[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0OgfUrGs8mDdX8X-bj47F092ZEyC9PYR8FdoWVLbX-A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":74,"fingerprints":173},"flip","FLiP – Portuguese Proofing Tools","1.5.14","priberam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpriberam\u002F","\u003Cp>IMPORTANT: The free version of the plugin only checks the spelling of the texts in the pre 1990 Spelling Reform and doesn’t present any suggestions for the errors. This means that no grammar and style checking is done and only texts following the pre 1990 Spelling Reform can be used.\u003Cbr \u002F>\nTo unleash all the features of the plugin you should get a key to have access to Priberam’s proofing API.\u003C\u002Fp>\n\u003Cp>Not compatible with Gutenberg.\u003C\u002Fp>\n","IMPORTANT: The free version of the plugin only checks the spelling of the texts in the pre 1990 Spelling Reform and doesn’t present any suggestions fo …",90,4807,100,1,"2020-02-03T10:17:00.000Z","4.9.29","4.3","",[20,21,22,23],"grammar-checker","speller","spelling-reform","style-checker","https:\u002F\u002Fwww.flip.pt\u002FProdutos\u002FPlugin-do-FLiP-para-WordPress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflip.1.5.14.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-04-04T07:13:10.071Z",[36,54],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":13,"downloaded":44,"rating":27,"num_ratings":27,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":18,"tags":48,"homepage":52,"download_link":53,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"yandex-speller-application","Yandex Speller Application","1.0.2","Dmitry Ponomarev","https:\u002F\u002Fprofiles.wordpress.org\u002Fearthperson\u002F","\u003Cp>Модифицирует в визуальном редакторе TinyMCE стандартную проверку правописания на проверку правописания используя сервис \u003Ca href=\"http:\u002F\u002Fapi.yandex.ru\u002Fspeller\u002Fdoc\u002Fdg\u002Fconcepts\u002Fspeller-overview.xml\" rel=\"nofollow ugc\">Яндекс.Спеллер\u003C\u002Fa>, что очень подходит для проверки текстов на русском языке.\u003C\u002Fp>\n","Проверка правописания в TinyMCE, используя Яндекс.Спеллер.",8611,"2014-09-17T18:15:00.000Z","3.3.2","2.8.4",[21,49,50,51],"tinymce","wysiwyg","yandex","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fyandex-speller-application\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyandex-speller-application.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":27,"downloaded":62,"rating":27,"num_ratings":27,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":18,"download_link":73,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"ai-english-teacher","AI English Teacher","1.0","Raihan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwdraihan\u002F","\u003Cp>The AI English Teacher plugin is an advanced tool designed to help website administrators improve the quality of their website’s content. It utilizes OpenAI’s advanced natural language processing algorithms to correct grammar and rephrase sentences with ease.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FTRwzP5gUTmQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>With the AI English Teacher plugin, website administrators can easily correct grammar mistakes and rephrase sentences to enhance the readability and clarity of their content. The plugin allows administrators to make changes and ensure quality content.\u003C\u002Fp>\n\u003Cp>To use the plugin, administrators simply highlight the text they wish to analyze, and click the “AI English Teacher” icon to activate the correction and rephrasing tools. The plugin then analyzes the text and provides suggestions for corrections, allowing website administrators to make changes quickly and easily.\u003C\u002Fp>\n","This plugin uses OpenAI to correct English grammar and rephrase sentences on your website.",936,"2023-03-04T06:55:00.000Z","6.1.10","4.0","5.6",[68,69,70,71,72],"ai-grammar-checker","chatgpt","correct-grammar","fix-english-grammar","rephrase-sentences","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-english-teacher.zip",{"attackSurface":75,"codeSignals":121,"taintFlows":163,"riskAssessment":164,"analyzedAt":172},{"hooks":76,"ajaxHandlers":117,"restRoutes":118,"shortcodes":119,"cronEvents":120,"entryPointCount":27,"unprotectedCount":27},[77,83,87,93,97,101,105,109,113],{"type":78,"name":79,"callback":80,"file":81,"line":82},"action","admin_menu","add_menu","flip.php",52,{"type":78,"name":84,"callback":85,"file":81,"line":86},"admin_init","register_settings",53,{"type":88,"name":89,"callback":90,"priority":91,"file":81,"line":92},"filter","mce_external_plugins","flip_add_tinymce_plugin",10,56,{"type":88,"name":94,"callback":95,"priority":91,"file":81,"line":96},"mce_buttons","flip_register_mce_button",58,{"type":78,"name":98,"callback":99,"file":81,"line":100},"tiny_mce_before_init","flip_add_js_scripts",61,{"type":78,"name":102,"callback":103,"file":81,"line":104},"after_wp_tiny_mce","flip_after_init_js_scripts",62,{"type":78,"name":106,"callback":107,"file":81,"line":108},"init","my_plugin_load_plugin_textdomain",63,{"type":88,"name":110,"callback":111,"priority":91,"file":81,"line":112},"wp_insert_post_data","filter_post_data",64,{"type":78,"name":114,"callback":115,"file":81,"line":116},"wp_print_scripts","flip_options_key_check",70,[],[],[],[],{"dangerousFunctions":122,"sqlUsage":123,"outputEscaping":125,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":14,"bundledLibraries":159},[],{"prepared":27,"raw":27,"locations":124},[],{"escaped":126,"rawEcho":127,"locations":128},3,16,[129,132,134,136,138,140,142,144,146,148,149,151,153,155,156,158],{"file":81,"line":130,"context":131},188,"raw output",{"file":81,"line":133,"context":131},194,{"file":81,"line":135,"context":131},200,{"file":81,"line":137,"context":131},205,{"file":81,"line":139,"context":131},213,{"file":81,"line":141,"context":131},219,{"file":81,"line":143,"context":131},222,{"file":81,"line":145,"context":131},255,{"file":81,"line":147,"context":131},309,{"file":81,"line":147,"context":131},{"file":81,"line":150,"context":131},314,{"file":81,"line":152,"context":131},317,{"file":81,"line":154,"context":131},322,{"file":81,"line":154,"context":131},{"file":81,"line":157,"context":131},331,{"file":81,"line":157,"context":131},[160],{"name":161,"version":28,"knownCves":162},"TinyMCE",[],[],{"summary":165,"deductions":166},"The \"flip\" plugin v1.5.14 exhibits a generally good security posture based on the static analysis provided.  The absence of any identified CVEs and the lack of critical or high-severity taint flows are positive indicators. Furthermore, the plugin demonstrates sound practices in its handling of SQL queries, utilizing prepared statements exclusively, and avoids external HTTP requests and file operations, which are common sources of vulnerabilities. The minimal attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without proper checks, further contributes to its security.\n\nHowever, a significant concern arises from the low percentage of properly escaped output (16%). This indicates a high probability of cross-site scripting (XSS) vulnerabilities, where user-supplied data could be injected and executed in the browser. While the plugin has a capability check, the lack of nonce checks on potential entry points (though none were found in this analysis) could be a weakness if new entry points are introduced or if the capability check is not sufficiently granular. The bundled TinyMCE library, while not inherently a vulnerability, represents a third-party component that should be monitored for its own security updates.\n\nIn conclusion, the \"flip\" plugin appears robust in its core architecture by minimizing attack surface and securing data operations. The primary weakness lies in output escaping, which requires immediate attention to mitigate XSS risks. The absence of historical vulnerabilities is encouraging but should not lead to complacency, especially given the identified output escaping issues.",[167,170],{"reason":168,"points":169},"Low output escaping percentage (16%)",8,{"reason":171,"points":126},"Bundled TinyMCE library","2026-03-16T21:17:17.373Z",{"wat":174,"direct":186},{"assetPaths":175,"generatorPatterns":177,"scriptPaths":178,"versionParams":182},[176],"\u002Fwp-content\u002Fplugins\u002Fflip\u002Fflip.css",[],[179,180,181],"\u002Fwp-content\u002Fplugins\u002Fflip\u002Fmurmurhash3_gc.js","\u002Fwp-content\u002Fplugins\u002Fflip\u002Fengine.js","\u002Fwp-content\u002Fplugins\u002Fflip\u002Fflip_tinymce.js",[183,184,185],"flip\u002Fmurmurhash3_gc.js?v=","flip\u002Fengine.js?v=","flip\u002Fflip_tinymce.js?v=",{"cssClasses":187,"htmlComments":190,"htmlAttributes":191,"restEndpoints":193,"jsGlobals":194,"shortcodeOutput":195},[188,189],"pba_ort_error","pba_gram_error",[],[192],"data-plugin='flip'",[],[],[]]