[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fl13Sl8wzmNNRNS0Jd26Us0eiu-odmx5CxHRhc1jLIbk":3,"$fnFQXxvNpJvbM2j1GXluxrxXb9PKogFkksEb8GdCmeg8":191,"$fZwhmrxddp-aASRKmjF5kwk0o_Z-WOoMzhqbspuKzcfs":196},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":37,"analysis":76,"fingerprints":169},"litres-widget","LitRes Widget","1.01","Flector","https:\u002F\u002Fprofiles.wordpress.org\u002Fflector\u002F","\u003Cp>Данный плагин с помощью шорткода \u003Cstrong>[litres]\u003C\u002Fstrong> выводит партнерский виджет покупки книг от \u003Ca href=\"https:\u002F\u002Fwww.litres.ru\u002Fpartners\u002F\" rel=\"nofollow ugc\">ЛитРес\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>После установки плагина не забудьте проверить его настройки в «\u003Cstrong>Настройках\\LitRes Widget\u003C\u002Fstrong>» (необходимо установить партнерский ID).\u003C\u002Fp>\n\u003Cp>Полный шорткод плагина:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[litres author='Автор книги' title='Название книги'] \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Для вставки шорткода плагина вы можете воспользоваться кнопкой плагина в визуальном редакторе или вставить его вручную.\u003C\u002Fp>\n\u003Cp>Если вам понравился этот плагин, то, \u003Cstrong>пожалуйста\u003C\u002Fstrong>, поставьте ему 5 звезд.\u003C\u002Fp>\n","Данный плагин выводит партнерский виджет покупки книг от ЛитРес.",20,2173,100,2,"2025-05-19T09:38:00.000Z","6.8.5","4.4","5.3",[20,21],"%d0%bb%d0%b8%d1%82%d1%80%d0%b5%d1%81","litres","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flitres-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flitres-widget.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"flector",16,32670,98,782,78,"2026-05-20T01:17:54.197Z",[38],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":24,"num_ratings":24,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":44,"tags":50,"homepage":44,"download_link":74,"security_score":75,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"real-postimages","real.PostImages","1.3","real.master","https:\u002F\u002Fprofiles.wordpress.org\u002Frealmaster-1\u002F","","Дополнительное поле записей (постов) для изображений. | English read below",2109,"2016-05-15T14:51:00.000Z","4.5.33","4.1.1",[51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,39,71,72,73],"admin","%d0%b0%d0%b4%d0%bc%d0%b8%d0%bd","%d0%b3%d0%b0%d0%bb%d0%b5%d1%80%d0%b5%d1%8f","%d0%b7%d0%b0%d0%bf%d0%b8%d1%81%d1%8c","%d0%b8%d0%b7%d0%be%d0%b1%d1%80%d0%b0%d0%b6%d0%b5%d0%bd%d0%b8%d1%8f","%d0%ba%d0%b0%d1%80%d1%82%d0%b8%d0%bd%d0%ba%d0%b0","%d0%ba%d0%b0%d1%80%d1%82%d0%b8%d0%bd%d0%ba%d0%b8","%d0%bc%d0%b5%d0%b4%d0%b8%d0%b0","%d0%bc%d0%b8%d0%bd%d0%b8%d0%b0%d1%82%d1%8e%d1%80%d0%b0","%d0%bc%d0%b8%d0%bd%d0%b8%d0%b0%d1%82%d1%8e%d1%80%d1%8b","%d0%bf%d0%be%d1%81%d1%82","gallery","image","images","media","%d1%80%d0%b5%d0%b0%d0%bb%d0%b8%d1%81%d1%82","post","post-images","postimages","real","thumb","thumbnail","thumbnails","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freal-postimages.zip",85,{"attackSurface":77,"codeSignals":144,"taintFlows":161,"riskAssessment":162,"analyzedAt":168},{"hooks":78,"ajaxHandlers":136,"restRoutes":137,"shortcodes":138,"cronEvents":142,"entryPointCount":143,"unprotectedCount":24},[79,85,89,93,96,100,106,110,114,117,121,125,129,132],{"type":80,"name":81,"callback":82,"file":83,"line":84},"action","plugins_loaded","litreswidget_check_version","litres-widget.php",19,{"type":80,"name":86,"callback":87,"file":83,"line":88},"activate_litres-widget\u002Flitres-widget.php","litreswidget_init",47,{"type":80,"name":90,"callback":91,"file":83,"line":92},"init","litreswidget_setup",69,{"type":80,"name":94,"callback":95,"file":83,"line":33},"admin_enqueue_scripts","litreswidget_files_admin",{"type":80,"name":97,"callback":98,"file":83,"line":99},"wp_enqueue_scripts","litreswidget_files_front",106,{"type":101,"name":102,"callback":103,"priority":104,"file":83,"line":105},"filter","script_loader_tag","litreswidget_add_async_attribute",10,115,{"type":80,"name":107,"callback":108,"file":83,"line":109},"admin_menu","litreswidget_menu",246,{"type":80,"name":111,"callback":112,"file":83,"line":113},"wp_head","litreswidget_print_style",263,{"type":80,"name":115,"callback":112,"file":83,"line":116},"admin_head",264,{"type":80,"name":118,"callback":119,"file":83,"line":120},"admin_print_footer_scripts","litreswidget_quicktags",279,{"type":101,"name":122,"callback":123,"file":83,"line":124},"mce_external_plugins","litreswidget_add_tinymce_plugin",285,{"type":101,"name":126,"callback":127,"file":83,"line":128},"mce_buttons","litreswidget_add_tinymce_button",286,{"type":80,"name":115,"callback":130,"file":83,"line":131},"litreswidget_add_tinymce",288,{"type":101,"name":133,"callback":134,"file":83,"line":135},"widget_text","do_shortcode",336,[],[],[139],{"tag":21,"callback":140,"file":83,"line":141},"litres_shortcode",332,[],1,{"dangerousFunctions":145,"sqlUsage":146,"outputEscaping":148,"fileOperations":24,"externalRequests":24,"nonceChecks":14,"capabilityChecks":149,"bundledLibraries":160},[],{"prepared":24,"raw":24,"locations":147},[],{"escaped":143,"rawEcho":149,"locations":150},4,[151,154,156,158],{"file":83,"line":152,"context":153},157,"raw output",{"file":83,"line":155,"context":153},181,{"file":83,"line":157,"context":153},202,{"file":83,"line":159,"context":153},209,[],[],{"summary":163,"deductions":164},"The \"litres-widget\" v1.01 plugin exhibits a generally strong security posture, primarily due to the absence of known vulnerabilities and the use of secure coding practices in the analyzed code. The plugin does not utilize dangerous functions, all SQL queries are prepared, and there are no file operations or external HTTP requests, which significantly reduces the attack surface. The presence of nonce and capability checks further bolsters its defenses against common attacks.\n\nHowever, a notable concern arises from the output escaping. With only 20% of the identified outputs being properly escaped, there is a risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis shows no unsanitized paths, this could be a reflection of the limited scope of the analysis or the plugin's functionality not exposing such flows. The plugin's limited attack surface (one shortcode) is a positive, but the lack of robust output escaping is a weakness that could be exploited.\n\nGiven the complete lack of historical vulnerabilities, this suggests either a consistently secure development approach or a lack of targeted security analysis in the past. Despite the positive indicators, the unescaped output presents a tangible risk that should be addressed to ensure the plugin's overall security. The plugin's strengths lie in its limited external interactions and proper database query handling, but it needs improvement in output sanitization.",[165],{"reason":166,"points":167},"Low percentage of properly escaped output",6,"2026-04-16T11:27:10.559Z",{"wat":170,"direct":183},{"assetPaths":171,"generatorPatterns":177,"scriptPaths":178,"versionParams":180},[172,173,174,175,176],"\u002Fwp-content\u002Fplugins\u002Flitres-widget\u002Finc\u002Fjquery.lettering.js","\u002Fwp-content\u002Fplugins\u002Flitres-widget\u002Finc\u002Fjquery.textillate.js","\u002Fwp-content\u002Fplugins\u002Flitres-widget\u002Finc\u002Fanimate.min.css","\u002Fwp-content\u002Fplugins\u002Flitres-widget\u002Finc\u002Flitreswidget-script.js","\u002Fwp-content\u002Fplugins\u002Flitres-widget\u002Finc\u002Flitreswidget-css.css",[],[179],"https:\u002F\u002Fwww.litres.ru\u002Fstatic\u002Fwidgets\u002Fbuy_widget\u002Fjs\u002Fwidget.js",[181,182],"litreswidget-script?ver=1.01","litreswidget-css?ver=1.01",{"cssClasses":184,"htmlComments":186,"htmlAttributes":187,"restEndpoints":188,"jsGlobals":189,"shortcodeOutput":190},[185],"tcode",[],[],[],[],[],{"error":192,"url":193,"statusCode":194,"statusMessage":195,"message":195},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flitres-widget\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":197},[198,205],{"version":6,"download_url":199,"svn_tag_url":200,"released_at":25,"has_diff":201,"diff_files_changed":202,"diff_lines":25,"trac_diff_url":203,"vulnerabilities":204,"is_current":192},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flitres-widget.1.01.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flitres-widget\u002Ftags\u002F1.01\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flitres-widget%2Ftags%2F1.00&new_path=%2Flitres-widget%2Ftags%2F1.01",[],{"version":206,"download_url":207,"svn_tag_url":208,"released_at":25,"has_diff":201,"diff_files_changed":209,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":210,"is_current":201},"1.00","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flitres-widget.1.00.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flitres-widget\u002Ftags\u002F1.00\u002F",[],[]]