[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjZbKhFVD2dYC98UXobqTWCTIT5jUEv_aFS-INB0N5-M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":155},"know-co-platform-base","Know – Base","1.0.3","brandonpadula","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandonpadula\u002F","\u003Cp>This plugin provides the base for any Know communication between your website an the Platform. Your custom integrations to communicate securely through this plugin without any additional authentication. Simply include your Platform URL and API key to being!\u003C\u002Fp>\n\u003Cp>Aside from backend functionality, this plugin does nothing other than communicate with the Know Platform. Upon successful installation, custom plugins designed for your website to utilize the Platform will be able to send and receive data.\u003C\u002Fp>\n\u003Cp>You must have a valid Know Platform subscription for this plugin to function properly.\u003C\u002Fp>\n\u003Ch3>Useful hints\u003C\u002Fh3>\n\u003Cp>Use the \u003Ccode>know--target-session\u003C\u002Fcode> shortcode to allow targeted sessions from the platform. Include the following parameters:\u003Cbr \u002F>\n* server – (optional) the URL of your org\u003Cbr \u002F>\n* redirect – where do you want to go once the user is logged in?\u003C\u002Fp>\n","Allow your website to natively communicate with the Know Platform. Utilize the Platform API and integrate with the front end of your business.",10,1072,0,"2025-01-14T02:07:00.000Z","6.7.5","4.6","5.2.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fknow-co-platform-base.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},2,89,30,86,"2026-04-04T15:32:31.970Z",[],{"attackSurface":33,"codeSignals":77,"taintFlows":114,"riskAssessment":141,"analyzedAt":154},{"hooks":34,"ajaxHandlers":51,"restRoutes":62,"shortcodes":63,"cronEvents":72,"entryPointCount":75,"unprotectedCount":76},[35,41,44,48],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","wp_head","know__head","index.php",42,{"type":36,"name":42,"callback":43,"file":39,"line":21},"admin_init","know__register_settings",{"type":36,"name":45,"callback":46,"file":39,"line":47},"admin_menu","know__admin_menu",109,{"type":36,"name":49,"callback":49,"file":39,"line":50},"know_platform__cleanup_cookies",276,[52,56,59],{"action":53,"nopriv":54,"callback":53,"hasNonce":54,"hasCapCheck":54,"file":39,"line":55},"know_platform_communicate",false,219,{"action":57,"nopriv":54,"callback":57,"hasNonce":54,"hasCapCheck":54,"file":39,"line":58},"know_platform_load_login",234,{"action":60,"nopriv":54,"callback":60,"hasNonce":54,"hasCapCheck":54,"file":39,"line":61},"know_platform_process_login",254,[],[64,68],{"tag":65,"callback":66,"file":39,"line":67},"know--logout","know__logout",61,{"tag":69,"callback":70,"file":39,"line":71},"know--target-session","know__target_session",84,[73],{"hook":49,"callback":49,"file":39,"line":74},297,5,3,{"dangerousFunctions":78,"sqlUsage":79,"outputEscaping":95,"fileOperations":112,"externalRequests":26,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":113},[],{"prepared":13,"raw":80,"locations":81},4,[82,86,88,91],{"file":83,"line":84,"context":85},"classes.php",48,"$wpdb->get_row() with variable interpolation",{"file":83,"line":87,"context":85},95,{"file":39,"line":89,"context":90},266,"$wpdb->get_results() with variable interpolation",{"file":92,"line":93,"context":94},"uninstall.php",24,"$wpdb->query() with variable interpolation",{"escaped":96,"rawEcho":97,"locations":98},9,7,[99,102,104,105,106,108,110],{"file":83,"line":100,"context":101},116,"raw output",{"file":83,"line":103,"context":101},188,{"file":83,"line":103,"context":101},{"file":83,"line":103,"context":101},{"file":39,"line":107,"context":101},213,{"file":39,"line":109,"context":101},229,{"file":39,"line":111,"context":101},249,1,[],[115,132],{"entryPoint":116,"graph":117,"unsanitizedCount":112,"severity":131},"know_platform_communicate (index.php:193)",{"nodes":118,"edges":129},[119,124],{"id":120,"type":121,"label":122,"file":39,"line":123},"n0","source","$_POST",209,{"id":125,"type":126,"label":127,"file":39,"line":107,"wp_function":128},"n1","sink","echo() [XSS]","echo",[130],{"from":120,"to":125,"sanitized":54},"medium",{"entryPoint":133,"graph":134,"unsanitizedCount":112,"severity":140},"\u003Cindex> (index.php:0)",{"nodes":135,"edges":138},[136,137],{"id":120,"type":121,"label":122,"file":39,"line":123},{"id":125,"type":126,"label":127,"file":39,"line":107,"wp_function":128},[139],{"from":120,"to":125,"sanitized":54},"low",{"summary":142,"deductions":143},"The \"know-co-platform-base\" plugin v1.0.3 exhibits a mixed security posture. While it has no recorded vulnerability history, indicating past diligence or a lack of discovered issues, the static analysis reveals significant areas of concern. The presence of 3 unprotected AJAX handlers out of a total of 3 entry points is a critical weakness, exposing these functions to unauthenticated access and potential exploitation.  Furthermore, the complete absence of nonce checks and capability checks on these handlers exacerbates the risk, leaving the plugin vulnerable to Cross-Site Request Forgery (CSRF) and unauthorized privilege escalation. The fact that 100% of the SQL queries are not using prepared statements is another major security flaw, opening the door to SQL injection vulnerabilities. While the plugin does not appear to have critical taint flows or dangerous functions, these fundamental security oversights, coupled with a substantial attack surface without proper authentication, present a considerable risk.",[144,146,148,150,152],{"reason":145,"points":11},"Unprotected AJAX handlers",{"reason":147,"points":11},"Missing nonce checks on AJAX",{"reason":149,"points":75},"Missing capability checks",{"reason":151,"points":11},"Raw SQL without prepared statements",{"reason":153,"points":75},"Unsanitized paths in taint flows","2026-03-17T01:35:06.772Z",{"wat":156,"direct":161},{"assetPaths":157,"generatorPatterns":158,"scriptPaths":159,"versionParams":160},[],[],[],[],{"cssClasses":162,"htmlComments":167,"htmlAttributes":168,"restEndpoints":170,"jsGlobals":174,"shortcodeOutput":176},[163,164,165,166],"know--logged-in","know--logged-out","know--container","know--input",[],[169],"data-know-platform",[171,172,173],"\u002Fwp-json\u002Fknow_platform\u002Fv1\u002Fplatform_communicate","\u002Fwp-json\u002Fknow_platform\u002Fv1\u002Fplatform_load_login","\u002Fwp-json\u002Fknow_platform\u002Fv1\u002Fplatform_process_login",[175],"know_platform_object",[177,178],"\u003Cmeta http-equiv=\"refresh\" content=\"0; url=","Please specify a redirect."]