[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqDvgHoFU874YRB99U7hWPn3p9TGM_9BtYws14td81H4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":38,"fingerprints":93},"horizontal-slider-for-your-tweets","Horizontal Slider for your tweets","1.0","Kiran Patil","https:\u002F\u002Fprofiles.wordpress.org\u002Fkiranpatil353\u002F","\u003Cp>Manage your tweets in a horizontal slider, like a widget using shortcode “[‘tphs-slider’]”.\u003C\u002Fp>\n","Custom Slider for Twitter feeds using twitter api 1.1, one at a time horizontal in a bubble using shortcode \"tphs-slider\".",10,1348,0,"2016-06-03T07:14:00.000Z","4.5.33","3.0.1","",[19,20,21,22,23],"tweets-one-at-time","twitter-api-post-slider","twitter-feed-slider","twitter-horizontal-slider","twitter-post-slider","http:\u002F\u002Fclariontechnologies.co.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhorizontal-slider-for-your-tweets.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"kiranpatil353",5,150,30,84,"2026-04-04T03:59:32.583Z",[],{"attackSurface":39,"codeSignals":63,"taintFlows":80,"riskAssessment":81,"analyzedAt":92},{"hooks":40,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":61,"entryPointCount":62,"unprotectedCount":13},[41,47,52],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","admin_init","hsfyt_slider_load_scripts","index.php",25,{"type":42,"name":48,"callback":49,"file":50,"line":51},"admin_menu","hsfyt_menu","settings-page-slider.php",4,{"type":42,"name":43,"callback":53,"file":50,"line":32},"hsfyt_register_settings",[],[],[57],{"tag":58,"callback":59,"file":45,"line":60},"tphs-slider","hsfyt_slider_shortcode",34,[],1,{"dangerousFunctions":64,"sqlUsage":65,"outputEscaping":67,"fileOperations":62,"externalRequests":62,"nonceChecks":78,"capabilityChecks":78,"bundledLibraries":79},[],{"prepared":13,"raw":13,"locations":66},[],{"escaped":32,"rawEcho":51,"locations":68},[69,72,74,76],{"file":45,"line":70,"context":71},52,"raw output",{"file":45,"line":73,"context":71},61,{"file":50,"line":75,"context":71},45,{"file":50,"line":77,"context":71},46,2,[],[],{"summary":82,"deductions":83},"The \"horizontal-slider-for-your-tweets\" plugin v1.0 presents a mixed security posture.  On the positive side, the absence of known CVEs and a clean taint analysis indicate a lack of previously discovered critical vulnerabilities and no immediate evidence of malicious data flows. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks for its limited entry points.  \n\nHowever, there are notable areas of concern. A significant portion of its output (44%) is not properly escaped, creating a risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these outputs. The presence of file operations and external HTTP requests, without clear indications of sanitization or validation in the provided static analysis, could also be potential attack vectors. While the attack surface is small and appears to have authentication checks, the unescaped output remains the most prominent immediate risk.\n\nThe plugin's vulnerability history, or lack thereof, is a positive indicator but should not be solely relied upon for ongoing security. The overall conclusion is that the plugin has a relatively low immediate risk profile due to the absence of severe code signals and known CVEs. Nevertheless, the unescaped output is a tangible weakness that warrants attention to prevent potential XSS attacks.",[84,87,90],{"reason":85,"points":86},"Unescaped output detected",8,{"reason":88,"points":89},"Presence of file operations",3,{"reason":91,"points":89},"Presence of external HTTP requests","2026-03-17T00:38:34.596Z",{"wat":94,"direct":102},{"assetPaths":95,"generatorPatterns":98,"scriptPaths":99,"versionParams":100},[96,97],"\u002Fwp-content\u002Fplugins\u002Fhorizontal-slider-for-your-tweets\u002Fcss\u002Fhsfyt-style.css","\u002Fwp-content\u002Fplugins\u002Fhorizontal-slider-for-your-tweets\u002Fjs\u002Fhsfyt_script.js",[],[97],[101],"hsfyt_js=1.0",{"cssClasses":103,"htmlComments":108,"htmlAttributes":109,"restEndpoints":110,"jsGlobals":111,"shortcodeOutput":112},[104,105,106,107],"twitter-bubble","slide","btn-bar","buttons",[],[],[],[],[113,114,115,116,117,118,119,120,121,122,118,118,118],"\u003Cdiv class=\"twitter-bubble\">","\u003Cdiv id=\"slides\">","\u003Cul>","\u003Cli class=\"slide\">","\u003C\u002Ful>","\u003C\u002Fdiv>","\u003Cdiv class=\"btn-bar\">","\u003Cdiv id=\"buttons\">","\u003Ca id=\"prev\" href=\"#\">&lt;\u003C\u002Fa>","\u003Ca id=\"next\" href=\"#\">&gt;\u003C\u002Fa>"]