[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOTiTEmgOQmoyS4zR9h2Y1lVot-36iyCGx01itAip670":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":335},"online-cinema","Online Cinema","1.2.1","Chirukin Bogdan","https:\u002F\u002Fprofiles.wordpress.org\u002Fcheater111\u002F","\u003Cp>Create sinema on WP.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin can imported movie data from https:\u002F\u002Ftmdb.org. To use this posibilities you must get API key\u003Cbr \u002F>\nPrivacy Policy – https:\u002F\u002Fwww.themoviedb.org\u002Fprivacy-policy\u003C\u002Fp>\n","Create sinema on WP.",0,1038,"2019-04-03T11:55:00.000Z","5.1.22","2.8","5.6",[18],"wordpress-cinema","http:\u002F\u002Fwp-dev.lazycrub.com\u002Foc-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonline-cinema.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"cheater111",2,30,84,"2026-04-05T03:07:22.880Z",[],{"attackSurface":33,"codeSignals":139,"taintFlows":300,"riskAssessment":327,"analyzedAt":334},{"hooks":34,"ajaxHandlers":126,"restRoutes":131,"shortcodes":132,"cronEvents":137,"entryPointCount":27,"unprotectedCount":138},[35,41,46,49,53,58,63,68,71,75,78,82,85,88,91,95,99,102,104,107,110,112,115,118,121,123],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","admin_menu","wpoc_add_page_settings","classes\\plugin-settings.php",4,{"type":36,"name":42,"callback":43,"file":44,"line":45},"wp_head","wpoc_background","classes\\render.php",5,{"type":36,"name":42,"callback":47,"file":44,"line":48},"wpoc_front_style",7,{"type":36,"name":50,"callback":51,"file":44,"line":52},"wp_footer","wpoc_script",9,{"type":54,"name":55,"callback":56,"file":44,"line":57},"filter","the_content","wpoc_single_post_filter",11,{"type":54,"name":59,"callback":60,"priority":61,"file":44,"line":62},"post_thumbnail_html","wpoc_poster",10,13,{"type":36,"name":64,"callback":65,"file":66,"line":67},"init","wpoc_add_taxonomies","classes\\taxonomy.php",6,{"type":36,"name":69,"callback":70,"file":66,"line":48},"save_post","wpoc_save_tax",{"type":36,"name":72,"callback":73,"file":66,"line":74},"add_meta_boxes","wpoc_metabox_tax",25,{"type":36,"name":72,"callback":76,"file":66,"line":77},"wpoc_metabox_tax_members",26,{"type":36,"name":79,"callback":80,"file":66,"line":81},"admin_footer-post-new.php","wpoc_function",28,{"type":36,"name":83,"callback":80,"file":66,"line":84},"admin_footer-post.php",29,{"type":36,"name":86,"callback":87,"file":66,"line":28},"admin_footer-edit-tags.php","wpoc_tax_script",{"type":36,"name":89,"callback":87,"file":66,"line":90},"admin_footer-term.php",31,{"type":36,"name":92,"callback":93,"file":66,"line":94},"admin_enqueue_scripts","wpoc_tax_media",33,{"type":36,"name":96,"callback":97,"file":98,"line":67},"after_setup_theme","wpoc_add_post_types","classes\\types.php",{"type":36,"name":72,"callback":100,"file":98,"line":101},"wpoc_add_metaboxes",8,{"type":36,"name":69,"callback":103,"file":98,"line":61},"wpoc_metaboxes_save",{"type":36,"name":92,"callback":105,"file":98,"line":106},"wpoc_types_script",12,{"type":36,"name":79,"callback":108,"file":98,"line":109},"wpoc_add_admin_scripts",14,{"type":36,"name":83,"callback":108,"file":98,"line":111},15,{"type":36,"name":92,"callback":113,"file":98,"line":114},"wpoc_post_media",17,{"type":36,"name":64,"callback":116,"file":117,"line":114},"wpoc_translate","online-cinema.php",{"type":36,"name":119,"callback":120,"file":117,"line":90},"widgets_init","wpoc_register_widgets",{"type":36,"name":50,"callback":122,"file":117,"line":94},"wpoc_tmdb_logo",{"type":36,"name":50,"callback":124,"file":117,"line":125},"wpoc_json_str",35,[127],{"action":128,"nopriv":129,"callback":130,"hasNonce":129,"hasCapCheck":129,"file":117,"line":84},"parser",false,"wpoc_parser",[],[133],{"tag":134,"callback":135,"file":136,"line":45},"preview","wpoc_preview","classes\\shortcodes.php",[],1,{"dangerousFunctions":140,"sqlUsage":141,"outputEscaping":143,"fileOperations":11,"externalRequests":138,"nonceChecks":67,"capabilityChecks":40,"bundledLibraries":299},[],{"prepared":11,"raw":11,"locations":142},[],{"escaped":144,"rawEcho":145,"locations":146},240,86,[147,149,150,152,154,156,158,159,161,163,165,167,169,171,173,175,177,179,180,182,183,185,187,189,191,193,195,197,199,201,202,204,206,208,210,212,214,216,217,219,221,223,225,227,229,231,233,235,237,239,240,242,244,246,248,250,252,255,257,259,261,262,264,265,266,267,268,269,270,272,273,275,277,279,281,282,283,285,286,288,289,291,292,294,295,297],{"file":39,"line":106,"context":148},"raw output",{"file":39,"line":125,"context":148},{"file":44,"line":151,"context":148},346,{"file":66,"line":153,"context":148},101,{"file":66,"line":155,"context":148},107,{"file":66,"line":157,"context":148},126,{"file":66,"line":157,"context":148},{"file":66,"line":160,"context":148},152,{"file":66,"line":162,"context":148},162,{"file":66,"line":164,"context":148},306,{"file":66,"line":166,"context":148},348,{"file":66,"line":168,"context":148},351,{"file":66,"line":170,"context":148},352,{"file":66,"line":172,"context":148},379,{"file":66,"line":174,"context":148},383,{"file":66,"line":176,"context":148},384,{"file":66,"line":178,"context":148},385,{"file":66,"line":178,"context":148},{"file":66,"line":181,"context":148},386,{"file":66,"line":181,"context":148},{"file":98,"line":184,"context":148},56,{"file":98,"line":186,"context":148},57,{"file":98,"line":188,"context":148},60,{"file":98,"line":190,"context":148},64,{"file":98,"line":192,"context":148},68,{"file":98,"line":194,"context":148},72,{"file":98,"line":196,"context":148},76,{"file":98,"line":198,"context":148},80,{"file":98,"line":200,"context":148},81,{"file":98,"line":21,"context":148},{"file":98,"line":203,"context":148},89,{"file":98,"line":205,"context":148},93,{"file":98,"line":207,"context":148},94,{"file":98,"line":209,"context":148},98,{"file":98,"line":211,"context":148},99,{"file":98,"line":213,"context":148},102,{"file":98,"line":215,"context":148},103,{"file":98,"line":155,"context":148},{"file":98,"line":218,"context":148},108,{"file":98,"line":220,"context":148},111,{"file":98,"line":222,"context":148},112,{"file":98,"line":224,"context":148},256,{"file":98,"line":226,"context":148},258,{"file":98,"line":228,"context":148},288,{"file":98,"line":230,"context":148},303,{"file":98,"line":232,"context":148},313,{"file":98,"line":234,"context":148},322,{"file":98,"line":236,"context":148},337,{"file":98,"line":238,"context":148},371,{"file":98,"line":172,"context":148},{"file":98,"line":241,"context":148},390,{"file":98,"line":243,"context":148},553,{"file":98,"line":245,"context":148},565,{"file":98,"line":247,"context":148},577,{"file":98,"line":249,"context":148},585,{"file":98,"line":251,"context":148},604,{"file":253,"line":254,"context":148},"classes\\widgets\\related.php",47,{"file":253,"line":256,"context":148},49,{"file":253,"line":258,"context":148},52,{"file":253,"line":260,"context":148},58,{"file":253,"line":190,"context":148},{"file":253,"line":263,"context":148},88,{"file":253,"line":263,"context":148},{"file":253,"line":263,"context":148},{"file":253,"line":203,"context":148},{"file":253,"line":203,"context":148},{"file":253,"line":203,"context":148},{"file":253,"line":203,"context":148},{"file":271,"line":81,"context":148},"classes\\widgets\\taxonomy.php",{"file":271,"line":28,"context":148},{"file":271,"line":274,"context":148},32,{"file":271,"line":276,"context":148},37,{"file":271,"line":278,"context":148},41,{"file":271,"line":280,"context":148},65,{"file":271,"line":280,"context":148},{"file":271,"line":280,"context":148},{"file":271,"line":284,"context":148},66,{"file":271,"line":284,"context":148},{"file":271,"line":287,"context":148},67,{"file":271,"line":287,"context":148},{"file":290,"line":109,"context":148},"functions.php",{"file":290,"line":276,"context":148},{"file":290,"line":293,"context":148},39,{"file":290,"line":211,"context":148},{"file":117,"line":296,"context":148},50,{"file":117,"line":298,"context":148},51,[],[301,319],{"entryPoint":302,"graph":303,"unsanitizedCount":11,"severity":318},"wpoc_save_settings (classes\\plugin-settings.php:40)",{"nodes":304,"edges":315},[305,310],{"id":306,"type":307,"label":308,"file":39,"line":309},"n0","source","$_POST",48,{"id":311,"type":312,"label":313,"file":39,"line":256,"wp_function":314},"n1","sink","update_option() [Settings Manipulation]","update_option",[316],{"from":306,"to":311,"sanitized":317},true,"low",{"entryPoint":320,"graph":321,"unsanitizedCount":11,"severity":318},"\u003Cplugin-settings> (classes\\plugin-settings.php:0)",{"nodes":322,"edges":325},[323,324],{"id":306,"type":307,"label":308,"file":39,"line":309},{"id":311,"type":312,"label":313,"file":39,"line":256,"wp_function":314},[326],{"from":306,"to":311,"sanitized":317},{"summary":328,"deductions":329},"The \"online-cinema\" v1.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a significant majority of its outputs. There are no recorded historical vulnerabilities, suggesting a history of secure development or diligent patching.  The absence of dangerous functions, raw SQL, file operations, and critical taint flows further bolsters its security. However, a notable concern arises from the presence of one unprotected AJAX handler, which represents a direct entry point for potential attacks. This lack of authentication on a critical entry point is the primary security weakness identified. The plugin also makes an external HTTP request, which, while not inherently a vulnerability, can be a vector if the external service is compromised or the request is not handled securely. Overall, while the plugin is built on a solid foundation of secure coding practices, the unprotected AJAX handler introduces a significant risk that needs immediate attention.",[330,332],{"reason":331,"points":101},"Unprotected AJAX handler",{"reason":333,"points":27},"External HTTP request","2026-03-17T07:20:33.519Z",{"wat":336,"direct":342},{"assetPaths":337,"generatorPatterns":339,"scriptPaths":340,"versionParams":341},[338],"\u002Fwp-content\u002Fplugins\u002Fonline-cinema\u002Fassets\u002Fcss\u002Fstyle.css",[],[],[],{"cssClasses":343,"htmlComments":344,"htmlAttributes":345,"restEndpoints":346,"jsGlobals":347,"shortcodeOutput":350},[],[],[],[],[348,349],"data","studios",[]]