[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOPtthp0nUGvBR9VKFRLYxRtidbj1m-LTFBBsxjyWgXk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":36,"fingerprints":218},"onc-master","ONC Master (One Signal Notification Controller)","1.0.0","piclaunch","https:\u002F\u002Fprofiles.wordpress.org\u002Fpiclaunch\u002F","\u003Cp>Report any issue to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpiclaunch\u002Fonc-master\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa> page.\u003Cbr \u002F>\nSupport at our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpiclaunch\u002Fonc-master\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugins will send “Category” of the post as the Tag of the users of your post to your onesignal account, only if user allow to recevie Push notification from your website. Enable Tags for post page and custom posts for your one signal user data, and send notification using tags.\u003C\u002Fp>\n\u003Cp>It would help you to send push notification to only those people who have visited those catagory in past due to your business need.\u003C\u002Fp>\n\u003Cp>Plugin let you decide if you also want to send the notification to your full audiences at the Post Level.\u003C\u002Fp>\n\u003Cp>ONCE Master, let you enable push notification for your pages as well in the settings.\u003C\u002Fp>\n\u003Cp>You may like:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Send Tag for each page and post and custom post types\u003C\u002Fli>\n\u003Cli>Send push notification to only people having the respective Tags\u003C\u002Fli>\n\u003Cli>Ability to send message to all of your users bypassing all filters\u003C\u002Fli>\n\u003Cli>More data about what your users view on your site\u003C\u002Fli>\n\u003Cli>Let you send push notificaiton for Pages \u003C\u002Fli>\n\u003Cli>You will also know what pages are viewed by your users \u003C\u002Fli>\n\u003Cli>Ability send Yost Desc as the message in Push notification\u003C\u002Fli>\n\u003Cli>More to come, you can also send your request\u002Fquery piclaunch@gmail.com \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Report any issue to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpiclaunch\u002Fonc-master\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa> page.\u003Cbr \u002F>\nSupport at our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpiclaunch\u002Fonc-master\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin is an addon to OneSignal, offres segmenting your one signal user's data by Tag for your Pages post and Customs Post.",20,5470,0,"2019-09-07T03:35:00.000Z","5.2.24","3.0.1","",[19,20,21,22,23],"one-signal","one-signal-page-push-notification","one-signal-post-and-page-tags","one-signal-tag","one-signal-tag-controller","http:\u002F\u002Fpiclaunch.com\u002Fwp-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonc-master.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},3,30,84,"2026-04-05T09:42:38.492Z",[],{"attackSurface":37,"codeSignals":104,"taintFlows":179,"riskAssessment":206,"analyzedAt":217},{"hooks":38,"ajaxHandlers":94,"restRoutes":100,"shortcodes":101,"cronEvents":102,"entryPointCount":103,"unprotectedCount":103},[39,45,48,50,53,56,59,63,66,70,72,76,79,82,86,89,91],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","plugins_loaded","anonymous","includes\\class-onc_master.php",143,{"type":40,"name":46,"callback":42,"file":43,"line":47},"admin_enqueue_scripts",158,{"type":40,"name":46,"callback":42,"file":43,"line":49},159,{"type":40,"name":51,"callback":42,"file":43,"line":52},"admin_init",165,{"type":40,"name":54,"callback":42,"file":43,"line":55},"admin_menu",168,{"type":40,"name":57,"callback":42,"file":43,"line":58},"onesignal_send_notification",180,{"type":60,"name":61,"callback":42,"file":43,"line":62},"filter","onesignal_meta_box_send_notification_checkbox_state",182,{"type":60,"name":64,"callback":42,"file":43,"line":65},"onesignal_include_post",184,{"type":40,"name":67,"callback":68,"file":43,"line":69},"add_meta_boxes","onc_master_cd_meta_box_add",191,{"type":40,"name":67,"callback":42,"file":43,"line":71},192,{"type":40,"name":73,"callback":74,"file":43,"line":75},"save_post","onc_master_cd_meta_box_save",195,{"type":40,"name":67,"callback":77,"file":43,"line":78},"add_notice_metabox",199,{"type":40,"name":73,"callback":80,"file":43,"line":81},"save_notice",200,{"type":40,"name":83,"callback":84,"file":43,"line":85},"admin_footer","my_action_javascript",201,{"type":40,"name":87,"callback":42,"file":43,"line":88},"wp_enqueue_scripts",425,{"type":40,"name":87,"callback":42,"file":43,"line":90},426,{"type":40,"name":92,"callback":42,"file":43,"line":93},"wp_footer",434,[95],{"action":96,"nopriv":97,"callback":98,"hasNonce":97,"hasCapCheck":97,"file":43,"line":99},"my_update_pm",false,"my_ajax_cb_wpse_108143",202,[],[],[],1,{"dangerousFunctions":105,"sqlUsage":106,"outputEscaping":108,"fileOperations":13,"externalRequests":13,"nonceChecks":103,"capabilityChecks":103,"bundledLibraries":178},[],{"prepared":13,"raw":13,"locations":107},[],{"escaped":109,"rawEcho":110,"locations":111},17,39,[112,116,117,119,121,123,124,126,128,129,131,133,134,136,138,139,140,141,142,144,146,148,150,152,155,156,158,159,161,162,164,165,167,168,170,171,173,174,176],{"file":113,"line":114,"context":115},"admin\\partials\\onc_master-admin-display.php",73,"raw output",{"file":113,"line":26,"context":115},{"file":113,"line":118,"context":115},86,{"file":113,"line":120,"context":115},101,{"file":113,"line":122,"context":115},102,{"file":113,"line":122,"context":115},{"file":113,"line":125,"context":115},117,{"file":113,"line":127,"context":115},118,{"file":113,"line":127,"context":115},{"file":113,"line":130,"context":115},132,{"file":113,"line":132,"context":115},133,{"file":113,"line":132,"context":115},{"file":113,"line":135,"context":115},147,{"file":113,"line":137,"context":115},148,{"file":113,"line":137,"context":115},{"file":113,"line":47,"context":115},{"file":113,"line":49,"context":115},{"file":113,"line":49,"context":115},{"file":43,"line":143,"context":115},231,{"file":43,"line":145,"context":115},249,{"file":43,"line":147,"context":115},256,{"file":43,"line":149,"context":115},346,{"file":43,"line":151,"context":115},351,{"file":153,"line":154,"context":115},"public\\class-onc_master-public.php",121,{"file":153,"line":154,"context":115},{"file":153,"line":157,"context":115},122,{"file":153,"line":157,"context":115},{"file":153,"line":160,"context":115},123,{"file":153,"line":160,"context":115},{"file":153,"line":163,"context":115},125,{"file":153,"line":163,"context":115},{"file":153,"line":166,"context":115},126,{"file":153,"line":166,"context":115},{"file":153,"line":169,"context":115},128,{"file":153,"line":169,"context":115},{"file":153,"line":172,"context":115},131,{"file":153,"line":172,"context":115},{"file":153,"line":175,"context":115},138,{"file":153,"line":177,"context":115},139,[],[180,197],{"entryPoint":181,"graph":182,"unsanitizedCount":103,"severity":196},"html_form_code (admin\\partials\\onc_master-admin-display.php:197)",{"nodes":183,"edges":194},[184,189],{"id":185,"type":186,"label":187,"file":113,"line":188},"n0","source","$_SERVER['REQUEST_URI']",198,{"id":190,"type":191,"label":192,"file":113,"line":188,"wp_function":193},"n1","sink","echo() [XSS]","echo",[195],{"from":185,"to":190,"sanitized":97},"medium",{"entryPoint":198,"graph":199,"unsanitizedCount":103,"severity":205},"\u003Conc_master-admin-display> (admin\\partials\\onc_master-admin-display.php:0)",{"nodes":200,"edges":203},[201,202],{"id":185,"type":186,"label":187,"file":113,"line":188},{"id":190,"type":191,"label":192,"file":113,"line":188,"wp_function":193},[204],{"from":185,"to":190,"sanitized":97},"low",{"summary":207,"deductions":208},"The \"onc-master\" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, making no external HTTP requests, and utilizing prepared statements for all SQL queries. The presence of nonce and capability checks, even if only one each, is also a positive indicator.  However, a significant concern arises from the attack surface. The plugin exposes one AJAX handler that lacks authentication checks, creating a direct entry point for unauthenticated attackers. Furthermore, the taint analysis reveals two flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, represent potential avenues for injection attacks if user-supplied data is not properly handled within these flows.\n\nThe plugin's vulnerability history is currently clean, with no recorded CVEs. This suggests a relatively secure past, but it's crucial to remember that this is a snapshot in time. The lack of historical vulnerabilities doesn't negate the risks identified in the static analysis. The primary weaknesses lie in the unprotected AJAX endpoint and the unsanitized data flows. While the plugin has strengths in SQL handling and avoiding certain risky practices, the identified entry points require immediate attention to mitigate potential security breaches.",[209,212,215],{"reason":210,"points":211},"AJAX handler without authentication check",7,{"reason":213,"points":214},"Flows with unsanitized paths",5,{"reason":216,"points":31},"Low percentage of properly escaped output","2026-03-16T23:06:27.401Z",{"wat":219,"direct":228},{"assetPaths":220,"generatorPatterns":222,"scriptPaths":223,"versionParams":225},[221],"\u002Fwp-content\u002Fplugins\u002Fonc-master\u002Fcss\u002Fonc_master-admin.css",[],[224],"\u002Fwp-content\u002Fplugins\u002Fonc-master\u002Fjs\u002Fonc_master-admin.js",[226,227],"onc_master-admin.css?ver=","onc_master-admin.js?ver=",{"cssClasses":229,"htmlComments":230,"htmlAttributes":231,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":235},[],[],[232],"page=onc_master",[],[],[]]