[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-2kSu-hR-GvfCwMh-T_WT9PUDWaPhd33OtMrFqDvE6I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":19,"download_link":20,"security_score":13,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":324},"kopa-forceful-toolkit","Kopa Forcefull Toolkit","1.0.0","kopatheme","https:\u002F\u002Fprofiles.wordpress.org\u002Fkopatheme\u002F","\u003Cp>A plugin to generate shortcodes, add specific widgets and allow user rate the posts.\u003Cbr \u002F>\n– add weather widget to the site\u003Cbr \u002F>\n– register several useful shortcodes that you can add to your posts and pages.\u003Cbr \u002F>\n– create voting box in single posts\u003Cbr \u002F>\nNote: Specific use in Forcefull light Theme\u003C\u002Fp>\n","A plugin to generate shortcodes, add specific widgets and allow user rate the posts.",20,14244,100,1,"","3.9.40","3.8",[],"http:\u002F\u002Fkopatheme.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkopa-forceful-toolkit.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},4,240,93,30,89,"2026-04-05T03:00:45.970Z",[],{"attackSurface":34,"codeSignals":190,"taintFlows":278,"riskAssessment":315,"analyzedAt":323},{"hooks":35,"ajaxHandlers":93,"restRoutes":102,"shortcodes":103,"cronEvents":188,"entryPointCount":189,"unprotectedCount":21},[36,42,46,50,55,59,64,68,72,76,80,84,88],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","wp_enqueue_scripts","kopa_forceful_plugin_enqueue_scripts","kopa-enqueue.php",6,{"type":37,"name":43,"callback":44,"priority":45,"file":40,"line":11},"admin_enqueue_scripts","kopa_forceful_plugin_admin_scripts",10,{"type":37,"name":47,"callback":48,"file":49,"line":11},"plugin_loaded","kopa_forceful_toolkit_init","kopa-forceful-toolkit.php",{"type":37,"name":51,"callback":52,"file":53,"line":54},"add_meta_boxes","kopa_post_rating_meta_box_add","kopa-post-rating.php",26,{"type":37,"name":56,"callback":57,"file":53,"line":58},"save_post","kopa_save_post_rating_data",75,{"type":60,"name":61,"callback":62,"file":53,"line":63},"filter","the_content","kopa_show_rating",383,{"type":60,"name":65,"callback":66,"priority":45,"file":53,"line":67},"kopa_icon_get_icon","forceful_plugin_kopa_icon_get_icon",386,{"type":37,"name":69,"callback":70,"file":71,"line":26},"admin_head","kopa_shortcodes_globals_js","kopa-shortcodes.php",{"type":37,"name":73,"callback":74,"file":71,"line":75},"plugins_loaded","kopa_plugin_init",19,{"type":37,"name":77,"callback":78,"file":71,"line":79},"init","kopa_shortcode_add_button",521,{"type":60,"name":81,"callback":82,"file":71,"line":83},"mce_external_plugins","kopa_add_plugin",525,{"type":60,"name":85,"callback":86,"file":71,"line":87},"mce_buttons_3","kopa_register_button",526,{"type":37,"name":89,"callback":90,"file":91,"line":92},"widgets_init","kopa_widgets_plugin_init","kopa-widgets.php",2,[94,100],{"action":95,"nopriv":96,"callback":97,"hasNonce":98,"hasCapCheck":96,"file":53,"line":99},"kopa_set_user_rating",false,"kopa_ajax_set_user_rating",true,170,{"action":95,"nopriv":98,"callback":97,"hasNonce":98,"hasCapCheck":96,"file":53,"line":101},171,[],[104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"tag":105,"callback":106,"file":71,"line":107},"gallery","kopa_gallery_shortcode",27,{"tag":109,"callback":110,"file":71,"line":111},"one_half","kopa_shortcode_one_half",60,{"tag":113,"callback":114,"file":71,"line":115},"one_third","kopa_shortcode_one_third",77,{"tag":117,"callback":118,"file":71,"line":119},"two_third","kopa_shortcode_two_third",92,{"tag":121,"callback":122,"file":71,"line":123},"one_fourth","kopa_shortcode_one_fourth",109,{"tag":125,"callback":126,"file":71,"line":127},"three_fourth","kopa_shortcode_three_fourth",126,{"tag":129,"callback":130,"file":71,"line":131},"tabs","kopa_shortcode_tabs",143,{"tag":133,"callback":134,"file":71,"line":135},"accordions","kopa_shortcode_accordions",173,{"tag":137,"callback":138,"file":71,"line":139},"accordion","kopa_shortcode_accordion",182,{"tag":141,"callback":142,"file":71,"line":143},"toggles","kopa_shortcode_toggles",198,{"tag":145,"callback":146,"file":71,"line":147},"toggle","kopa_shortcode_toggle",210,{"tag":149,"callback":150,"file":71,"line":151},"dropcaps","kopa_shortcode_dropcaps",229,{"tag":153,"callback":154,"file":71,"line":155},"button","kopa_shortcode_button",238,{"tag":157,"callback":158,"file":71,"line":159},"alert","kopa_shortcode_alert",265,{"tag":161,"callback":162,"file":71,"line":163},"contact_form","kopa_shortcode_contact_form",289,{"tag":165,"callback":166,"file":71,"line":167},"posts","kopa_shortcode_posts",341,{"tag":169,"callback":170,"file":71,"line":171},"youtube","kopa_shortcode_youtube",451,{"tag":173,"callback":174,"file":71,"line":175},"vimeo","kopa_shortcode_vimeo",467,{"tag":177,"callback":178,"file":71,"line":179},"google_map","kopa_shortcode_google_map",482,{"tag":181,"callback":182,"file":71,"line":183},"audio","kopa_shortcode_audio",497,{"tag":185,"callback":186,"file":71,"line":187},"soundcloud","kopa_shortcode_soundcloud",509,[],23,{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":194,"fileOperations":21,"externalRequests":276,"nonceChecks":92,"capabilityChecks":92,"bundledLibraries":277},[],{"prepared":21,"raw":21,"locations":193},[],{"escaped":195,"rawEcho":196,"locations":197},7,46,[198,201,202,203,204,206,208,210,212,214,216,218,220,222,224,226,227,229,230,232,234,235,237,239,240,242,244,246,248,250,251,252,254,256,257,258,260,262,263,265,266,268,270,271,273,275],{"file":53,"line":199,"context":200},44,"raw output",{"file":53,"line":199,"context":200},{"file":53,"line":196,"context":200},{"file":53,"line":196,"context":200},{"file":53,"line":205,"context":200},47,{"file":53,"line":207,"context":200},53,{"file":53,"line":209,"context":200},54,{"file":53,"line":211,"context":200},257,{"file":53,"line":213,"context":200},264,{"file":71,"line":215,"context":200},9,{"file":91,"line":217,"context":200},323,{"file":91,"line":219,"context":200},324,{"file":91,"line":221,"context":200},325,{"file":91,"line":223,"context":200},352,{"file":91,"line":225,"context":200},353,{"file":91,"line":225,"context":200},{"file":91,"line":228,"context":200},354,{"file":91,"line":228,"context":200},{"file":91,"line":231,"context":200},358,{"file":91,"line":233,"context":200},359,{"file":91,"line":233,"context":200},{"file":91,"line":236,"context":200},369,{"file":91,"line":238,"context":200},370,{"file":91,"line":238,"context":200},{"file":91,"line":241,"context":200},676,{"file":91,"line":243,"context":200},677,{"file":91,"line":245,"context":200},678,{"file":91,"line":247,"context":200},703,{"file":91,"line":249,"context":200},707,{"file":91,"line":249,"context":200},{"file":91,"line":249,"context":200},{"file":91,"line":253,"context":200},711,{"file":91,"line":255,"context":200},712,{"file":91,"line":255,"context":200},{"file":91,"line":255,"context":200},{"file":91,"line":259,"context":200},716,{"file":91,"line":261,"context":200},717,{"file":91,"line":261,"context":200},{"file":91,"line":264,"context":200},718,{"file":91,"line":264,"context":200},{"file":91,"line":267,"context":200},722,{"file":91,"line":269,"context":200},723,{"file":91,"line":269,"context":200},{"file":91,"line":272,"context":200},733,{"file":91,"line":274,"context":200},734,{"file":91,"line":274,"context":200},5,[],[279,298],{"entryPoint":280,"graph":281,"unsanitizedCount":296,"severity":297},"kopa_awesome_weather_logic (kopa-widgets.php:14)",{"nodes":282,"edges":294},[283,288],{"id":284,"type":285,"label":286,"file":91,"line":287},"n0","source","$_SERVER (x3)",48,{"id":289,"type":290,"label":291,"file":91,"line":292,"wp_function":293},"n1","sink","wp_remote_get() [SSRF]",50,"wp_remote_get",[295],{"from":284,"to":289,"sanitized":96},3,"medium",{"entryPoint":299,"graph":300,"unsanitizedCount":41,"severity":297},"\u003Ckopa-widgets> (kopa-widgets.php:0)",{"nodes":301,"edges":312},[302,304,305,308],{"id":284,"type":285,"label":303,"file":91,"line":287},"$_SERVER (x5)",{"id":289,"type":290,"label":291,"file":91,"line":292,"wp_function":293},{"id":306,"type":285,"label":307,"file":91,"line":287},"n2","$_SERVER",{"id":309,"type":290,"label":310,"file":91,"line":249,"wp_function":311},"n3","echo() [XSS]","echo",[313,314],{"from":284,"to":289,"sanitized":96},{"from":306,"to":309,"sanitized":96},{"summary":316,"deductions":317},"The \"kopa-forceful-toolkit\" v1.0.0 plugin exhibits a generally positive security posture with several good practices in place. Notably, there are no known CVEs, no critical or high severity taint flows, and all SQL queries utilize prepared statements. The plugin also incorporates nonce and capability checks for its entry points, which is a significant security advantage.  However, a concerning aspect is the low percentage of properly escaped output (13%), indicating a potential for Cross-Site Scripting (XSS) vulnerabilities.  While the attack surface appears to be protected by authentication checks, the sheer number of shortcodes (21) combined with the low output escaping rate means that if any user-controllable data is passed through these shortcodes without proper sanitization, XSS could be a prevalent issue. The plugin's vulnerability history being empty is a positive sign, but the code-level concerns around output escaping require attention.",[318,321],{"reason":319,"points":320},"Low output escaping rate",15,{"reason":322,"points":45},"Taint analysis shows unsanitized paths","2026-03-16T22:42:09.038Z",{"wat":325,"direct":336},{"assetPaths":326,"generatorPatterns":333,"scriptPaths":334,"versionParams":335},[327,328,329,330,331,332],"\u002Fwp-content\u002Fplugins\u002Fkopa-forceful-toolkit\u002Fjs\u002Fkopa-user-rating.js","\u002Fwp-content\u002Fplugins\u002Fkopa-forceful-toolkit\u002Fcss\u002Fpost-rating.css","\u002Fwp-content\u002Fplugins\u002Fkopa-forceful-toolkit\u002Fcss\u002Fawesome-weather.css","\u002Fwp-content\u002Fplugins\u002Fkopa-forceful-toolkit\u002Fcss\u002Fshortcode.css","\u002Fwp-content\u002Fplugins\u002Fkopa-forceful-toolkit\u002Fjs\u002Fshortcodes.js","\u002Fwp-content\u002Fplugins\u002Fkopa-forceful-toolkit\u002Fjs\u002Fpost-rating.js",[],[],[],{"cssClasses":337,"htmlComments":347,"htmlAttributes":348,"restEndpoints":350,"jsGlobals":351,"shortcodeOutput":354},[338,339,340,341,342,343,344,345,346],"kp-single-slider","kp-single-carousel","kopa-one-two","kopa-one-third","kopa-two-third","kopa-one-fourth","kopa-three-fourth","tabs-3","tab-content-3",[],[349],"data-kopa",[],[352,353],"kopa_shortcodes_globals","kopa_front_variable",[355,356,357,358,359,360,361,362,363],"\u003Cdiv class=\"kp-single-slider flexslider\">","\u003Cdiv class=\"flexslider kp-single-carousel\">","\u003Cdiv class=\"kopa-one-two","\u003Cdiv class=\"kopa-one-third","\u003Cdiv class=\"kopa-two-third","\u003Cdiv class=\"kopa-one-fourth","\u003Cdiv class=\"kopa-three-fourth","\u003Cdiv class=\"list-container-3\">\u003Cul class=\"tabs-3 clearfix\">","\u003Cdiv class=\"tab-container-3\">"]