[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ft5B611nHyxXrjj-Wg9ktua1C_DjF2ONiz1BNjkoiNk0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":34,"fingerprints":179},"ngs-js-salat-times","NGS JS Salat Times","1.3","nicolasngsma","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolasngsma\u002F","\u003Cp>This plugins provide Islamic Prayer Times to be diplayed on sidebar or as short_code.\u003Cbr \u002F>\nIt is based on Javascript library \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbatoulapps\u002Fadhan-js\" rel=\"nofollow ugc\">Adhan.js\u003C\u002Fa>\u003Cbr \u002F>\nand a fork of \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxlat\u002Fmoment-hijri\" rel=\"nofollow ugc\">moment-hijri\u003C\u002Fa> .\u003C\u002Fp>\n\u003Ch3>Contributions\u003C\u002Fh3>\n\u003Cp>In addition to the official SVN repository which is designed to release,\u003Cbr \u002F>\nthere is a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxlat\u002Fngs-js-salat-times.git\" rel=\"nofollow ugc\">github repo\u003C\u002Fa>\u003Cbr \u002F>\nSo if you want to contribute feel free to fork it and submit a pull request.\u003C\u002Fp>\n","Provide Islamic Prayer Times computed on client side.",10,2849,100,3,"2020-08-01T19:44:00.000Z","5.5.18","5.4.1","7.0",[20],"salat-times-islam-prayer-adhan-azan","https:\u002F\u002Fngs.ma\u002Findex.php\u002Fjs-salat-times-wp-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fngs-js-salat-times.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T06:09:49.473Z",[],{"attackSurface":35,"codeSignals":69,"taintFlows":164,"riskAssessment":165,"analyzedAt":178},{"hooks":36,"ajaxHandlers":58,"restRoutes":59,"shortcodes":60,"cronEvents":67,"entryPointCount":68,"unprotectedCount":24},[37,43,46,50,54],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","wp_enqueue_scripts","ngs_js_salat_times_enqueue_scripts","ngs-js-salat-times.php",641,{"type":38,"name":44,"callback":40,"file":41,"line":45},"admin_enqueue_scripts",651,{"type":38,"name":47,"callback":48,"file":41,"line":49},"admin_menu","ngs_js_salat_times_admin",652,{"type":38,"name":51,"callback":52,"file":41,"line":53},"admin_init","register_ngs_js_salat_times_settings",653,{"type":38,"name":55,"callback":56,"file":41,"line":57},"admin_head","ngs_js_salat_times_help",654,[],[],[61,64],{"tag":62,"callback":62,"file":41,"line":63},"ngs_js_salat_times",643,{"tag":65,"callback":65,"file":41,"line":66},"ngs_js_daily_salat_times",646,[],2,{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":73,"fileOperations":68,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":163},[],{"prepared":24,"raw":24,"locations":72},[],{"escaped":24,"rawEcho":74,"locations":75},43,[76,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161],{"file":41,"line":77,"context":78},152,"raw output",{"file":41,"line":80,"context":78},153,{"file":41,"line":82,"context":78},155,{"file":41,"line":84,"context":78},157,{"file":41,"line":86,"context":78},169,{"file":41,"line":88,"context":78},177,{"file":41,"line":90,"context":78},216,{"file":41,"line":92,"context":78},217,{"file":41,"line":94,"context":78},219,{"file":41,"line":96,"context":78},221,{"file":41,"line":98,"context":78},233,{"file":41,"line":100,"context":78},241,{"file":41,"line":102,"context":78},281,{"file":41,"line":104,"context":78},282,{"file":41,"line":106,"context":78},286,{"file":41,"line":108,"context":78},290,{"file":41,"line":110,"context":78},331,{"file":41,"line":112,"context":78},349,{"file":41,"line":114,"context":78},359,{"file":41,"line":116,"context":78},363,{"file":41,"line":118,"context":78},367,{"file":41,"line":120,"context":78},371,{"file":41,"line":122,"context":78},375,{"file":41,"line":124,"context":78},379,{"file":41,"line":126,"context":78},383,{"file":41,"line":128,"context":78},387,{"file":41,"line":130,"context":78},391,{"file":41,"line":132,"context":78},403,{"file":41,"line":134,"context":78},413,{"file":41,"line":136,"context":78},417,{"file":41,"line":138,"context":78},428,{"file":41,"line":140,"context":78},436,{"file":41,"line":142,"context":78},442,{"file":41,"line":144,"context":78},447,{"file":41,"line":146,"context":78},451,{"file":41,"line":148,"context":78},463,{"file":41,"line":150,"context":78},496,{"file":41,"line":152,"context":78},505,{"file":41,"line":154,"context":78},508,{"file":41,"line":156,"context":78},521,{"file":41,"line":158,"context":78},524,{"file":41,"line":160,"context":78},540,{"file":41,"line":162,"context":78},542,[],[],{"summary":166,"deductions":167},"The ngs-js-salat-times plugin version 1.3 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs), no external HTTP requests, and its SQL queries are 100% prepared, indicating good practices in these areas. The attack surface, while containing two shortcodes, has no directly identified unprotected entry points.\n\nHowever, significant concerns arise from the static code analysis. The most glaring issue is the complete lack of output escaping (0% properly escaped). This is a critical vulnerability that could lead to cross-site scripting (XSS) attacks if user-supplied data is ever rendered by the plugin without proper sanitization. Additionally, the absence of nonce checks and capability checks, especially given the presence of shortcodes which are often interaction points, leaves the plugin vulnerable to unauthorized actions or privilege escalation. The file operations also warrant attention, as their implementation without context could introduce risks.\n\nGiven the absence of historical vulnerabilities, it's difficult to draw conclusions about long-term maintenance. However, the current codebase shows critical flaws in output handling and authorization mechanisms that far outweigh the positive aspects. The plugin's current state suggests a high risk of XSS and potential unauthorized operations.",[168,171,174,176],{"reason":169,"points":170},"0% of outputs are properly escaped",15,{"reason":172,"points":173},"0 nonces checked",5,{"reason":175,"points":173},"0 capability checks",{"reason":177,"points":14},"File operations present without context","2026-03-17T00:09:09.930Z",{"wat":180,"direct":187},{"assetPaths":181,"generatorPatterns":184,"scriptPaths":185,"versionParams":186},[182,183],"\u002Fwp-content\u002Fplugins\u002Fngs-js-salat-times\u002Ftemplates\u002Fdefault_monthly.tmpl","\u002Fwp-content\u002Fplugins\u002Fngs-js-salat-times\u002Ftemplates\u002Fdefault_daily.tmpl",[],[],[],{"cssClasses":188,"htmlComments":194,"htmlAttributes":195,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":226},[189,190,191,192,193],"ngsjsst-salats","ngsjsst-odd","ngsjsst-today","ngsjsst-day","ngsjsst-time",[],[196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223],"wgt_title1","wgt_title2","latitude","longitude","location","locale","timezone","calculation_method","madhab","high_latitude_rule","isha_interval","fajr_angle","isha_angle","fajr_adjustment","sunrise_adjustment","dhuhr_adjustment","asr_adjustment","maghrib_adjustment","isha_adjustment","hijri_adjustment","date_format","time_format","hijri_format","headers","css","daily_tmpl","monthly_tmpl","daily",[],[],[227,228],"\u003Cdiv class=\"ngs-js-salat-time-anchor\"","\u003Cdiv class=\"ngs-js-salat-time-anchor\" daily=\"true\""]