[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbDsNh_pjJm0WNZtCvbDH0_sZMrRIBGGjM4OwIkKz2dI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":142,"fingerprints":502},"menuthroughjson","MenuThroughJSON","1.1","simone1040","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimone1040\u002F","\u003Cp>Plugin che permette di creare un menu\\’ tramite pagine e post di wordpress per un uso tramite chiamata API. Consigliato per chi deve scorporare la creazione del menù dall\\’implementazione di un app IOS\u002FANDROID. Possibilità di inserire anche voci speciali\u003C\u002Fp>\n","Plugin che permette di creare un menu attraverso JSON",0,899,"","4.9.29","4.9.6","5.4",[18,19,20,21],"android","ios","json","menu","https:\u002F\u002Faionlab.it","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmenuthroughjson.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,94,"2026-04-04T15:06:04.858Z",[34,55,79,100,119],{"slug":35,"name":36,"version":37,"author":36,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":24,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":13,"tags":47,"homepage":49,"download_link":50,"security_score":51,"vuln_count":52,"unpatched_count":11,"last_vuln_date":53,"fetched_at":54},"goodbarber","GoodBarber","1.0.28","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoodbarber\u002F","\u003Cp>GoodBarber plugin is a fork of JSON API created by dphiffer.\u003Cbr \u002F>\nGoodBarber plugin creates a communication interface between your WordPress and your GoodBarber account.\u003Cbr \u002F>\nIt is used to retrieve content from your WordPress so that you can sync it with your native app created with GoodBarber.\u003C\u002Fp>\n","GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and\u002For Android",1000,79584,3,"2026-03-09T13:18:00.000Z","6.9.4","2.8",[18,35,19,20,48],"native-apps","https:\u002F\u002Fwww.goodbarber.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoodbarber.zip",98,2,"2025-04-16 00:00:00","2026-03-15T15:16:48.613Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":45,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":11,"last_vuln_date":78,"fetched_at":54},"wpappninja","WPMobile.App","11.75","Amauri","https:\u002F\u002Fprofiles.wordpress.org\u002Famauric\u002F","\u003Ch4>Android and iOS mobile app\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>💳 \u003Cstrong>LIFETIME LICENCE\u003C\u002Fstrong> – No subscription, no hidden fees.\u003Cbr \u002F>\n\u003Cem>Android 129€ \u002F\u002F iOS 129€ \u002F\u002F Android + iOS 239€\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🎉 \u003Cstrong>FREE TEST\u003C\u002Fstrong> – You can test your mobile app \u003Ca href=\"https:\u002F\u002Fwpmobile.app\u002Fen\u002Ftest-my-app\u002F\" rel=\"nofollow ugc\">with the demo app\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🖌 \u003Cstrong>CUSTOMIZATION\u003C\u002Fstrong> – No mention of our brand or advertisement, the mobile app is white-labeled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📲 \u003Cstrong>GREAT COMPATIBILITY\u003C\u002Fstrong> – The mobile apps is compatible with smartphones and tablets, always up-to-date.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👌 \u003Cstrong>VERY EASY PUBLISH\u003C\u002Fstrong> – I take care of all the technical work, no software to download or complicated manipulation to do.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>💬 \u003Cstrong>SUPPORT TEAM\u003C\u002Fstrong> – I’m here to help and answer all your requests as quickly as possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👍 \u003Cstrong>AUTOMATIC APP UPDATE\u003C\u002Fstrong> – When new content is released, the application is automatically updated.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📢 \u003Cstrong>NOTIFICATIONS\u003C\u002Fstrong> – Unlimited push notification: manually or with automated push.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📈 \u003Cstrong>REAL-TIME STATISTICS\u003C\u002Fstrong> – Stats about the app usage, all statistics are real-time and hosted on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Android and iOS mobile application. Easy setup, free test.",4000,551250,96,161,"2025-12-02T15:54:00.000Z","3.7.0","5.6",[18,71,19,72,73],"android-app","ios-app","mobile-app","https:\u002F\u002Fwpmobile.app\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpappninja.zip",89,9,"2025-10-26 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":24,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":13,"tags":93,"homepage":13,"download_link":98,"security_score":99,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":54},"wp-rest-api-v2-menus","WP-REST-API V2 Menus","0.12.1","thebatclaudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudiolabarbera\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress REST API (Version 2)\u003C\u002Fa> with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u003C\u002Fcode> list of every registered menu location in your theme.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compatible with ACF menu’s custom attributes and menu item’s custom attributes.\u003C\u002Fp>\n\u003Cp>Compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmenu-image\u002F\" rel=\"ugc\">Menu Image, Icons made easy\u003C\u002Fa>.\u003C\u002Fp>\n","Adding menus endpoints on WP REST API v2",3000,164931,6,"2022-11-09T13:29:00.000Z","6.0.11","4.4",[94,20,95,96,97],"api","json-rest-api","menu-routes","menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-v2-menus.0.12.1.zip",85,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":24,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":13,"tags":114,"homepage":117,"download_link":118,"security_score":99,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":54},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",2000,107511,8,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[20,95,97,115,116],"wp-api","wp-rest-api","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":139,"download_link":140,"security_score":141,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":54},"pushover-for-woocommerce","Pushover Integration for WooCommerce","1.1.0","Shop Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fshopplugins\u002F","\u003Cp>Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.\u003Cbr \u002F>\nAfter installation and setup automatic notifications can be sent to your device for new orders, low stock, backorder and out of stock notifications.\u003C\u002Fp>\n\u003Cp>Follow this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshopplugins\u002Fpushover-for-woocommerce\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Translations and pull requests are welcome!\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n","Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.",800,36588,88,14,"2024-09-12T07:54:00.000Z","6.6.5","3.5","7.2",[18,136,19,137,138],"desktop","pushover","woocommerce","https:\u002F\u002Fshopplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpushover-for-woocommerce.1.1.0.zip",92,{"attackSurface":143,"codeSignals":249,"taintFlows":341,"riskAssessment":480,"analyzedAt":501},{"hooks":144,"ajaxHandlers":163,"restRoutes":238,"shortcodes":246,"cronEvents":247,"entryPointCount":248,"unprotectedCount":248},[145,151,155,159],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_enqueue_scripts","MTJ_enqueue_assets","MenuThroughJSON.php",49,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_print_scripts","MTJ_ajax_load_scripts",50,{"type":146,"name":156,"callback":157,"file":149,"line":158},"rest_api_init","closure",597,{"type":146,"name":160,"callback":161,"file":149,"line":162},"admin_menu","MTJ_create_MenuThroughJSON",705,[164,170,172,176,178,181,183,186,188,191,193,196,198,201,203,206,208,211,213,216,218,221,223,226,228,231,233,236],{"action":165,"nopriv":166,"callback":167,"hasNonce":168,"hasCapCheck":168,"file":149,"line":169},"MTJ_add_item_menu",true,"MTJ_add_menu_item",false,608,{"action":165,"nopriv":168,"callback":167,"hasNonce":168,"hasCapCheck":168,"file":149,"line":171},609,{"action":173,"nopriv":166,"callback":174,"hasNonce":168,"hasCapCheck":168,"file":149,"line":175},"MTJ_reload_menu","MTJ_reload_order_menu",611,{"action":173,"nopriv":168,"callback":174,"hasNonce":168,"hasCapCheck":168,"file":149,"line":177},612,{"action":179,"nopriv":166,"callback":179,"hasNonce":168,"hasCapCheck":168,"file":149,"line":180},"MTJ_construct_table",614,{"action":179,"nopriv":168,"callback":179,"hasNonce":168,"hasCapCheck":168,"file":149,"line":182},615,{"action":184,"nopriv":166,"callback":184,"hasNonce":168,"hasCapCheck":168,"file":149,"line":185},"MTJ_change_state_item",617,{"action":184,"nopriv":168,"callback":184,"hasNonce":168,"hasCapCheck":168,"file":149,"line":187},618,{"action":189,"nopriv":166,"callback":189,"hasNonce":168,"hasCapCheck":168,"file":149,"line":190},"MTJ_delete_item",620,{"action":189,"nopriv":168,"callback":189,"hasNonce":168,"hasCapCheck":168,"file":149,"line":192},621,{"action":194,"nopriv":166,"callback":194,"hasNonce":168,"hasCapCheck":168,"file":149,"line":195},"MTJ_update_item",623,{"action":194,"nopriv":168,"callback":194,"hasNonce":168,"hasCapCheck":168,"file":149,"line":197},624,{"action":199,"nopriv":166,"callback":199,"hasNonce":168,"hasCapCheck":168,"file":149,"line":200},"MTJ_update_post_table",626,{"action":199,"nopriv":168,"callback":199,"hasNonce":168,"hasCapCheck":168,"file":149,"line":202},627,{"action":204,"nopriv":166,"callback":204,"hasNonce":168,"hasCapCheck":168,"file":149,"line":205},"MTJ_change_state_post",629,{"action":204,"nopriv":168,"callback":204,"hasNonce":168,"hasCapCheck":168,"file":149,"line":207},630,{"action":209,"nopriv":166,"callback":209,"hasNonce":168,"hasCapCheck":168,"file":149,"line":210},"MTJ_add_post_menu",632,{"action":209,"nopriv":168,"callback":209,"hasNonce":168,"hasCapCheck":168,"file":149,"line":212},633,{"action":214,"nopriv":166,"callback":214,"hasNonce":168,"hasCapCheck":168,"file":149,"line":215},"MTJ_delete_post",635,{"action":214,"nopriv":168,"callback":214,"hasNonce":168,"hasCapCheck":168,"file":149,"line":217},636,{"action":219,"nopriv":166,"callback":219,"hasNonce":168,"hasCapCheck":168,"file":149,"line":220},"MTJ_update_post_name",638,{"action":219,"nopriv":168,"callback":219,"hasNonce":168,"hasCapCheck":168,"file":149,"line":222},639,{"action":224,"nopriv":166,"callback":224,"hasNonce":168,"hasCapCheck":168,"file":149,"line":225},"MTJ_add_post_special",641,{"action":224,"nopriv":168,"callback":224,"hasNonce":168,"hasCapCheck":168,"file":149,"line":227},642,{"action":229,"nopriv":166,"callback":229,"hasNonce":168,"hasCapCheck":168,"file":149,"line":230},"MTJ_delete_post_special",644,{"action":229,"nopriv":168,"callback":229,"hasNonce":168,"hasCapCheck":168,"file":149,"line":232},645,{"action":234,"nopriv":166,"callback":234,"hasNonce":168,"hasCapCheck":168,"file":149,"line":235},"MTJ_update_special_post",647,{"action":234,"nopriv":168,"callback":234,"hasNonce":168,"hasCapCheck":168,"file":149,"line":237},648,[239],{"namespace":240,"route":241,"methods":242,"callback":244,"permissionCallback":25,"file":149,"line":245},"production\u002Fv1","\u002Fmenu\u002F",[243],"GET","MTJ_api_get_posts",599,[],[],29,{"dangerousFunctions":250,"sqlUsage":251,"outputEscaping":275,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":334},[],{"prepared":252,"raw":110,"locations":253},35,[254,258,262,263,266,268,270,272],{"file":255,"line":256,"context":257},"custom_class\\MTJ_dashboard.class.php",24,"$wpdb->get_var() with variable interpolation",{"file":259,"line":260,"context":261},"custom_class\\MTJ_gestionePlugin.class.php",13,"$wpdb->get_results() with variable interpolation",{"file":259,"line":256,"context":261},{"file":264,"line":265,"context":261},"custom_class\\MTJ_speciali.class.php",15,{"file":149,"line":267,"context":257},657,{"file":149,"line":269,"context":257},669,{"file":149,"line":271,"context":257},682,{"file":149,"line":273,"context":274},698,"$wpdb->query() with variable interpolation",{"escaped":11,"rawEcho":276,"locations":277},31,[278,282,284,285,287,288,290,292,294,296,298,299,300,302,304,306,307,309,311,313,314,316,318,319,321,323,325,327,330,331,333],{"file":279,"line":280,"context":281},"dashboardmenu.php",22,"raw output",{"file":279,"line":283,"context":281},38,{"file":279,"line":283,"context":281},{"file":279,"line":286,"context":281},39,{"file":279,"line":286,"context":281},{"file":279,"line":289,"context":281},41,{"file":279,"line":291,"context":281},43,{"file":279,"line":293,"context":281},44,{"file":295,"line":289,"context":281},"gestionePlugin.php",{"file":295,"line":297,"context":281},42,{"file":295,"line":291,"context":281},{"file":295,"line":291,"context":281},{"file":295,"line":301,"context":281},90,{"file":295,"line":303,"context":281},95,{"file":295,"line":305,"context":281},97,{"file":295,"line":51,"context":281},{"file":295,"line":308,"context":281},104,{"file":295,"line":310,"context":281},105,{"file":295,"line":312,"context":281},230,{"file":295,"line":312,"context":281},{"file":295,"line":315,"context":281},231,{"file":295,"line":317,"context":281},232,{"file":295,"line":317,"context":281},{"file":149,"line":320,"context":281},130,{"file":149,"line":322,"context":281},135,{"file":149,"line":324,"context":281},424,{"file":149,"line":326,"context":281},528,{"file":328,"line":329,"context":281},"speciali.php",34,{"file":328,"line":252,"context":281},{"file":328,"line":332,"context":281},36,{"file":328,"line":332,"context":281},[335,338],{"name":336,"version":25,"knownCves":337},"DataTables",[],{"name":339,"version":25,"knownCves":340},"Select2",[],[342,372,383,398,410,422,434],{"entryPoint":343,"graph":344,"unsanitizedCount":52,"severity":371},"MTJ_add_post_menu (MenuThroughJSON.php:219)",{"nodes":345,"edges":367},[346,351,357,360,364],{"id":347,"type":348,"label":349,"file":149,"line":350},"n0","source","$_POST",239,{"id":352,"type":353,"label":354,"file":149,"line":355,"wp_function":356},"n1","sink","get_results() [SQLi]",248,"get_results",{"id":358,"type":348,"label":349,"file":149,"line":359},"n2",267,{"id":361,"type":362,"label":363,"file":149,"line":359},"n3","transform","→ getPostNameById()",{"id":365,"type":353,"label":354,"file":259,"line":366,"wp_function":356},"n4",40,[368,369,370],{"from":347,"to":352,"sanitized":168},{"from":358,"to":361,"sanitized":168},{"from":361,"to":365,"sanitized":168},"high",{"entryPoint":373,"graph":374,"unsanitizedCount":52,"severity":371},"MTJ_add_menu_item (MenuThroughJSON.php:281)",{"nodes":375,"edges":381},[376,379],{"id":347,"type":348,"label":377,"file":149,"line":378},"$_POST (x2)",289,{"id":352,"type":353,"label":354,"file":149,"line":380,"wp_function":356},292,[382],{"from":347,"to":352,"sanitized":168},{"entryPoint":384,"graph":385,"unsanitizedCount":29,"severity":371},"MTJ_delete_item (MenuThroughJSON.php:360)",{"nodes":386,"edges":395},[387,389,391],{"id":347,"type":348,"label":349,"file":149,"line":388},374,{"id":352,"type":362,"label":390,"file":149,"line":388},"→ CountItemForMenu()",{"id":358,"type":353,"label":392,"file":255,"line":393,"wp_function":394},"get_var() [SQLi]",16,"get_var",[396,397],{"from":347,"to":352,"sanitized":168},{"from":352,"to":358,"sanitized":168},{"entryPoint":399,"graph":400,"unsanitizedCount":29,"severity":371},"MTJ_delete_post (MenuThroughJSON.php:430)",{"nodes":401,"edges":407},[402,404,406],{"id":347,"type":348,"label":349,"file":149,"line":403},455,{"id":352,"type":362,"label":405,"file":149,"line":403},"→ getDescribeRelation()",{"id":358,"type":353,"label":354,"file":255,"line":30,"wp_function":356},[408,409],{"from":347,"to":352,"sanitized":168},{"from":352,"to":358,"sanitized":168},{"entryPoint":411,"graph":412,"unsanitizedCount":29,"severity":371},"MTJ_add_post_special (MenuThroughJSON.php:538)",{"nodes":413,"edges":419},[414,416,418],{"id":347,"type":348,"label":349,"file":149,"line":415},551,{"id":352,"type":362,"label":417,"file":149,"line":415},"→ isSpecialLinkExistbyValue()",{"id":358,"type":353,"label":392,"file":264,"line":30,"wp_function":394},[420,421],{"from":347,"to":352,"sanitized":168},{"from":352,"to":358,"sanitized":168},{"entryPoint":423,"graph":424,"unsanitizedCount":29,"severity":371},"MTJ_delete_post_special (MenuThroughJSON.php:572)",{"nodes":425,"edges":431},[426,428,430],{"id":347,"type":348,"label":349,"file":149,"line":427},584,{"id":352,"type":362,"label":429,"file":149,"line":427},"→ isSpecialLinkExistbyID()",{"id":358,"type":353,"label":392,"file":264,"line":332,"wp_function":394},[432,433],{"from":347,"to":352,"sanitized":168},{"from":352,"to":358,"sanitized":168},{"entryPoint":435,"graph":436,"unsanitizedCount":110,"severity":371},"\u003CMenuThroughJSON> (MenuThroughJSON.php:0)",{"nodes":437,"edges":468},[438,440,441,442,443,444,446,448,450,452,454,456,458,460,462,464,466],{"id":347,"type":348,"label":439,"file":149,"line":350},"$_POST (x3)",{"id":352,"type":353,"label":354,"file":149,"line":355,"wp_function":356},{"id":358,"type":348,"label":349,"file":149,"line":359},{"id":361,"type":362,"label":363,"file":149,"line":359},{"id":365,"type":353,"label":354,"file":259,"line":366,"wp_function":356},{"id":445,"type":348,"label":349,"file":149,"line":388},"n5",{"id":447,"type":362,"label":390,"file":149,"line":388},"n6",{"id":449,"type":353,"label":392,"file":255,"line":393,"wp_function":394},"n7",{"id":451,"type":348,"label":349,"file":149,"line":403},"n8",{"id":453,"type":362,"label":405,"file":149,"line":403},"n9",{"id":455,"type":353,"label":354,"file":255,"line":30,"wp_function":356},"n10",{"id":457,"type":348,"label":349,"file":149,"line":415},"n11",{"id":459,"type":362,"label":417,"file":149,"line":415},"n12",{"id":461,"type":353,"label":392,"file":264,"line":30,"wp_function":394},"n13",{"id":463,"type":348,"label":349,"file":149,"line":427},"n14",{"id":465,"type":362,"label":429,"file":149,"line":427},"n15",{"id":467,"type":353,"label":392,"file":264,"line":332,"wp_function":394},"n16",[469,470,471,472,473,474,475,476,477,478,479],{"from":347,"to":352,"sanitized":168},{"from":358,"to":361,"sanitized":168},{"from":361,"to":365,"sanitized":168},{"from":445,"to":447,"sanitized":168},{"from":447,"to":449,"sanitized":168},{"from":451,"to":453,"sanitized":168},{"from":453,"to":455,"sanitized":168},{"from":457,"to":459,"sanitized":168},{"from":459,"to":461,"sanitized":168},{"from":463,"to":465,"sanitized":168},{"from":465,"to":467,"sanitized":168},{"summary":481,"deductions":482},"The \"menuthroughjson\" v1.1 plugin presents a significant security risk due to a substantial number of unprotected entry points. The static analysis reveals 29 total entry points, all of which lack authentication or capability checks. This means any unauthenticated user could potentially interact with these functions, opening the door to various attacks.  The taint analysis is particularly concerning, with all 7 analyzed flows exhibiting unsanitized paths and classified as high severity. This indicates a high likelihood of code injection or other critical vulnerabilities stemming from user-supplied data not being properly validated or sanitized before being used in potentially dangerous operations.  The plugin's vulnerability history is clean, with no recorded CVEs. While this might suggest a lack of past exploitation, it doesn't mitigate the current risks identified in the static and taint analysis. The absence of known vulnerabilities could be attributed to the plugin's niche usage or simply a lack of past in-depth security scrutiny.  In conclusion, despite the lack of historical vulnerabilities, the \"menuthroughjson\" v1.1 plugin has a very poor security posture. The high number of unprotected entry points combined with critical taint flows represent immediate and severe security concerns that require urgent attention.",[483,486,489,491,493,495,497,499],{"reason":484,"points":485},"28 AJAX handlers without auth checks",10,{"reason":487,"points":488},"1 REST API route without permission callback",5,{"reason":490,"points":130},"7 Taint flows with unsanitized paths (High)",{"reason":492,"points":89},"0% Output escaping",{"reason":494,"points":110},"0 Nonce checks",{"reason":496,"points":110},"0 Capability checks",{"reason":498,"points":43},"Bundled DataTables library (potential for outdated version)",{"reason":500,"points":43},"Bundled Select2 library (potential for outdated version)","2026-03-17T05:47:07.435Z",{"wat":503,"direct":533},{"assetPaths":504,"generatorPatterns":530,"scriptPaths":531,"versionParams":532},[505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529],"\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fdatatables.net\u002Fjs\u002Fjquery.dataTables.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fdatatables.net-bs\u002Fjs\u002FdataTables.bootstrap.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fbootstrap\u002Fdist\u002Fjs\u002Fbootstrap.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fbootstrap\u002Fdist\u002Fjs\u002Fbootstrap-notify.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fadminlte.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fselect2\u002Fdist\u002Fjs\u002Fselect2.full.min.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fbootstrap-toggle-master\u002Fjs\u002Fbootstrap-toggle.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fbootstrap\u002Fdist\u002Fcss\u002Fbootstrap.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002FAdminLTE.min.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fdatatables.net-bs\u002Fcss\u002FdataTables.bootstrap.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fselect2\u002Fdist\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fanimate.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002Fbootstrap-toggle-master\u002Fcss\u002Fbootstrap-toggle.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fassets\u002FIonicons\u002Fcss\u002Fionicons.min.css","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FupdateOrderMenu.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FaddMenuItem.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FchangeStateItem.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FdeleteItem.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FmodifyNameMenu.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FaddPostItem.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FdeletePost.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FmodifyNamePost.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002Fadd_special_item.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002Fdelete_special_post.js","\u002Fwp-content\u002Fplugins\u002Fmenuthroughjson\u002Fjs\u002Fscript\u002FModifyNameSpecialPost.js",[],[],[],{"cssClasses":534,"htmlComments":535,"htmlAttributes":536,"restEndpoints":537,"jsGlobals":539,"shortcodeOutput":549},[],[],[],[538],"\u002Fwp-json\u002FMTJ_api_get_posts",[540,541,542,543,544,545,546,547,548,548],"MTJ","the_ajax_script","script_add_item","script_change_state_item","script_delete_item","script_modify_item","script_add_post_item","script_delete_Post","script_modify_Name_Post",[]]