[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fogW0U04ahGuhnMuXCk4pmKk1xLWTyzVnxxxR4IfXlIw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":18,"security_score":11,"vuln_count":19,"unpatched_count":19,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":29,"analysis":30,"fingerprints":70},"featured-image-rss-enclosure","Featured Image RSS Enclosure","1.0","timmcdaniels","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimmcdaniels\u002F","\u003Cp>Add featured images as separate enclosure fields in your site’s RSS rather than having these images embedded with post content.\u003C\u002Fp>\n","Copyright 2017 by Tim McDaniels http:\u002F\u002Fwww.weareconvoy.com This program is free software; you can redistribute it and\u002For modify it under the terms of &hellip;",100,2311,2,"","4.8.28","4.6",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeatured-image-rss-enclosure.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":24,"avg_security_score":25,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},200,93,30,89,"2026-04-04T07:05:33.088Z",[],{"attackSurface":31,"codeSignals":46,"taintFlows":57,"riskAssessment":58,"analyzedAt":69},{"hooks":32,"ajaxHandlers":42,"restRoutes":43,"shortcodes":44,"cronEvents":45,"entryPointCount":19,"unprotectedCount":19},[33,39],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","rss2_item","fire_add_rss_item_image","featured-image-rss-enclosure.php",46,{"type":34,"name":40,"callback":36,"file":37,"line":41},"rss_item",47,[],[],[],[],{"dangerousFunctions":47,"sqlUsage":48,"outputEscaping":50,"fileOperations":19,"externalRequests":19,"nonceChecks":19,"capabilityChecks":19,"bundledLibraries":56},[],{"prepared":19,"raw":19,"locations":49},[],{"escaped":19,"rawEcho":51,"locations":52},1,[53],{"file":37,"line":54,"context":55},42,"raw output",[],[],{"summary":59,"deductions":60},"The \"featured-image-rss-enclosure\" plugin v1.0 exhibits a seemingly robust security posture based on the provided static analysis.  The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the complete reliance on prepared statements for SQL queries and the lack of file operations and external HTTP requests are excellent security practices.\n\nHowever, a critical concern arises from the output escaping analysis, indicating that 100% of outputs are not properly escaped. This presents a significant risk for Cross-Site Scripting (XSS) vulnerabilities, where malicious code could be injected into the plugin's output and executed in a user's browser. The lack of nonce and capability checks, while less impactful given the limited attack surface, means that any future additions to these entry points might be immediately exploitable if not secured. The plugin's vulnerability history being entirely clear is positive, suggesting a history of secure development, but does not mitigate the immediate risk of unescaped output.\n\nIn conclusion, while the plugin avoids many common pitfalls by having a minimal attack surface and secure data handling for SQL, the pervasive issue of unescaped output is a serious weakness that needs immediate attention to prevent XSS attacks. The current score reflects the strengths in attack surface reduction and SQL safety but is significantly impacted by the critical flaw in output sanitization.",[61,64,67],{"reason":62,"points":63},"100% of outputs are not properly escaped",8,{"reason":65,"points":66},"No nonce checks on potential entry points",3,{"reason":68,"points":66},"No capability checks on potential entry points","2026-03-16T20:31:23.289Z",{"wat":71,"direct":76},{"assetPaths":72,"generatorPatterns":73,"scriptPaths":74,"versionParams":75},[],[],[],[],{"cssClasses":77,"htmlComments":78,"htmlAttributes":79,"restEndpoints":80,"jsGlobals":81,"shortcodeOutput":82},[],[],[],[],[],[83,84,85,86],"\t\u003Cenclosure url=\"","\" length=\"","\" type=\"","\" \u002F>\n"]