[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fx3yGCyzT1CrfCNwiLG7K4D9vuL2AeahKdHB69Aac-Ig":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":166},"mos-speed-up","Mos Speed up","1.0.2","Md. Mostak Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fmostakshahid\u002F","\u003Cp>This plugin will remove query strings from static resources like CSS & JS files inside the HTML  element and defer parsing of JavaScript to improve your speed scores in services like Pingdom, GTmetrix, PageSpeed and YSlow.\u003C\u002Fp>\n\u003Cp>You can enable disable remove query strings from static resources and defer parsing of JavaScript from the option panel of this plugin which is called “Mos Speed up” you can find under “Settings”. If you not like to defer some javascript you can add them to “Except” list.\u003C\u002Fp>\n\u003Ch4>PLUGIN KEY FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Remove query strings from static resources like CSS & JS files\u003C\u002Fli>\n\u003Cli>Defer parsing of JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOOKING FOR WORDPRESS SPEED OPTIMIZATION?\u003C\u002Fh4>\n\u003Cp>Want to speed up your WordPress site, get better rankings in Google, improve your conversions and bring more visitors to your website? Then check out \u003Ca href=\"http:\u002F\u002Fmostak.belocal.today\u002F\" rel=\"nofollow ugc\">My Website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>DISCLAIMER\u003C\u002Fh4>\n\u003Cp>This plugin will ONLY remove query strings from resources located inside the HTML  element, any query strings located inside the HTML “body” element shall and will not be removed by this plugin.\u003C\u002Fp>\n","Increases the speed of your site to improve your scores in Pingdom, GTmetrix, PageSpeed and YSlow. .",10,1732,0,"","6.8.5","4.0","5.6",[19,20,21,22],"gtmetrix-rating-up","pingdom-rating-up","wordpress-site-speed-up","wp-speed-up","http:\u002F\u002Fmostak.belocal.today\u002Fplugins\u002Fmos-speed-up\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmos-speed-up.1.0.0.zip",100,null,"2026-03-15T14:44:11.924Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"mostakshahid",4,50,30,94,"2026-04-04T21:02:52.385Z",[],{"attackSurface":38,"codeSignals":94,"taintFlows":118,"riskAssessment":155,"analyzedAt":165},{"hooks":39,"ajaxHandlers":76,"restRoutes":91,"shortcodes":92,"cronEvents":93,"entryPointCount":31,"unprotectedCount":31},[40,46,50,56,61,64,69,73],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_enqueue_scripts","mos_speed_up_admin_enqueue_scripts","mos-speed-up-functions.php",17,{"type":41,"name":47,"callback":48,"file":44,"line":49},"wp_enqueue_scripts","mos_speed_up_enqueue_scripts",26,{"type":51,"name":52,"callback":53,"priority":54,"file":44,"line":55},"filter","clean_url","mos_speed_up_defer_parsing_of_js",11,43,{"type":51,"name":57,"callback":58,"priority":59,"file":44,"line":60},"script_loader_src","mos_speed_up_remove_script",15,69,{"type":51,"name":62,"callback":58,"priority":59,"file":44,"line":63},"style_loader_src",70,{"type":41,"name":65,"callback":66,"file":67,"line":68},"admin_init","mos_speed_up_settings_init","mos-speed-up-settings.php",45,{"type":41,"name":70,"callback":71,"file":67,"line":72},"admin_menu","mos_speed_up_options_page",204,{"type":41,"name":65,"callback":74,"file":75,"line":33},"mos_speed_up_redirect","mos-speed-up.php",[77,82,85,89],{"action":78,"nopriv":79,"callback":80,"hasNonce":79,"hasCapCheck":79,"file":44,"line":81},"get_width",false,"my_wp_ajax_noob_get_width_cb",74,{"action":78,"nopriv":83,"callback":80,"hasNonce":79,"hasCapCheck":79,"file":44,"line":84},true,75,{"action":86,"nopriv":79,"callback":87,"hasNonce":79,"hasCapCheck":79,"file":44,"line":88},"get_height","my_wp_ajax_noob_get_height_cb",84,{"action":86,"nopriv":83,"callback":87,"hasNonce":79,"hasCapCheck":79,"file":44,"line":90},85,[],[],[],{"dangerousFunctions":95,"sqlUsage":96,"outputEscaping":98,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":116,"bundledLibraries":117},[],{"prepared":13,"raw":13,"locations":97},[],{"escaped":99,"rawEcho":100,"locations":101},60,8,[102,105,107,109,110,112,113,115],{"file":44,"line":103,"context":104},81,"raw output",{"file":44,"line":106,"context":104},91,{"file":67,"line":108,"context":104},87,{"file":67,"line":108,"context":104},{"file":67,"line":111,"context":104},111,{"file":67,"line":111,"context":104},{"file":67,"line":114,"context":104},157,{"file":67,"line":114,"context":104},1,[],[119,136,144],{"entryPoint":120,"graph":121,"unsanitizedCount":116,"severity":135},"my_wp_ajax_noob_get_width_cb (mos-speed-up-functions.php:76)",{"nodes":122,"edges":133},[123,128],{"id":124,"type":125,"label":126,"file":44,"line":127},"n0","source","$_POST",77,{"id":129,"type":130,"label":131,"file":44,"line":103,"wp_function":132},"n1","sink","echo() [XSS]","echo",[134],{"from":124,"to":129,"sanitized":79},"medium",{"entryPoint":137,"graph":138,"unsanitizedCount":116,"severity":135},"my_wp_ajax_noob_get_height_cb (mos-speed-up-functions.php:86)",{"nodes":139,"edges":142},[140,141],{"id":124,"type":125,"label":126,"file":44,"line":108},{"id":129,"type":130,"label":131,"file":44,"line":106,"wp_function":132},[143],{"from":124,"to":129,"sanitized":79},{"entryPoint":145,"graph":146,"unsanitizedCount":153,"severity":154},"\u003Cmos-speed-up-functions> (mos-speed-up-functions.php:0)",{"nodes":147,"edges":151},[148,150],{"id":124,"type":125,"label":149,"file":44,"line":127},"$_POST (x2)",{"id":129,"type":130,"label":131,"file":44,"line":103,"wp_function":132},[152],{"from":124,"to":129,"sanitized":79},2,"low",{"summary":156,"deductions":157},"The mos-speed-up v1.0.2 plugin exhibits a concerning security posture, primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas such as SQL query sanitization and output escaping, the presence of four AJAX handlers without authentication checks represents a significant attack surface. This could allow unauthenticated users to trigger potentially sensitive actions within the plugin, leading to unintended consequences or enabling further exploitation. The taint analysis did not reveal any critical or high-severity vulnerabilities, and there is no known vulnerability history, which is a positive sign. However, the absence of vulnerabilities does not negate the risks posed by the unprotected entry points. The plugin's strengths lie in its secure handling of database queries and output, but these are overshadowed by the critical weakness of exposed AJAX functionality.",[158,160,162],{"reason":159,"points":11},"Unprotected AJAX handlers",{"reason":161,"points":11},"No nonce checks on AJAX handlers",{"reason":163,"points":164},"Flows with unsanitized paths found",5,"2026-03-16T23:33:16.078Z",{"wat":167,"direct":180},{"assetPaths":168,"generatorPatterns":173,"scriptPaths":174,"versionParams":175},[169,170,171,172],"\u002Fwp-content\u002Fplugins\u002Fmos-speed-up\u002Fcss\u002Fmos-speed-up-admin.css","\u002Fwp-content\u002Fplugins\u002Fmos-speed-up\u002Fjs\u002Fmos-speed-up-functions.js","\u002Fwp-content\u002Fplugins\u002Fmos-speed-up\u002Fjs\u002Fmos-speed-up-admin.js","\u002Fwp-content\u002Fplugins\u002Fmos-speed-up\u002Fjs\u002Fmos-speed-ajax.js",[],[170,171,172],[176,177,178,179],"mos-speed-up\u002Fcss\u002Fmos-speed-up-admin.css?ver=","mos-speed-up\u002Fjs\u002Fmos-speed-up-functions.js?ver=","mos-speed-up\u002Fjs\u002Fmos-speed-up-admin.js?ver=","mos-speed-up\u002Fjs\u002Fmos-speed-ajax.js?ver=",{"cssClasses":181,"htmlComments":182,"htmlAttributes":183,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":187},[],[],[],[],[186],"window.speed_ajax_url",[]]