[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwPrXFyPHl3gIHEx-QxaefhWNJzZyqDAY5NdUuZQmrjw":3,"$fvFzCUiKCRuJvIkQ9JsTzVoXbRL14QqmV-OFBaBEe9dk":129,"$fvdThqunADytL6PPDGJQq0y14L-NUYPHEVYTE-GuOk-U":134},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":34,"analysis":51,"fingerprints":112},"fcc-slow-lane","FCC Slow Lane","1.0","evoknow","https:\u002F\u002Fprofiles.wordpress.org\u002Fevoknow\u002F","\u003Cp>This plugin detects FCC visitors using known FCC IP blocks and slows down your site just for the FCC visitors. It displays a header to let them know that they are being slowed down in protect of the FCC decision regarding net neutrality.\u003C\u002Fp>\n\u003Cp>It detects the known FCC IP blocks (CIDR) and intentionally delayed the site by few seconds and then shows a header on top of the site telling FCC users that they are being slowed down. The header automatically disappears 5 seconds later.\u003C\u002Fp>\n","This plugin detects FCC visitors using known FCC IP addresses and slows down your site for them in protect of their decision regarding net neutrality.",10,1363,0,"2014-05-23T17:49:00.000Z","3.9.40","3.0.1","",[19,20,21],"fcc","net-neutrality","slowlane","http:\u002F\u002Fwww.evoknow.com\u002Fwordpress-plugins\u002Ffcc-slowlane","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffcc-slow-lane.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-05-20T09:03:55.413Z",[35],{"slug":20,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":11,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":17,"tags":48,"homepage":17,"download_link":49,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":50},"Net Neutrality","1.0.2","Eric Binnion","https:\u002F\u002Fprofiles.wordpress.org\u002Febinnion\u002F","\u003Cp>Enable this plugin on your WordPress site: it shows your support for real net neutrality rules by displaying a message on the bottom of your site and “slowing down” some of your posts.\u003C\u002Fp>\n","Show your support for real net neutrality rules by displaying a message on the bottom of your site and \"slowing down\" some of your posts.",5272,20,3,"2017-07-12T18:05:00.000Z","4.8.28","4.6",[20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnet-neutrality.1.0.2.zip","2026-04-06T09:54:40.288Z",{"attackSurface":52,"codeSignals":63,"taintFlows":79,"riskAssessment":97,"analyzedAt":111},{"hooks":53,"ajaxHandlers":59,"restRoutes":60,"shortcodes":61,"cronEvents":62,"entryPointCount":13,"unprotectedCount":13},[54],{"type":55,"name":56,"callback":56,"file":57,"line":58},"action","init","fcc_slowlane.php",24,[],[],[],[],{"dangerousFunctions":64,"sqlUsage":65,"outputEscaping":67,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":78},[],{"prepared":13,"raw":13,"locations":66},[],{"escaped":13,"rawEcho":44,"locations":68},[69,73,76],{"file":70,"line":71,"context":72},"SlowLanePlugin.php",123,"raw output",{"file":74,"line":75,"context":72},"views\\fcc.php",52,{"file":74,"line":77,"context":72},118,[],[80],{"entryPoint":81,"graph":82,"unsanitizedCount":30,"severity":96},"\u003Cfcc> (views\\fcc.php:0)",{"nodes":83,"edges":93},[84,88],{"id":85,"type":86,"label":87,"file":74,"line":75},"n0","source","$_SERVER['REMOTE_ADDR']",{"id":89,"type":90,"label":91,"file":74,"line":75,"wp_function":92},"n1","sink","echo() [XSS]","echo",[94],{"from":85,"to":89,"sanitized":95},false,"low",{"summary":98,"deductions":99},"The \"fcc-slow-lane\" v1.0 plugin exhibits a strong security posture in several key areas. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code demonstrates good practice by exclusively using prepared statements for SQL queries and avoiding dangerous functions, file operations, and external HTTP requests. The zero recorded CVEs and lack of historical vulnerabilities suggest a well-maintained and secure codebase over time.\n\nHowever, a significant concern arises from the static analysis regarding output escaping. With 100% of the identified outputs not being properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. While the taint analysis did not reveal critical or high-severity issues, the presence of one flow with unsanitized paths, even if assessed as lower severity, warrants attention. The lack of nonce and capability checks, while not directly exploitable given the current zero entry points, indicates a potential weakness if new entry points are introduced in future versions without proper security considerations.\n\nIn conclusion, \"fcc-slow-lane\" v1.0 is generally secure due to its limited attack surface and good SQL practices. The primary weakness lies in the unescaped output, which introduces a risk of XSS. The absence of historical vulnerabilities is a positive indicator, but the lack of explicit capability and nonce checks suggests that future development should prioritize these security controls to maintain a robust security posture as the plugin evolves.",[100,103,106,109],{"reason":101,"points":102},"Outputs not properly escaped",6,{"reason":104,"points":105},"Flow with unsanitized paths",5,{"reason":107,"points":108},"No nonce checks",4,{"reason":110,"points":108},"No capability checks","2026-03-17T00:30:48.304Z",{"wat":113,"direct":122},{"assetPaths":114,"generatorPatterns":117,"scriptPaths":118,"versionParams":119},[115,116],"\u002Fwp-content\u002Fplugins\u002Ffcc-slow-lane\u002Fcss\u002Fslowlane.css","\u002Fwp-content\u002Fplugins\u002Ffcc-slow-lane\u002Fjs\u002Fslowlane.js",[],[116],[120,121],"fcc-slow-lane\u002Fcss\u002Fslowlane.css?ver=","fcc-slow-lane\u002Fjs\u002Fslowlane.js?ver=",{"cssClasses":123,"htmlComments":124,"htmlAttributes":125,"restEndpoints":126,"jsGlobals":127,"shortcodeOutput":128},[],[],[],[],[],[],{"error":130,"url":131,"statusCode":132,"statusMessage":133,"message":133},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffcc-slow-lane\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":135},[]]