[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWfXe4oqap_zf4ds-Fi8CLds6s0bSxdc_rMtTMgEs_bE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":18,"security_score":19,"vuln_count":11,"unpatched_count":11,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":29,"analysis":30,"fingerprints":157},"lets-users-follow-you-on-social-media","Lets Users Follow you on social media","1.0.0","Dhananjay Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhananjay22a\u002F","\u003Cp>Follow Us on Social Media is a plugin to show a block\u002Fbox with message at bottom of every posts. It asks visitors to follow the site’s social media pages if they wish.\u003C\u002Fp>\n\u003Ch4>Privacy notices\u003C\u002Fh4>\n\u003Cp>This plugin in itself does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>track users.\u003C\u002Fli>\n\u003Cli>write any personal data to the database.\u003C\u002Fli>\n\u003Cli>send any data to external servers.\u003C\u002Fli>\n\u003Cli>use cookies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you find this plugin useful, please leave a good rating.\u003Cbr \u002F>\nYou can also provide us \u003Ca href=\"http:\u002F\u002Fsiwanpress.com\u002Fprovide-feedback\u002F\" rel=\"nofollow ugc\">feedback here\u003C\u002Fa>;\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is created by \u003Ca href=\"https:\u002F\u002Fsiwanpress.com\" rel=\"nofollow ugc\">Dhananjay Singh\u003C\u002Fa>.\u003C\u002Fp>\n","A WordPress plugin to allow the administrators of site to add a block at bottom of their posts where visitors would be asked to follow their social me …",0,897,"2022-06-06T16:23:00.000Z","6.0.11","5.5","",[4],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flets-users-follow-you-on-social-media.1.0.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":24,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":19,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},"dhananjay22a",1,30,84,"2026-04-04T16:53:48.558Z",[],{"attackSurface":31,"codeSignals":68,"taintFlows":111,"riskAssessment":150,"analyzedAt":156},{"hooks":32,"ajaxHandlers":64,"restRoutes":65,"shortcodes":66,"cronEvents":67,"entryPointCount":11,"unprotectedCount":11},[33,39,43,47,51,55,59],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","admin_init","do_activation_redirect","pcpl-follow.php",34,{"type":34,"name":40,"callback":41,"file":37,"line":42},"admin_menu","create_admin_menu",35,{"type":34,"name":44,"callback":45,"file":37,"line":46},"admin_enqueue_scripts","enqueue_admin_scripts_and_styles",36,{"type":34,"name":48,"callback":49,"file":37,"line":50},"admin_notices","notice_welcome",37,{"type":34,"name":52,"callback":53,"file":37,"line":54},"admin_post_save_pcpl_follow_settings","save_pcpl_follow_settings",39,{"type":34,"name":56,"callback":57,"file":37,"line":58},"admin_post_save_pcpl_follow_enable_disable_settings","save_pcpl_follow_enable_disable_settings",40,{"type":60,"name":61,"callback":62,"file":37,"line":63},"filter","the_content","pcpl_follow_us",44,[],[],[],[],{"dangerousFunctions":69,"sqlUsage":70,"outputEscaping":72,"fileOperations":11,"externalRequests":11,"nonceChecks":109,"capabilityChecks":109,"bundledLibraries":110},[],{"prepared":11,"raw":11,"locations":71},[],{"escaped":73,"rawEcho":74,"locations":75},13,18,[76,79,81,84,86,87,89,90,92,93,95,96,97,99,101,103,105,107],{"file":37,"line":77,"context":78},108,"raw output",{"file":37,"line":80,"context":78},206,{"file":82,"line":83,"context":78},"templates\\admin-panel.php",9,{"file":82,"line":85,"context":78},12,{"file":82,"line":74,"context":78},{"file":82,"line":88,"context":78},23,{"file":82,"line":88,"context":78},{"file":82,"line":91,"context":78},24,{"file":82,"line":91,"context":78},{"file":82,"line":94,"context":78},25,{"file":82,"line":94,"context":78},{"file":82,"line":46,"context":78},{"file":82,"line":98,"context":78},81,{"file":82,"line":100,"context":78},98,{"file":82,"line":102,"context":78},100,{"file":82,"line":104,"context":78},102,{"file":82,"line":106,"context":78},104,{"file":82,"line":108,"context":78},106,3,[],[112,131,141],{"entryPoint":113,"graph":114,"unsanitizedCount":11,"severity":130},"save_pcpl_follow_settings (pcpl-follow.php:122)",{"nodes":115,"edges":127},[116,121],{"id":117,"type":118,"label":119,"file":37,"line":120},"n0","source","$_POST",137,{"id":122,"type":123,"label":124,"file":37,"line":125,"wp_function":126},"n1","sink","update_option() [Settings Manipulation]",139,"update_option",[128],{"from":117,"to":122,"sanitized":129},true,"low",{"entryPoint":132,"graph":133,"unsanitizedCount":11,"severity":130},"save_pcpl_follow_enable_disable_settings (pcpl-follow.php:151)",{"nodes":134,"edges":139},[135,137],{"id":117,"type":118,"label":119,"file":37,"line":136},165,{"id":122,"type":123,"label":124,"file":37,"line":138,"wp_function":126},167,[140],{"from":117,"to":122,"sanitized":129},{"entryPoint":142,"graph":143,"unsanitizedCount":11,"severity":130},"\u003Cpcpl-follow> (pcpl-follow.php:0)",{"nodes":144,"edges":148},[145,147],{"id":117,"type":118,"label":146,"file":37,"line":120},"$_POST (x2)",{"id":122,"type":123,"label":124,"file":37,"line":125,"wp_function":126},[149],{"from":117,"to":122,"sanitized":129},{"summary":151,"deductions":152},"The 'lets-users-follow-you-on-social-media' plugin v1.0.0 exhibits a strong initial security posture, with no identified known vulnerabilities (CVEs) and a complete absence of dangerous functions, file operations, or external HTTP requests. The static analysis also indicates a commendable use of prepared statements for all SQL queries and the presence of nonce and capability checks for core functionality. Taint analysis reveals no immediate critical or high-severity vulnerabilities, suggesting that data handling within the plugin is generally secure.\n\nHowever, a significant concern arises from the low percentage (42%) of properly escaped output. This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where untrusted data displayed to users could be manipulated to execute malicious scripts. While the attack surface appears limited with no exposed AJAX handlers, REST API routes, or shortcodes without authentication, the lack of robust output escaping on the majority of its output points is a critical weakness that could be exploited.\n\nGiven the lack of historical vulnerabilities and the generally good practices observed in SQL and nonce\u002Fcapability checks, the plugin has a foundation of security. Nevertheless, the identified output escaping deficiency is a pressing issue that requires immediate attention to mitigate the risk of XSS attacks. Addressing this would significantly improve the plugin's overall security.",[153],{"reason":154,"points":155},"Low percentage of properly escaped output",10,"2026-03-17T06:31:20.046Z",{"wat":158,"direct":166},{"assetPaths":159,"generatorPatterns":162,"scriptPaths":163,"versionParams":164},[160,161],"\u002Fwp-content\u002Fplugins\u002Flets-users-follow-you-on-social-media\u002Fassets\u002Fcss\u002Fadmin-styles.css","\u002Fwp-content\u002Fplugins\u002Flets-users-follow-you-on-social-media\u002Fassets\u002Fjs\u002Fadmin-scripts.js",[],[],[165],"pcpl_admin_script?ver=1.0.2",{"cssClasses":167,"htmlComments":169,"htmlAttributes":170,"restEndpoints":171,"jsGlobals":172,"shortcodeOutput":173},[168],"notice-success",[],[],[],[],[]]