[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhqgfmonRwvaQT9tO4nzGPhs1OhQmMfqaFXYoaa9s-Yw":3,"$fucGs5OdU_VCIqK-iw9QV78hIa3X5nuavtuoo_it71w0":93,"$fJtMRTkE5RmhPib7OrLxrb95_3G_nXKaH6IcmemJZd44":98},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":69},"new-blog-default-user-role","WPMU New Blog Default Role","0.1","","https:\u002F\u002Fprofiles.wordpress.org\u002Foutspaced\u002F","\u003Cp>When a user signs up for a new blog, they are automatically given the role of administrator on that blog\u003Cbr \u002F>\n – this plugin will then change their role to whatever option has been chosen.\u003C\u002Fp>\n","Lets site admins specify what role a user who signs up to a new blog will be given by default.",10,3149,0,"2010-03-14T18:12:00.000Z","3.0.5","2.8",[18],"wpmu-users-roles","http:\u002F\u002Fwww.radiolivetransmission.com\u002Fcategory\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnew-blog-default-user-role.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":27,"display_name":27,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"outspaced",1,30,84,"2026-05-20T01:13:44.270Z",[],{"attackSurface":34,"codeSignals":51,"taintFlows":61,"riskAssessment":62,"analyzedAt":68},{"hooks":35,"ajaxHandlers":47,"restRoutes":48,"shortcodes":49,"cronEvents":50,"entryPointCount":13,"unprotectedCount":13},[36,43],{"type":37,"name":38,"callback":39,"priority":40,"file":41,"line":42},"action","wpmu_activate_blog","wpmu_change_new_blog_user_role",300,"wpmu-new-blog-default-role.php",73,{"type":37,"name":44,"callback":45,"file":41,"line":46},"admin_menu","add_default_new_blog_submenu",76,[],[],[],[],{"dangerousFunctions":52,"sqlUsage":53,"outputEscaping":55,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":60},[],{"prepared":13,"raw":13,"locations":54},[],{"escaped":13,"rawEcho":28,"locations":56},[57],{"file":41,"line":58,"context":59},58,"raw output",[],[],{"summary":63,"deductions":64},"The plugin \"new-blog-default-user-role\" v0.1 presents a generally positive security posture based on the provided static analysis. It boasts a zero-attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, no unprotected entry points. The code also shows good practices regarding SQL queries, all of which are prepared statements, and there are no detected file operations or external HTTP requests. The absence of critical, high, or medium severity taint flows further reinforces this initial impression of security.  However, a significant concern arises from the output escaping signal, which indicates that 100% of outputs are not properly escaped. This is a critical vulnerability, as unescaped output can lead to cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into web pages viewed by users. The plugin's vulnerability history is clean, with no known CVEs, which is a strength. However, this can sometimes be misleading for very new or obscure plugins, as vulnerabilities may simply not have been discovered or reported yet.  In conclusion, while the plugin demonstrates a solid foundation by minimizing its attack surface and employing secure database practices, the complete lack of output escaping is a severe and immediate risk that must be addressed.",[65],{"reason":66,"points":67},"100% of outputs are not properly escaped",8,"2026-03-17T01:42:59.202Z",{"wat":70,"direct":75},{"assetPaths":71,"generatorPatterns":72,"scriptPaths":73,"versionParams":74},[],[],[],[],{"cssClasses":76,"htmlComments":77,"htmlAttributes":78,"restEndpoints":79,"jsGlobals":80,"shortcodeOutput":81},[],[],[],[],[],[82,83,84,85,86,87,88,89,90,91,92],"\u003Ch2>Default role for new blog signups\u003C\u002Fh2>","\u003Cform action='' method='post' name='form_new_blog_role_option'>","\u003Cselect name='new_blog_role_option'>","\u003Coption value='","'"," selected",">","\u003C\u002Foption>","\u003C\u002Fselect>","\u003Cinput type='submit' name='submit'>","\u003C\u002Fform>",{"error":94,"url":95,"statusCode":96,"statusMessage":97,"message":97},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnew-blog-default-user-role\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":99},[]]