[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3AMKtpUGzZ1uyZjxn3Wa8-BfujZDasZnL_slqx2pWOU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":29,"analysis":30,"fingerprints":134},"generate-reviews","Generate Reviews","1.0","csharp03","https:\u002F\u002Fprofiles.wordpress.org\u002Fcsharp03\u002F","\u003Cp>This plugin can generate reviews using shortcode but exclusively for clients of Five Star Reviews Site. (https:\u002F\u002Fwww.fivestarreviewssite.com\u002F)\u003C\u002Fp>\n\u003Cp>View \u003Ca href=\"https:\u002F\u002Fwww.bestratedattorney.com\u002F\" rel=\"nofollow ugc\">DEMO\u003C\u002Fa> for more details\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Features \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shortcode\u003C\u002Fli>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>Mozilla, Opera Mini, Google Chrome, Safari, Microsoft Edge and IE 11\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here is the example Shortcode :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[generate-reviews fb_token='FB Token' gg_token='Google Place ID' fs_link='Fivestar Link' fb_link='FB Link' ]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>This plugin fetch data\u002Freviews to this www.fivestarreviewssite.com.\u003C\u002Fp>\n","This plugin can generate reviews using shortcode but exclusively for clients of Five Star Reviews Site. (https:\u002F\u002Fwww.fivestarreviewssite.com\u002F)",0,922,"2018-10-08T09:07:00.000Z","4.9.29","3.7","",[4],"https:\u002F\u002Fevl.000webhostapp.com\u002Fgenerate-reviews","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgenerate-reviews.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},1,30,84,"2026-04-05T09:24:00.553Z",[],{"attackSurface":31,"codeSignals":51,"taintFlows":119,"riskAssessment":120,"analyzedAt":133},{"hooks":32,"ajaxHandlers":44,"restRoutes":45,"shortcodes":46,"cronEvents":50,"entryPointCount":25,"unprotectedCount":11},[33,39],{"type":34,"name":35,"callback":36,"file":37,"line":38},"filter","widget_text","do_shortcode","generate-reviews.php",18,{"type":40,"name":41,"callback":42,"file":37,"line":43},"action","init","generate_reviews_shortcodes_script",28,[],[],[47],{"tag":4,"callback":48,"file":37,"line":49},"generate_reviews_shortcode",138,[],{"dangerousFunctions":52,"sqlUsage":53,"outputEscaping":55,"fileOperations":11,"externalRequests":25,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":118},[],{"prepared":11,"raw":11,"locations":54},[],{"escaped":11,"rawEcho":56,"locations":57},31,[58,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,95,97,99,101,103,105,107,109,110,112,113,115,116],{"file":59,"line":60,"context":61},"format.php",3,"raw output",{"file":59,"line":63,"context":61},9,{"file":59,"line":65,"context":61},15,{"file":59,"line":67,"context":61},21,{"file":59,"line":69,"context":61},32,{"file":59,"line":71,"context":61},36,{"file":59,"line":73,"context":61},49,{"file":59,"line":75,"context":61},51,{"file":59,"line":77,"context":61},53,{"file":59,"line":79,"context":61},54,{"file":59,"line":81,"context":61},55,{"file":59,"line":83,"context":61},60,{"file":59,"line":85,"context":61},73,{"file":59,"line":87,"context":61},75,{"file":59,"line":89,"context":61},77,{"file":59,"line":91,"context":61},78,{"file":59,"line":93,"context":61},79,{"file":59,"line":27,"context":61},{"file":59,"line":96,"context":61},94,{"file":59,"line":98,"context":61},96,{"file":59,"line":100,"context":61},98,{"file":59,"line":102,"context":61},99,{"file":59,"line":104,"context":61},100,{"file":59,"line":106,"context":61},105,{"file":59,"line":108,"context":61},116,{"file":59,"line":108,"context":61},{"file":59,"line":111,"context":61},122,{"file":59,"line":111,"context":61},{"file":59,"line":114,"context":61},128,{"file":59,"line":114,"context":61},{"file":37,"line":117,"context":61},120,[],[],{"summary":121,"deductions":122},"The 'generate-reviews' v1.0 plugin presents a mixed security posture. On the positive side, the plugin has no known vulnerabilities (CVEs) and its code analysis reveals no dangerous functions, no raw SQL queries, and no file operations. The use of prepared statements for its SQL queries is a strong security practice. However, significant concerns arise from the lack of output escaping, with 0% of outputs being properly escaped, and the absence of nonce and capability checks across its entry points. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as any data outputted by the plugin could potentially be manipulated by attackers. While the attack surface is small, the lack of authentication and authorization checks on the single shortcode is a critical oversight that could be exploited if user-supplied data is involved in its rendering.",[123,125,128,130],{"reason":124,"points":65},"0% of outputs properly escaped",{"reason":126,"points":127},"No nonce checks",10,{"reason":129,"points":127},"No capability checks",{"reason":131,"points":132},"Shortcode unprotected",5,"2026-03-17T07:22:11.128Z",{"wat":135,"direct":141},{"assetPaths":136,"generatorPatterns":138,"scriptPaths":139,"versionParams":140},[137],"\u002Fwp-content\u002Fplugins\u002Fgenerate-reviews\u002Fcss\u002Fgr.css",[],[],[],{"cssClasses":142,"htmlComments":147,"htmlAttributes":148,"restEndpoints":149,"jsGlobals":150,"shortcodeOutput":151},[143,144,145,146],"slidein","hideEl","overlay-div","close-panel",[],[],[],[42],[143,144]]