[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frbjwPOwCuNbO9uUlslHGnPOTBtN1M5g2OPDkc1Q5508":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":16,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":91},"invoice-frontend-quip","Quip Invoice Frontend Extension","1","Scriptonite","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptonite\u002F","\u003Cp>Display Quip invoices on your frontpage for clients in a page or post. Any feature ideas please let me know.\u003C\u002Fp>\n","Dispaly Quip invoices on your frontpage for clients in a page or post.",0,1087,"","4.8.28","3.0",[17,18],"invoices-frontend","quip-invoices","http:\u002F\u002Fwww.whereyoursolutionis.com\u002Frss-fix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvoice-frontend-quip.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"scriptonite",3,20,95,30,91,"2026-04-05T17:05:56.067Z",[],{"attackSurface":35,"codeSignals":51,"taintFlows":76,"riskAssessment":77,"analyzedAt":90},{"hooks":36,"ajaxHandlers":37,"restRoutes":38,"shortcodes":39,"cronEvents":49,"entryPointCount":50,"unprotectedCount":11},[],[],[],[40,45],{"tag":41,"callback":42,"file":43,"line":44},"quip-invoices-page","show_quip_invoices","frontend-quip.php",12,{"tag":46,"callback":47,"file":43,"line":48},"quip-quotes-page","show_quip_quotes",13,[],2,{"dangerousFunctions":52,"sqlUsage":53,"outputEscaping":68,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":75},[],{"prepared":11,"raw":54,"locations":55},5,[56,59,62,64,66],{"file":43,"line":57,"context":58},31,"$wpdb->get_var() with variable interpolation",{"file":43,"line":60,"context":61},38,"$wpdb->get_results() with variable interpolation",{"file":43,"line":63,"context":58},46,{"file":43,"line":65,"context":58},74,{"file":43,"line":67,"context":61},81,{"escaped":11,"rawEcho":50,"locations":69},[70,73],{"file":43,"line":71,"context":72},55,"raw output",{"file":43,"line":74,"context":72},90,[],[],{"summary":78,"deductions":79},"The \"invoice-frontend-quip\" plugin version 1 exhibits a concerning security posture due to significant weaknesses in its handling of database queries and output sanitization.  While the static analysis reports no critical or high severity taint flows and no known CVEs, the absence of prepared statements for all SQL queries and the complete lack of output escaping present substantial risks.\n\nThis indicates that any user-supplied data that finds its way into the SQL queries or is directly outputted without sanitization could lead to SQL injection or cross-site scripting (XSS) vulnerabilities, respectively. The 0% usage of prepared statements is particularly worrying as it means all database interactions are potentially vulnerable. The 0% properly escaped output further exacerbates this, making XSS a high probability.\n\nWhile the plugin has no recorded vulnerability history, this does not equate to security. The underlying code practices suggest a high potential for undiscovered vulnerabilities. The small attack surface (2 shortcodes) and the absence of AJAX\u002FREST API endpoints are positive aspects, but they do not mitigate the fundamental flaws in secure data handling. Overall, the plugin has significant security concerns that require immediate attention, despite the lack of reported CVEs.",[80,83,86,88],{"reason":81,"points":82},"Raw SQL queries without prepared statements",15,{"reason":84,"points":85},"Output not properly escaped",10,{"reason":87,"points":54},"No nonce checks implemented",{"reason":89,"points":54},"No capability checks implemented","2026-03-17T05:49:34.809Z",{"wat":92,"direct":97},{"assetPaths":93,"generatorPatterns":94,"scriptPaths":95,"versionParams":96},[],[],[],[],{"cssClasses":98,"htmlComments":99,"htmlAttributes":100,"restEndpoints":101,"jsGlobals":102,"shortcodeOutput":103},[],[],[],[],[],[104,105,106,106,106,107,108,109,110,111,112,113],"\u003Ctable>\u003Ctr>\u003Cth>Invoice Number\u003C\u002Fth>\u003Cth>Date\u003C\u002Fth>\u003Cth>Status\u003C\u002Fth>\u003Cth>Total\u003C\u002Fth>\u003Cth>\u003C\u002Fth>\u003C\u002Ftr>","\u003Ctr>\u003Ctd>","\u003C\u002Ftd>\u003Ctd>","\u003C\u002Ftd>\u003Ctd>\u003Ca href=\"","?qinvoice=","\" target=\"_blank\">View\u003C\u002Fa>\u003C\u002Ftd>","\u003C\u002Ftable>","\u003Ctable>\u003Ctr>\u003Ctd>No invoices found\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftable>","\u003Ctable>\u003Ctr>\u003Cth>Quote Number\u003C\u002Fth>\u003Cth>Date\u003C\u002Fth>\u003Cth>Total\u003C\u002Fth>\u003Cth>\u003C\u002Fth>\u003C\u002Ftr>","\u003Ctable>\u003Ctr>\u003Ctd>No quotes found\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftable>"]