[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkVWQ3XztJJ8DPtVuhMB6EpLQW0N61wjlKiLRQUQ0mag":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":72},"forum-wordpress-fr","Forum_wordpress_fr","4.2","arena","https:\u002F\u002Fprofiles.wordpress.org\u002Farena\u002F","\u003Cp>Affiche le petit questionnaire pré-rempli pour le forum https:\u002F\u002Fwpfr.net\u002Fsupport\u002F\u003Cbr \u002F>\net le copie (à la demande) dans votre presse-papier.\u003C\u002Fp>\n\u003Cp>Peut nécessiter la présence du plugin flash dans votre browser !\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin is using the following external software :\u003Cbr \u002F>\n1. ZeroClipboard developped in Flash by Joseph Huckaby (2014) [js\u002Ffwf_zc.swf]\u003C\u002Fp>\n","Questionnaire du forum https:\u002F\u002Fwpfr.net\u002Fsupport",400,12753,100,6,"2020-05-11T17:38:00.000Z","5.4.19","5.2","",[20],"questionnaire-du-forum-https-wpfr-net-support","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforum-wordpress-fr.4.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},19,1600,87,50,79,"2026-04-05T04:21:21.504Z",[],{"attackSurface":36,"codeSignals":48,"taintFlows":60,"riskAssessment":61,"analyzedAt":71},{"hooks":37,"ajaxHandlers":44,"restRoutes":45,"shortcodes":46,"cronEvents":47,"entryPointCount":23,"unprotectedCount":23},[38],{"type":39,"name":40,"callback":40,"priority":41,"file":42,"line":43},"action","wp_dashboard_setup",8,"forum_wordpress_fr.php",29,[],[],[],[],{"dangerousFunctions":49,"sqlUsage":50,"outputEscaping":52,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":59},[],{"prepared":23,"raw":23,"locations":51},[],{"escaped":53,"rawEcho":54,"locations":55},3,1,[56],{"file":42,"line":57,"context":58},131,"raw output",[],[],{"summary":62,"deductions":63},"The 'forum-wordpress-fr' plugin version 4.2 exhibits a generally strong security posture based on the provided static analysis.  It demonstrates excellent practices by having no identified dangerous functions, all SQL queries utilizing prepared statements, and no file operations or external HTTP requests. The absence of any vulnerabilities in its history, including no recorded CVEs or common vulnerability types, further reinforces this positive assessment.  The plugin also has a minimal attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, none of these entry points are unprotected.\n\nHowever, a significant concern arises from the complete lack of nonce checks and capability checks across all identified entry points. While the attack surface is currently zero, any future introduction of such entry points without these security mechanisms would create immediate vulnerabilities. The static analysis also indicates that 25% of output is not properly escaped, which, while not resulting in a critical or high severity taint flow in this analysis, could potentially lead to cross-site scripting (XSS) vulnerabilities if the unescaped data originates from user input.  The lack of taint analysis results is also noted, suggesting that either the analysis tool was not comprehensive or that there are no exploitable data flow issues detected within the current scope.\n\nIn conclusion, 'forum-wordpress-fr' v4.2 is currently in a secure state with no known exploitable vulnerabilities or critical code weaknesses. Its adherence to secure coding practices for SQL and avoiding dangerous functions is commendable. The primary areas for improvement and potential future risk lie in implementing proper nonce and capability checks for any new or existing entry points, and ensuring all output is properly escaped to mitigate potential XSS risks. The clean vulnerability history is a positive indicator of developer diligence, but the identified gaps in authorization and output sanitization require attention.",[64,67,69],{"reason":65,"points":66},"0 Nonce checks found",10,{"reason":68,"points":66},"0 Capability checks found",{"reason":70,"points":14},"25% of outputs not properly escaped","2026-03-16T19:47:46.147Z",{"wat":73,"direct":82},{"assetPaths":74,"generatorPatterns":77,"scriptPaths":78,"versionParams":79},[75,76],"\u002Fwp-content\u002Fplugins\u002Fforum-wordpress-fr\u002Fcss\u002Ffwf.css","\u002Fwp-content\u002Fplugins\u002Fforum-wordpress-fr\u002Fjs\u002Ffwf.js",[],[76],[80,81],"forum-wordpress-fr\u002Fcss\u002Ffwf.css?ver=","forum-wordpress-fr\u002Fjs\u002Ffwf.js?ver=",{"cssClasses":83,"htmlComments":86,"htmlAttributes":89,"restEndpoints":91,"jsGlobals":92,"shortcodeOutput":94},[84,85],"fwf_copy","fwf_copied",[87,88],"\u003C!--$wpdb->blogid -->","\u003C!-- get_current_blog_id() -->",[90],"data-clipboard-target",[],[93],"fwf_L10n",[]]