[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f62SZ0dcmnWTuvILoaNKO2V1biZc7DDBhrq7Xm9nQGG8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":38,"fingerprints":95},"free-of-charge-badge","Free Of Charge Badge","3.2","Irish_Cathal","https:\u002F\u002Fprofiles.wordpress.org\u002Firish_cathal\u002F","\u003Cp>Add a badge to product images on woocommerce shop page to advise customers that the product is free if charge. The text on the badge is customizable to display what you need. No coding required as there is an admin panel to save the button and label text.\u003C\u002Fp>\n","Add a badge to product images on woocommerce shop page to advise customers that the product is free if charge. The text on the badge is customizable t &hellip;",10,987,0,"","6.5.8","3.8","5.2.4",[4,19,20,21,22],"free-stock-badge","woocommerce-free-of-charge-text","woocommerce-no-price-text","woocommerce-shop-page-free-of-charge","https:\u002F\u002Farrowdesign.ie\u002Ffree-of-charge-badge\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffree-of-charge-badge.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"irish_cathal",8,640,93,30,89,"2026-04-05T01:58:42.298Z",[],{"attackSurface":39,"codeSignals":69,"taintFlows":87,"riskAssessment":88,"analyzedAt":94},{"hooks":40,"ajaxHandlers":65,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":13,"unprotectedCount":13},[41,47,51,55,60],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","wp_enqueue_scripts","arrowdesign_add_free_of_char_badg_Style_script","admin\\admin.php",14,{"type":42,"name":48,"callback":49,"file":45,"line":50},"admin_menu","arrowdesign__f_o_c_b__admin_page",19,{"type":42,"name":52,"callback":53,"file":45,"line":54},"admin_enqueue_scripts","arrowd_focb_load_custom_wp_admin_style",195,{"type":42,"name":56,"callback":57,"file":58,"line":59},"woocommerce_before_shop_loop_item_title","arrowdesign_ie_stock_free_of_charge_badge","index.php",54,{"type":61,"name":62,"callback":63,"priority":11,"file":58,"line":64},"filter","plugin_row_meta","arrowddub_free_of_charge_plugin_page_doc_meta",78,[],[],[],[],{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":73,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":85,"bundledLibraries":86},[],{"prepared":13,"raw":13,"locations":72},[],{"escaped":11,"rawEcho":74,"locations":75},4,[76,79,81,83],{"file":45,"line":77,"context":78},165,"raw output",{"file":45,"line":80,"context":78},167,{"file":45,"line":82,"context":78},181,{"file":58,"line":84,"context":78},50,2,[],[],{"summary":89,"deductions":90},"The \"free-of-charge-badge\" v3.2 plugin exhibits a strong security posture based on the provided static analysis.  The complete absence of identified attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly reduces the potential for external exploitation. Furthermore, the code signals indicate a responsible development approach, with no dangerous functions, file operations, or external HTTP requests detected. The use of prepared statements for all SQL queries is a commendable practice, mitigating SQL injection risks.  However, a lower percentage of properly escaped output (71%) suggests potential for cross-site scripting (XSS) vulnerabilities in the remaining 29% of output operations. The lack of documented vulnerabilities in its history is a positive indicator, suggesting a history of secure development. The plugin's strengths lie in its minimal attack surface and secure database interaction practices. The primary area for concern is the unescaped output, which, while not leading to critical taint flows in this analysis, represents a potential weakness that could be exploited if data flows to those outputs without proper sanitization.",[91],{"reason":92,"points":93},"Percentage of unescaped output",6,"2026-03-16T23:20:09.093Z",{"wat":96,"direct":105},{"assetPaths":97,"generatorPatterns":100,"scriptPaths":101,"versionParams":102},[98,99],"\u002Fwp-content\u002Fplugins\u002Ffree-of-charge-badge\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Ffree-of-charge-badge\u002Fjs\u002Flogic.js",[],[99],[103,104],"free-of-charge-badge\u002Fcss\u002Fstyle.css?ver=","free-of-charge-badge\u002Fjs\u002Flogic.js?ver=",{"cssClasses":106,"htmlComments":114,"htmlAttributes":115,"restEndpoints":117,"jsGlobals":118,"shortcodeOutput":119},[107,108,109,110,111,112,113],"intro_text_class","container_for_left_and_right_FOC","container_left_foc","arrowD_notesDiv","container_right_foc","enter-text","enter-text-span",[],[116],"data-term_id",[],[],[]]