[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTpqRW7YRXL7fOBgOFTAJ5znfBA2kU7A4eaQ9LRQcXsM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":80},"gemius-for-wordpress","Gemius for WordPress","1.2.2","TLA Media","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlamedia\u002F","\u003Cp>Implementing \u003Ca href=\"http:\u002F\u002Fwww.gemius.com\u002F\" rel=\"nofollow ugc\">Gemius\u003C\u002Fa> Audience tracking on your blog is very easy. The Gemius tracking script is very simple and anybody can implement it. However, when you are changing themes it is quit easy to forget the Gemius tracking script. With Gemius for WordPress plugin you never have to vory about tracking issues again – it just works.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically adds the Gemius tracking script to all pages.\u003C\u002Fli>\n\u003C\u002Ful>\n","Simple implementation of the Gemius Audience tracking script.",20,4485,100,1,"2025-12-03T07:12:00.000Z","6.9.4","5.0","7.0",[20],"gemius","http:\u002F\u002Fwpplugins.tlamedia.dk\u002Fgemius-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgemius-for-wordpress.1.2.2.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":13,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"tlamedia",3,30050,11,94,"2026-04-05T02:22:50.352Z",[],{"attackSurface":36,"codeSignals":58,"taintFlows":72,"riskAssessment":73,"analyzedAt":79},{"hooks":37,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":23,"unprotectedCount":23},[38,43,46,50],{"type":39,"name":40,"callback":41,"file":42,"line":32},"action","admin_notices","gemius_warning","gemius.php",{"type":39,"name":44,"callback":44,"file":42,"line":45},"admin_init",103,{"type":39,"name":47,"callback":48,"file":42,"line":49},"admin_menu","admin_add_page",104,{"type":39,"name":51,"callback":52,"file":42,"line":53},"wp_footer","tla_gemiuswp_script",133,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":71},[],{"prepared":23,"raw":23,"locations":61},[],{"escaped":23,"rawEcho":29,"locations":63},[64,67,69],{"file":42,"line":65,"context":66},54,"raw output",{"file":42,"line":68,"context":66},60,{"file":42,"line":70,"context":66},121,[],[],{"summary":74,"deductions":75},"The gemius-for-wordpress plugin version 1.2.2 exhibits a seemingly strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate a complete absence of dangerous functions, file operations, external HTTP requests, and importantly, all SQL queries are using prepared statements, which is a critical best practice.  Taint analysis revealing no unsanitized paths further reinforces this positive assessment.\n\nHowever, a significant concern arises from the output escaping signals. With 3 total outputs and 0% properly escaped, there is a high probability of Cross-Site Scripting (XSS) vulnerabilities. This is a critical weakness that can be exploited to inject malicious scripts into the website, impacting users. The lack of any recorded vulnerability history might suggest a lack of past exploitation or discovery, but the identified output escaping issue presents a clear and present danger that should not be overlooked.  The plugin adheres to secure data handling practices regarding SQL and avoids common entry points, but the output sanitization failure is a major oversight.",[76],{"reason":77,"points":78},"Output escaping not implemented",8,"2026-03-16T23:06:05.012Z",{"wat":81,"direct":87},{"assetPaths":82,"generatorPatterns":83,"scriptPaths":84,"versionParams":86},[],[],[85],"gemius-for-wordpress\u002Fxlgemius.js",[],{"cssClasses":88,"htmlComments":89,"htmlAttributes":92,"restEndpoints":93,"jsGlobals":94,"shortcodeOutput":96},[41],[90,91],"Gemius Audience for WordPress by TLA Media - http:\u002F\u002Fwww.tlamedia.dk\u002F","End Gemius Audience for WordPress",[],[],[95],"pp_gemius_identifier",[]]