[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRyY1pcZMmx2Qww-Tlfcy1NSFge41yQ8qCfn2lR4KlOA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":148},"hw-create-widget-content-template","HW Create Widget Content Template","1.0","HOANG WEB","https:\u002F\u002Fprofiles.wordpress.org\u002Fhoangweb\u002F","\u003Cp>A PHP class allow you to create your widget content template\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>read document.chm file to learn about how to create template for your widget content.\u003C\u002Fp>\n","Create template for your widget content",10,1261,0,"2015-09-30T01:30:00.000Z","1.0.0","",[18,19],"widget-skin","widget-template","http:\u002F\u002Fhoangweb.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhw-create-widget-content-template.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"hoangweb",5,140,30,84,"2026-04-05T05:07:55.812Z",[],{"attackSurface":35,"codeSignals":70,"taintFlows":90,"riskAssessment":131,"analyzedAt":147},{"hooks":36,"ajaxHandlers":59,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":69,"unprotectedCount":13},[37,43,49,54],{"type":38,"name":39,"callback":40,"file":41,"line":42},"filter","hw_skin_data","_hw_skin_data_filter","APF_Fields\\hw_skin_FieldType.php",159,{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","activated_plugin","_hwskin_move_at_first_when_activation","functions.php",39,{"type":44,"name":50,"callback":51,"priority":30,"file":52,"line":53},"admin_enqueue_scripts","_admin_enqueue_styles_scripts","hw-skin.php",154,{"type":38,"name":55,"callback":56,"file":57,"line":58},"renderOptionField","_renderOptionField","includes\\hw_skin_options.php",35,[60],{"action":61,"nopriv":62,"callback":63,"hasNonce":64,"hasCapCheck":62,"file":52,"line":65},"hw_skin_choose_skin_evt",false,"_hw_skin_choose_skin_js_evt",true,156,[],[],[],1,{"dangerousFunctions":71,"sqlUsage":76,"outputEscaping":78,"fileOperations":13,"externalRequests":13,"nonceChecks":69,"capabilityChecks":13,"bundledLibraries":89},[72],{"fn":73,"file":52,"line":74,"context":75},"unserialize",310,"if(is_string($config)) $config = @unserialize(base64_decode($config));",{"prepared":13,"raw":13,"locations":77},[],{"escaped":79,"rawEcho":80,"locations":81},9,3,[82,85,87],{"file":52,"line":83,"context":84},599,"raw output",{"file":52,"line":86,"context":84},1470,{"file":52,"line":88,"context":84},1734,[],[91,108,116],{"entryPoint":92,"graph":93,"unsanitizedCount":13,"severity":107},"_hw_skin_choose_skin_js_evt (hw-skin.php:675)",{"nodes":94,"edges":105},[95,100],{"id":96,"type":97,"label":98,"file":52,"line":99},"n0","source","$_SERVER['HTTP_REFERER']",688,{"id":101,"type":102,"label":103,"file":52,"line":99,"wp_function":104},"n1","sink","header() [Header Injection]","header",[106],{"from":96,"to":101,"sanitized":64},"low",{"entryPoint":109,"graph":110,"unsanitizedCount":13,"severity":107},"\u003Chw-skin> (hw-skin.php:0)",{"nodes":111,"edges":114},[112,113],{"id":96,"type":97,"label":98,"file":52,"line":99},{"id":101,"type":102,"label":103,"file":52,"line":99,"wp_function":104},[115],{"from":96,"to":101,"sanitized":64},{"entryPoint":117,"graph":118,"unsanitizedCount":129,"severity":130},"apply_skin_data (hw-skin.php:363)",{"nodes":119,"edges":127},[120,123],{"id":96,"type":97,"label":121,"file":52,"line":122},"$_callback (x2)",363,{"id":101,"type":102,"label":124,"file":52,"line":125,"wp_function":126},"call_user_func() [RCE]",395,"call_user_func",[128],{"from":96,"to":101,"sanitized":62},2,"high",{"summary":132,"deductions":133},"The hw-create-widget-content-template v1.0 plugin exhibits a generally good security posture with some notable concerns.  The plugin's attack surface is very small and appears to be protected by a nonce check.  It also correctly uses prepared statements for all SQL queries and has a reasonable percentage of properly escaped output.  However, the presence of the `unserialize` function is a significant risk, especially when coupled with a flow identified as having an unsanitized path and a high severity taint flow. This combination could allow for remote code execution if an attacker can control the data being unserialized.  The plugin's history of zero known vulnerabilities is positive, suggesting it has been developed with security in mind or has not yet been a target. Nevertheless, the critical code signals identified in the static analysis warrant careful attention.",[134,137,140,143,145],{"reason":135,"points":136},"Dangerous function unserialize detected",15,{"reason":138,"points":139},"High severity taint flow detected",12,{"reason":141,"points":142},"Flow with unsanitized path detected",8,{"reason":144,"points":80},"Output escaping not fully implemented",{"reason":146,"points":28},"Capability checks are missing","2026-03-17T00:25:43.463Z",{"wat":149,"direct":158},{"assetPaths":150,"generatorPatterns":153,"scriptPaths":154,"versionParams":155},[151,152],"\u002Fwp-content\u002Fplugins\u002Fhw-create-widget-content-template\u002Fassets\u002Fcss\u002Fhw-skin.css","\u002Fwp-content\u002Fplugins\u002Fhw-create-widget-content-template\u002Fassets\u002Fjs\u002Fhw-skin.js",[],[152],[156,157],"hw-skin.css?ver=","hw-skin.js?ver=",{"cssClasses":159,"htmlComments":161,"htmlAttributes":164,"restEndpoints":166,"jsGlobals":167,"shortcodeOutput":170},[160],"hw-skin-content",[162,163],"\u003C!-- HW_SKIN Class created by hoangweb.com -->","\u003C!-- note: create default skin located in plugin folder by \u002Fskins\u002Fdefault -->",[165],"data-hwskin-widget",[],[168,169],"HW_SKIN_OPTIONS","hw_skin_obj",[]]