[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDCz3fclW6K1tY6sIDZR1tdWNsbqA89k4rUdYQDnMmCk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":48,"fingerprints":269},"eyoung","Eyoung Service Online System – Eyoung在线客服系统","1.0","yuyaoit","https:\u002F\u002Fprofiles.wordpress.org\u002Fyuyaoit\u002F","\u003Cp>Eyoung在线客服系统插件是网页版的客服聊天系统，是一对一沟通服务的客服插件；客服人员可以查看所有登录网站的用户并对其主动发起沟通，亦可查看该用户当前浏览的页面；深度挖掘用户浏览习惯的交互工具。在功能层面可灵活配置各种风格，适用于不同风格的网站模版中，并可配置包括QQ、微信、电话、Email等常用沟通工具。\u003C\u002Fp>\n","Eyoung Service Online System (Eyoung在线客服系统), 为WordPress网站提供网页版的在线即时沟通工具,是一对一沟通服务的客服插件.",10,5423,0,"","5.9.13","4.8",[18,19,20,21,22],"%e8%81%8a%e5%a4%a9","webim","%e5%9c%a8%e7%ba%bf%e5%ae%a2%e6%9c%8d","%e6%b2%9f%e9%80%9a","%e4%ba%92%e5%8a%a8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feyoung.1.2.2.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,20,93,30,89,"2026-04-04T22:38:08.915Z",[36],{"slug":37,"name":38,"version":6,"author":7,"author_profile":8,"description":39,"short_description":40,"active_installs":11,"downloaded":41,"rating":13,"num_ratings":13,"last_updated":42,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":43,"homepage":14,"download_link":45,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":47},"eychat","Eyoung Chat – Ey聊天极简版","\u003Cp>一个网页版本的聊天室，提供了网页群聊的通讯功能。在线成员可以群聊，可以相互@发言，支持PC浏览器和手机浏览器自适应；\u003Cbr \u002F>\n可以设置聊天记录的保存，推流技术使用websocket协议，响应速度快，支持迸发高。\u003C\u002Fp>\n","Eyoung Chat System (Ey聊天极简版), 为WordPress网站提供网页版的在线即时沟通工具，提供了网页群聊的通讯功能.",4997,"2022-05-24T06:11:00.000Z",[44,18,19,21,22],"%e7%be%a4%e8%81%8a","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feychat.1.2.zip",85,"2026-03-15T15:16:48.613Z",{"attackSurface":49,"codeSignals":194,"taintFlows":229,"riskAssessment":256,"analyzedAt":268},{"hooks":50,"ajaxHandlers":91,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":193,"unprotectedCount":193},[51,57,62,66,71,75,79,83,87],{"type":52,"name":53,"callback":54,"file":55,"line":56},"action","admin_menu","admin_menu_handler","classes\\admin.class.php",299,{"type":58,"name":59,"callback":60,"priority":11,"file":55,"line":61},"filter","plugin_action_links","setQuickUrl",308,{"type":52,"name":63,"callback":64,"file":55,"line":65},"admin_enqueue_scripts","setLoadScripts",309,{"type":52,"name":67,"callback":68,"file":69,"line":70},"plugins_loaded","renderScript","classes\\front.class.php",529,{"type":58,"name":72,"callback":73,"file":69,"line":74},"wp_handle_upload_prefilter","closure",559,{"type":58,"name":76,"callback":77,"file":69,"line":78},"template_include","getCenterPage",567,{"type":58,"name":80,"callback":81,"file":69,"line":82},"the_content","cantEnterTips",569,{"type":52,"name":84,"callback":85,"file":69,"line":86},"wp_footer","renderUserScript",570,{"type":52,"name":88,"callback":64,"priority":89,"file":69,"line":90},"wp_enqueue_scripts",11,572,[92,97,101,105,109,113,117,121,125,129,133,136,139,142,145,148,151,154,157,160,163,167,171,174,176,178,180,182,184,186,188],{"action":93,"nopriv":94,"callback":95,"hasNonce":94,"hasCapCheck":94,"file":55,"line":96},"eys_setting",false,"manageSetting",300,{"action":98,"nopriv":94,"callback":99,"hasNonce":94,"hasCapCheck":94,"file":55,"line":100},"eys_sever","manageSever",301,{"action":102,"nopriv":94,"callback":103,"hasNonce":94,"hasCapCheck":94,"file":55,"line":104},"eys_upsocket","upSocketUrl",302,{"action":106,"nopriv":94,"callback":107,"hasNonce":94,"hasCapCheck":94,"file":55,"line":108},"eys_getCustomer","getCustomer",303,{"action":110,"nopriv":94,"callback":111,"hasNonce":94,"hasCapCheck":94,"file":55,"line":112},"eys_setCustomer","setCustomer",304,{"action":114,"nopriv":94,"callback":115,"hasNonce":94,"hasCapCheck":94,"file":55,"line":116},"eys_delCustomer","delCustomer",305,{"action":118,"nopriv":94,"callback":119,"hasNonce":94,"hasCapCheck":94,"file":55,"line":120},"eys_getChatAll","getChatAll",306,{"action":122,"nopriv":94,"callback":123,"hasNonce":94,"hasCapCheck":94,"file":55,"line":124},"eys_delChatAll","delChatAll",307,{"action":126,"nopriv":94,"callback":127,"hasNonce":94,"hasCapCheck":94,"file":55,"line":128},"eys_imageupload","setImageUpload",312,{"action":130,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":132},"eys_setContent","setAjx",536,{"action":134,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":135},"eys_getChat",537,{"action":137,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":138},"eys_getOfflineMsg",538,{"action":140,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":141},"eys_setChatView",539,{"action":143,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":144},"eys_setTrack",540,{"action":146,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":147},"eys_getTrack",541,{"action":149,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":150},"eys_setUserField",542,{"action":152,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":153},"eys_setOfflineReply",543,{"action":155,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":156},"eys_getOfflineReply",544,{"action":158,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":159},"eys_getAddressByIp",545,{"action":161,"nopriv":94,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":162},"eys_sendtomail",546,{"action":164,"nopriv":94,"callback":165,"hasNonce":94,"hasCapCheck":94,"file":69,"line":166},"eys_uploadImage","uploadImage",547,{"action":168,"nopriv":94,"callback":169,"hasNonce":94,"hasCapCheck":94,"file":69,"line":170},"eys_uploadFile","uploadFile",548,{"action":130,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":173},true,549,{"action":134,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":175},550,{"action":137,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":177},551,{"action":140,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":179},552,{"action":143,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":181},553,{"action":149,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":183},554,{"action":161,"nopriv":172,"callback":131,"hasNonce":94,"hasCapCheck":94,"file":69,"line":185},555,{"action":164,"nopriv":172,"callback":165,"hasNonce":94,"hasCapCheck":94,"file":69,"line":187},556,{"action":168,"nopriv":172,"callback":169,"hasNonce":94,"hasCapCheck":94,"file":69,"line":189},557,[],[],[],31,{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":220,"fileOperations":13,"externalRequests":227,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":228},[],{"prepared":197,"raw":198,"locations":199},23,12,[200,202,203,204,205,206,207,208,210,212,215,219],{"file":55,"line":170,"context":201},"$wpdb->query() with variable interpolation",{"file":55,"line":173,"context":201},{"file":55,"line":175,"context":201},{"file":55,"line":177,"context":201},{"file":55,"line":179,"context":201},{"file":55,"line":181,"context":201},{"file":55,"line":183,"context":201},{"file":209,"line":32,"context":201},"table\\service_content.php",{"file":209,"line":211,"context":201},35,{"file":213,"line":214,"context":201},"table\\service_customer.php",63,{"file":216,"line":217,"context":218},"table\\service_setting.php",22,"$wpdb->get_row() with variable interpolation",{"file":216,"line":211,"context":201},{"escaped":221,"rawEcho":222,"locations":223},47,1,[224],{"file":55,"line":225,"context":226},186,"raw output",4,[],[230,248],{"entryPoint":231,"graph":232,"unsanitizedCount":222,"severity":247},"getAddressByIp (classes\\front.class.php:335)",{"nodes":233,"edges":245},[234,239],{"id":235,"type":236,"label":237,"file":69,"line":238},"n0","source","$_POST",338,{"id":240,"type":241,"label":242,"file":69,"line":243,"wp_function":244},"n1","sink","wp_remote_get() [SSRF]",356,"wp_remote_get",[246],{"from":235,"to":240,"sanitized":94},"medium",{"entryPoint":249,"graph":250,"unsanitizedCount":222,"severity":247},"\u003Cfront.class> (classes\\front.class.php:0)",{"nodes":251,"edges":254},[252,253],{"id":235,"type":236,"label":237,"file":69,"line":238},{"id":240,"type":241,"label":242,"file":69,"line":243,"wp_function":244},[255],{"from":235,"to":240,"sanitized":94},{"summary":257,"deductions":258},"The \"eyoung\" v1.0 plugin exhibits a concerning security posture primarily due to a large, unprotected attack surface.  While the plugin demonstrates good practices in SQL query preparation and output escaping, the absence of authentication checks on all 31 AJAX handlers is a significant vulnerability. This means any user, regardless of their role or logged-in status, can potentially trigger these functions, opening the door to various attacks if the AJAX handlers themselves have exploitable logic. The taint analysis, although limited, shows flows with unsanitized paths, which could be a precursor to more severe issues if they interact with user-controlled input.  The plugin's clean vulnerability history is positive, suggesting it hasn't been a target or has been developed with a degree of care, but this does not mitigate the inherent risks identified in the static analysis.  The lack of any nonce or capability checks on the entry points is a critical oversight that overshadows otherwise decent coding practices.",[259,262,264,266],{"reason":260,"points":261},"Unprotected AJAX handlers",15,{"reason":263,"points":11},"Unsanitized paths in taint flows",{"reason":265,"points":11},"No nonce checks on entry points",{"reason":267,"points":11},"No capability checks on entry points","2026-03-16T23:31:06.058Z",{"wat":270,"direct":287},{"assetPaths":271,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[272,273,274,275,276,277],"\u002Fwp-content\u002Fplugins\u002Feyoung\u002Fdist\u002Fcss\u002Fchunk-vendors.css","\u002Fwp-content\u002Fplugins\u002Feyoung\u002Fdist\u002Fcss\u002Fchunk-common.css","\u002Fwp-content\u002Fplugins\u002Feyoung\u002Fdist\u002Fcss\u002Fapp.css","\u002Fwp-content\u002Fplugins\u002Feyoung\u002Fdist\u002Fjs\u002Fchunk-vendors.js","\u002Fwp-content\u002Fplugins\u002Feyoung\u002Fdist\u002Fjs\u002Fchunk-common.js","\u002Fwp-content\u002Fplugins\u002Feyoung\u002Fdist\u002Fjs\u002Fapp.js",[],[275,276,277],[281,282,283,284,285,286],"eyoung\u002Fdist\u002Fcss\u002Fchunk-vendors.css?ver=","eyoung\u002Fdist\u002Fcss\u002Fchunk-common.css?ver=","eyoung\u002Fdist\u002Fcss\u002Fapp.css?ver=","eyoung\u002Fdist\u002Fjs\u002Fchunk-vendors.js?ver=","eyoung\u002Fdist\u002Fjs\u002Fchunk-common.js?ver=","eyoung\u002Fdist\u002Fjs\u002Fapp.js?ver=",{"cssClasses":288,"htmlComments":293,"htmlAttributes":295,"restEndpoints":298,"jsGlobals":300,"shortcodeOutput":302},[289,290,291,292],"eyoung_chatbox","eyoung_chatbox_icon","eyoung_chatbox_wrap","eyoung_chatbox_message",[294],"\u003C!-- Eyoung Service Online Chat Box -->",[296,297],"data-eyoung-id","data-eyoung-user-id",[299],"\u002Fwp-json\u002Feyoung\u002Fv1\u002Fchat",[301],"eyoung_config",[303],"[eyoung_chat]"]