[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flEeod7l09PwHGr22_evf7k6Mi5Mrd_ce12ujTd6mUdU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":74,"fingerprints":177},"ms-slots","MS Slots","1.0","","https:\u002F\u002Fprofiles.wordpress.org\u002Fshahidmau\u002F","\u003Cp>Plugin to display HTML\u002FJavascripts\u002FText anywhere in your theme in a very easy way. You can also display your contents randomly.\u003Cbr \u002F>\nYou can use MS Slots Plugin for google adsense or other ads, static banners, random banners etc\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>you can add a single slot anywhere in your template, e.g.\u003Cbr \u002F>\n\u003C?php if(function_exists(\"ms_slots\")){ echo ms_slots(\"1\"); } ?>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>you can also add random slots, e.g.\u003Cbr \u002F>\n\u003C?php if(function_exists(\"ms_random_slots\")){ echo ms_random_slots(); } ?>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>to exclude slots, use\u003Cbr \u002F>\n\u003C?php if(function_exists(\"ms_random_slots\")){ echo ms_random_slots(\"1,2\"); } ?>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>for any help\u002Fsuggestion\u002Fcomplain, please write me at mshahid85@gmail.com\u003Cbr \u002F>\nor visit http:\u002F\u002Fshahidmau.blogspot.com\u003C\u002Fp>\n","Plugin to display HTML\u002FJavascripts\u002FText anywhere in your theme in a very easy way. You can also display your contents randomly.",10,6354,0,"2009-09-13T09:55:00.000Z","2.8.4","2.0.2",[18,19,20,21,22],"auto-ms-plugins","wordpress-adsense","wordpress-contents","wordpress-hooks","wordpress-slots","http:\u002F\u002Fshahidmau.blogspot.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fms-slots.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":30,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"shahidmau",1,30,84,"2026-04-05T02:02:24.717Z",[36,56],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":7,"tags":51,"homepage":7,"download_link":55,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-hooks-finder","WP Hooks Finder","1.3.3","Muhammad Rehman","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuhammad-rehman\u002F","\u003Cp>Everything on WordPress depends on the action and filter hooks. And they are the backbone of WordPress. You can enhance or customize any WordPress functionality by using these hooks. If you look at any WordPress page or post, they appear through the combination of action & filter hooks.\u003C\u002Fp>\n\u003Cp>If you want to customize any functionality, whether it comes from a theme or plugin, you can customize it using their action and filter hooks without touching the core files. But sometimes, it is really hard to find what action or filter hooks you have to use to customize the functionality according to the need.\u003C\u002Fp>\n\u003Cp>This plugin will solve your problem and display all the action and filter hooks of any page, post, widget header, footer, or anything appearing on your screen. So you can easily find what action and filter you have to use to add or customize the functionality.\u003C\u002Fp>\n\u003Cp>Once you have installed the plugin, a menu “Hooks Finder” will appear on top of the admin bar. You can view all the action and filter hooks that are running on your WordPress page, including header, footer, widgets, etc.\u003C\u002Fp>\n","Everything on WordPress depends on the action and filter hooks. And they are the backbone of WordPress. You can enhance or customize any WordPress fun …",1000,30106,100,7,"2025-04-19T12:44:00.000Z","6.8.5","4.0",[52,53,21,54],"action","filter","wp-hooks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hooks-finder.1.3.3.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":46,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":7,"tags":69,"homepage":7,"download_link":73,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"bkc-action-hooks","Action Hooks","1.0.0","Dinesh Chouhan","https:\u002F\u002Fprofiles.wordpress.org\u002Fdineshc\u002F","\u003Cp>Action Hooks providing live preview of Adding action hooks from customizer multiple time with Repeater. User can add HTML Markup, JavaScript, CSS if required. This plugin will support with all themes. It will list out all the applicable actions hooks for frontend.\u003C\u002Fp>\n","Action Hooks will helps to add HTML markup on any action from Customizer with Live Preview.",1826,4,"2017-09-11T04:35:00.000Z","4.8.28","3",[70,71,21,72],"action-hooks","theme-hooks","wp-action","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbkc-action-hooks.zip",{"attackSurface":75,"codeSignals":86,"taintFlows":104,"riskAssessment":164,"analyzedAt":176},{"hooks":76,"ajaxHandlers":82,"restRoutes":83,"shortcodes":84,"cronEvents":85,"entryPointCount":13,"unprotectedCount":13},[77],{"type":52,"name":78,"callback":79,"file":80,"line":81},"admin_menu","ms_slot_content","ms-slots.php",65,[],[],[],[],{"dangerousFunctions":87,"sqlUsage":88,"outputEscaping":90,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":103},[],{"prepared":13,"raw":13,"locations":89},[],{"escaped":13,"rawEcho":91,"locations":92},5,[93,96,98,100,101],{"file":80,"line":94,"context":95},77,"raw output",{"file":80,"line":97,"context":95},78,{"file":80,"line":99,"context":95},80,{"file":80,"line":33,"context":95},{"file":80,"line":102,"context":95},89,[],[105,123,136,146],{"entryPoint":106,"graph":107,"unsanitizedCount":121,"severity":122},"ms_slot_content_options (ms-slots.php:71)",{"nodes":108,"edges":118},[109,113],{"id":110,"type":111,"label":112,"file":80,"line":94},"n0","source","$_SERVER['REQUEST_URI'] (x2)",{"id":114,"type":115,"label":116,"file":80,"line":94,"wp_function":117},"n1","sink","echo() [XSS]","echo",[119],{"from":110,"to":114,"sanitized":120},false,2,"medium",{"entryPoint":124,"graph":125,"unsanitizedCount":31,"severity":135},"ms_total_slots (ms-slots.php:13)",{"nodes":126,"edges":133},[127,130],{"id":110,"type":111,"label":128,"file":80,"line":129},"$_REQUEST['ms_total_slots']",17,{"id":114,"type":115,"label":131,"file":80,"line":129,"wp_function":132},"update_option() [Settings Manipulation]","update_option",[134],{"from":110,"to":114,"sanitized":120},"low",{"entryPoint":137,"graph":138,"unsanitizedCount":31,"severity":135},"ms_slot_up (ms-slots.php:20)",{"nodes":139,"edges":144},[140,143],{"id":110,"type":111,"label":141,"file":80,"line":142},"$_REQUEST[$what]",24,{"id":114,"type":115,"label":131,"file":80,"line":142,"wp_function":132},[145],{"from":110,"to":114,"sanitized":120},{"entryPoint":147,"graph":148,"unsanitizedCount":65,"severity":135},"\u003Cms-slots> (ms-slots.php:0)",{"nodes":149,"edges":160},[150,151,152,154,156,158],{"id":110,"type":111,"label":128,"file":80,"line":129},{"id":114,"type":115,"label":131,"file":80,"line":129,"wp_function":132},{"id":153,"type":111,"label":141,"file":80,"line":142},"n2",{"id":155,"type":115,"label":131,"file":80,"line":142,"wp_function":132},"n3",{"id":157,"type":111,"label":112,"file":80,"line":94},"n4",{"id":159,"type":115,"label":116,"file":80,"line":94,"wp_function":117},"n5",[161,162,163],{"from":110,"to":114,"sanitized":120},{"from":153,"to":155,"sanitized":120},{"from":157,"to":159,"sanitized":120},{"summary":165,"deductions":166},"The 'ms-slots' v1.0 plugin exhibits a generally low attack surface based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the number of direct entry points for attackers. Furthermore, the complete lack of recorded vulnerabilities, including CVEs, suggests a history of good security practices or at least no publicly known issues.  However, a critical concern arises from the taint analysis, which reveals four flows with unsanitized paths. While the severity is not explicitly marked as critical or high, unsanitized paths are a precursor to potential vulnerabilities, especially if they interact with sensitive data or lead to file operations or external requests.  The most significant weakness identified is the complete lack of output escaping. With five total outputs, none being properly escaped, this poses a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. The absence of nonce and capability checks on any entry points further exacerbates this risk, as there are no built-in mechanisms to verify user permissions or prevent CSRF attacks. In conclusion, while the plugin has a minimal attack surface and a clean vulnerability history, the critical issues of unsanitized paths and universally unescaped output present significant security risks that require immediate attention.",[167,170,172,174],{"reason":168,"points":169},"Unsanitized paths in taint analysis",8,{"reason":171,"points":47},"No output escaping",{"reason":173,"points":91},"No nonce checks",{"reason":175,"points":91},"No capability checks","2026-03-17T00:23:27.257Z",{"wat":178,"direct":183},{"assetPaths":179,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[],[],[],[],{"cssClasses":184,"htmlComments":186,"htmlAttributes":190,"restEndpoints":193,"jsGlobals":194,"shortcodeOutput":195},[185],"wrap",[187,188,189]," starting of ms_slot"," ending of ms_slot","remarks : ",[191,192],"name=\"ms_slot","name=\"ms_slot_remarks",[],[],[196,197],"\u003Ctextarea name=\"ms_slot","\u003Cinput name=\"ms_slot_remarks"]