[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD4yXZjg6zo8o46Nkgc_CDj7F2YSzX0QoaeLmS9fdzCA":3,"$fkBl6QhzuM0_iVhDcFIsgewcXmMO_7CNGlk-z3OohaRw":96,"$fahFxYMmUwwMpskenJEmkTp698ogGSgzKGRLp5tQIURY":101},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":77},"fm-adv","FattoreMamma Advertising Plugin","0.3.3","colorinside","https:\u002F\u002Fprofiles.wordpress.org\u002Fcolorinside\u002F","\u003Cp>This plugin is reserved for FattoreMamma Network Bloggers. This plugin is used to place private advertising slots.\u003C\u002Fp>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Insert authorized unit\u002Fzone ID into post\u003C\u002Fli>\n\u003Cli>Reserved to FattoreMamma Network Bloggers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>We provide support for our plugin on https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffm-adv\u003C\u002Fp>\n","This plugin is reserved for FattoreMamma Network Bloggers. This plugin is used to place private advertising slots.",0,830,"2020-06-29T10:33:00.000Z","5.4.19","4.0.0","",[18],"private-advertising-tools","https:\u002F\u002Fplugin.fattoreadv.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffm-adv.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},2,10,30,84,"2026-07-15T06:14:11.412Z",[],{"attackSurface":34,"codeSignals":58,"taintFlows":69,"riskAssessment":70,"analyzedAt":76},{"hooks":35,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":11,"unprotectedCount":11},[36,42,46,50],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","fm_adv_add_menu_item","fm-adv.php",40,{"type":37,"name":43,"callback":44,"file":40,"line":45},"admin_init","fm_adv_settings",41,{"type":37,"name":47,"callback":48,"file":40,"line":49},"template_redirect","fm_adv_public",42,{"type":37,"name":51,"callback":52,"priority":27,"file":40,"line":53},"the_content","fm_adv_display_adv",53,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":63,"bundledLibraries":68},[],{"prepared":11,"raw":11,"locations":61},[],{"escaped":11,"rawEcho":63,"locations":64},1,[65],{"file":40,"line":66,"context":67},114,"raw output",[],[],{"summary":71,"deductions":72},"Based on the provided static analysis, the \"fm-adv\" v0.3.3 plugin exhibits a seemingly strong security posture with zero identified entry points requiring authentication, no dangerous functions, and all SQL queries utilizing prepared statements. The absence of file operations, external HTTP requests, and taint analysis findings further suggests a limited attack surface and minimal risk of data injection or manipulation through common vectors.\n\nHowever, a significant concern arises from the \"Output escaping\" metric, where 100% of outputs are not properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as unsanitized data displayed to users could contain malicious scripts. While the plugin has no recorded vulnerability history, the lack of output escaping is a critical oversight that could be easily exploited. The presence of a capability check, while positive, does not mitigate the XSS risk.\n\nIn conclusion, \"fm-adv\" v0.3.3 benefits from a clean code base in many areas, particularly regarding SQL and attack surface management. Nevertheless, the complete lack of output escaping is a severe weakness that significantly elevates the overall risk. This issue needs immediate attention to prevent potential XSS attacks. Without addressing this, the plugin's security is compromised despite its other positive attributes.",[73],{"reason":74,"points":75},"Unescaped output detected",6,"2026-04-16T13:26:21.009Z",{"wat":78,"direct":85},{"assetPaths":79,"generatorPatterns":81,"scriptPaths":82,"versionParams":84},[80],"\u002Fwp-content\u002Fplugins\u002Ffm-adv\u002Flanguages",[],[83],"\u002F\u002Ffattoreadv.com\u002Fadserver\u002Fwww\u002Fdelivery\u002Fasyncjs.php",[],{"cssClasses":86,"htmlComments":87,"htmlAttributes":90,"restEndpoints":93,"jsGlobals":94,"shortcodeOutput":95},[4],[88,89],"FattoreMamma Revive Adserver v5.0.5","FattoreMamma Revive Adserver v5.0.5 Unit Not Found",[91,92],"data-revive-zoneid","data-revive-id",[],[],[],{"error":97,"url":98,"statusCode":99,"statusMessage":100,"message":100},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffm-adv\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":102},[]]