[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fO6vJdQLmmb4f-lWuwxkVbIWmcPTy9eoCEjT7bSm6_kw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":123},"microid","MicroID","1.1","Will Norris","https:\u002F\u002Fprofiles.wordpress.org\u002Fwillnorris\u002F","\u003Cp>“MicroID enables anyone to claim verifiable ownership over content hosted\u003Cbr \u002F>\nanywhere on the web” (\u003Ca href=\"http:\u002F\u002Fmicroid.org\u002F\" rel=\"nofollow ugc\">microid.org\u003C\u002Fa>).  This plugin makes that easier by\u003Cbr \u002F>\ngenerating MicroIDs for you based on an identifier WordPress already has, or by\u003Cbr \u002F>\nan additional identifier you provide.\u003C\u002Fp>\n\u003Cp>Partially inspired by other MicroID plugins by \u003Ca href=\"http:\u002F\u002Fwww.richardkmiller.com\u002Fwp-microid\" rel=\"nofollow ugc\">Richard Miller\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Feran.sandler.co.il\u002Fmicroid-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Eran Sandler\u003C\u002Fa>.\u003C\u002Fp>\n","Add MicroIDs to your blog to enable ownership claims with third-parties.",10,2595,0,"2010-04-25T02:55:00.000Z","2.6.1","1.5","",[4],"http:\u002F\u002Fwillnorris.com\u002Fprojects\u002Fwp-microid","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmicroid.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"willnorris",5,10630,94,2,96,"2026-04-04T20:28:21.289Z",[],{"attackSurface":35,"codeSignals":59,"taintFlows":82,"riskAssessment":110,"analyzedAt":122},{"hooks":36,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":58,"entryPointCount":13,"unprotectedCount":13},[37,43,47,51],{"type":38,"name":39,"callback":40,"priority":27,"file":41,"line":42},"action","wp_head","insert_meta_tags","microid.php",14,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_menu","menu",15,{"type":38,"name":48,"callback":49,"file":41,"line":50},"the_content","add_microid_on_post",18,{"type":38,"name":52,"callback":53,"file":41,"line":54},"comment_text","add_microid_on_comment",22,[],[],[],[],{"dangerousFunctions":60,"sqlUsage":61,"outputEscaping":63,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":81},[],{"prepared":13,"raw":13,"locations":62},[],{"escaped":13,"rawEcho":64,"locations":65},7,[66,69,71,73,75,77,79],{"file":41,"line":67,"context":68},39,"raw output",{"file":41,"line":70,"context":68},50,{"file":41,"line":72,"context":68},149,{"file":41,"line":74,"context":68},152,{"file":41,"line":76,"context":68},155,{"file":41,"line":78,"context":68},168,{"file":41,"line":80,"context":68},186,[],[83,101],{"entryPoint":84,"graph":85,"unsanitizedCount":99,"severity":100},"manage (microid.php:95)",{"nodes":86,"edges":96},[87,91],{"id":88,"type":89,"label":90,"file":41,"line":74},"n0","source","$_REQUEST['page'] (x3)",{"id":92,"type":93,"label":94,"file":41,"line":74,"wp_function":95},"n1","sink","echo() [XSS]","echo",[97],{"from":88,"to":92,"sanitized":98},false,3,"medium",{"entryPoint":102,"graph":103,"unsanitizedCount":99,"severity":109},"\u003Cmicroid> (microid.php:0)",{"nodes":104,"edges":107},[105,106],{"id":88,"type":89,"label":90,"file":41,"line":74},{"id":92,"type":93,"label":94,"file":41,"line":74,"wp_function":95},[108],{"from":88,"to":92,"sanitized":98},"low",{"summary":111,"deductions":112},"The \"microid\" v1.1 plugin exhibits a mixed security posture.  On the positive side, the static analysis shows no registered AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a very small attack surface. Furthermore, there are no detected dangerous functions, file operations, external HTTP requests, or bundled libraries. The plugin also boasts 100% SQL query preparedness. However, significant concerns arise from the lack of output escaping. With 7 total outputs, none are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data could be rendered directly into the page without sanitization. The taint analysis revealed 2 flows with unsanitized paths, which, while not flagged as critical or high severity, warrant attention as they represent potential avenues for data manipulation or execution if these paths involve user-controlled input. The complete absence of vulnerability history and known CVEs is a positive sign, suggesting a lack of past exploitable flaws, but this can also be a byproduct of the plugin's limited functionality and potentially low usage.",[113,116,118,120],{"reason":114,"points":115},"Output escaping is completely missing",8,{"reason":117,"points":27},"Taint analysis shows unsanitized paths",{"reason":119,"points":27},"No nonce checks found",{"reason":121,"points":27},"No capability checks found","2026-03-17T01:17:07.509Z",{"wat":124,"direct":129},{"assetPaths":125,"generatorPatterns":126,"scriptPaths":127,"versionParams":128},[],[],[],[],{"cssClasses":130,"htmlComments":132,"htmlAttributes":133,"restEndpoints":134,"jsGlobals":135,"shortcodeOutput":136},[131],"microid-sha1",[],[],[],[],[]]