[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fysp5nfukLo0amVWK-WRaLxjCipSfcURMNjczBt6mIM8":3,"$fx40BQPB9b3nas_qPZiP890z9FY6W7Kl-IX2glzFukhk":186,"$fAfknlixJPqeyQbJ_8QqaPTN2L5A0dvSrSYBNiFlvJCM":191},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":169},"nerd-wp","NERD WP Plugin","1.2.5","yoannspace","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoannspace\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkermitt2\u002Fentity-fishing\" rel=\"nofollow ugc\">NERD\u003C\u002Fa> is an application that allows to recognize and disambiguate named entities.\u003Cbr \u002F>\nThis plugin allows integration of the NERD service with WordPress. Each post can be run through NERD and will automatically create tags for it.\u003Cbr \u002F>\nThose tags, in return are used to propose extra information coming from Wikipedia and Wikidata.\u003C\u002Fp>\n\u003Ch3>Installation (via WordPress plugins)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install via \u003Ca href=\"https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Fnerd-wp\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation (manually)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload directory \u003Ccode>nerd-wp\u003C\u002Fcode> to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Add the plugin Widget\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Once in the admin section, go to the Widget section and add the NERD WP Widget to your sidebar\u003C\u002Fli>\n\u003Cli>You may also modify the title of the Widget\u003C\u002Fli>\n\u003C\u002Fol>\n","NERD (https:\u002F\u002Fgithub.com\u002Fkermitt2\u002Fentity-fishing) is an application that allows to recognize and disambiguate named entities.",0,1505,20,1,"2021-09-14T05:45:00.000Z","5.8.13","4.9.1","5.6.35",[20,21,22],"disambiguation","entity-fishing","entity-recognition","https:\u002F\u002Fgithub.com\u002Fdariah-eric\u002Fnerd-wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.5.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},3,90,30,84,"2026-05-20T10:30:23.338Z",[],{"attackSurface":38,"codeSignals":107,"taintFlows":158,"riskAssessment":159,"analyzedAt":168},{"hooks":39,"ajaxHandlers":95,"restRoutes":96,"shortcodes":105,"cronEvents":106,"entryPointCount":14,"unprotectedCount":14},[40,46,49,51,54,57,60,63,67,70,73,76,79,82,85,88,90,92],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","plugins_loaded","anonymous","includes\\class-nerd-wp.php",129,{"type":41,"name":47,"callback":43,"file":44,"line":48},"admin_enqueue_scripts",140,{"type":41,"name":47,"callback":43,"file":44,"line":50},141,{"type":41,"name":52,"callback":43,"file":44,"line":53},"admin_init",144,{"type":41,"name":55,"callback":43,"file":44,"line":56},"admin_menu",146,{"type":41,"name":58,"callback":43,"file":44,"line":59},"edit_tag_form",151,{"type":41,"name":61,"callback":43,"file":44,"line":62},"edited_tag",152,{"type":64,"name":65,"callback":43,"file":44,"line":66},"filter","manage_edit-post_tag_columns",153,{"type":64,"name":68,"callback":43,"file":44,"line":69},"manage_post_tag_custom_column",154,{"type":41,"name":71,"callback":43,"file":44,"line":72},"save_post",157,{"type":41,"name":74,"callback":43,"file":44,"line":75},"add_meta_boxes",159,{"type":41,"name":77,"callback":43,"file":44,"line":78},"rest_api_init",161,{"type":41,"name":80,"callback":43,"file":44,"line":81},"init",162,{"type":41,"name":83,"callback":43,"file":44,"line":84},"enqueue_block_editor_assets",163,{"type":41,"name":86,"callback":43,"file":44,"line":87},"wp_enqueue_scripts",175,{"type":41,"name":86,"callback":43,"file":44,"line":89},176,{"type":41,"name":80,"callback":43,"file":44,"line":91},177,{"type":41,"name":93,"callback":43,"file":44,"line":94},"widgets_init",178,[],[97],{"namespace":98,"route":99,"methods":100,"callback":102,"permissionCallback":26,"file":103,"line":104},"nerd-gutenberg\u002Fv1","\u002Frelaunch-nerd",[101],"POST","nerd_gutenberg_update_callback","admin\\class-nerd-wp-admin.php",232,[],[],{"dangerousFunctions":108,"sqlUsage":109,"outputEscaping":112,"fileOperations":11,"externalRequests":11,"nonceChecks":14,"capabilityChecks":11,"bundledLibraries":154},[],{"prepared":110,"raw":11,"locations":111},2,[],{"escaped":113,"rawEcho":114,"locations":115},8,21,[116,119,122,124,125,126,128,130,131,132,134,136,137,138,141,143,145,146,148,150,152],{"file":103,"line":117,"context":118},216,"raw output",{"file":120,"line":121,"context":118},"admin\\partials\\nerd-wp-admin-display.php",46,{"file":120,"line":123,"context":118},49,{"file":120,"line":123,"context":118},{"file":120,"line":123,"context":118},{"file":120,"line":127,"context":118},55,{"file":120,"line":129,"context":118},58,{"file":120,"line":129,"context":118},{"file":120,"line":129,"context":118},{"file":120,"line":133,"context":118},64,{"file":120,"line":135,"context":118},67,{"file":120,"line":135,"context":118},{"file":120,"line":135,"context":118},{"file":139,"line":140,"context":118},"public\\class-nerd-wp-widget.php",36,{"file":139,"line":142,"context":118},37,{"file":139,"line":144,"context":118},44,{"file":139,"line":123,"context":118},{"file":139,"line":147,"context":118},50,{"file":139,"line":149,"context":118},53,{"file":139,"line":151,"context":118},63,{"file":139,"line":153,"context":118},76,[155],{"name":156,"version":26,"knownCves":157},"Guzzle",[],[],{"summary":160,"deductions":161},"The \"nerd-wp\" v1.2.5 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and avoiding file operations or external HTTP requests. The absence of recorded vulnerabilities and CVEs in its history suggests a generally stable and well-maintained codebase.\n\nHowever, significant concerns arise from the static analysis. The plugin presents a single entry point via its REST API route, which completely lacks permission callbacks, making it accessible to unauthenticated users. Furthermore, only 28% of output is properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. While taint analysis shows no critical or high severity flows, the limited scope (0 flows analyzed) means this doesn't provide strong assurance of safety. The presence of the Guzzle library, if outdated, could also introduce risks, though the analysis doesn't specify its version.\n\nIn conclusion, \"nerd-wp\" v1.2.5 has strengths in its database query handling and lack of historical vulnerabilities. Nevertheless, the unprotected REST API route and widespread output unescaped are critical security weaknesses that require immediate attention to mitigate potential exploitation.",[162,165],{"reason":163,"points":164},"REST API route without permission callbacks",10,{"reason":166,"points":167},"Low percentage of properly escaped output",7,"2026-03-17T06:22:09.313Z",{"wat":170,"direct":177},{"assetPaths":171,"generatorPatterns":173,"scriptPaths":174,"versionParams":175},[172],"\u002Fwp-content\u002Fplugins\u002Fnerd-wp\u002Fcss\u002Fnerd-wp-admin.css",[],[],[176],"nerd-wp\u002Fcss\u002Fnerd-wp-admin.css?ver=",{"cssClasses":178,"htmlComments":179,"htmlAttributes":180,"restEndpoints":182,"jsGlobals":183,"shortcodeOutput":184},[],[],[181],"name=\"relaunch-nerd\"",[],[],[185],"\u003Cinput type='text' name='Yoyo'>test\u003C\u002Finput>",{"error":187,"url":188,"statusCode":189,"statusMessage":190,"message":190},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnerd-wp\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":192,"versions":193},12,[194,200,207,214,221,228,235,242,249,256,263,270],{"version":6,"download_url":24,"svn_tag_url":195,"released_at":26,"has_diff":196,"diff_files_changed":197,"diff_lines":26,"trac_diff_url":198,"vulnerabilities":199,"is_current":187},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.2.5\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.2.4&new_path=%2Fnerd-wp%2Ftags%2F1.2.5",[],{"version":201,"download_url":202,"svn_tag_url":203,"released_at":26,"has_diff":196,"diff_files_changed":204,"diff_lines":26,"trac_diff_url":205,"vulnerabilities":206,"is_current":196},"1.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.2.3&new_path=%2Fnerd-wp%2Ftags%2F1.2.4",[],{"version":208,"download_url":209,"svn_tag_url":210,"released_at":26,"has_diff":196,"diff_files_changed":211,"diff_lines":26,"trac_diff_url":212,"vulnerabilities":213,"is_current":196},"1.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.2.2&new_path=%2Fnerd-wp%2Ftags%2F1.2.3",[],{"version":215,"download_url":216,"svn_tag_url":217,"released_at":26,"has_diff":196,"diff_files_changed":218,"diff_lines":26,"trac_diff_url":219,"vulnerabilities":220,"is_current":196},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.2.1&new_path=%2Fnerd-wp%2Ftags%2F1.2.2",[],{"version":222,"download_url":223,"svn_tag_url":224,"released_at":26,"has_diff":196,"diff_files_changed":225,"diff_lines":26,"trac_diff_url":226,"vulnerabilities":227,"is_current":196},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.2.0&new_path=%2Fnerd-wp%2Ftags%2F1.2.1",[],{"version":229,"download_url":230,"svn_tag_url":231,"released_at":26,"has_diff":196,"diff_files_changed":232,"diff_lines":26,"trac_diff_url":233,"vulnerabilities":234,"is_current":196},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.1.4&new_path=%2Fnerd-wp%2Ftags%2F1.2.0",[],{"version":236,"download_url":237,"svn_tag_url":238,"released_at":26,"has_diff":196,"diff_files_changed":239,"diff_lines":26,"trac_diff_url":240,"vulnerabilities":241,"is_current":196},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.1.3&new_path=%2Fnerd-wp%2Ftags%2F1.1.4",[],{"version":243,"download_url":244,"svn_tag_url":245,"released_at":26,"has_diff":196,"diff_files_changed":246,"diff_lines":26,"trac_diff_url":247,"vulnerabilities":248,"is_current":196},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.1.2&new_path=%2Fnerd-wp%2Ftags%2F1.1.3",[],{"version":250,"download_url":251,"svn_tag_url":252,"released_at":26,"has_diff":196,"diff_files_changed":253,"diff_lines":26,"trac_diff_url":254,"vulnerabilities":255,"is_current":196},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.1.1&new_path=%2Fnerd-wp%2Ftags%2F1.1.2",[],{"version":257,"download_url":258,"svn_tag_url":259,"released_at":26,"has_diff":196,"diff_files_changed":260,"diff_lines":26,"trac_diff_url":261,"vulnerabilities":262,"is_current":196},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.1.0&new_path=%2Fnerd-wp%2Ftags%2F1.1.1",[],{"version":264,"download_url":265,"svn_tag_url":266,"released_at":26,"has_diff":196,"diff_files_changed":267,"diff_lines":26,"trac_diff_url":268,"vulnerabilities":269,"is_current":196},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnerd-wp%2Ftags%2F1.0.0&new_path=%2Fnerd-wp%2Ftags%2F1.1.0",[],{"version":271,"download_url":272,"svn_tag_url":273,"released_at":26,"has_diff":196,"diff_files_changed":274,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":275,"is_current":196},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnerd-wp\u002Ftags\u002F1.0.0\u002F",[],[]]