[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_BbnA0huSV6cGteZwLgMUci_ipUlA3FjEbzZlcyil10":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":5,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":16,"homepage":21,"download_link":22,"security_score":23,"vuln_count":12,"unpatched_count":12,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":57,"fingerprints":108},"hk-button-contact","HK Button Contact","1.1","Huy Kira","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuykiradotnet\u002F","\u003Cp>For more history, see: https:\u002F\u002Fhuykira.net\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n",30,1442,0,"","5.7.15","4.9",[17,18,19,20],"button-contact","button-messages","button-phone","button-zalo","https:\u002F\u002Fhuykira.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhk-button-contact.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":23,"avg_security_score":30,"avg_patch_time_days":10,"trust_score":31,"computed_at":32},"huykiradotnet",6,93,89,"2026-04-04T16:00:35.745Z",[34],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":23,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":12,"unpatched_count":12,"last_vuln_date":24,"fetched_at":56},"button-chat-zalo-report-sw","Contact Zalo Report SW","1.0.0","sonwebtl","https:\u002F\u002Fprofiles.wordpress.org\u002Fsonweb\u002F","\u003Cp>display Chat Zalo ,call mobile,report click from chat zalo,setting change color zalo\u003Cbr \u002F>\nfixed chat zalo location left\u003C\u002Fp>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘Contact Zalo Report SW’\u003C\u002Fli>\n\u003Cli>Activate Button Contact Zalo Report SW from your Plugins page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the ‘Contact Zalo Report’ folder to the ‘\u002Fwp-content\u002Fplugins\u002F’ directory\u003C\u002Fli>\n\u003Cli>Activate the Chat Zalo display plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fsonwebtl\u002FButtonChatZaloReport-SW\u003C\u002Fp>\n","Contact Zalo Report",900,6839,1,"2022-12-31T18:17:00.000Z","6.1.10","5.5","5.6",[20,50,51,52],"call-zalo","chat-zalo","report","https:\u002F\u002Fgithub.com\u002Fsonwebtl\u002FButtonChatZaloReport-SW","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbutton-chat-zalo-report-sw.1.0.0.zip",85,"2026-03-15T15:16:48.613Z",{"attackSurface":58,"codeSignals":78,"taintFlows":101,"riskAssessment":102,"analyzedAt":107},{"hooks":59,"ajaxHandlers":74,"restRoutes":75,"shortcodes":76,"cronEvents":77,"entryPointCount":12,"unprotectedCount":12},[60,66,71],{"type":61,"name":62,"callback":63,"file":64,"line":65},"action","wp_footer","hk_show_button_frontend_function","include\\class.button.php",2,{"type":61,"name":67,"callback":68,"file":69,"line":70},"admin_menu","add_plugin_page","include\\class.hk-contact-button-option.php",5,{"type":61,"name":72,"callback":73,"file":69,"line":29},"admin_init","page_init",[],[],[],[],{"dangerousFunctions":79,"sqlUsage":80,"outputEscaping":82,"fileOperations":12,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":100},[],{"prepared":12,"raw":12,"locations":81},[],{"escaped":83,"rawEcho":84,"locations":85},12,8,[86,89,90,92,94,96,97,99],{"file":64,"line":87,"context":88},7,"raw output",{"file":64,"line":87,"context":88},{"file":64,"line":91,"context":88},10,{"file":64,"line":93,"context":88},13,{"file":64,"line":95,"context":88},14,{"file":64,"line":95,"context":88},{"file":64,"line":98,"context":88},18,{"file":64,"line":98,"context":88},[],[],{"summary":103,"deductions":104},"The \"hk-button-contact\" plugin v1.1 exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface vectors such as AJAX handlers, REST API routes, shortcodes, or cron events is a significant positive. Furthermore, the code signals indicate robust development practices, with no dangerous functions or file operations present, and all SQL queries utilizing prepared statements. The lack of external HTTP requests also minimizes potential risks from compromised external services. However, the analysis does reveal a weakness in output escaping, with 40% of outputs not being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if the unescaped data originates from user input. The vulnerability history is also clean, with no known CVEs, which is a very positive indicator of the plugin's security track record.",[105],{"reason":106,"points":84},"Unescaped output detected","2026-03-16T22:21:42.511Z",{"wat":109,"direct":116},{"assetPaths":110,"generatorPatterns":112,"scriptPaths":113,"versionParams":114},[111],"\u002Fwp-content\u002Fplugins\u002Fhk-button-contact\u002Fcss\u002Fbutton-contact.css",[],[],[115],"hk-button-contact\u002Fcss\u002Fbutton-contact.css?ver=1.0",{"cssClasses":117,"htmlComments":125,"htmlAttributes":126,"restEndpoints":127,"jsGlobals":128,"shortcodeOutput":129},[118,119,120,121,122,123,124],"hk-option-button-contact","button-hk-contact","zalo","phone","messages","hotline-phone-ring-circle","hotline-phone-ring-circle-fill",[],[],[],[],[]]