[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNamffpSPobo5pwzKtTAllwDaveojTqAsl1TN-PcEX3I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":186},"my-wp-easy-breakingnews","WP Easy BreakingNews","1.1","Sohelwpexpert","https:\u002F\u002Fprofiles.wordpress.org\u002Fsohelwpexpert\u002F","\u003Cp>This plugin will enable WP Easy BreakingNews in your wordpress site. You can use regular wordpress shortcode, just you have to add “easy” before the shortcode. Easy, right?\u003C\u002Fp>\n","This plugin will enable WP Easy BreakingNews in your wordpress site. You can use regular wordpress shortcode, just you have to add \"easy\" before the shortcode. Easy, right?",10,1225,100,1,"2017-02-20T13:07:00.000Z","",[],"http:\u002F\u002Fprowpexpert.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp-easy-breakingnews.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"sohelwpexpert",190,86,50,78,"2026-04-04T18:31:39.181Z",[],{"attackSurface":34,"codeSignals":83,"taintFlows":174,"riskAssessment":175,"analyzedAt":185},{"hooks":35,"ajaxHandlers":62,"restRoutes":63,"shortcodes":64,"cronEvents":81,"entryPointCount":82,"unprotectedCount":21},[36,42,46,50,54,58],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","wp_enqueue_scripts","pro_single_news_plugin_function_test","news-min.php",45,{"type":37,"name":43,"callback":44,"file":40,"line":45},"admin_menu","pro_news_register_my_menu_item",215,{"type":37,"name":47,"callback":48,"file":40,"line":49},"admin_enqueue_scripts","pro_single_news_wptuts_add_color_picker",224,{"type":37,"name":51,"callback":52,"file":40,"line":53},"admin_init","pro_newstickr_register_settings",310,{"type":37,"name":55,"callback":56,"file":40,"line":57},"admin_head","pro_admintab_function_active",331,{"type":37,"name":59,"callback":60,"file":40,"line":61},"wp_head","pro_single_news_active_script_one",652,[],[],[65,69,73,77],{"tag":66,"callback":67,"file":40,"line":68},"breakingnews","pro_single_news_tickr_list_shortcode",87,{"tag":70,"callback":71,"file":40,"line":72},"breakingnews1","pro_single_news_tickr_list_shortcode_one",127,{"tag":74,"callback":75,"file":40,"line":76},"breakingnews2","pro_single_news_tickr_list_shortcode_two",168,{"tag":78,"callback":79,"file":40,"line":80},"breakingnews3","pro_single_news_tickr_list_shortcode_three",209,[],4,{"dangerousFunctions":84,"sqlUsage":85,"outputEscaping":87,"fileOperations":21,"externalRequests":21,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":173},[],{"prepared":21,"raw":21,"locations":86},[],{"escaped":21,"rawEcho":88,"locations":89},43,[90,93,95,97,99,101,102,104,106,107,109,111,113,115,117,118,120,122,124,126,128,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171],{"file":40,"line":91,"context":92},396,"raw output",{"file":40,"line":94,"context":92},402,{"file":40,"line":96,"context":92},409,{"file":40,"line":98,"context":92},416,{"file":40,"line":100,"context":92},417,{"file":40,"line":100,"context":92},{"file":40,"line":103,"context":92},425,{"file":40,"line":105,"context":92},426,{"file":40,"line":105,"context":92},{"file":40,"line":108,"context":92},458,{"file":40,"line":110,"context":92},464,{"file":40,"line":112,"context":92},471,{"file":40,"line":114,"context":92},478,{"file":40,"line":116,"context":92},479,{"file":40,"line":116,"context":92},{"file":40,"line":119,"context":92},508,{"file":40,"line":121,"context":92},514,{"file":40,"line":123,"context":92},521,{"file":40,"line":125,"context":92},528,{"file":40,"line":127,"context":92},529,{"file":40,"line":127,"context":92},{"file":40,"line":130,"context":92},603,{"file":40,"line":132,"context":92},607,{"file":40,"line":134,"context":92},608,{"file":40,"line":136,"context":92},609,{"file":40,"line":138,"context":92},610,{"file":40,"line":140,"context":92},611,{"file":40,"line":142,"context":92},612,{"file":40,"line":144,"context":92},613,{"file":40,"line":146,"context":92},616,{"file":40,"line":148,"context":92},617,{"file":40,"line":150,"context":92},618,{"file":40,"line":152,"context":92},619,{"file":40,"line":154,"context":92},620,{"file":40,"line":156,"context":92},622,{"file":40,"line":158,"context":92},623,{"file":40,"line":160,"context":92},628,{"file":40,"line":162,"context":92},629,{"file":40,"line":164,"context":92},630,{"file":40,"line":166,"context":92},631,{"file":40,"line":168,"context":92},632,{"file":40,"line":170,"context":92},633,{"file":40,"line":172,"context":92},634,[],[],{"summary":176,"deductions":177},"The \"my-wp-easy-breakingnews\" v1.1 plugin exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows no recorded history of known vulnerabilities (CVEs) or dangerous function usage.  It also has no external HTTP requests or file operations, which reduces certain attack vectors. However, a significant concern arises from the lack of any output escaping. With 43 total outputs and 0% properly escaped, this presents a high risk of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, the absence of nonce checks and capability checks across all entry points, including shortcodes, leaves these functionalities susceptible to unauthorized actions or data manipulation if they can be triggered by malicious input. The lack of taint analysis data for flows is also noteworthy, though the absence of specific flows doesn't guarantee safety. The limited attack surface of 4 shortcodes is a positive, but their lack of protection amplifies the risk associated with the unescaped output.",[178,181,183],{"reason":179,"points":180},"0% output escaping",15,{"reason":182,"points":11},"0 nonce checks",{"reason":184,"points":11},"0 capability checks","2026-03-17T01:43:06.298Z",{"wat":187,"direct":199},{"assetPaths":188,"generatorPatterns":196,"scriptPaths":197,"versionParams":198},[189,190,191,192,193,194,195],"\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Fcss\u002FBreakingNews.css","\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Fjs\u002Fdemo.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Fjs\u002FBreakingNews.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Fjs\u002Fflorida-custom.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Fjs\u002Fadmin_tab.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-easy-breakingnews\u002Finc\u002Fcolor-pickr.js",[],[192,193,194,191],[],{"cssClasses":200,"htmlComments":207,"htmlAttributes":208,"restEndpoints":209,"jsGlobals":210,"shortcodeOutput":211},[201,202,203,204,205,206],"BreakingNewsStyle","bn-title","breakingnews_test","bn-arrows","bn-arrows-left","bn-arrows-right",[],[],[],[],[212,213,214,215,216],"\u003Cdiv class=\"BreakingNewsStyle easing","\u003Cul>\u003Cmarquee scrollamount=\"5\">","\u003Cdiv class=\"bn-title\">\u003C\u002Fdiv>","\u003Cli class=\"breakingnews_test\">\u003Ca href=\"","\u003C\u002Ful>\n\t\t\u003Cdiv class=\"bn-arrows\">\u003Cspan class=\"bn-arrows-left\">\u003C\u002Fspan>\u003Cspan class=\"bn-arrows-right\">\u003C\u002Fspan>\u003C\u002Fdiv>"]