[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feeF5rNc30h0s4UZLJHzoqa9W89Ir1WXgv30vbXCB530":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":32,"analysis":33,"fingerprints":94},"matchchat","Matchchat","2.3.2","nfrmn","https:\u002F\u002Fprofiles.wordpress.org\u002Fnfrmn\u002F","\u003Cp>Matchchat replaces ​y​our old comment system with a platform that makes commenting easier and directly generates more revenue.\u003C\u002Fp>\n\u003Ch4>Why use Matchchat?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Exclusive features like The Scoreboard™ and Matchchat Opinions keeps your sports audience engaged for longer on your site\u003C\u002Fli>\n\u003Cli>Easy, real-time commenting encourages fans to interact and provide their own opinions\u003C\u002Fli>\n\u003Cli>Matchchat serves in-stream advertising around comments to generate revenue for your site\u003C\u002Fli>\n\u003Cli>Matchchat is trusted by hundreds of sports sites to power discussion and generate revenue\u003C\u002Fli>\n\u003Cli>It’s completely  free and takes less than a minute to get set up\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Learn more about how you can make money: \u003Ca href=\"http:\u002F\u002Fblog.matchchat.co.uk\u002F?p=238\" title=\"Matchchat Advertising\" rel=\"nofollow ugc\">Matchchat Advertising\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Still not convinced? Visit: \u003Ca href=\"http:\u002F\u002Fwww.matchchat.co.uk​\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.matchchat.co.uk​\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FODKf_xtU3dM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong> By installing this plugin, you are agreeing to our Plugin Terms of Use, which you can read \u003Ca href=\"http:\u002F\u002Fwww.matchchat.co.uk\u002Fpages\u002Fpartnerterms.html\" title=\"Matchchat Partner Terms and Conditions\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Matchchat is a comments plug-in for sports sites. It's free and drives more engagement and revenue for your website.",20,3441,100,1,"2017-03-17T15:38:00.000Z","4.7.32","3.3","",[20],"comments-commenting-sport-discussion","http:\u002F\u002Fwww.matchchat.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmatchchat.2.3.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},30,84,"2026-04-04T23:01:20.554Z",[],{"attackSurface":34,"codeSignals":59,"taintFlows":81,"riskAssessment":82,"analyzedAt":93},{"hooks":35,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":58,"entryPointCount":24,"unprotectedCount":24},[36,42,47,51],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","widgets_init","anonymous","matchchat.php",63,{"type":43,"name":44,"callback":45,"file":40,"line":46},"filter","comments_template","loadMC",184,{"type":43,"name":48,"callback":49,"file":40,"line":50},"get_comments_number","MC_get_comments_number",185,{"type":37,"name":52,"callback":53,"file":40,"line":54},"admin_menu","mc_plugin_menu",189,[],[],[],[],{"dangerousFunctions":60,"sqlUsage":64,"outputEscaping":67,"fileOperations":24,"externalRequests":14,"nonceChecks":24,"capabilityChecks":79,"bundledLibraries":80},[61],{"fn":62,"file":40,"line":41,"context":63},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"Native_Trends\");'));",{"prepared":65,"raw":24,"locations":66},4,[],{"escaped":14,"rawEcho":65,"locations":68},[69,73,75,77],{"file":70,"line":71,"context":72},"commentsystem.php",11,"raw output",{"file":70,"line":74,"context":72},15,{"file":40,"line":76,"context":72},50,{"file":40,"line":78,"context":72},254,2,[],[],{"summary":83,"deductions":84},"The `matchchat` v2.3.2 plugin exhibits a generally positive security posture with a very small attack surface and a lack of recorded historical vulnerabilities. Notably, all SQL queries are properly prepared, and there are no identified taint flows, indicating a good level of awareness regarding common web application vulnerabilities. The plugin also includes some capability checks, which is a positive step towards secure access control.\n\nHowever, there are several areas of concern that detract from an otherwise strong security profile. The presence of the `create_function` function is a significant risk, as it can be exploited for remote code execution if not handled with extreme care, and its use is generally discouraged. Furthermore, the very low percentage of properly escaped output (20%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user interface. The absence of nonce checks on entry points, while the attack surface is currently small, leaves the plugin vulnerable to cross-site request forgery (CSRF) attacks if new entry points are added without adequate security measures.\n\nWhile the plugin has no known CVEs, this is not a guarantee of future security. The identified code quality issues, particularly the use of `create_function` and inadequate output escaping, present inherent risks that could be exploited by attackers. The plugin's strengths lie in its limited attack surface and prepared SQL, but its weaknesses in output handling and the use of a deprecated dangerous function require immediate attention to mitigate potential security breaches.",[85,87,90],{"reason":86,"points":74},"Dangerous function used (create_function)",{"reason":88,"points":89},"Low percentage of proper output escaping",8,{"reason":91,"points":92},"No nonce checks on entry points",7,"2026-03-16T23:09:20.610Z",{"wat":95,"direct":104},{"assetPaths":96,"generatorPatterns":100,"scriptPaths":101,"versionParams":103},[97,98,99],"\u002Fwp-content\u002Fplugins\u002Fmatchchat\u002Fsettings.php","\u002Fwp-content\u002Fplugins\u002Fmatchchat\u002Fcommentsystem.php","\u002Fwp-content\u002Fplugins\u002Fmatchchat\u002Fnocomments.php",[],[102],"http:\u002F\u002F{MC_SETTINGS['trends_endpoint']}\u002Fjs\u002Ftrends.js",[],{"cssClasses":105,"htmlComments":107,"htmlAttributes":112,"restEndpoints":116,"jsGlobals":117,"shortcodeOutput":120},[106],"mc_wpoptions",[108,109,110,111],"\u003C!-- WIDGET CODE GOES HERE -->","\u003C!-- echo $before_widget -->","\u003C!-- echo $after_widget -->","\u003C!-- ADMIN MENU -->",[113,114,115],"name=\"mc_show_history\"","name=\"mc_show_count\"","name=\"mc_cache_limit\"",[],[118,119],"window.nv","var nv",[]]