[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCwvku-llqmXqn77zmcs0WxX83Hh29DmcxCBSSVlXBWk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":57,"fingerprints":382},"go-ads-widget","Go Ads widget","1.0","goresponsive","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoresponsive\u002F","\u003Cp>This widget accommodates different sizes of image ads. It supports nearly 10 sizes of image ads. The sizes it supports are – 125\u003Cem>125, 120\u003C\u002Fem>60, 120\u003Cem>240, 120\u003C\u002Fem>600, 120\u003Cem>90, 300\u003C\u002Fem>100, 160\u003Cem>600, 300\u003C\u002Fem>600, 300\u003Cem>250, 250\u003C\u002Fem>250.\u003C\u002Fp>\n\u003Cp>Demo: http:\u002F\u002Fonion.goresponsive.in\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>documentation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fgoresponsive.in\u002Fads-widget\u002F\u003C\u002Fp>\n","Simple plugin for displaying different sizes of image ads and adsense ads.",10,2361,0,"","3.9.40","3.0",[18,19,20,21],"ad-banner-widget","ads-widget","adsense-ads-display-widget","image-ads","http:\u002F\u002Fgoresponsive.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgo-ads-widget.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,20,93,30,89,"2026-04-03T19:35:01.907Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":24,"num_ratings":29,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":14,"tags":48,"homepage":53,"download_link":54,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":56},"easy-ads-manager","easy ads manager","1.0.1","shokry055","https:\u002F\u002Fprofiles.wordpress.org\u002Fshokry055\u002F","\u003Cp>easy ads is a free advertisement plugin to manage , add and remove ads easily way to wordpress.\u003C\u002Fp>\n\u003Cp>easy to use by the developer .. to easy to use by the user\u003C\u002Fp>\n\u003Cp>watch this video —\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLUzTtAX-QO0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent&listType=playlist&list=PLyeK7EwFBugrLuf3Q2Afg7pakUeuAqUwX\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>go to plugin website —\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fmohamedshokry.com\u002Feasy-ads-manager\u002F\u003C\u002Fp>\n","easy ads is a free advertisement plugin to manage , add and remove ads easily way to wordpress.",3257,"2016-03-07T23:51:00.000Z","4.4.0","3.0.0",[49,50,19,51,52],"ads-manager","ads-plugin","easy-adverts","rotating-ads","http:\u002F\u002Fmohamedshokry.com\u002Feasy-ads-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-ads-manager.zip",85,"2026-03-15T15:16:48.613Z",{"attackSurface":58,"codeSignals":97,"taintFlows":374,"riskAssessment":375,"analyzedAt":381},{"hooks":59,"ajaxHandlers":93,"restRoutes":94,"shortcodes":95,"cronEvents":96,"entryPointCount":13,"unprotectedCount":13},[60,66,69,72,75,78,81,84,87,90],{"type":61,"name":62,"callback":63,"file":64,"line":65},"action","widgets_init","ads125125","GO-ads.php",13,{"type":61,"name":62,"callback":67,"file":64,"line":68},"ads12060",120,{"type":61,"name":62,"callback":70,"file":64,"line":71},"ads120240",226,{"type":61,"name":62,"callback":73,"file":64,"line":74},"ads120600",325,{"type":61,"name":62,"callback":76,"file":64,"line":77},"ads12090",427,{"type":61,"name":62,"callback":79,"file":64,"line":80},"ads300100",531,{"type":61,"name":62,"callback":82,"file":64,"line":83},"ads160600",637,{"type":61,"name":62,"callback":85,"file":64,"line":86},"ads300600",750,{"type":61,"name":62,"callback":88,"file":64,"line":89},"ads250250",856,{"type":61,"name":62,"callback":91,"file":64,"line":92},"ads300250",970,[],[],[],[],{"dangerousFunctions":98,"sqlUsage":99,"outputEscaping":101,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":373},[],{"prepared":13,"raw":13,"locations":100},[],{"escaped":13,"rawEcho":102,"locations":103},135,[104,107,108,110,112,114,116,118,120,122,124,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,371],{"file":64,"line":105,"context":106},28,"raw output",{"file":64,"line":32,"context":106},{"file":64,"line":109,"context":106},33,{"file":64,"line":111,"context":106},41,{"file":64,"line":113,"context":106},50,{"file":64,"line":115,"context":106},51,{"file":64,"line":117,"context":106},64,{"file":64,"line":119,"context":106},65,{"file":64,"line":121,"context":106},76,{"file":64,"line":123,"context":106},95,{"file":64,"line":24,"context":106},{"file":64,"line":126,"context":106},104,{"file":64,"line":128,"context":106},108,{"file":64,"line":130,"context":106},112,{"file":64,"line":132,"context":106},134,{"file":64,"line":134,"context":106},136,{"file":64,"line":136,"context":106},139,{"file":64,"line":138,"context":106},145,{"file":64,"line":140,"context":106},155,{"file":64,"line":142,"context":106},156,{"file":64,"line":144,"context":106},170,{"file":64,"line":146,"context":106},171,{"file":64,"line":148,"context":106},182,{"file":64,"line":150,"context":106},200,{"file":64,"line":152,"context":106},205,{"file":64,"line":154,"context":106},209,{"file":64,"line":156,"context":106},213,{"file":64,"line":158,"context":106},217,{"file":64,"line":160,"context":106},239,{"file":64,"line":162,"context":106},241,{"file":64,"line":164,"context":106},244,{"file":64,"line":166,"context":106},249,{"file":64,"line":168,"context":106},257,{"file":64,"line":170,"context":106},258,{"file":64,"line":172,"context":106},271,{"file":64,"line":174,"context":106},272,{"file":64,"line":176,"context":106},300,{"file":64,"line":178,"context":106},305,{"file":64,"line":180,"context":106},309,{"file":64,"line":182,"context":106},313,{"file":64,"line":184,"context":106},317,{"file":64,"line":186,"context":106},338,{"file":64,"line":188,"context":106},340,{"file":64,"line":190,"context":106},343,{"file":64,"line":192,"context":106},349,{"file":64,"line":194,"context":106},360,{"file":64,"line":196,"context":106},361,{"file":64,"line":198,"context":106},372,{"file":64,"line":200,"context":106},373,{"file":64,"line":202,"context":106},385,{"file":64,"line":204,"context":106},402,{"file":64,"line":206,"context":106},407,{"file":64,"line":208,"context":106},411,{"file":64,"line":210,"context":106},415,{"file":64,"line":212,"context":106},419,{"file":64,"line":214,"context":106},440,{"file":64,"line":216,"context":106},442,{"file":64,"line":218,"context":106},445,{"file":64,"line":220,"context":106},450,{"file":64,"line":222,"context":106},458,{"file":64,"line":224,"context":106},459,{"file":64,"line":226,"context":106},474,{"file":64,"line":228,"context":106},475,{"file":64,"line":230,"context":106},486,{"file":64,"line":232,"context":106},505,{"file":64,"line":234,"context":106},510,{"file":64,"line":236,"context":106},514,{"file":64,"line":238,"context":106},518,{"file":64,"line":240,"context":106},522,{"file":64,"line":242,"context":106},544,{"file":64,"line":244,"context":106},546,{"file":64,"line":246,"context":106},549,{"file":64,"line":248,"context":106},554,{"file":64,"line":250,"context":106},562,{"file":64,"line":252,"context":106},563,{"file":64,"line":254,"context":106},575,{"file":64,"line":256,"context":106},576,{"file":64,"line":258,"context":106},587,{"file":64,"line":260,"context":106},610,{"file":64,"line":262,"context":106},616,{"file":64,"line":264,"context":106},620,{"file":64,"line":266,"context":106},624,{"file":64,"line":268,"context":106},628,{"file":64,"line":270,"context":106},655,{"file":64,"line":272,"context":106},659,{"file":64,"line":274,"context":106},669,{"file":64,"line":276,"context":106},676,{"file":64,"line":278,"context":106},681,{"file":64,"line":280,"context":106},683,{"file":64,"line":282,"context":106},698,{"file":64,"line":284,"context":106},723,{"file":64,"line":286,"context":106},729,{"file":64,"line":288,"context":106},733,{"file":64,"line":290,"context":106},737,{"file":64,"line":292,"context":106},741,{"file":64,"line":294,"context":106},763,{"file":64,"line":296,"context":106},765,{"file":64,"line":298,"context":106},768,{"file":64,"line":300,"context":106},773,{"file":64,"line":302,"context":106},781,{"file":64,"line":304,"context":106},782,{"file":64,"line":306,"context":106},794,{"file":64,"line":308,"context":106},795,{"file":64,"line":310,"context":106},806,{"file":64,"line":312,"context":106},830,{"file":64,"line":314,"context":106},836,{"file":64,"line":316,"context":106},840,{"file":64,"line":318,"context":106},844,{"file":64,"line":320,"context":106},848,{"file":64,"line":322,"context":106},874,{"file":64,"line":324,"context":106},878,{"file":64,"line":326,"context":106},888,{"file":64,"line":328,"context":106},895,{"file":64,"line":330,"context":106},900,{"file":64,"line":332,"context":106},902,{"file":64,"line":334,"context":106},917,{"file":64,"line":336,"context":106},942,{"file":64,"line":338,"context":106},948,{"file":64,"line":340,"context":106},952,{"file":64,"line":342,"context":106},956,{"file":64,"line":344,"context":106},960,{"file":64,"line":346,"context":106},983,{"file":64,"line":348,"context":106},985,{"file":64,"line":350,"context":106},988,{"file":64,"line":352,"context":106},993,{"file":64,"line":354,"context":106},1001,{"file":64,"line":356,"context":106},1002,{"file":64,"line":358,"context":106},1014,{"file":64,"line":360,"context":106},1015,{"file":64,"line":362,"context":106},1026,{"file":64,"line":364,"context":106},1049,{"file":64,"line":366,"context":106},1055,{"file":64,"line":368,"context":106},1059,{"file":64,"line":370,"context":106},1063,{"file":64,"line":372,"context":106},1067,[],[],{"summary":376,"deductions":377},"The \"go-ads-widget\" v1.0 plugin exhibits a seemingly strong security posture based on the provided static analysis data.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface.  Furthermore, no dangerous functions were detected, all SQL queries use prepared statements, and there are no file operations or external HTTP requests.  The absence of known vulnerabilities, including critical and high severity CVEs, further contributes to this positive assessment.\n\nHowever, a significant concern arises from the output escaping.  With 135 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by the plugin that originates from user input or external sources is likely vulnerable to injection attacks, which could lead to unauthorized actions, data theft, or session hijacking.  The lack of nonce and capability checks, while not directly leading to deductions based on the current data (as there are no entry points requiring them), means that if new entry points are added in the future without proper security measures, the plugin would be immediately vulnerable. The absence of taint analysis results and vulnerability history, while positive, could also simply mean the plugin hasn't been thoroughly tested for such flows or hasn't historically had issues, rather than a guaranteed absence of them.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL and unprotected entry points, the complete lack of output escaping presents a critical security weakness. This should be prioritized for remediation to prevent widespread XSS vulnerabilities. The lack of historical vulnerabilities is a good sign, but the current code presents a clear and present danger due to unescaped output.",[378],{"reason":379,"points":380},"0% proper output escaping",16,"2026-03-16T23:20:15.683Z",{"wat":383,"direct":388},{"assetPaths":384,"generatorPatterns":385,"scriptPaths":386,"versionParams":387},[],[],[],[],{"cssClasses":389,"htmlComments":392,"htmlAttributes":393,"restEndpoints":396,"jsGlobals":397,"shortcodeOutput":398},[390,391],"adsimage125125","adsimage12060",[],[394,395],"data-fieldid","data-fieldlabel",[],[],[]]