[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd57iLJAg9tyvWy_vsbEmL6H35YtBOx9yLpSUN7clI5U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":35,"fingerprints":165},"flying-scripts","Flying Scripts: Delay JavaScript to Improve Site Speed & Performance","1.2.4","Gijo Varghese","https:\u002F\u002Fprofiles.wordpress.org\u002Fgijo\u002F","\u003Cp>Download and execute JavaScript on user interaction.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FYJ8TQ3bh-TA\" rel=\"nofollow ugc\">Demo video\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Flying Scripts delay the execution of JavaScript until there is no user activity. You can specify keywords to include JavaScripts to be delayed. There is also a timeout which executes JavaScript when there is no user activity.\u003C\u002Fp>\n\u003Ch3>Why should I use this plugin?\u003C\u002Fh3>\n\u003Cp>JavaScript is very resource-heavy. By delaying the execution of non-critical JavaScript (that are not needed for the initial render), you’re prioritizing and giving more resources to critical JavaScript files. This way you will reduce render time, time to interactive, first CPU idle, max Potential input delay etc. This will also reduce initial payload to browsers by reducing the no. of requests.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fflying-scripts\u002F\" rel=\"ugc\">Official Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwpspeedmatters\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Our premium products\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fflyingpress.com\" rel=\"nofollow ugc\">FlyingPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fflyingcdn.com\" rel=\"nofollow ugc\">FlyingCDN\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Our free plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflying-pages\u002F\" rel=\"ugc\">Flying Pages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnazy-load\u002F\" rel=\"ugc\">Flying Images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflying-scripts\u002F\" rel=\"ugc\">Flying Scripts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflying-analytics\u002F\" rel=\"ugc\">Flying Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflying-fonts\u002F\" rel=\"ugc\">Flying Fonts\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpspeedmatters.com\u002F\" rel=\"nofollow ugc\">Gijo Varghese – WP Speed Matters\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.shaytoder.com\u002F\" rel=\"nofollow ugc\">Shay Toder\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Delay JavaScript to improve speed and performance by loading scripts only when needed, reducing render-blocking for a faster and smoother user experie …",30000,272456,100,37,"2025-12-02T13:23:00.000Z","6.9.4","4.5","5.6",[20,21],"3rd-party-scripts","defer-javascript","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflying-scripts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflying-scripts.1.2.4.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":13,"avg_patch_time_days":32,"trust_score":13,"computed_at":33},"gijo",6,68700,1,"2026-04-04T16:17:59.060Z",[],{"attackSurface":36,"codeSignals":64,"taintFlows":85,"riskAssessment":155,"analyzedAt":164},{"hooks":37,"ajaxHandlers":60,"restRoutes":61,"shortcodes":62,"cronEvents":63,"entryPointCount":24,"unprotectedCount":24},[38,44,50,55],{"type":39,"name":40,"callback":41,"file":42,"line":43},"filter","w3tc_process_content","closure","html-rewrite.php",69,{"type":45,"name":46,"callback":47,"file":48,"line":49},"action","plugins_loaded","flying_scripts_set_default_config","init-config.php",20,{"type":45,"name":51,"callback":52,"file":53,"line":54},"wp_print_footer_scripts","flying_scripts_inject_js","inject-js.php",12,{"type":45,"name":56,"callback":57,"file":58,"line":59},"admin_menu","flying_scripts_register_settings_menu","settings\\index.php",7,[],[],[],[],{"dangerousFunctions":65,"sqlUsage":66,"outputEscaping":68,"fileOperations":24,"externalRequests":24,"nonceChecks":32,"capabilityChecks":24,"bundledLibraries":84},[],{"prepared":24,"raw":24,"locations":67},[],{"escaped":30,"rawEcho":30,"locations":69},[70,72,75,77,80,82],{"file":53,"line":59,"context":71},"raw output",{"file":73,"line":74,"context":71},"settings\\scripts.php",26,{"file":73,"line":76,"context":71},32,{"file":78,"line":79,"context":71},"settings\\settings.php",34,{"file":78,"line":81,"context":71},41,{"file":78,"line":83,"context":71},60,[],[86,111,122,141],{"entryPoint":87,"graph":88,"unsanitizedCount":109,"severity":110},"flying_scripts_settings_scripts (settings\\scripts.php:8)",{"nodes":89,"edges":105},[90,95,100,103],{"id":91,"type":92,"label":93,"file":73,"line":94},"n0","source","$_POST['flying_scripts_timeout']",11,{"id":96,"type":97,"label":98,"file":73,"line":94,"wp_function":99},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":101,"type":92,"label":102,"file":73,"line":54},"n2","$_POST['flying_scripts_include_list']",{"id":104,"type":97,"label":98,"file":73,"line":54,"wp_function":99},"n3",[106,108],{"from":91,"to":96,"sanitized":107},false,{"from":101,"to":104,"sanitized":107},2,"low",{"entryPoint":112,"graph":113,"unsanitizedCount":109,"severity":110},"\u003Cscripts> (settings\\scripts.php:0)",{"nodes":114,"edges":119},[115,116,117,118],{"id":91,"type":92,"label":93,"file":73,"line":94},{"id":96,"type":97,"label":98,"file":73,"line":94,"wp_function":99},{"id":101,"type":92,"label":102,"file":73,"line":54},{"id":104,"type":97,"label":98,"file":73,"line":54,"wp_function":99},[120,121],{"from":91,"to":96,"sanitized":107},{"from":101,"to":104,"sanitized":107},{"entryPoint":123,"graph":124,"unsanitizedCount":140,"severity":110},"flying_scripts_view_settings (settings\\settings.php:8)",{"nodes":125,"edges":136},[126,127,128,129,130,134],{"id":91,"type":92,"label":93,"file":78,"line":94},{"id":96,"type":97,"label":98,"file":78,"line":94,"wp_function":99},{"id":101,"type":92,"label":102,"file":78,"line":54},{"id":104,"type":97,"label":98,"file":78,"line":54,"wp_function":99},{"id":131,"type":92,"label":132,"file":78,"line":133},"n4","$_POST['flying_scripts_disabled_pages']",13,{"id":135,"type":97,"label":98,"file":78,"line":133,"wp_function":99},"n5",[137,138,139],{"from":91,"to":96,"sanitized":107},{"from":101,"to":104,"sanitized":107},{"from":131,"to":135,"sanitized":107},3,{"entryPoint":142,"graph":143,"unsanitizedCount":140,"severity":110},"\u003Csettings> (settings\\settings.php:0)",{"nodes":144,"edges":151},[145,146,147,148,149,150],{"id":91,"type":92,"label":93,"file":78,"line":94},{"id":96,"type":97,"label":98,"file":78,"line":94,"wp_function":99},{"id":101,"type":92,"label":102,"file":78,"line":54},{"id":104,"type":97,"label":98,"file":78,"line":54,"wp_function":99},{"id":131,"type":92,"label":132,"file":78,"line":133},{"id":135,"type":97,"label":98,"file":78,"line":133,"wp_function":99},[152,153,154],{"from":91,"to":96,"sanitized":107},{"from":101,"to":104,"sanitized":107},{"from":131,"to":135,"sanitized":107},{"summary":156,"deductions":157},"The \"flying-scripts\" v1.2.4 plugin exhibits a generally strong security posture, with no known vulnerabilities in its history and a commendable lack of critical code signals. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks, which helps mitigate common attack vectors. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface.  However, the static analysis reveals a notable concern: 50% of output escaping is not properly handled. While not immediately leading to critical vulnerabilities in this specific version, this could become a significant risk if the plugin evolves to handle sensitive data or user-provided input in the future. The taint analysis also indicates \"flows with unsanitized paths,\" which, while not classified as critical or high severity in this assessment, warrants attention as it suggests potential avenues for unintended data manipulation or leakage that are not fully mitigated. Overall, the plugin is secure for its current functionality, but the output escaping and unsanitized path issues are weaknesses that could be exploited in different contexts or future updates.",[158,161],{"reason":159,"points":160},"Unsanitized paths in taint flows",5,{"reason":162,"points":163},"50% of output not properly escaped",4,"2026-03-16T17:24:02.935Z",{"wat":166,"direct":177},{"assetPaths":167,"generatorPatterns":171,"scriptPaths":172,"versionParams":173},[168,169,170],"\u002Fwp-content\u002Fplugins\u002Fflying-scripts\u002Fassets\u002Fcss\u002Fflying-scripts.css","\u002Fwp-content\u002Fplugins\u002Fflying-scripts\u002Fassets\u002Fjs\u002Fflying-scripts.js","\u002Fwp-content\u002Fplugins\u002Fflying-scripts\u002Fassets\u002Fjs\u002Fscripts.js",[],[169,170],[174,175,176],"flying-scripts\u002Fassets\u002Fcss\u002Fflying-scripts.css?ver=","flying-scripts\u002Fassets\u002Fjs\u002Fflying-scripts.js?ver=","flying-scripts\u002Fassets\u002Fjs\u002Fscripts.js?ver=",{"cssClasses":178,"htmlComments":179,"htmlAttributes":180,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":184},[],[],[],[],[183],"flyingScripts",[]]