[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwdps6DWo3jXC0JlWe4tq9lbEWmGTMJFRr_VO_3iYCx8":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":44,"crawl_stats":33,"alternatives":51,"analysis":147,"fingerprints":259},"furikake","0.2.0","jidaikobo","https:\u002F\u002Fprofiles.wordpress.org\u002Fjidaikobo\u002F","\u003Cp>This plug-in takes advantage of the \u003Ca href=\"http:\u002F\u002Fdeveloper.yahoo.co.jp\u002Fwebapi\u002Fjlp\u002Ffurigana\u002Fv1\u002Ffurigana.html\" rel=\"nofollow ugc\">ruby API\u003C\u002Fa> that Yahoo! Japan Developer Network was developed. please follow Yahoo! Japan is defined in the “\u003Ca href=\"http:\u002F\u002Fdocs.yahoo.co.jp\u002Fdocs\u002Finfo\u002Fterms\u002Fchapter1.html#cf5th\" rel=\"nofollow ugc\">rules for software (Guidelines)\u003C\u002Fa>” to.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Ffurikake\" rel=\"nofollow ugc\">translate by using GlotPress\u003C\u002Fa>\u003C\u002Fp>\n","This plug-in provides Furigana (A.K.A. \"Yomigana\". Japanese phonetic of Chinese characters) to the text of web pages.",10,1572,0,"","5.4.19","4.9.6","5.6",[18,19,20],"furigana","phonetic","yomigana","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffurikake\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffurikake.zip",100,1,"2018-01-01 00:00:00","2026-03-15T10:48:56.248Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":35,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":25,"updated_date":40,"references":41,"days_to_patch":43},"CVE-2017-1000434","furikake-open-redirect","furikake \u003C= 0.1.0 - Open Redirect","Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes\u002FFurigana.php: header('location:'.urldecode($_GET['furikake-redirect']));",null,"\u003C=0.1.0","0.1.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","URL Redirection to Untrusted Site ('Open Redirect')","2024-01-22 19:56:02",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9083d875-ff86-4f18-ad63-368bcb269ad9?source=api-prod",2213,{"slug":6,"display_name":6,"profile_url":7,"plugin_count":45,"total_installs":46,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},5,210,96,1109,76,"2026-04-05T02:02:26.681Z",[52,72,93,114,133],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":10,"downloaded":60,"rating":23,"num_ratings":24,"last_updated":61,"tested_up_to":62,"requires_at_least":55,"requires_php":13,"tags":63,"homepage":68,"download_link":69,"security_score":70,"vuln_count":12,"unpatched_count":12,"last_vuln_date":33,"fetched_at":71},"banglkb","BanglKB","3.3","lavluda","https:\u002F\u002Fprofiles.wordpress.org\u002Flavluda\u002F","\u003Cp>Bangla Typing Scripts for wordpress. This Java Script based add-ons will let your visitors type in Bangla without using any 3rd party tool or keyboard manager along with in your “new post page” you will get option to write post in bangla. These add-ons are very flexible and easy to install to any site and 100% workable with Mozilla FireFox (1.0 or higher), Apple Safari, Microsoft Internet Explorer (5 or higher) and any Gecko engine based web browser.\u003C\u002Fp>\n\u003Cp>for live example: visit http:\u002F\u002Fwww.lavluda.com\u003C\u002Fp>\n\u003Cp>Supported Layout: Phonetic, Probhat\u003C\u002Fp>\n","Bangla Typing Scripts for wordpress. This Java Script based add-ons will let your visitors type in Bangla without using any 3rd party tool or keyboard &hellip;",11592,"2015-04-10T10:43:00.000Z","4.1.42",[64,65,66,67,19],"bangla","bengali","comment","keyboard","http:\u002F\u002Fekushey.org\u002F?page\u002Fweb_input_manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbanglkb.zip",85,"2026-03-15T15:16:48.613Z",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":10,"downloaded":80,"rating":23,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":13,"tags":85,"homepage":91,"download_link":92,"security_score":70,"vuln_count":12,"unpatched_count":12,"last_vuln_date":33,"fetched_at":71},"bleep-filter","Bleep Filter","1.2","nathanlampe","https:\u002F\u002Fprofiles.wordpress.org\u002Fnathanlampe\u002F","\u003Cp>The Bleep Filter plugin is a free and open source advanced content filtering plugin for WordPress. Commonly used as a bad word filter and swear filter, this plugin offers a variety of applications for your needs. Easily add the words you want to filter out and the plugin will find those words in your blog’s comments, posts, and rss feeds and passively replace them in a variety of styles.\u003C\u002Fp>\n\u003Cp>Using a highly advanced phonetic algorithm, not only is the spelling being detected but also how the word sounds. This makes it much more difficult for mischievous posters to bypass the filter intentionally.\u003C\u002Fp>\n\u003Cp>With the Bleep Filter plugin all you have to do is add your words and the plugin takes care of the rest.\u003C\u002Fp>\n","An advanced word and content filter perfect for passively eliminating profanity and spoilers.",2912,3,"2014-07-19T21:34:00.000Z","3.9.40","3.5.1",[86,87,88,89,90],"content-filter","phonetic-filter","profanity-filter","swear-filter","word-filter","http:\u002F\u002Fwww.filterplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbleep-filter.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":10,"downloaded":101,"rating":12,"num_ratings":12,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":112,"download_link":113,"security_score":70,"vuln_count":12,"unpatched_count":12,"last_vuln_date":33,"fetched_at":71},"indian-keyboard","Indian Keyboard","1.0","Binodwpcitizen","https:\u002F\u002Fprofiles.wordpress.org\u002Fbinodwpcitizen\u002F","\u003Cp>This plugin let you type in Amharic, Arabic, Bengali, Chinese, Greek, Gujrati, Hindi, Canada, Malayalam, Marathi, Nepali, Odia, Persian, Punjabi, Russian, Sanskrit, Serbian, Sinhalese, Tamil, Telugu, Tigrinya and Urdu in backend post, pages and catagories just using a popup window that run with google API which can be copied and pasted anywhere you want.\u003C\u002Fp>\n","Let you type in your native language using phonetic english.",2148,"2018-02-04T21:40:00.000Z","4.9.29","4.0","5.2.4",[107,108,109,110,111],"phonetic-writings","type-in-amharic","type-in-arabic","type-in-native-language","write-in-your-language","http:\u002F\u002Fwww.axonsoft.in\u002Findex.php\u002Fservices\u002Findian-keyboard-wp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findian-keyboard.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":10,"downloaded":122,"rating":123,"num_ratings":45,"last_updated":124,"tested_up_to":62,"requires_at_least":125,"requires_php":13,"tags":126,"homepage":131,"download_link":132,"security_score":70,"vuln_count":12,"unpatched_count":12,"last_vuln_date":33,"fetched_at":71},"opensearchserver-search","OpenSearchServer Search","1.5.10","ekeller","https:\u002F\u002Fprofiles.wordpress.org\u002Fekeller\u002F","\u003Ch4>OpenSearchServer plugin\u003C\u002Fh4>\n\u003Cp>The OpenSearchServer Search Plugin enables \u003Ca href=\"http:\u002F\u002Fwww.opensearchserver.com\u002F\" rel=\"nofollow ugc\">OpenSearchServer\u003C\u002Fa>  full-text search in WordPress-based websites.\u003Cbr \u002F>\nOpenSearchServer is an \u003Cstrong>high-performance search engine that includes spell-check, facets, filters, phonetic search, and auto-completion\u003C\u002Fstrong>.\u003Cbr \u002F>\nThis plugin automatically replaces the WordPress built-in search function.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full-text search with phonetic support\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Queries can be fully customized and the \u003Cstrong>relevancy of each field (title, author, …) can be precisely tuned\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Search results can be filtered using \u003Cstrong>facets\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Automatic search suggestions through \u003Cstrong>autocompletion\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spell-checking\u003C\u002Fstrong> with automatic substitution,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search into your files\u003C\u002Fstrong>: .docx, .doc, .pdf, .rtf, etc. The plugin will extract text from your attachments and index it.\u003C\u002Fli>\n\u003Cli>Automatic indexing of content as soon as it gets published, edited or deleted,\u003C\u002Fli>\n\u003Cli>Can index and search through \u003Cstrong>all type of content\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Can index and search \u003Cstrong>every taxonomies\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Can be easily set up and tweaked through web form page\u003C\u002Fli>\n\u003Cli>Supports \u003Cstrong>multi-sites installation\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Supports a \u003Cstrong>WPML plugin\u003C\u002Fstrong> for translation,\u003C\u002Fli>\n\u003Cli>Includes \u003Cstrong>several filters and actions\u003C\u002Fstrong> to allow for more customization via other plugins or themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the screenshots page for more!\u003C\u002Fp>\n","The OpenSearchServer Search Plugin enables OpenSearchServer full-text search in WordPress-based websites.",9455,84,"2015-05-05T08:07:00.000Z","3.0.1",[127,128,19,129,130],"full-text","opensearchserver","search","search-engine","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fopensearchserver-search\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopensearchserver-search.1.5.10.zip",{"slug":134,"name":135,"version":96,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":12,"downloaded":140,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":141,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":145,"download_link":146,"security_score":23,"vuln_count":12,"unpatched_count":12,"last_vuln_date":33,"fetched_at":26},"bphonetic-wordcount","Bphonetic WordCount","Pixoten","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixoten\u002F","\u003Cp>Bphonetic WordCount is a lightweight WordPress plugin that enhances the Classic Editor with seamless Bangla & English typing support. It provides instant word count, estimated reading time, and a smooth bilingual writing experience. Perfect for bloggers, writers, and content creators who need quick and efficient text analysis.\u003C\u002Fp>\n\u003Ch3>Acknowledgements\u003C\u002Fh3>\n\u003Cp>Thank you to the contributors and WordPress community!\u003C\u002Fp>\n","Short Description: A lightweight plugin for Classic Editor that adds Bangla & English typing support, word count, and reading time estimation.",276,"6.7.5","5.8","7.4",[134],"https:\u002F\u002Fpixoten.com\u002Fplugins\u002Fbphonetic-word-count\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbphonetic-wordcount.1.0.zip",{"attackSurface":148,"codeSignals":180,"taintFlows":249,"riskAssessment":250,"analyzedAt":258},{"hooks":149,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":179,"entryPointCount":24,"unprotectedCount":12},[150,156,161,166,170],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_menu","furikake_add_menu","furikake.php",61,{"type":157,"name":158,"callback":159,"priority":10,"file":154,"line":160},"filter","plugin_action_links","addLink",67,{"type":157,"name":162,"callback":163,"priority":164,"file":154,"line":165},"after_setup_theme","bufferStart",20,70,{"type":157,"name":167,"callback":168,"priority":164,"file":154,"line":169},"shutdown","bufferOut",71,{"type":157,"name":171,"callback":172,"file":154,"line":173},"body_class","closure",79,[],[],[177],{"tag":4,"callback":18,"file":154,"line":178},64,[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":81,"externalRequests":12,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":248},[],{"prepared":12,"raw":12,"locations":183},[],{"escaped":185,"rawEcho":186,"locations":187},9,31,[188,192,194,195,197,199,201,203,205,207,209,211,213,215,217,218,220,222,224,225,227,229,231,233,234,236,238,240,242,244,246],{"file":189,"line":190,"context":191},"classes\\Furigana.php",528,"raw output",{"file":193,"line":24,"context":191},"templates\\settings.php",{"file":193,"line":164,"context":191},{"file":193,"line":196,"context":191},24,{"file":193,"line":198,"context":191},25,{"file":193,"line":200,"context":191},29,{"file":193,"line":202,"context":191},30,{"file":193,"line":204,"context":191},32,{"file":193,"line":206,"context":191},33,{"file":193,"line":208,"context":191},34,{"file":193,"line":210,"context":191},35,{"file":193,"line":212,"context":191},39,{"file":193,"line":214,"context":191},40,{"file":193,"line":216,"context":191},43,{"file":193,"line":216,"context":191},{"file":193,"line":219,"context":191},48,{"file":193,"line":221,"context":191},49,{"file":193,"line":223,"context":191},65,{"file":193,"line":165,"context":191},{"file":193,"line":226,"context":191},72,{"file":193,"line":228,"context":191},74,{"file":193,"line":230,"context":191},75,{"file":193,"line":232,"context":191},83,{"file":193,"line":123,"context":191},{"file":193,"line":235,"context":191},102,{"file":193,"line":237,"context":191},104,{"file":193,"line":239,"context":191},117,{"file":193,"line":241,"context":191},120,{"file":193,"line":243,"context":191},121,{"file":193,"line":245,"context":191},123,{"file":193,"line":247,"context":191},124,[],[],{"summary":251,"deductions":252},"The furikake plugin version 0.2.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no dangerous functions, utilizing prepared statements for all SQL queries, and performing nonce and capability checks on its single entry point (a shortcode).  Additionally, there are no external HTTP requests or bundled libraries, which reduces the potential for cross-dependencies and supply chain attacks. The absence of any critical or high-severity taint flows is also a strong indicator of sound coding in that area.\n\nHowever, significant concerns arise from the output escaping. A mere 23% of output is properly escaped, leaving a substantial portion vulnerable to Cross-Site Scripting (XSS) attacks. While the static analysis shows no immediate critical vulnerabilities, this low escaping rate represents a considerable risk for users interacting with the plugin's output. The vulnerability history, though dated, shows a past medium-severity 'Open Redirect' vulnerability. While currently unpatched issues are zero, this historical pattern suggests that the plugin's developers may not have a consistent track record of addressing security vulnerabilities promptly or thoroughly, especially regarding input validation and output sanitization.\n\nIn conclusion, while furikake v0.2.0 has strengths in its limited attack surface and database interaction security, the critical weakness in output escaping presents a tangible XSS risk. The past medium-severity vulnerability, even though resolved, warrants caution regarding the overall security development lifecycle of the plugin. Future versions should prioritize robust output sanitization to mitigate these risks.",[253,256],{"reason":254,"points":255},"Low percentage of properly escaped output",15,{"reason":257,"points":45},"Past medium severity vulnerability history","2026-03-16T23:12:13.977Z",{"wat":260,"direct":265},{"assetPaths":261,"generatorPatterns":262,"scriptPaths":263,"versionParams":264},[],[],[],[],{"cssClasses":266,"htmlComments":268,"htmlAttributes":269,"restEndpoints":270,"jsGlobals":271,"shortcodeOutput":272},[267],"furikake_on",[],[],[],[],[273],"[furikake]"]