[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY1JgXStegRMdNBTNpT0cJvEbOHG-LRWpPcZmUXX0fP4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":36,"fingerprints":386},"ki-twitter-analytics","KI Twitter Analytics","1.0.4","whassan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhassan\u002F","\u003Cp>KI Twitter Analytics provides users with free analysis of their twitter account inbox, incoming messages, outgoing messages, mentions and other statistics.  The plugin features a network analyzer that digs into details of potential clients, competitors, or followers.\u003C\u002Fp>\n\u003Ch3>Build and grow stronger relationships on Twitter\u003C\u002Fh3>\n\u003Cp>Understand and analyze your audience, know your competitors, learn what engages your community and measure performance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Listening – Understand your audience\u003C\u002Fstrong>\u003Cbr \u002F>\nUncover trends and actionable insights from twitter to inform marketing and brand strategy. “upcoming”\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Analytics – Measure your performance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Drive strategic decision making across the business with rich twitter data and dashboards.\u003C\u002Fp>\n\u003Cp>Understand the twitter level engagement. Inbox message graph.  Profile traffic levels.\u003C\u002Fp>\n\u003Ch3>Who uses KI Twitter Audience Analyzer Plugin\u003C\u002Fh3>\n\u003Cp>\u003Cem>Social Media Managers and Marketers\u003C\u002Fem>\u003Cbr \u002F>\nSpend more time giving your audience what it wants: transparent, authentic and personalized experiences.\u003C\u002Fp>\n\u003Cp>\u003Cem>Customer Care Agents\u003C\u002Fem>\u003Cbr \u002F>\nDeliver the kind of relevant, responsive social care that creates long-term satisfaction and loyalty.\u003C\u002Fp>\n\u003Cp>\u003Cem>Social Analysts\u003C\u002Fem>\u003Cbr \u002F>\nAdd confidence to you business decision by tapping into the world’s largest and most transparent focus group.\u003C\u002Fp>\n\u003Ch3>KI Twitter Audience Features\u003C\u002Fh3>\n\u003Cp>\u003Cem>Competitor Reports\u003C\u002Fem>\u003Cbr \u002F>\nTrack competitor performance across social to benchmark against your own and to identify new opportunities in your industry.\u003C\u002Fp>\n\u003Cp>\u003Cem>Profile Messages Graph\u003C\u002Fem>\u003Cbr \u002F>\nAnalyze twitter performance at the post level to understand what resonates and why.\u003C\u002Fp>\n\u003Cp>\u003Cem>Inbox Messages Graph\u003C\u002Fem>\u003Cbr \u002F>\nAnalyze your inbox messages to keep track of your following needs and questions.\u003C\u002Fp>\n","KI Twitter Analytics provides users with free analysis of their twitter account inbox, incoming messages, outgoing messages, mentions and other statis &hellip;",0,1004,100,2,"2020-07-27T14:29:00.000Z","5.3.21","4.7.0","5.6.0",[20,21,22,23],"tweepsmap","twitter-analytics","twitter-audience","twitter-listening","https:\u002F\u002Fki.social","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fki-twitter-analytics.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T20:59:27.467Z",[],{"attackSurface":37,"codeSignals":81,"taintFlows":231,"riskAssessment":371,"analyzedAt":385},{"hooks":38,"ajaxHandlers":59,"restRoutes":77,"shortcodes":78,"cronEvents":79,"entryPointCount":80,"unprotectedCount":80},[39,45,48,50,53,56],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","plugins_loaded","anonymous","includes\\class-ki_inbox.php",141,{"type":40,"name":46,"callback":42,"file":43,"line":47},"admin_enqueue_scripts",160,{"type":40,"name":46,"callback":42,"file":43,"line":49},161,{"type":40,"name":51,"callback":42,"file":43,"line":52},"init",162,{"type":40,"name":54,"callback":42,"file":43,"line":55},"admin_init",163,{"type":40,"name":57,"callback":42,"file":43,"line":58},"admin_menu",164,[60,64,67,70,72,75],{"action":61,"nopriv":62,"callback":42,"hasNonce":62,"hasCapCheck":62,"file":43,"line":63},"ki_twitter_analytics_login",false,165,{"action":61,"nopriv":65,"callback":42,"hasNonce":62,"hasCapCheck":62,"file":43,"line":66},true,166,{"action":68,"nopriv":62,"callback":42,"hasNonce":62,"hasCapCheck":62,"file":43,"line":69},"ki_twitter_analytics_get_twitter_data",167,{"action":68,"nopriv":65,"callback":42,"hasNonce":62,"hasCapCheck":62,"file":43,"line":71},168,{"action":73,"nopriv":62,"callback":42,"hasNonce":62,"hasCapCheck":62,"file":43,"line":74},"ki_twitter_analytics_follow",169,{"action":73,"nopriv":65,"callback":42,"hasNonce":62,"hasCapCheck":62,"file":43,"line":76},170,[],[],[],6,{"dangerousFunctions":82,"sqlUsage":83,"outputEscaping":103,"fileOperations":229,"externalRequests":31,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":230},[],{"prepared":84,"raw":85,"locations":86},23,7,[87,91,95,97,99,100,101],{"file":88,"line":89,"context":90},"admin\\partials\\ki_inbox-admin-following.php",50,"$wpdb->get_results() with variable interpolation",{"file":92,"line":93,"context":94},"includes\\class-ki_inbox-activator.php",39,"$wpdb->get_var() with variable interpolation",{"file":92,"line":96,"context":94},57,{"file":92,"line":98,"context":94},71,{"file":92,"line":26,"context":94},{"file":92,"line":13,"context":94},{"file":92,"line":102,"context":94},109,{"escaped":104,"rawEcho":105,"locations":106},317,63,[107,111,113,115,118,120,122,124,126,128,131,132,134,135,136,137,138,139,142,144,147,149,151,152,154,156,158,160,162,164,166,168,170,172,174,176,178,179,181,183,185,187,189,191,193,195,197,199,201,203,204,206,208,210,212,214,215,217,219,220,222,225,226],{"file":108,"line":109,"context":110},"admin\\class-ki_inbox-admin.php",282,"raw output",{"file":108,"line":112,"context":110},309,{"file":108,"line":114,"context":110},424,{"file":116,"line":117,"context":110},"admin\\partials\\inc\\ki_inbox-admin-com-listing.php",65,{"file":116,"line":119,"context":110},76,{"file":116,"line":121,"context":110},91,{"file":116,"line":123,"context":110},117,{"file":116,"line":125,"context":110},128,{"file":116,"line":127,"context":110},143,{"file":129,"line":130,"context":110},"admin\\partials\\inc\\ki_inbox-admin-header.php",80,{"file":129,"line":26,"context":110},{"file":133,"line":117,"context":110},"admin\\partials\\ki_inbox-admin-com-listing.php",{"file":133,"line":119,"context":110},{"file":133,"line":121,"context":110},{"file":133,"line":123,"context":110},{"file":133,"line":125,"context":110},{"file":133,"line":127,"context":110},{"file":140,"line":141,"context":110},"admin\\partials\\ki_inbox-admin-competition.php",78,{"file":140,"line":143,"context":110},177,{"file":145,"line":146,"context":110},"admin\\partials\\ki_inbox-admin-display.php",86,{"file":145,"line":148,"context":110},95,{"file":145,"line":150,"context":110},131,{"file":145,"line":127,"context":110},{"file":145,"line":153,"context":110},155,{"file":145,"line":155,"context":110},159,{"file":145,"line":157,"context":110},179,{"file":145,"line":159,"context":110},218,{"file":145,"line":161,"context":110},222,{"file":145,"line":163,"context":110},225,{"file":145,"line":165,"context":110},228,{"file":145,"line":167,"context":110},230,{"file":145,"line":169,"context":110},233,{"file":145,"line":171,"context":110},238,{"file":173,"line":148,"context":110},"admin\\partials\\ki_inbox-admin-followers.php",{"file":173,"line":175,"context":110},99,{"file":173,"line":177,"context":110},108,{"file":173,"line":102,"context":110},{"file":173,"line":180,"context":110},118,{"file":173,"line":182,"context":110},119,{"file":173,"line":184,"context":110},120,{"file":173,"line":186,"context":110},121,{"file":173,"line":188,"context":110},122,{"file":173,"line":190,"context":110},138,{"file":173,"line":192,"context":110},139,{"file":173,"line":194,"context":110},140,{"file":88,"line":196,"context":110},93,{"file":88,"line":198,"context":110},106,{"file":88,"line":200,"context":110},112,{"file":88,"line":202,"context":110},127,{"file":88,"line":192,"context":110},{"file":88,"line":205,"context":110},144,{"file":88,"line":207,"context":110},145,{"file":88,"line":209,"context":110},146,{"file":88,"line":211,"context":110},147,{"file":88,"line":213,"context":110},148,{"file":88,"line":69,"context":110},{"file":88,"line":216,"context":110},171,{"file":88,"line":218,"context":110},174,{"file":88,"line":143,"context":110},{"file":221,"line":130,"context":110},"admin\\partials\\ki_inbox-admin-header.php",{"file":223,"line":224,"context":110},"admin\\partials\\ki_inbox-admin-stream.php",33,{"file":223,"line":224,"context":110},{"file":227,"line":228,"context":110},"admin\\partials\\ki_inbox-admin-switch-account.php",43,3,[],[232,248,264,277,287,295,331,355],{"entryPoint":233,"graph":234,"unsanitizedCount":14,"severity":247},"ki_include_menu (admin\\class-ki_inbox-admin.php:135)",{"nodes":235,"edges":245},[236,240],{"id":237,"type":238,"label":239,"file":108,"line":205},"n0","source","$_SERVER['REQUEST_URI'] (x2)",{"id":241,"type":242,"label":243,"file":108,"line":205,"wp_function":244},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[246],{"from":237,"to":241,"sanitized":62},"medium",{"entryPoint":249,"graph":250,"unsanitizedCount":229,"severity":247},"\u003Cclass-ki_inbox-admin> (admin\\class-ki_inbox-admin.php:0)",{"nodes":251,"edges":261},[252,253,254,258],{"id":237,"type":238,"label":239,"file":108,"line":205},{"id":241,"type":242,"label":243,"file":108,"line":205,"wp_function":244},{"id":255,"type":238,"label":256,"file":108,"line":257},"n2","$_GET",94,{"id":259,"type":242,"label":243,"file":108,"line":260,"wp_function":244},"n3",267,[262,263],{"from":237,"to":241,"sanitized":62},{"from":255,"to":259,"sanitized":62},{"entryPoint":265,"graph":266,"unsanitizedCount":11,"severity":276},"\u003Cki_inbox-admin-header> (admin\\partials\\inc\\ki_inbox-admin-header.php:0)",{"nodes":267,"edges":274},[268,270],{"id":237,"type":238,"label":256,"file":129,"line":269},18,{"id":241,"type":242,"label":271,"file":129,"line":272,"wp_function":273},"echo() [XSS]",54,"echo",[275],{"from":237,"to":241,"sanitized":65},"low",{"entryPoint":278,"graph":279,"unsanitizedCount":31,"severity":276},"\u003Cki_inbox-admin-competition> (admin\\partials\\ki_inbox-admin-competition.php:0)",{"nodes":280,"edges":285},[281,284],{"id":237,"type":238,"label":282,"file":140,"line":283},"$_POST",77,{"id":241,"type":242,"label":271,"file":140,"line":141,"wp_function":273},[286],{"from":237,"to":241,"sanitized":62},{"entryPoint":288,"graph":289,"unsanitizedCount":11,"severity":276},"\u003Cki_inbox-admin-header> (admin\\partials\\ki_inbox-admin-header.php:0)",{"nodes":290,"edges":293},[291,292],{"id":237,"type":238,"label":256,"file":221,"line":269},{"id":241,"type":242,"label":271,"file":221,"line":272,"wp_function":273},[294],{"from":237,"to":241,"sanitized":65},{"entryPoint":296,"graph":297,"unsanitizedCount":329,"severity":330},"\u003Cki_inbox-admin-display> (admin\\partials\\ki_inbox-admin-display.php:0)",{"nodes":298,"edges":324},[299,302,306,309,311,314,318,322],{"id":237,"type":238,"label":300,"file":145,"line":301},"$_POST['ki_twitter_consumer_key'] (x2)",60,{"id":241,"type":242,"label":303,"file":145,"line":304,"wp_function":305},"query() [SQLi]",66,"query",{"id":255,"type":238,"label":307,"file":145,"line":308},"$_POST['ki_twitter_consumer_secret']",61,{"id":259,"type":242,"label":303,"file":145,"line":310,"wp_function":305},81,{"id":312,"type":238,"label":313,"file":145,"line":177},"n4","$_POST['ki_twitter_access_token']",{"id":315,"type":242,"label":316,"file":145,"line":177,"wp_function":317},"n5","update_option() [Settings Manipulation]","update_option",{"id":319,"type":238,"label":320,"file":145,"line":321},"n6","$_POST['ki_twitter_access_token_secret']",111,{"id":323,"type":242,"label":316,"file":145,"line":321,"wp_function":317},"n7",[325,326,327,328],{"from":237,"to":241,"sanitized":62},{"from":255,"to":259,"sanitized":62},{"from":312,"to":315,"sanitized":62},{"from":319,"to":323,"sanitized":62},5,"high",{"entryPoint":332,"graph":333,"unsanitizedCount":14,"severity":330},"\u003Cki_inbox-admin-followers> (admin\\partials\\ki_inbox-admin-followers.php:0)",{"nodes":334,"edges":350},[335,338,341,342,343,345,346,349],{"id":237,"type":238,"label":336,"file":173,"line":337},"$_REQUEST",82,{"id":241,"type":242,"label":339,"file":173,"line":26,"wp_function":340},"get_results() [SQLi]","get_results",{"id":255,"type":238,"label":282,"file":173,"line":196},{"id":259,"type":242,"label":271,"file":173,"line":148,"wp_function":273},{"id":312,"type":238,"label":344,"file":173,"line":177},"$_REQUEST['s']",{"id":315,"type":242,"label":271,"file":173,"line":177,"wp_function":273},{"id":319,"type":238,"label":347,"file":173,"line":348},"$_SERVER['REQUEST_URI']",152,{"id":323,"type":242,"label":271,"file":173,"line":348,"wp_function":273},[351,352,353,354],{"from":237,"to":241,"sanitized":62},{"from":255,"to":259,"sanitized":62},{"from":312,"to":315,"sanitized":65},{"from":319,"to":323,"sanitized":65},{"entryPoint":356,"graph":357,"unsanitizedCount":14,"severity":330},"\u003Cki_inbox-admin-following> (admin\\partials\\ki_inbox-admin-following.php:0)",{"nodes":358,"edges":367},[359,361,362,363,364,366],{"id":237,"type":238,"label":256,"file":88,"line":360},79,{"id":241,"type":242,"label":339,"file":88,"line":337,"wp_function":340},{"id":255,"type":238,"label":282,"file":88,"line":121},{"id":259,"type":242,"label":271,"file":88,"line":196,"wp_function":273},{"id":312,"type":238,"label":344,"file":88,"line":365},123,{"id":315,"type":242,"label":271,"file":88,"line":365,"wp_function":273},[368,369,370],{"from":237,"to":241,"sanitized":62},{"from":255,"to":259,"sanitized":62},{"from":312,"to":315,"sanitized":65},{"summary":372,"deductions":373},"The 'ki-twitter-analytics' v1.0.4 plugin presents a significant security risk due to a large number of unprotected AJAX endpoints. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, the complete absence of authentication and capability checks on all identified AJAX handlers leaves these entry points vulnerable to unauthorized access and potential abuse. The taint analysis further highlights this concern, revealing multiple flows with unsanitized paths, including three of high severity. This suggests that user-supplied data may be processed in ways that could lead to exploitation, even without direct SQL injection vulnerabilities.  The plugin's history of zero known vulnerabilities is a positive sign, indicating a lack of previously discovered critical flaws and potentially suggesting careful development. However, this clean history should not overshadow the current, evident weaknesses identified in the static analysis. The overall security posture is concerning due to the direct exposure of AJAX endpoints, and immediate attention is required to implement proper authentication and authorization mechanisms.",[374,377,380,383],{"reason":375,"points":376},"Unprotected AJAX handlers",20,{"reason":378,"points":379},"High severity unsanitized taint flows",15,{"reason":381,"points":382},"Missing nonce checks on AJAX",10,{"reason":384,"points":382},"Missing capability checks","2026-03-17T06:21:23.062Z",{"wat":387,"direct":400},{"assetPaths":388,"generatorPatterns":392,"scriptPaths":393,"versionParams":395},[389,390,391],"\u002Fwp-content\u002Fplugins\u002Fki-twitter-analytics\u002Fadmin\u002Fcss\u002Fki_inbox-admin.css","\u002Fwp-content\u002Fplugins\u002Fki-twitter-analytics\u002Fadmin\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fki-twitter-analytics\u002Fadmin\u002Fcss\u002Fbootstrap.min.css",[],[394],"\u002Fwp-content\u002Fplugins\u002Fki-twitter-analytics\u002Fadmin\u002Fjs\u002FChart.min.js",[396,397,398,399],"ki-twitter-analytics\u002Fadmin\u002Fcss\u002Fki_inbox-admin.css?ver=","ki-twitter-analytics\u002Fadmin\u002Fcss\u002Ffont-awesome.min.css?ver=","ki-twitter-analytics\u002Fadmin\u002Fcss\u002Fbootstrap.min.css?ver=","ki-twitter-analytics\u002Fadmin\u002Fjs\u002FChart.min.js?ver=",{"cssClasses":401,"htmlComments":403,"htmlAttributes":404,"restEndpoints":410,"jsGlobals":411,"shortcodeOutput":413},[402],"bootstrap-twitter",[],[405,406,407,408,409],"data-twitter-screen-name","data-twitter-id","data-twitter-name","data-twitter-url","data-twitter-profile-image-url",[],[412],"ki",[414,415,416,417],"[ki_twitter_analytics]","[ki_twitter_analytics_followers]","[ki_twitter_analytics_following]","[ki_twitter_analytics_user]"]