[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFhKTO_O1_LBAmPa5HiAL3e8tvqBSvjSzPEIPNm10-Ks":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":94},"lightweight-branded-login-screen","Lightweight Branded Login Screen","1.3","julianoe","https:\u002F\u002Fprofiles.wordpress.org\u002Fjulianoe\u002F","\u003Cp>This plugin will allow you to very easily customize the login screen via the WordPress Customizer to match your brand, site or mood.\u003C\u002Fp>\n\u003Cp>You will be able to setup a custom logo, background image, and color\u002Fopacity overlay.\u003C\u002Fp>\n\u003Cp>This plugin is made for people looking for a very light and simple solution as an alternative to big plugins with tons of options and scripts. In this idea if you still have a good idea or suggestion for the plugin, refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJulianoe\u002Flightweight-branded-login-screen\" rel=\"nofollow ugc\">github page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Photo by \u003Ca href=\"https:\u002F\u002Funsplash.com\u002F@etiennelhd\" rel=\"nofollow ugc\">etiennelhd\u003C\u002Fa> from Unsplash.\u003Cbr \u002F>\nIcon “Wood” by \u003Ca href=\"https:\u002F\u002Fthenounproject.com\u002Fmanohara54\u002F\" rel=\"nofollow ugc\">Manohara\u003C\u002Fa> from the NounProject.\u003C\u002Fp>\n","This plugin will allow you to very easily customize the login screen via the Wordpress Customizer to match your brand, site or mood.",100,2493,1,"2023-12-08T15:48:00.000Z","6.4.8","",[],"https:\u002F\u002Fgithub.com\u002FJulianoe\u002Flightweight-branded-login-screen","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightweight-branded-login-screen.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},2,110,30,84,"2026-04-05T10:24:07.919Z",[],{"attackSurface":33,"codeSignals":58,"taintFlows":81,"riskAssessment":82,"analyzedAt":93},{"hooks":34,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":21,"unprotectedCount":21},[35,41,46,50],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","customize_register","lbls_register_customizer","inc\\customizer.php",155,{"type":36,"name":42,"callback":43,"file":44,"line":45},"login_enqueue_scripts","lbls_login_branding_theme","lightweight-branded-login-screen.php",74,{"type":47,"name":48,"callback":49,"file":44,"line":29},"filter","login_headertext","lbls_login_text",{"type":47,"name":51,"callback":52,"file":44,"line":53},"login_headerurl","lbls_login_url",95,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":21,"externalRequests":21,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":80},[],{"prepared":21,"raw":21,"locations":61},[],{"escaped":21,"rawEcho":63,"locations":64},8,[65,68,70,72,73,75,76,78],{"file":44,"line":66,"context":67},29,"raw output",{"file":44,"line":69,"context":67},53,{"file":44,"line":71,"context":67},57,{"file":44,"line":71,"context":67},{"file":44,"line":74,"context":67},58,{"file":44,"line":74,"context":67},{"file":44,"line":77,"context":67},59,{"file":44,"line":79,"context":67},61,[],[],{"summary":83,"deductions":84},"The plugin \"lightweight-branded-login-screen\" v1.3 exhibits a mixed security posture. On the positive side, the plugin has a very small attack surface with no registered AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are all good security practices. The absence of known CVEs and a clean vulnerability history is also a strong indicator of its current security. \n\nHowever, there are significant concerns regarding output escaping. With 100% of its outputs not being properly escaped, this presents a notable risk for cross-site scripting (XSS) vulnerabilities. Any dynamic content rendered by the plugin could potentially be exploited. The lack of nonce and capability checks, while not directly exploitable given the minimal attack surface, represents a missed opportunity to implement robust authorization and protection against CSRF attacks, should the attack surface expand in future versions. \n\nIn conclusion, while the plugin demonstrates a commendable effort in minimizing its attack surface and securing database interactions, the critical issue of unescaped output poses a direct and present danger. The vulnerability history, being clean, is a positive trend, but it doesn't negate the immediate risk from the unescaped output. Addressing the output escaping is paramount to improving its overall security.",[85,88,91],{"reason":86,"points":87},"0% of outputs properly escaped",7,{"reason":89,"points":90},"No nonce checks",5,{"reason":92,"points":90},"No capability checks","2026-03-16T20:52:59.749Z",{"wat":95,"direct":100},{"assetPaths":96,"generatorPatterns":97,"scriptPaths":98,"versionParams":99},[],[],[],[],{"cssClasses":101,"htmlComments":105,"htmlAttributes":106,"restEndpoints":107,"jsGlobals":108,"shortcodeOutput":109},[102,103,104],"login","login #backtoblog a","login #nav a",[],[],[],[],[]]