"entryPointCount":33,"unprotectedCount":33},[51,57,62,66,71,75,80],{"type":52,"name":53,"callback":54,"file":55,"line":56},"action","admin_menu","admin_menu_handler","classes\\admin.class.php",303,{"type":58,"name":59,"callback":60,"priority":11,"file":55,"line":61},"filter","plugin_action_links","setQuickUrl",314,{"type":52,"name":63,"callback":64,"file":55,"line":65},"admin_enqueue_scripts","setLoadScripts",315,{"type":52,"name":67,"callback":68,"file":69,"line":70},"plugins_loaded","renderScript","classes\\front.class.php",476,{"type":52,"name":72,"callback":73,"file":69,"line":74},"init","setJoin2Cookie",477,{"type":58,"name":76,"callback":77,"priority":78,"file":69,"line":79},"template_include","getChatPage",11,504,{"type":52,"name":81,"callback":64,"file":69,"line":82},"wp_enqueue_scripts",505,[84,89,93,97,101,105,109,113,117,121,125,129,133,136,139,142,145,148,151,154,157,160,163,167,171,174,176,178,180,182],{"action":85,"nopriv":86,"callback":87,"hasNonce":86,"hasCapCheck":86,"file":55,"line":88},"eychat_setting",false,"manageSetting",304,{"action":90,"nopriv":86,"callback":91,"hasNonce":86,"hasCapCheck":86,"file":55,"line":92},"eychat_getMember","getMember",305,{"action":94,"nopriv":86,"callback":95,"hasNonce":86,"hasCapCheck":86,"file":55,"line":96},"eychat_setMember","setMember",306,{"action":98,"nopriv":86,"callback":99,"hasNonce":86,"hasCapCheck":86,"file":55,"line":100},"eychat_delMember","delMember",307,{"action":102,"nopriv":86,"callback":103,"hasNonce":86,"hasCapCheck":86,"file":55,"line":104},"eychat_setManager","setManager",308,{"action":106,"nopriv":86,"callback":107,"hasNonce":86,"hasCapCheck":86,"file":55,"line":108},"eychat_setStopSpeak","setStopSpeak",309,{"action":110,"nopriv":86,"callback":111,"hasNonce":86,"hasCapCheck":86,"file":55,"line":112},"eychat_setStopEnter","setStopEnter",310,{"action":114,"nopriv":86,"callback":115,"hasNonce":86,"hasCapCheck":86,"file":55,"line":116},"eychat_getChat","getChat",311,{"action":118,"nopriv":86,"callback":119,"hasNonce":86,"hasCapCheck":86,"file":55,"line":120},"eychat_delChat","delChat",312,{"action":122,"nopriv":86,"callback":123,"hasNonce":86,"hasCapCheck":86,"file":55,"line":124},"eychat_delChatAll","delChatAll",313,{"action":126,"nopriv":86,"callback":127,"hasNonce":86,"hasCapCheck":86,"file":55,"line":128},"eychat_imageupload","setImageUpload",318,{"action":130,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":132},"eychat_setContent","setAjx",483,{"action":134,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":135},"eychat_getHistory",484,{"action":137,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":138},"eychat_checkJoin2",485,{"action":140,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":141},"eychat_checkJoin3",486,{"action":143,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":144},"eychat_getApply",487,{"action":146,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":147},"eychat_setApplyPass",488,{"action":149,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":150},"eychat_setApplyReject",489,{"action":152,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":153},"eychat_setNotice",490,{"action":155,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":156},"eychat_getStatus",491,{"action":158,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":159},"eychat_setUserSpeak",492,{"action":161,"nopriv":86,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":162},"eychat_setUserEnter",493,{"action":164,"nopriv":86,"callback":165,"hasNonce":86,"hasCapCheck":86,"file":69,"line":166},"eychat_uploadImage","uploadImage",494,{"action":168,"nopriv":86,"callback":169,"hasNonce":86,"hasCapCheck":86,"file":69,"line":170},"eychat_uploadFile","uploadFile",495,{"action":130,"nopriv":172,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":173},true,497,{"action":134,"nopriv":172,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":175},498,{"action":137,"nopriv":172,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":177},499,{"action":140,"nopriv":172,"callback":131,"hasNonce":86,"hasCapCheck":86,"file":69,"line":179},500,{"action":164,"nopriv":172,"callback":165,"hasNonce":86,"hasCapCheck":86,"file":69,"line":181},501,{"action":168,"nopriv":172,"callback":169,"hasNonce":86,"hasCapCheck":86,"file":69,"line":183},502,[],[],[],{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":218,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":225},[],{"prepared":11,"raw":190,"locations":191},13,[192,195,197,199,201,202,203,204,205,208,210,213,215],{"file":55,"line":193,"context":194},478,"$wpdb->query() with variable interpolation",{"file":55,"line":196,"context":194},479,{"file":55,"line":198,"context":194},480,{"file":55,"line":200,"context":194},481,{"file":55,"line":147,"context":194},{"file":55,"line":150,"context":194},{"file":55,"line":153,"context":194},{"file":55,"line":156,"context":194},{"file":206,"line":207,"context":194},"table\\chat_content.php",31,{"file":206,"line":209,"context":194},36,{"file":211,"line":212,"context":194},"table\\chat_room_apply.php",28,{"file":214,"line":212,"context":194},"table\\chat_room_member.php",{"file":214,"line":216,"context":217},52,"$wpdb->get_row() with variable interpolation",{"escaped":219,"rawEcho":220,"locations":221},51,1,[222],{"file":55,"line":223,"context":224},294,"raw output",[],[],{"summary":228,"deductions":229},"The eychat v1.0 plugin presents a significant security risk due to a large number of unprotected AJAX handlers, which constitute its entire attack surface. While the code analysis indicates good practices in other areas like output escaping and a lack of dangerous functions or file operations, the absence of any authentication or capability checks on all 30 AJAX entry points is a critical oversight. This makes them highly susceptible to unauthorized access and manipulation, potentially leading to data breaches or denial-of-service attacks.  The plugin's vulnerability history is clean, with no recorded CVEs. This might suggest either a lack of prior scrutiny or that the plugin has historically been less of a target. However, the current static analysis findings strongly suggest that this favorable history is not indicative of its present security posture. The lack of any taint analysis results could be due to the static analysis tool's limitations or that the identified flows did not trigger its detection thresholds. Despite the absence of critical vulnerabilities in the code analysis signals and a clean history, the unprotected AJAX endpoints are the most pressing concern, demanding immediate attention.",[230,232,235,238,241],{"reason":231,"points":11},"All 30 AJAX handlers lack authentication",{"reason":233,"points":234},"All 30 AJAX handlers lack capability checks",8,{"reason":236,"points":237},"Significant attack surface exposed without authorization",7,{"reason":239,"points":240},"43% of SQL queries not using prepared statements",6,{"reason":242,"points":243},"No nonce checks on AJAX handlers",5,"2026-03-17T00:58:21.009Z",{"wat":246,"direct":255},{"assetPaths":247,"generatorPatterns":250,"scriptPaths":251,"versionParams":252},[248,249],"\u002Fwp-content\u002Fplugins\u002Feychat\u002Fjs\u002Feychat.min.js","\u002Fwp-content\u002Fplugins\u002Feychat\u002Fcss\u002Feychat.min.css",[],[248],[253,254],"eychat.min.js?ver=","eychat.min.css?ver=",{"cssClasses":256,"htmlComments":257,"htmlAttributes":258,"restEndpoints":259,"jsGlobals":260,"shortcodeOutput":263},[],[],[],[],[261,262],"EYOUNGCHAT_Front","EYOUNGCHAT_Admin",[]]