[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faAPxJE7ntTTrJJEoZaOvhalFf-Ga83F7fzgXy1NWQA4":3,"$f3xsS5HNEDWCzx0bJer_SR0aF0ubgpDIZr7gS0WN7V_A":192,"$faMuJMNTvUq3Vokf-szqg_MhN0Gh60Zb7TuxxQpNaiaM":197},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":134,"fingerprints":177},"hello-dolly-guarana","Hello Dolly Guaraná","1.0.1","Roberto Pereira da Costa","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertopc\u002F","\u003Cp>Uma sátira ao Hello Dolly, feita com o nosso famoso amiguinho.\u003Cbr \u002F>\nThis is a brazilian meme, problably you dont will understand. Sorry. 😛\u003C\u002Fp>\n","Uma sátira ao Hello Dolly, feita com o nosso famoso amiguinho. This is a brazilian meme, problably you dont will understand. Sorry. :P",0,1135,"2019-01-25T14:32:00.000Z","5.0.25","1.0.0","",[18,19,20,21],"dolly","fun","hello","meme","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhello-dolly-guarana\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-dolly-guarana.1.0.1.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"robertopc",1,30,84,"2026-05-20T04:33:03.400Z",[36,61,81,96,116],{"slug":37,"name":38,"version":39,"author":38,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":46,"unpatched_count":11,"last_vuln_date":59,"fetched_at":60},"helloasso","HelloAsso","1.1.24","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelloasso\u002F","\u003Cp>HelloAsso est la solution gratuite (0 frais, 0 commission) des associations pour collecter des dons et des paiements sur internet. Plus de 80 000 associations françaises font confiance à HelloAsso pour gagner du temps et recevoir des paiements en ligne afin de financer leurs projets. Quel que soit le besoin de votre association, HelloAsso vous permet de proposer le paiement en ligne : don en ligne, billetterie, adhésion \u002F cotisation, crowdfunding, et davantage !\u003C\u002Fp>\n\u003Cp>L’extension HelloAsso vous permet d’intégrer tous vos formulaires de paiement HelloAsso directement sur votre site WordPress.\u003C\u002Fp>\n\u003Ch4>Cas d’usage :\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Financez de nouveaux projets (https:\u002F\u002Fwww.helloasso.com\u002Factivites\u002Ffinancement-de-projet)\u003C\u002Fli>\n\u003Cli>Organisez des événements (https:\u002F\u002Fwww.helloasso.com\u002Factivites\u002Fspectacle-concert)\u003C\u002Fli>\n\u003Cli>Gérez des compétitions et tournois (https:\u002F\u002Fwww.helloasso.com\u002Factivites\u002Fcompetition-tournoi)\u003C\u002Fli>\n\u003Cli>Proposez des ateliers et des stages (https:\u002F\u002Fwww.helloasso.com\u002Factivites\u002Fatelier-stage)\u003C\u002Fli>\n\u003Cli>Gérez vos adhérents et leur cotisation (https:\u002F\u002Fwww.helloasso.com\u002Foutils\u002Fgerer-mes-adhesions)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Fonctionnalités :\u003C\u002Fh4>\n\u003Cp>L’extension HelloAsso permet vous permet d’intégrer vos formulaires de paiement HelloAsso directement sur le site WordPress de votre association. Vous bénéficiez donc de toutes les fonctionnalités de HelloAsso :\u003Cbr \u002F>\n* Gestion des adhésions et adhérents\u003Cbr \u002F>\n* Billetterie et organisation d’événément\u003Cbr \u002F>\n* Collecte de dons\u003Cbr \u002F>\n* Campagne de financement participatif\u003Cbr \u002F>\n* Formulaire de vente\u003C\u002Fp>\n\u003Cp>Support HelloAsso : Une équipe de 15 personnes disponible via notre \u003Ca href=\"https:\u002F\u002Fcentredaide.helloasso.com\u002Fassociation?question=comment-integrer-mes-campagnes-sur-wordpress\" rel=\"nofollow ugc\">centre d’aide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Video\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fyrv1_PIakac?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","HelloAsso est la solution gratuite des associations pour collecter des paiements et des dons sur internet.",4000,61225,72,5,"2025-12-09T10:08:00.000Z","6.9.4","4.0","7.2.34",[52,53,54,37,55],"association","crowdfunding","don","paiement","https:\u002F\u002Fcentredaide.helloasso.com\u002Fs\u002Farticle\u002Fpaiement-en-ligne-wordpress-integrer-vos-campagnes-helloasso","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhelloasso.1.1.24.zip",97,"2025-01-24 00:00:00","2026-04-16T10:56:18.058Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":11,"num_ratings":11,"last_updated":71,"tested_up_to":48,"requires_at_least":16,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":31,"unpatched_count":11,"last_vuln_date":80,"fetched_at":60},"hello-world","Hello World","2.2.0","Bernhard Kau","https:\u002F\u002Fprofiles.wordpress.org\u002Fkau-boy\u002F","\u003Cp>In tribute to the famous “Hello Dolly” plugin by Matt Mullenweg comes this new plugin. And how could someone possible name a new default plugin other than “Hello World”, as it’s THE definition for a default example 🙂\u003C\u002Fp>\n","Similar to \"Hello Dolly\", this plugin lets you choose from some lyrics files, of which one line is shown in your dashboard on every page load.",300,17124,"2025-10-26T16:24:00.000Z","5.2",[18,20,74,75,76],"lyrics","world","yoda","https:\u002F\u002Fgithub.com\u002F2ndkauboy\u002Fhello-world","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-world.2.2.0.zip",99,"2024-09-30 00:00:00",{"slug":18,"name":82,"version":15,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":11,"num_ratings":11,"last_updated":89,"tested_up_to":90,"requires_at_least":72,"requires_php":91,"tags":92,"homepage":16,"download_link":95,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":60},"Dolly","Brad Parbs","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradparbs\u002F","\u003Cp>Keeps Hello Dolly deactivated.\u003C\u002Fp>\n","A WordPress plugin to make sure Hello Dolly stays deactivated.",90,3529,"2021-08-24T12:42:00.000Z","5.8.13","5.6",[93,94],"admin","hello-dolly","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdolly.1.0.0.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":31,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":16,"tags":110,"homepage":114,"download_link":115,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":60},"the-force","The Force","1.3","Rohit Motwani","https:\u002F\u002Fprofiles.wordpress.org\u002Frohittm\u002F","\u003Cp>Activate this Plugin & feel The Force in your Admin Dashboard. This Plugin is just similar to the WordPress’ Hello Dolly Plugin. Except when activated you will randomly see a quote from The Star Wars Series in the upper right of your admin screen on every page.\u003C\u002Fp>\n","This Plugin is Just Similar to the WordPress' Famous Hello Dolly Plugin. Except when activated you will randomly see a quote from The Star Wars S &hellip;",20,2353,80,"2016-12-07T19:28:00.000Z","4.7.33","3.0.1",[111,94,112,113],"force","star-wars","the-dark-side","http:\u002F\u002Fwww.RohitMotwani.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthe-force.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":11,"num_ratings":11,"last_updated":126,"tested_up_to":48,"requires_at_least":109,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":132,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":133},"bye-felicia","Bye Felisha","1.2","lljb3","https:\u002F\u002Fprofiles.wordpress.org\u002Flljb3\u002F","\u003Cp>This is just a simple plugin to replace Hello Dolly. For funsies. You’re welcome. Now, bye Felisha.\u003Cbr \u002F>\n~ LLJB3 of His Master’s Dance\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>You know Hello, Dolly? Yeah, we’re switching that out. Now, what up on that 40, homie?\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cp>http:\u002F\u002Fkakemultimedia.com\u003Cbr \u002F>\nhttp:\u002F\u002Fprodhmd.com\u003Cbr \u002F>\nhttp:\u002F\u002Flljb3.com\u003C\u002Fp>\n","This is just a simple plugin to replace Hello Dolly. For funsies. You're welcome. Now, bye Felisha.",10,3190,"2026-01-10T21:12:00.000Z","5.7",[117,129,94],"bye-felisha","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbye-felicia\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-felicia.1.2.zip",100,"2026-03-15T15:16:48.613Z",{"attackSurface":135,"codeSignals":150,"taintFlows":163,"riskAssessment":164,"analyzedAt":176},{"hooks":136,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":11,"unprotectedCount":11},[137,142],{"type":138,"name":139,"callback":140,"file":141,"line":32},"action","admin_notices","hello_dolly_guarana","hello-dolly-guarana.php",{"type":138,"name":143,"callback":144,"file":141,"line":145},"admin_head","dolly_guarana_css",58,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":31,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":162},[],{"prepared":11,"raw":11,"locations":153},[],{"escaped":11,"rawEcho":155,"locations":156},2,[157,160],{"file":141,"line":158,"context":159},26,"raw output",{"file":141,"line":161,"context":159},38,[],[],{"summary":165,"deductions":166},"The security posture of the \"hello-dolly-guarana\" v1.0.1 plugin appears to be strong in several key areas, indicating good development practices. The static analysis reveals no identified attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that are not properly authenticated or protected. Furthermore, there are no dangerous functions or external HTTP requests detected, and all SQL queries utilize prepared statements, which significantly mitigates the risk of SQL injection vulnerabilities. The absence of any recorded CVEs or historical vulnerabilities further supports a positive security assessment.\n\nHowever, there are significant concerns regarding output escaping. With 100% of outputs not being properly escaped, this plugin presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data processed by the plugin and then displayed to users without proper sanitization or escaping could be manipulated by attackers to inject malicious scripts. Additionally, the presence of file operations without further context on their nature is a minor concern, as it could be a vector for vulnerabilities if not handled securely. The lack of nonce and capability checks, while not directly leading to an attack surface in this instance, suggests a potential oversight in fundamental WordPress security practices that could become problematic in more complex scenarios or future updates.\n\nIn conclusion, while the \"hello-dolly-guarana\" plugin excels in preventing common injection and unauthorized access vectors, its complete lack of output escaping is a critical weakness that overshadows its strengths. The plugin is highly susceptible to XSS attacks. Until this is addressed, its overall security is compromised. The absence of historical vulnerabilities is a positive sign, but it cannot negate the immediate and severe risk posed by unescaped output.",[167,170,172,174],{"reason":168,"points":169},"Unescaped output detected",8,{"reason":171,"points":155},"File operations present without context",{"reason":173,"points":46},"Missing nonce checks",{"reason":175,"points":46},"Missing capability checks","2026-03-17T06:16:38.903Z",{"wat":178,"direct":183},{"assetPaths":179,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[],[],[],[],{"cssClasses":184,"htmlComments":185,"htmlAttributes":186,"restEndpoints":187,"jsGlobals":188,"shortcodeOutput":189},[],[],[],[],[],[190,191],"\u003Cdiv id='dolly_guarana'>","\u003C\u002Fdiv>",{"error":193,"url":194,"statusCode":195,"statusMessage":196,"message":196},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhello-dolly-guarana\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":31,"versions":198},[199],{"version":6,"download_url":23,"svn_tag_url":200,"released_at":25,"has_diff":201,"diff_files_changed":202,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":203,"is_current":193},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhello-dolly-guarana\u002Ftags\u002F1.0.1\u002F",false,[],[]]