[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSUryfnGEZe1AmdydZE-bjVe8EwyI-fSPvr_4-EBbXYY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":131},"lord-linus-online-visitor","Lord Linus Online Visitor Widget","1.2","Aarvansh Infotech","https:\u002F\u002Fprofiles.wordpress.org\u002Frohitashv\u002F","\u003Cp>Lord Linus Online Visitor plusing shows the total number of Online users that are available on your site. Besides that for the help of your users, you can show the IP address of the user on the site there too.\u003C\u002Fp>\n\u003Cp>If the admin needs that he want to show the total number of visitors on his website, then he can show it.\u003C\u002Fp>\n\u003Cp>This plugin is in an initial stage which will come to you with the following features very soon.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Users can see the total Users based on country\u003C\u002Fli>\n\u003Cli>Admin can chat with the online users there without any account on outer side.\u003C\u002Fli>\n\u003Cli>Multilingual\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The Demo of the plugin is available on the Demo page of http:\u002F\u002Fswm99shop.in\u003C\u002Fp>\n\u003Cp>To know more about the plugin you can go to the site http:\u002F\u002Fswm99shop.in or you can send mail at ucerturohit@gmail.com\u003C\u002Fp>\n","Lord Linus Online Visitor Plugin show the total number of Online users showing at the moment Besides that you can show the IP address of the users too …",10,2438,100,1,"","6.4.8","2.0.2",[19,20,21,22],"lordlinus-online-visitor","show-number-of-online-visitors","show-online-users","show-the-ip-address-of-your-user","http:\u002F\u002Fimpulsesoftech.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flord-linus-online-visitor.2.0.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"rohitashv",2,20,79,88,"2026-04-04T20:02:11.995Z",[],{"attackSurface":38,"codeSignals":58,"taintFlows":87,"riskAssessment":115,"analyzedAt":130},{"hooks":39,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":25,"unprotectedCount":25},[40,46,50],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","widgets_init","anonymous","lord-linus-online-visitor.php",91,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_menu","llov_menu",92,{"type":41,"name":51,"callback":52,"file":44,"line":53},"init","llov_init",106,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":63,"outputEscaping":66,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":86},[60],{"fn":61,"file":44,"line":45,"context":62},"create_function","add_action('widgets_init',create_function('','return register_widget(\"LordlinusOnlineV\");'));",{"prepared":64,"raw":25,"locations":65},6,[],{"escaped":25,"rawEcho":11,"locations":67},[68,71,72,73,75,77,79,81,83,84],{"file":44,"line":69,"context":70},24,"raw output",{"file":44,"line":69,"context":70},{"file":44,"line":69,"context":70},{"file":44,"line":74,"context":70},37,{"file":44,"line":76,"context":70},40,{"file":44,"line":78,"context":70},42,{"file":44,"line":80,"context":70},45,{"file":44,"line":82,"context":70},71,{"file":44,"line":33,"context":70},{"file":44,"line":85,"context":70},87,[],[88,106],{"entryPoint":89,"graph":90,"unsanitizedCount":14,"severity":105},"get_data_online (lord-linus-online-visitor.php:47)",{"nodes":91,"edges":102},[92,97],{"id":93,"type":94,"label":95,"file":44,"line":96},"n0","source","$_SERVER",52,{"id":98,"type":99,"label":100,"file":44,"line":33,"wp_function":101},"n1","sink","echo() [XSS]","echo",[103],{"from":93,"to":98,"sanitized":104},false,"medium",{"entryPoint":107,"graph":108,"unsanitizedCount":14,"severity":114},"\u003Clord-linus-online-visitor> (lord-linus-online-visitor.php:0)",{"nodes":109,"edges":112},[110,111],{"id":93,"type":94,"label":95,"file":44,"line":96},{"id":98,"type":99,"label":100,"file":44,"line":33,"wp_function":101},[113],{"from":93,"to":98,"sanitized":104},"low",{"summary":116,"deductions":117},"The security posture of the 'lord-linus-online-visitor' plugin version 1.2 exhibits a mixed bag of good practices and significant concerns. On the positive side, the plugin demonstrates a complete lack of known CVEs and a small attack surface with no apparent entry points from AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. All detected SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are generally good indicators of secure coding. However, the analysis reveals critical weaknesses.\n\nThe presence of the `create_function` dangerous function is a red flag, as it can be exploited for code injection under certain circumstances. More concerning are the taint analysis results, which indicate two flows with unsanitized paths. While classified as not critical or high severity, the mere existence of unsanitized paths suggests a potential for attackers to inject malicious data that might be processed without proper validation, leading to unexpected behavior or even vulnerabilities.\n\nFurthermore, the plugin fails entirely on output escaping, with 0% of its 10 detected outputs being properly escaped. This is a critical security flaw that makes the plugin highly susceptible to Cross-Site Scripting (XSS) attacks. Attackers could inject malicious scripts into user inputs that are later displayed on the frontend or backend without sanitization, compromising user sessions or defacing the website.\n\nIn conclusion, despite a clean vulnerability history and a well-contained attack surface, the 'lord-linus-online-visitor' plugin has severe security shortcomings related to output escaping and potential unsanitized data flows. The use of `create_function` adds another layer of risk. These issues significantly outweigh the positive aspects, making the plugin a high-risk component if deployed.",[118,121,123,126,128],{"reason":119,"points":120},"0% properly escaped output",15,{"reason":122,"points":11},"Flows with unsanitized paths found",{"reason":124,"points":125},"Dangerous function detected: create_function",5,{"reason":127,"points":125},"No nonce checks",{"reason":129,"points":125},"No capability checks","2026-03-16T23:24:57.599Z",{"wat":132,"direct":141},{"assetPaths":133,"generatorPatterns":138,"scriptPaths":139,"versionParams":140},[134,135,136,137],"\u002Fwp-content\u002Fplugins\u002Flord-linus-online-visitor\u002Fmenu-pages\u002Fsetting.php","\u002Fwp-content\u002Fplugins\u002Flord-linus-online-visitor\u002Fmenu-pages\u002Funinstall.php","\u002Fwp-content\u002Fplugins\u002Flord-linus-online-visitor\u002Finstall-script.php","\u002Fwp-content\u002Fplugins\u002Flord-linus-online-visitor\u002Flanguages\u002F",[],[],[],{"cssClasses":142,"htmlComments":144,"htmlAttributes":145,"restEndpoints":147,"jsGlobals":148,"shortcodeOutput":149},[143],"LordlinusOnlineV",[],[146],"id=\"LordlinusOnlineV\"",[],[],[150],"\u003Ch3 class='widget-title'>"]