[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fesmT-WdDoVI3kfe83wthW8hxBQ8FXYMd8Rd1diABv2Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":73,"fingerprints":318},"nc-taxonomy-meta","NC Taxonomy Meta","1.0.2","Crispweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrispweb\u002F","\u003Cp>NC Taxonomy Meta allows you to add custom meta fields to your wordpress  taxonomies.This plugin allow you to add text box,select box, textarea, editor, image, radio and checkbox to taxonomies.\u003C\u002Fp>\n\u003Cp>use nc_tax_meta($term_id,’field_id’) to display custom fields\u003C\u002Fp>\n\u003Ch4>Meta types available within the plugin\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Text\u003C\u002Fli>\n\u003Cli>Textarea\u003C\u002Fli>\n\u003Cli>Selectbox\u003C\u002Fli>\n\u003Cli>Radio\u003C\u002Fli>\n\u003Cli>Image\u003C\u002Fli>\n\u003Cli>Editor\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation Guide\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the plugin to the ‘\u002Fwp-content\u002Fplugins\u002F’ directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Follow the setting page link from plugin page.\u003C\u002Fli>\n\u003C\u002Fol>\n","NC Taxonomy Meta allows you to add custom meta fields to your wordpress  taxonomies.",20,1995,80,2,"2016-09-11T12:42:00.000Z","4.6.30","4.0","",[20,21,22,23,24],"custom-fields-for-taxonomy","extra-fields-taxonomy","taxonomy-custom-fields","taxonomy-extra-fields","taxonomy-meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnc-taxonomy-meta.1.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"crispweb",3,100,30,84,"2026-04-05T09:28:28.033Z",[39,56],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":11,"downloaded":47,"rating":34,"num_ratings":14,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":54,"download_link":55,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"taxonomy-metabox","Taxonomy Metabox","1.0.0","David Cramer","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesertsnowman\u002F","\u003Cp>Working with custom post types, you’ll sometimes end up having many taxonomies in the post editor. This plugin takes all the taxonomies and neatly moves them to a single tabbed metabox to take up less space and keep the post editor un cluttered.\u003C\u002Fp>\n","Pull all taxonomies into a unified, tabbed metabox.",2371,"2016-12-10T05:53:00.000Z","4.7.32","3.9",[52,40,53],"taxonomies","taxonomy-organize","http:\u002F\u002Fcramer.co.za","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaxonomy-metabox.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":70,"download_link":71,"security_score":34,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":72},"taxonomy-meta-keywords","Taxonomy Meta Keywords","v1.00","roaway","https:\u002F\u002Fprofiles.wordpress.org\u002Froaway\u002F","\u003Cp>This simple plugin helps you to add meta keywords tag to each page, post, including custom_post_type. It register a new taxonomy for keyword associated with page and post object. You can adding meta keywords under page or post edit page in a way like adding tags,  and also you can manage the keywords in Admin UI.\u003C\u002Fp>\n\u003Cp>This plugin support English, Simplified Chinese and Traditional Chinese.\u003C\u002Fp>\n","This simple plugin helps you to add meta keywords tag to each page, post, including custom_post_type.",10,1384,"3.2.1","2.8",[69],"taxonomy-meta-keyword","http:\u002F\u002Fblog.roaway.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaxonomy-meta-keywords.zip","2026-03-15T10:48:56.248Z",{"attackSurface":74,"codeSignals":106,"taintFlows":186,"riskAssessment":303,"analyzedAt":317},{"hooks":75,"ajaxHandlers":97,"restRoutes":102,"shortcodes":103,"cronEvents":104,"entryPointCount":105,"unprotectedCount":105},[76,82,86,89,93],{"type":77,"name":78,"callback":79,"file":80,"line":81},"action","init","nc_taxonomy_meta_load_textdomain","nc-taxonomy-meta.php",50,{"type":77,"name":83,"callback":84,"file":80,"line":85},"admin_init","nc_taxonomy_meta_fields",51,{"type":77,"name":83,"callback":87,"file":80,"line":88},"nc_taxonomy_check_table_column",52,{"type":77,"name":90,"callback":91,"file":80,"line":92},"admin_enqueue_scripts","nc_taxonomy_meta_admin_scripts",53,{"type":77,"name":94,"callback":95,"file":80,"line":96},"admin_menu","nc_taxonomy_meta_menu",54,[98],{"action":99,"nopriv":100,"callback":99,"hasNonce":100,"hasCapCheck":100,"file":80,"line":101},"nc_taxonomy_meta_image",false,55,[],[],[],1,{"dangerousFunctions":107,"sqlUsage":108,"outputEscaping":137,"fileOperations":27,"externalRequests":27,"nonceChecks":105,"capabilityChecks":27,"bundledLibraries":185},[],{"prepared":27,"raw":109,"locations":110},12,[111,114,116,118,120,123,125,127,129,131,133,136],{"file":80,"line":112,"context":113},156,"$wpdb->query() with variable interpolation",{"file":80,"line":115,"context":113},165,{"file":80,"line":117,"context":113},203,{"file":80,"line":119,"context":113},204,{"file":80,"line":121,"context":122},307,"$wpdb->get_results() with variable interpolation",{"file":80,"line":124,"context":113},311,{"file":80,"line":126,"context":113},320,{"file":80,"line":128,"context":122},339,{"file":80,"line":130,"context":122},412,{"file":80,"line":132,"context":122},609,{"file":134,"line":135,"context":113},"uninstall.php",29,{"file":134,"line":35,"context":113},{"escaped":138,"rawEcho":139,"locations":140},5,22,[141,145,146,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183],{"file":142,"line":143,"context":144},"inc\\nc_taxonomy_meta_settings.php",31,"raw output",{"file":142,"line":143,"context":144},{"file":142,"line":143,"context":144},{"file":142,"line":148,"context":144},34,{"file":142,"line":150,"context":144},35,{"file":142,"line":152,"context":144},37,{"file":142,"line":154,"context":144},45,{"file":142,"line":156,"context":144},89,{"file":142,"line":158,"context":144},101,{"file":142,"line":160,"context":144},109,{"file":80,"line":162,"context":144},836,{"file":80,"line":164,"context":144},837,{"file":80,"line":166,"context":144},838,{"file":80,"line":168,"context":144},840,{"file":80,"line":170,"context":144},1082,{"file":80,"line":172,"context":144},1109,{"file":80,"line":174,"context":144},1115,{"file":80,"line":176,"context":144},1121,{"file":80,"line":178,"context":144},1127,{"file":80,"line":180,"context":144},1133,{"file":80,"line":182,"context":144},1139,{"file":80,"line":184,"context":144},1145,[],[187,204,219,231,273,287],{"entryPoint":188,"graph":189,"unsanitizedCount":105,"severity":203},"nc_taxonomy_meta_image (nc-taxonomy-meta.php:1073)",{"nodes":190,"edges":201},[191,196],{"id":192,"type":193,"label":194,"file":80,"line":195},"n0","source","$_REQUEST",1078,{"id":197,"type":198,"label":199,"file":80,"line":170,"wp_function":200},"n1","sink","echo() [XSS]","echo",[202],{"from":192,"to":197,"sanitized":100},"medium",{"entryPoint":205,"graph":206,"unsanitizedCount":27,"severity":218},"nc_taxonomy_meta_settings (nc-taxonomy-meta.php:177)",{"nodes":207,"edges":215},[208,211],{"id":192,"type":193,"label":209,"file":80,"line":210},"$_GET",184,{"id":197,"type":198,"label":212,"file":80,"line":213,"wp_function":214},"wp_redirect() [Open Redirect]",185,"wp_redirect",[216],{"from":192,"to":197,"sanitized":217},true,"low",{"entryPoint":220,"graph":221,"unsanitizedCount":105,"severity":218},"nc_taxonomy_save_custom_meta (nc-taxonomy-meta.php:580)",{"nodes":222,"edges":229},[223,226],{"id":192,"type":193,"label":224,"file":80,"line":225},"$_POST['nc_taxonomy_meta']",588,{"id":197,"type":198,"label":227,"file":80,"line":225,"wp_function":228},"update_option() [Settings Manipulation]","update_option",[230],{"from":192,"to":197,"sanitized":100},{"entryPoint":232,"graph":233,"unsanitizedCount":27,"severity":218},"\u003Cnc-taxonomy-meta> (nc-taxonomy-meta.php:0)",{"nodes":234,"edges":266},[235,237,238,241,245,249,253,256,258,260,262,264],{"id":192,"type":193,"label":236,"file":80,"line":210},"$_GET (x3)",{"id":197,"type":198,"label":212,"file":80,"line":213,"wp_function":214},{"id":239,"type":193,"label":240,"file":80,"line":117},"n2","$_GET['delete_meta'] (x2)",{"id":242,"type":198,"label":243,"file":80,"line":117,"wp_function":244},"n3","query() [SQLi]","query",{"id":246,"type":193,"label":247,"file":80,"line":248},"n4","$_POST",280,{"id":250,"type":198,"label":251,"file":80,"line":121,"wp_function":252},"n5","get_results() [SQLi]","get_results",{"id":254,"type":193,"label":247,"file":80,"line":255},"n6",300,{"id":257,"type":198,"label":243,"file":80,"line":124,"wp_function":244},"n7",{"id":259,"type":193,"label":224,"file":80,"line":225},"n8",{"id":261,"type":198,"label":227,"file":80,"line":225,"wp_function":228},"n9",{"id":263,"type":193,"label":194,"file":80,"line":195},"n10",{"id":265,"type":198,"label":199,"file":80,"line":170,"wp_function":200},"n11",[267,268,269,270,271,272],{"from":192,"to":197,"sanitized":217},{"from":239,"to":242,"sanitized":217},{"from":246,"to":250,"sanitized":217},{"from":254,"to":257,"sanitized":217},{"from":259,"to":261,"sanitized":217},{"from":263,"to":265,"sanitized":217},{"entryPoint":274,"graph":275,"unsanitizedCount":33,"severity":286},"nc_taxonomy_meta_delete (nc-taxonomy-meta.php:200)",{"nodes":276,"edges":283},[277,278,279,281],{"id":192,"type":193,"label":240,"file":80,"line":117},{"id":197,"type":198,"label":243,"file":80,"line":117,"wp_function":244},{"id":239,"type":193,"label":209,"file":80,"line":280},205,{"id":242,"type":198,"label":212,"file":80,"line":282,"wp_function":214},206,[284,285],{"from":192,"to":197,"sanitized":100},{"from":239,"to":242,"sanitized":100},"high",{"entryPoint":288,"graph":289,"unsanitizedCount":33,"severity":286},"nc_taxonomy_meta_save_settings (nc-taxonomy-meta.php:273)",{"nodes":290,"edges":299},[291,293,295,296,297,298],{"id":192,"type":193,"label":209,"file":80,"line":292},290,{"id":197,"type":198,"label":212,"file":80,"line":294,"wp_function":214},291,{"id":239,"type":193,"label":247,"file":80,"line":248},{"id":242,"type":198,"label":251,"file":80,"line":121,"wp_function":252},{"id":246,"type":193,"label":247,"file":80,"line":255},{"id":250,"type":198,"label":243,"file":80,"line":124,"wp_function":244},[300,301,302],{"from":192,"to":197,"sanitized":100},{"from":239,"to":242,"sanitized":100},{"from":246,"to":250,"sanitized":100},{"summary":304,"deductions":305},"The \"nc-taxonomy-meta\" plugin version 1.0.2 presents a concerning security posture due to several significant vulnerabilities identified in the static analysis. While there are no known CVEs associated with this plugin, the code itself reveals critical areas of weakness.  A primary concern is the presence of an unprotected AJAX handler, which represents a direct attack vector for unauthenticated users. Furthermore, the extensive use of raw SQL queries without prepared statements (100% of 12 queries) is a major risk, potentially leading to SQL injection vulnerabilities.  The taint analysis also highlights two high-severity flows with unsanitized paths, indicating potential for privilege escalation or data manipulation if these paths are exploited.\n\nWhile the plugin does implement one nonce check, the absence of capability checks on any entry points and the low percentage of properly escaped output (19%) are significant drawbacks. The lack of vulnerability history could indicate either a well-maintained plugin or simply a lack of prior security analysis. However, relying on the absence of historical vulnerabilities is not a robust security strategy. The plugin's strengths are its minimal attack surface in terms of entry points (excluding the unprotected AJAX handler) and the absence of file operations or external HTTP requests. Despite these few positives, the identified risks, particularly the unprotected AJAX handler and widespread use of raw SQL, require immediate attention and mitigation.",[306,308,310,312,315],{"reason":307,"points":64},"Unprotected AJAX handler",{"reason":309,"points":64},"100% of SQL queries use raw SQL",{"reason":311,"points":109},"2 high severity taint flows",{"reason":313,"points":314},"Low output escaping percentage (19%)",8,{"reason":316,"points":138},"No capability checks on entry points","2026-03-16T22:48:28.047Z",{"wat":319,"direct":328},{"assetPaths":320,"generatorPatterns":323,"scriptPaths":324,"versionParams":325},[321,322],"\u002Fwp-content\u002Fplugins\u002Fnc-taxonomy-meta\u002Fcss\u002Fnc-taxonomy-meta.css","\u002Fwp-content\u002Fplugins\u002Fnc-taxonomy-meta\u002Fjs\u002Fnc-taxonomy-meta.js",[],[322],[326,327],"nc-taxonomy-meta\u002Fcss\u002Fnc-taxonomy-meta.css?ver=","nc-taxonomy-meta\u002Fjs\u002Fnc-taxonomy-meta.js?ver=",{"cssClasses":329,"htmlComments":330,"htmlAttributes":331,"restEndpoints":335,"jsGlobals":336,"shortcodeOutput":337},[],[],[332,333,334],"nc_taxonomy_meta_submit","nc_taxonomy_nonce","nc_taxonomy_meta_settings_page",[],[],[]]