[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fr3ZfXxqWuuorJz2QDULLsYQUPXt9qtXYKhEdP5oS5WU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":38,"fingerprints":94},"no-cc-attack","No CC Attack","1.0","Arefly","https:\u002F\u002Fprofiles.wordpress.org\u002Feflyjason\u002F","\u003Cp>Someone CC your blog?\u003C\u002Fp>\n\u003Cp>Install this plugin now!\u003C\u002Fp>\n\u003Cp>The plugin will check the refresh times of a visitors. If it is too quick, the visitor will be redirect to a custom URL.\u003C\u002Fp>\n\u003Cp>中文介紹請看\u003Ca href=\"http:\u002F\u002Fwww.arefly.com\u002Fno-cc-attack\u002F\" rel=\"nofollow ugc\">這裏\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Chinese, Simplified (zh_CN) – \u003Ca href=\"http:\u002F\u002Fwww.arefly.com\u002F\" rel=\"nofollow ugc\">Arefly\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese, Traditional (zh_TW) – \u003Ca href=\"http:\u002F\u002Fwww.arefly.com\" rel=\"nofollow ugc\">Arefly\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_US) – \u003Ca href=\"http:\u002F\u002Fwww.arefly.com\" rel=\"nofollow ugc\">Arefly\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to \u003Ca href=\"http:\u002F\u002Fwww.arefly.com\u002Fabout\u002F\" rel=\"nofollow ugc\">Arefly\u003C\u002Fa> so that I can bundle it into No CC Attack. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fno-cc-attack\u002Ftrunk\u002Flang\u002Fno-cc-attack.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>.\u003C\u002Fp>\n","Protect your blog from CC Attack!",10,1461,100,1,"2014-04-08T01:51:00.000Z","3.7.41","3.0","",[20,21],"anti-attack","no-cc","http:\u002F\u002Fwww.arefly.com\u002Fno-cc-attack\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-cc-attack.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"eflyjason",24,1690,88,30,86,"2026-04-04T18:26:48.268Z",[],{"attackSurface":39,"codeSignals":67,"taintFlows":82,"riskAssessment":83,"analyzedAt":93},{"hooks":40,"ajaxHandlers":63,"restRoutes":64,"shortcodes":65,"cronEvents":66,"entryPointCount":25,"unprotectedCount":25},[41,47,51,55,59],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","plugins_loaded","no_cc_attack_load_plugin_textdomain","no-cc-attack.php",42,{"type":42,"name":48,"callback":49,"file":45,"line":50},"init","no_cc_attack_register_session",58,{"type":42,"name":52,"callback":53,"file":45,"line":54},"template_redirect","no_cc_attack",81,{"type":42,"name":56,"callback":57,"file":58,"line":11},"admin_init","no_cc_attack_register_settings","options.php",{"type":42,"name":60,"callback":61,"file":58,"line":62},"admin_menu","no_cc_attack_register_options_page",15,[],[],[],[],{"dangerousFunctions":68,"sqlUsage":69,"outputEscaping":71,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":81},[],{"prepared":25,"raw":25,"locations":70},[],{"escaped":25,"rawEcho":72,"locations":73},3,[74,77,79],{"file":58,"line":75,"context":76},28,"raw output",{"file":58,"line":78,"context":76},34,{"file":58,"line":80,"context":76},40,[],[],{"summary":84,"deductions":85},"The \"no-cc-attack\" v1.0 plugin exhibits a seemingly strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code signals indicate a lack of dangerous functions, file operations, external HTTP requests, and critically, 100% of SQL queries utilize prepared statements. Taint analysis also shows no identified vulnerabilities.\n\nHowever, a significant concern arises from the complete lack of output escaping. With three identified output instances and none properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed to users that originates from user input or other untrusted sources could be exploited to inject malicious scripts. The plugin also has no recorded vulnerability history, which could indicate either a well-developed security practice or simply a lack of prior exposure\u002Fanalysis. The absence of nonce and capability checks, while not directly actionable given the limited attack surface, are generally considered good security practices and their omission here is noted.\n\nIn conclusion, while the plugin avoids common vulnerabilities like SQL injection and a broad attack surface, the lack of output escaping presents a critical security flaw that needs immediate attention. The absence of historical vulnerabilities is positive but should not overshadow the present findings.",[86,89,91],{"reason":87,"points":88},"Output not properly escaped",8,{"reason":90,"points":72},"No nonce checks",{"reason":92,"points":72},"No capability checks","2026-03-17T01:21:08.274Z",{"wat":95,"direct":100},{"assetPaths":96,"generatorPatterns":97,"scriptPaths":98,"versionParams":99},[],[],[],[],{"cssClasses":101,"htmlComments":102,"htmlAttributes":103,"restEndpoints":104,"jsGlobals":105,"shortcodeOutput":106},[],[],[],[],[],[]]