[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd990sKPd3741Rhsr4vv9OzQfRoiEsNxVarrgLRoFyQ8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":107},"octoprint","Octoprint for WP","0.2","christian.loelkes","https:\u002F\u002Fprofiles.wordpress.org\u002Fchristianloelkes\u002F","\u003Cp>This plugin polls the Octoprint API and displays the status of your 3D printer in a widget or on a page with a shortcode.\u003C\u002Fp>\n","This plugin polls the Octoprint API and displays the status of your 3D printer in a widget or on a page with a shortcode.",10,1546,20,1,"2015-07-04T16:37:00.000Z","3.9.40","3.0","",[],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Foctoprint\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foctoprint.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":22,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"christianloelkes",3,120,30,84,"2026-04-04T20:21:26.424Z",[],{"attackSurface":36,"codeSignals":58,"taintFlows":94,"riskAssessment":95,"analyzedAt":106},{"hooks":37,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":57,"entryPointCount":14,"unprotectedCount":23},[38,44,48],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","widgets_init","anonymous","octoprint.php",184,{"type":39,"name":45,"callback":45,"file":46,"line":47},"admin_init","settings.php",9,{"type":39,"name":49,"callback":50,"file":46,"line":11},"admin_menu","add_menu",[],[],[54],{"tag":4,"callback":55,"file":42,"line":56},"insert_octoprint",54,[],{"dangerousFunctions":59,"sqlUsage":63,"outputEscaping":65,"fileOperations":14,"externalRequests":23,"nonceChecks":23,"capabilityChecks":14,"bundledLibraries":93},[60],{"fn":61,"file":42,"line":43,"context":62},"create_function","add_action( 'widgets_init', create_function( '', 'return register_widget( \"OctoprintWidget\" );') );",{"prepared":23,"raw":23,"locations":64},[],{"escaped":23,"rawEcho":66,"locations":67},12,[68,71,73,75,77,79,81,83,85,87,89,91],{"file":42,"line":69,"context":70},138,"raw output",{"file":42,"line":72,"context":70},139,{"file":42,"line":74,"context":70},140,{"file":42,"line":76,"context":70},158,{"file":42,"line":78,"context":70},161,{"file":42,"line":80,"context":70},162,{"file":42,"line":82,"context":70},163,{"file":42,"line":84,"context":70},164,{"file":46,"line":86,"context":70},46,{"file":46,"line":88,"context":70},53,{"file":46,"line":90,"context":70},59,{"file":46,"line":92,"context":70},69,[],[],{"summary":96,"deductions":97},"The \"octoprint\" plugin v0.2 exhibits a mixed security posture. On one hand, it demonstrates strong adherence to secure coding practices regarding database interactions, with 100% of SQL queries utilizing prepared statements. Furthermore, the plugin appears to have a very limited attack surface, with no known vulnerabilities (CVEs) recorded in its history, suggesting a potentially stable and well-maintained codebase.  However, significant concerns arise from the static analysis. The presence of a dangerous function like `create_function` is a red flag, as it can be exploited for code execution under certain circumstances.  More critically, the analysis reveals that 0% of the 12 identified output operations are properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the WordPress site via user-controlled input that is later displayed without proper sanitization.  The complete absence of nonce checks further exacerbates this risk, as it means even authenticated actions might not be adequately protected against CSRF attacks.",[98,100,103],{"reason":99,"points":11},"Dangerous function `create_function` found",{"reason":101,"points":102},"0% of outputs are properly escaped (XSS risk)",15,{"reason":104,"points":105},"0 Nonce checks found",8,"2026-03-17T00:39:54.733Z",{"wat":108,"direct":113},{"assetPaths":109,"generatorPatterns":110,"scriptPaths":111,"versionParams":112},[],[],[],[],{"cssClasses":114,"htmlComments":116,"htmlAttributes":117,"restEndpoints":120,"jsGlobals":121,"shortcodeOutput":122},[115],"OctoprintWidget",[],[118,119],"data-octoprint-url","data-octoprint-key",[],[],[123,124,125,126],"State:","Head temp:","°C","Progress:"]