[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fieYxt3JjONoOr9ZDVOlwMJM2G5mVX-wkx4oGgmrjZU8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":198},"my-wp-ab-testing","My WP A\u002FB Testing","0.1","Jb Audras","https:\u002F\u002Fprofiles.wordpress.org\u002Faudrasjb\u002F","\u003Cp>An easy way to set up A\u002FB Testing Campaigns using Gutenberg blocks, and to get the conversion rates for each variation.\u003C\u002Fp>\n\u003Cp>This plugin allows content managers and marketing teams to create A\u002FB testing campaigns. This plugin works great whether your need to test a simple color change in a single button or if you need to compare conversion rates between complex block patterns… and even between full landing pages!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>My WP A\u002FB Testing\u003C\u002Fstrong> works better when \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freusable-blocks-extended\" rel=\"ugc\">Reusable Block Extended\u003C\u002Fa> is also installed, as it technically uses Reusable Blocks to build your A\u002FB Testing campaigns.\u003C\u002Fp>\n","An easy way to set up A\u002FB Testing Campaigns using Gutenberg blocks, and to get the conversion rates for each variation.",200,3887,94,3,"2025-11-27T08:53:00.000Z","6.8.5","5.3","7.0",[],"https:\u002F\u002Fwhodunit.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp-ab-testing.0.1.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"audrasjb",24,63620,98,661,78,"2026-04-04T04:21:22.332Z",[],{"attackSurface":37,"codeSignals":108,"taintFlows":188,"riskAssessment":189,"analyzedAt":197},{"hooks":38,"ajaxHandlers":91,"restRoutes":100,"shortcodes":101,"cronEvents":106,"entryPointCount":14,"unprotectedCount":107},[39,44,49,55,60,65,69,73,77,81,85,89],{"type":40,"name":41,"callback":42,"file":43,"line":14},"action","rest_api_init","add_meta_abtesting_to_rest_api","gut.php",{"type":40,"name":45,"callback":46,"priority":47,"file":43,"line":48},"enqueue_block_editor_assets","reblexab_block_enqueue",20,62,{"type":40,"name":50,"callback":51,"priority":52,"file":53,"line":54},"pre_get_posts","reblex_reusable_menu_polylang_all_langs",10,"my-wp-abtesting.php",27,{"type":56,"name":57,"callback":58,"file":53,"line":59},"filter","manage_abtesting_posts_columns","reblexab_reusable_screen_add_column",29,{"type":40,"name":61,"callback":62,"priority":63,"file":53,"line":64},"manage_abtesting_posts_custom_column","reblexab_reusable_screen_fill_column",1000,30,{"type":40,"name":66,"callback":67,"file":53,"line":68},"wp_enqueue_scripts","reblexab_enqueue_scripts_public",41,{"type":40,"name":70,"callback":71,"file":53,"line":72},"admin_enqueue_scripts","reblexab_enqueue_scripts_admin",73,{"type":40,"name":74,"callback":75,"file":53,"line":76},"init","reblexab_register_post_type",108,{"type":56,"name":78,"callback":79,"priority":52,"file":53,"line":80},"get_user_option_screen_layout_abtesting","reblexab_cpt_just_one_column",251,{"type":40,"name":82,"callback":83,"file":53,"line":84},"add_meta_boxes","reblexab_add_abtesting_metaboxes",628,{"type":40,"name":86,"callback":87,"file":53,"line":88},"save_post_abtesting","reblexab_save_abtesting_metaboxes",691,{"type":40,"name":86,"callback":87,"priority":52,"file":53,"line":90},694,[92,97],{"action":93,"nopriv":94,"callback":95,"hasNonce":94,"hasCapCheck":94,"file":53,"line":96},"reblexab_stat",false,"reblexab_ajax_update_stat",756,{"action":93,"nopriv":98,"callback":95,"hasNonce":94,"hasCapCheck":94,"file":53,"line":99},true,757,[],[102],{"tag":103,"callback":104,"file":53,"line":105},"my-wp-abtesting","reblexab_shortcode",732,[],2,{"dangerousFunctions":109,"sqlUsage":110,"outputEscaping":112,"fileOperations":23,"externalRequests":23,"nonceChecks":186,"capabilityChecks":186,"bundledLibraries":187},[],{"prepared":23,"raw":23,"locations":111},[],{"escaped":113,"rawEcho":114,"locations":115},66,38,[116,119,121,123,125,127,129,131,133,135,137,139,141,143,144,145,147,149,151,153,154,155,157,159,160,161,163,165,167,169,170,172,174,176,178,180,182,184],{"file":53,"line":117,"context":118},175,"raw output",{"file":53,"line":120,"context":118},176,{"file":53,"line":122,"context":118},182,{"file":53,"line":124,"context":118},191,{"file":53,"line":126,"context":118},202,{"file":53,"line":128,"context":118},203,{"file":53,"line":130,"context":118},209,{"file":53,"line":132,"context":118},218,{"file":53,"line":134,"context":118},231,{"file":53,"line":136,"context":118},239,{"file":53,"line":138,"context":118},327,{"file":53,"line":140,"context":118},357,{"file":53,"line":142,"context":118},366,{"file":53,"line":142,"context":118},{"file":53,"line":142,"context":118},{"file":53,"line":146,"context":118},371,{"file":53,"line":148,"context":118},375,{"file":53,"line":150,"context":118},395,{"file":53,"line":152,"context":118},406,{"file":53,"line":152,"context":118},{"file":53,"line":152,"context":118},{"file":53,"line":156,"context":118},432,{"file":53,"line":158,"context":118},441,{"file":53,"line":158,"context":118},{"file":53,"line":158,"context":118},{"file":53,"line":162,"context":118},446,{"file":53,"line":164,"context":118},450,{"file":53,"line":166,"context":118},470,{"file":53,"line":168,"context":118},481,{"file":53,"line":168,"context":118},{"file":53,"line":171,"context":118},556,{"file":53,"line":173,"context":118},597,{"file":53,"line":175,"context":118},598,{"file":53,"line":177,"context":118},599,{"file":53,"line":179,"context":118},603,{"file":53,"line":181,"context":118},604,{"file":53,"line":183,"context":118},605,{"file":53,"line":185,"context":118},616,1,[],[],{"summary":190,"deductions":191},"The \"my-wp-ab-testing\" plugin v0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having a clean vulnerability history with no recorded CVEs.  The presence of nonce and capability checks, albeit limited, is also a good sign. However, significant concerns arise from the attack surface. With 3 total entry points, 2 of which are unprotected AJAX handlers, there's a substantial risk of unauthorized access and potential manipulation. The output escaping is also a concern, with 37% of outputs not being properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities. The lack of any taint analysis results, while technically indicating no identified flows, might also suggest limited static analysis depth or an insufficient number of flows analyzed to be fully conclusive.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL and dangerous functions, the unprotected AJAX endpoints represent a critical security weakness that could be exploited. The partially unescaped output further exacerbates this risk. The clean vulnerability history is positive but does not negate the immediate risks identified in the code analysis. Addressing the unprotected AJAX handlers and improving output escaping should be immediate priorities.",[192,194],{"reason":193,"points":52},"Unprotected AJAX handlers",{"reason":195,"points":196},"Insufficient output escaping",8,"2026-03-16T20:15:36.257Z",{"wat":199,"direct":212},{"assetPaths":200,"generatorPatterns":205,"scriptPaths":206,"versionParams":207},[201,202,203,204],"\u002Fwp-content\u002Fplugins\u002Fmy-wp-ab-testing\u002Fjs\u002Freblexab-stat.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-ab-testing\u002Fcss\u002Freblexab-admin.css","\u002Fwp-content\u002Fplugins\u002Fmy-wp-ab-testing\u002Fvendor\u002Fchart\u002Fchart.min.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-ab-testing\u002Fjs\u002Freblexab-admin.js",[],[201,203,204],[208,209,210,211],"my-wp-ab-testing\u002Fjs\u002Freblexab-stat.js?ver=","my-wp-ab-testing\u002Fcss\u002Freblexab-admin.css?ver=","my-wp-ab-testing\u002Fvendor\u002Fchart\u002Fchart.min.js?ver=","my-wp-ab-testing\u002Fjs\u002Freblexab-admin.js?ver=",{"cssClasses":213,"htmlComments":215,"htmlAttributes":216,"restEndpoints":219,"jsGlobals":221,"shortcodeOutput":224},[214],"reblexab-admin",[],[217,218],"data-reblexab-block-a-target-selector","data-reblexab-block-b-target-selector",[220],"\u002Fwp-json\u002Fmy-wp-ab-testing\u002F",[222,223],"reblexab_localize","reblexab_ajax_url",[]]