[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhKloN-TzJa17SLj4nr6NFNv_2aKl5ka-lbGd0lGsOXg":3,"$f9U_2IO2DX4Aixecp7K7h_RMeatAZ7UTR0RAkzzRqQTk":242,"$fCjHxkc2F59sI7cbEVwGlsvJYOsDxW7lvxeoHOUtmJho":246},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":76,"fingerprints":183},"mynewsdesk","Mynewsdesk","1.5","mansoormunib","https:\u002F\u002Fprofiles.wordpress.org\u002Fmansoormunib\u002F","\u003Cp>WordPress Mynewsdesk or wpMynewsdesk is a wordpress plugin to integrate Mynewsdesk pressreleases and news in your WordPress site very easily. You just need to get unique key from Mynewsdesk and enter it on setting page of Mynewsdesk and everything will be configured automatically.\u003C\u002Fp>\n\u003Cp>This is not built by Mynewsdesk and Mynewsdesk does not support it.\u003C\u002Fp>\n","Mynewsdesk (Its wordpress pluign to get connected to mynewsdesk.com site and embedd press releases in your site)",20,3027,100,2,"2016-06-30T12:43:00.000Z","4.1.42","3.0.1","",[20,4,21,22,23],"my-news-desk","press-releases","wordpress-mynewsdesk","wpmynewsdesk","http:\u002F\u002Fwww.dinwebb.nu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmynewsdesk.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},3,60,30,84,"2026-05-20T08:24:24.899Z",[39,56],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":34,"downloaded":47,"rating":27,"num_ratings":27,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":18,"download_link":55,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"press-news-events","Press, News, Events","1.1","mattdeclaire","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattdeclaire\u002F","\u003Cp>This plugin creates custom post types for Press Releases, Events and New Stories, three things a standard PR site needs.\u003C\u002Fp>\n","Create custom post types for press releases, references to external news stories, and events.",9827,"2012-12-04T01:38:00.000Z","3.3.2","3.3.1",[52,53,54,21],"custom-post-type","events","news","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-news-events.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":66,"last_updated":67,"tested_up_to":18,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":18,"download_link":73,"security_score":74,"vuln_count":66,"unpatched_count":66,"last_vuln_date":75,"fetched_at":29},"append-content","Append Content","2.1.1","Andy Stratton","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheandystratton\u002F","\u003Cp>Ever wanted to add a snippet of text below the content of your posts\u002Fpages?\u003C\u002Fp>\n\u003Cp>Maybe you re-purpose blog posts as press releases and need a standard EOE statement. Maybe you just want to be able to drop a sales pitch or call to action at the end of all your blog posts.\u003C\u002Fp>\n\u003Cp>Now you can. Choose to append your snippet to just posts, just pages, or all. You can also turn off the feature on your blog post listings on your home page or your front (content) page.\u003C\u002Fp>\n","Ever wanted to add a snippet of text below the content of your posts\u002Fpages?",40,5893,1,"2023-07-31T18:09:00.000Z","5.3","7.4",[71,72,21],"content","copyright","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappend-content.zip",64,"2025-04-01 00:00:00",{"attackSurface":77,"codeSignals":109,"taintFlows":138,"riskAssessment":165,"analyzedAt":182},{"hooks":78,"ajaxHandlers":93,"restRoutes":103,"shortcodes":104,"cronEvents":108,"entryPointCount":33,"unprotectedCount":14},[79,85,89],{"type":80,"name":81,"callback":82,"file":83,"line":84},"action","admin_init","register","settings.php",31,{"type":80,"name":86,"callback":87,"file":83,"line":88},"admin_menu","menu",32,{"type":80,"name":90,"callback":91,"file":92,"line":88},"wp_enqueue_scripts","mnd_script","wpMyNewsDesk.php",[94,100],{"action":95,"nopriv":96,"callback":97,"hasNonce":96,"hasCapCheck":96,"file":98,"line":99},"mnd_news",false,"get_mnd_ajax","shortcode.php",27,{"action":95,"nopriv":101,"callback":97,"hasNonce":96,"hasCapCheck":96,"file":98,"line":102},true,28,[],[105],{"tag":4,"callback":106,"file":98,"line":107},"get_mynewsdesk",26,[],{"dangerousFunctions":110,"sqlUsage":111,"outputEscaping":113,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":66,"bundledLibraries":137},[],{"prepared":27,"raw":27,"locations":112},[],{"escaped":27,"rawEcho":114,"locations":115},14,[116,120,121,123,125,126,127,128,129,130,132,133,134,135],{"file":117,"line":118,"context":119},"options.php",4,"raw output",{"file":117,"line":118,"context":119},{"file":117,"line":122,"context":119},12,{"file":117,"line":124,"context":119},18,{"file":117,"line":88,"context":119},{"file":117,"line":88,"context":119},{"file":117,"line":88,"context":119},{"file":117,"line":88,"context":119},{"file":117,"line":88,"context":119},{"file":117,"line":131,"context":119},50,{"file":117,"line":131,"context":119},{"file":117,"line":131,"context":119},{"file":117,"line":131,"context":119},{"file":98,"line":136,"context":119},170,[],[139,156],{"entryPoint":140,"graph":141,"unsanitizedCount":66,"severity":155},"get_mnd_ajax (shortcode.php:32)",{"nodes":142,"edges":153},[143,148],{"id":144,"type":145,"label":146,"file":98,"line":147},"n0","source","$_REQUEST",45,{"id":149,"type":150,"label":151,"file":98,"line":136,"wp_function":152},"n1","sink","echo() [XSS]","echo",[154],{"from":144,"to":149,"sanitized":96},"medium",{"entryPoint":157,"graph":158,"unsanitizedCount":66,"severity":164},"\u003Cshortcode> (shortcode.php:0)",{"nodes":159,"edges":162},[160,161],{"id":144,"type":145,"label":146,"file":98,"line":147},{"id":149,"type":150,"label":151,"file":98,"line":136,"wp_function":152},[163],{"from":144,"to":149,"sanitized":96},"low",{"summary":166,"deductions":167},"The mynewsdesk plugin v1.5 presents a mixed security posture. On the positive side, it demonstrates good practices by not having any known CVEs, not utilizing dangerous functions, and employing prepared statements for all SQL queries. This suggests a level of diligence in handling sensitive database operations. However, significant concerns arise from the attack surface analysis. Two AJAX handlers are exposed without any authentication checks, creating a direct entry point for potential attackers to interact with the plugin's backend logic without proper authorization. Furthermore, the code analysis reveals a critical weakness: 100% of outputs are not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress environment. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, which, combined with the unescaped output, further amplifies the XSS risk.\n\nThe lack of recorded CVEs is a strength, implying that the plugin has historically been relatively secure or that vulnerabilities, if present, have been promptly addressed or are not publicly known. However, this history does not negate the immediate risks identified in the current static analysis. The absence of nonce checks and capability checks on the unprotected AJAX endpoints are major security oversights. The plugin's strengths lie in its database interaction security, but its weaknesses in input validation and output sanitization, coupled with an exposed AJAX attack surface, pose significant risks that require immediate attention. A balanced conclusion is that while the plugin avoids some common pitfalls, the identified vulnerabilities could be exploited to compromise user sessions or inject malicious content.",[168,171,174,177,180],{"reason":169,"points":170},"AJAX handlers without authentication checks",10,{"reason":172,"points":173},"100% of outputs not properly escaped",8,{"reason":175,"points":176},"Unsanitized paths in taint flows",6,{"reason":178,"points":179},"Nonce checks missing on AJAX handlers",7,{"reason":181,"points":179},"Capability checks missing on AJAX handlers","2026-04-16T11:26:56.306Z",{"wat":184,"direct":193},{"assetPaths":185,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[186,187],"\u002Fwp-content\u002Fplugins\u002Fmynewsdesk\u002Fcss\u002FmndStyle.css","\u002Fwp-content\u002Fplugins\u002Fmynewsdesk\u002Fjs\u002FmndScript.js",[],[187],[191,192],"mnd-script?ver=1.0","mnd-style?ver=1.0",{"cssClasses":194,"htmlComments":207,"htmlAttributes":208,"restEndpoints":214,"jsGlobals":216,"shortcodeOutput":218},[195,196,197,198,199,200,201,202,203,204,205,206],"mnd_rows","news_row","loading","label_wrap","news_block_parent","news_block","news_thumb_block","news_thumb_block_inner","mnd-a","news_date","pagination_mnd","page_href",[],[209,210,211,212,213],"id=\"view_id_\"","id=\"media_type_\"","id=\"ajax_response\"","id=\"block_","id=\"k_",[215],"\u002Fwp-json\u002Fadmin-ajax.php",[217],"mndAjax",[219,220,221,222,223,224,225,226,227,228,229,230,231,232,227,233,234,235,236,237,238,239,240,241],"\u003Cdiv id=\"view_id_\"","\u003Cdiv id=\"media_type_\"","\u003Cdiv id=\"ajax_response\"","\u003Cform method=\"get\">","\u003Cdiv class=\"row news_row mnd_rows\">","\u003Cdiv class=\"span12\">\u003Ch1>","\u003Cdiv class=\"news_date\">","\u003Cdiv>","\u003Cimg src=\"","\u003Cdiv class=\"news_block_parent\"","\u003Cdiv id=\"block_\"","\u003Cdiv class=\"news_row news_row_list mnd_rows\">","\u003Cdiv class=\"span3 news_thumb_block\">","\u003Cdiv class=\"news_thumb_block_inner inner\">","\u003Cdiv class=\"span9\">","\u003Cdiv class=\"inner\">","\u003Cdiv class=\"mnd-a\">\u003Ca href=\"?media_type=","&view_id=","\">","\u003C\u002Fa>\u003C\u002Fdiv>","\u003Cdiv class=\"pagination_mnd\">\u003Cul>","\u003Cli>\u003Ca href=\"#\" class=\"page_href\" id=\"k_0\">«\u003C\u002Fa>\u003C\u002Fli>","\u003Cli>\u003Ca href=\"#\" class=\"page_href\" id=\"k_\"",{"error":101,"url":243,"statusCode":244,"statusMessage":245,"message":245},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmynewsdesk\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":247},[]]