[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUYHugcouJM10yB5Qv6JXCs9ZdR87VDgTWjFDiZlPApU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":40,"fingerprints":145},"newstick-ultra","NewsTick Ultra","1.0","Geeky Nigeria","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnvictor82\u002F","\u003Cp>NewsTick Ultra is a stylish and beautifully designed news ticker plugin that brings the freedom of customisation at your fingertips!\u003C\u002Fp>\n\u003Cp>With NewsTick Ultra, you can conveniently set a category for posts to display on the bar or use an alternative content instead. Use the shortcode, [newstick-ultra] to display the ticker on relevant places.\u003C\u002Fp>\n\u003Cp>Major features in NewsTick Ultra include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily accessible shortcode.\u003C\u002Fli>\n\u003Cli>Colour Customisation\u003C\u002Fli>\n\u003Cli>Display custom content\u003C\u002Fli>\n\u003Cli>Select number of posts to display.  \u003C\u002Fli>\n\u003Cli>Low on memory usage\u003C\u002Fli>\n\u003C\u002Ful>\n","A stylish and customisable news ticker that displays news or alternative content.",10,1055,100,1,"2020-07-21T08:29:00.000Z","5.4.19","5.4","7.2",[20,21,22,23,24],"beautiful-newsticker","customisable-newticker-plugin","flexible-newsticker-plugin","newsticker-for-wordpress","well-designed-newsticker","https:\u002F\u002Fgeeky.com.ng\u002Fnewstick-ultra-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnewstick-ultra.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":13,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"johnvictor82",4,89,30,86,"2026-04-05T09:59:01.622Z",[],{"attackSurface":41,"codeSignals":76,"taintFlows":131,"riskAssessment":132,"analyzedAt":144},{"hooks":42,"ajaxHandlers":64,"restRoutes":69,"shortcodes":70,"cronEvents":74,"entryPointCount":75,"unprotectedCount":14},[43,49,52,56,60],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_head","NSWUP_enq_admin_styles","newstick-ultra.php",28,{"type":44,"name":50,"callback":51,"file":47,"line":36},"wp_enqueue_scripts","NSWUP_enq_custom_script",{"type":44,"name":53,"callback":54,"file":47,"line":55},"admin_enqueue_scripts","NSWUP_enq_admin_script",48,{"type":44,"name":57,"callback":58,"file":47,"line":59},"admin_menu","NSWUP_add_option_page",88,{"type":44,"name":61,"callback":62,"file":47,"line":63},"admin_init","NSWUP_register_options_group",137,[65],{"action":66,"nopriv":67,"callback":66,"hasNonce":67,"hasCapCheck":67,"file":47,"line":68},"NSWUP_ajax_form",false,283,[],[71],{"tag":4,"callback":72,"file":47,"line":73},"NSWUP_display_breaking_news",82,[],2,{"dangerousFunctions":77,"sqlUsage":78,"outputEscaping":80,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":130},[],{"prepared":28,"raw":28,"locations":79},[],{"escaped":81,"rawEcho":82,"locations":83},11,23,[84,87,88,90,92,94,96,98,100,102,104,107,109,111,113,115,117,119,121,123,125,127,129],{"file":47,"line":85,"context":86},165,"raw output",{"file":47,"line":85,"context":86},{"file":47,"line":89,"context":86},178,{"file":47,"line":91,"context":86},187,{"file":47,"line":93,"context":86},216,{"file":47,"line":95,"context":86},225,{"file":47,"line":97,"context":86},234,{"file":47,"line":99,"context":86},243,{"file":47,"line":101,"context":86},252,{"file":47,"line":103,"context":86},261,{"file":105,"line":106,"context":86},"templates\\one.php",13,{"file":105,"line":108,"context":86},20,{"file":105,"line":110,"context":86},32,{"file":105,"line":112,"context":86},37,{"file":105,"line":114,"context":86},42,{"file":105,"line":116,"context":86},43,{"file":105,"line":118,"context":86},60,{"file":105,"line":120,"context":86},61,{"file":105,"line":122,"context":86},69,{"file":105,"line":124,"context":86},103,{"file":105,"line":126,"context":86},108,{"file":105,"line":128,"context":86},110,{"file":105,"line":128,"context":86},[],[],{"summary":133,"deductions":134},"The newstick-ultra plugin version 1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, performing all SQL queries with prepared statements, and not making external HTTP requests. The absence of known vulnerabilities in its history is also a strong positive indicator. However, several concerning areas are present in the static analysis. The plugin has one AJAX handler that lacks authentication checks, creating a direct entry point for unauthenticated access. Furthermore, the output escaping is significantly lacking, with only 32% of outputs properly escaped. This low rate of proper escaping presents a substantial risk for cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX handler.",[135,138,141],{"reason":136,"points":137},"Unprotected AJAX handler",8,{"reason":139,"points":140},"Low percentage of properly escaped output",6,{"reason":142,"points":143},"Missing nonce checks on AJAX",5,"2026-03-17T01:09:01.549Z",{"wat":146,"direct":156},{"assetPaths":147,"generatorPatterns":153,"scriptPaths":154,"versionParams":155},[148,149,150,151,152],"\u002Fwp-content\u002Fplugins\u002Fnewstick-ultra\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fnewstick-ultra\u002Fjs\u002Fmarquee-scroll.js","\u002Fwp-content\u002Fplugins\u002Fnewstick-ultra\u002Fjs\u002Fmarquee-scroll-min.js","\u002Fwp-content\u002Fplugins\u002Fnewstick-ultra\u002Fjs\u002Fjquery.marquee.min.js","\u002Fwp-content\u002Fplugins\u002Fnewstick-ultra\u002Fjs\u002Fbn-opt-res.js",[],[149,150,151,152],[],{"cssClasses":157,"htmlComments":164,"htmlAttributes":165,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":187},[158,159,160,161,162,163],"NSWUP_center-align","NSWUP-h2","NSWUP-codebxne","NSWUP-body","NSWUP_select-css","NSWUP-title",[],[166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183],"id=\"NSWUP_fil_cat\"","id=\"NSWUP_num_not\"","id=\"NSWUP_title_content\"","id=\"NSWUP_text\"","id=\"NSWUP_dim_barra\"","id=\"NSWUP_col_tit\"","id=\"NSWUP_col_bar_tit\"","id=\"NSWUP_col_link\"","name=\"NSWUP_fil_cat\"","name=\"NSWUP_num_not\"","name=\"NSWUP_title_content\"","name=\"NSWUP_text\"","name=\"NSWUP_dim_barra\"","name=\"NSWUP_col_tit\"","name=\"NSWUP_col_bar_tit\"","name=\"NSWUP_col_link\"","class=\"NSWUP_select-css\"","class=\"NSWUP-title\"",[],[186],"window.NSWUP_update_options",[188],"[newstick-ultra]"]