[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWIbPs4KGy8nEgcagXsR3egxMjeVK7AC42Mbvg5Gssxs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":42,"crawl_stats":33,"alternatives":50,"analysis":51,"fingerprints":407},"os-diagnosis-generator","診断ジェネレータ作成プラグイン","1.4.16","OLIVESYSTEM","https:\u002F\u002Fprofiles.wordpress.org\u002Folivesystem\u002F","\u003Cp>診断サイトを手軽に作成できるプラグインです。\u003Cbr \u002F>\n管理画面で診断内容を作成・設定し、指定したショートコードを記事中に埋めれば診断ページを表示できます。複数の診断フォームを表示することもできます。\u003C\u002Fp>\n\u003Cp>診断には2種類の方法があります。名前で自動判断する「名前式」と設問形式で点数から判断する「設問式」です。\u003C\u002Fp>\n\u003Cp>名前式は、ユーザの負担が少なく、名前を入力するだけで診断が自動で完了します。その分、結果はユーザとの親和性がありません。\u003Cbr \u002F>\n一方、設問式は、いくつかの設問にユーザが答える必要がありますが、その分、親和性があります。\u003C\u002Fp>\n\u003Cp>診断結果のテキストパターンは豊富に設定できます。\u003Cbr \u002F>\nテーマ機能を使用すれば、スタイルを変更したり、診断の設問を1問ずつ表示できます。\u003C\u002Fp>\n","診断サイトを手軽に作成できるプラグインです。",700,15889,0,"2025-04-29T14:09:00.000Z","6.5.8","2.8","",[19,20],"%e8%a8%ba%e6%96%ad","%e5%8d%a0%e3%81%84","http:\u002F\u002Flp.olivesystem.jp\u002Fplugin-dg","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fos-diagnosis-generator.zip",78,1,"2025-06-05 00:00:00","2026-03-15T15:16:48.613Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":33,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":33},"CVE-2025-30934","missing-authorization","診断ジェネレータ作成プラグイン \u003C= 1.4.16 - Missing Authorization","The 診断ジェネレータ作成プラグイン plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.4.16. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.4.16","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-06-10 18:08:17",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F71c87b41-6c90-4b4e-aa63-5db65d7b9e51?source=api-prod",{"slug":43,"display_name":7,"profile_url":8,"plugin_count":44,"total_installs":45,"avg_security_score":46,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"olivesystem",3,720,83,30,82,"2026-04-05T06:54:42.243Z",[],{"attackSurface":52,"codeSignals":118,"taintFlows":325,"riskAssessment":393,"analyzedAt":406},{"hooks":53,"ajaxHandlers":96,"restRoutes":97,"shortcodes":98,"cronEvents":117,"entryPointCount":63,"unprotectedCount":13},[54,60,64,69,72,75,79,81,85,89,93],{"type":55,"name":56,"callback":57,"file":58,"line":59},"action","in_admin_footer","actionAddonDefaultInit","addon\\default.php",5,{"type":55,"name":61,"callback":62,"file":58,"line":63},"admin_menu","menuViewsAddon",6,{"type":55,"name":65,"callback":66,"file":67,"line":68},"admin_init","actionAdminInit","diagnosisAdminClass.php",8,{"type":55,"name":65,"callback":70,"file":67,"line":71},"themeFunc",9,{"type":55,"name":61,"callback":73,"file":67,"line":74},"menuViews",11,{"type":55,"name":76,"callback":77,"file":78,"line":63},"plugins_loaded","plugin_get_option","diagnosisClass.php",{"type":55,"name":76,"callback":80,"file":78,"line":68},"action_level",{"type":55,"name":82,"callback":83,"file":78,"line":84},"wp_head","action_head",10,{"type":55,"name":86,"callback":87,"file":88,"line":68},"init","init_diagnosis_mode","diagnosisViewClass.php",{"type":55,"name":90,"callback":91,"file":88,"line":92},"wp_print_scripts","os_wp_enqueue",19,{"type":55,"name":86,"callback":94,"file":88,"line":95},"again_nonce_mode",21,[],[],[99,102,105,108,111,114],{"tag":100,"callback":101,"file":88,"line":84},"OSDGSIS-FORM","viewMode",{"tag":103,"callback":104,"file":88,"line":74},"OSDGSIS-RESULT-FORM","viewResultMode",{"tag":106,"callback":101,"file":88,"line":107},"osdgsis-form",13,{"tag":109,"callback":104,"file":88,"line":110},"osdgsis-result-form",14,{"tag":112,"callback":101,"file":88,"line":113},"formosdgsis",16,{"tag":115,"callback":104,"file":88,"line":116},"formosdgsisresult",17,[],{"dangerousFunctions":119,"sqlUsage":120,"outputEscaping":123,"fileOperations":63,"externalRequests":13,"nonceChecks":323,"capabilityChecks":13,"bundledLibraries":324},[],{"prepared":121,"raw":13,"locations":122},51,[],{"escaped":124,"rawEcho":125,"locations":126},26,107,[127,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,166,168,170,171,173,176,178,180,182,184,186,188,190,192,194,196,199,201,203,204,206,208,209,211,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,245,247,249,251,252,254,255,256,258,260,261,263,265,266,267,268,269,271,273,275,277,279,280,281,283,285,286,287,289,291,293,294,295,296,297,298,299,301,302,303,305,307,309,311,313,316,318,320],{"file":128,"line":129,"context":130},"class\\themeClass.php",61,"raw output",{"file":128,"line":132,"context":130},69,{"file":78,"line":134,"context":130},58,{"file":78,"line":136,"context":130},400,{"file":78,"line":138,"context":130},403,{"file":78,"line":140,"context":130},406,{"file":78,"line":142,"context":130},461,{"file":78,"line":144,"context":130},464,{"file":78,"line":146,"context":130},467,{"file":78,"line":148,"context":130},490,{"file":78,"line":150,"context":130},506,{"file":78,"line":152,"context":130},513,{"file":88,"line":154,"context":130},310,{"file":88,"line":156,"context":130},316,{"file":88,"line":158,"context":130},323,{"file":88,"line":160,"context":130},338,{"file":162,"line":124,"context":130},"include_files\\admin-foot.php",{"file":164,"line":165,"context":130},"include_files\\admin-optionPage.php",41,{"file":164,"line":167,"context":130},63,{"file":164,"line":169,"context":130},68,{"file":164,"line":169,"context":130},{"file":164,"line":172,"context":130},85,{"file":174,"line":175,"context":130},"include_files\\admin-postListPage.php",24,{"file":174,"line":177,"context":130},31,{"file":174,"line":179,"context":130},32,{"file":174,"line":181,"context":130},33,{"file":174,"line":183,"context":130},35,{"file":174,"line":185,"context":130},36,{"file":174,"line":187,"context":130},37,{"file":174,"line":189,"context":130},38,{"file":174,"line":191,"context":130},40,{"file":174,"line":193,"context":130},42,{"file":174,"line":195,"context":130},43,{"file":197,"line":198,"context":130},"include_files\\admin-postNewPage.php",18,{"file":197,"line":200,"context":130},45,{"file":197,"line":202,"context":130},46,{"file":197,"line":202,"context":130},{"file":197,"line":205,"context":130},49,{"file":197,"line":207,"context":130},50,{"file":197,"line":207,"context":130},{"file":197,"line":210,"context":130},52,{"file":197,"line":169,"context":130},{"file":197,"line":213,"context":130},86,{"file":197,"line":215,"context":130},87,{"file":197,"line":217,"context":130},112,{"file":197,"line":219,"context":130},135,{"file":197,"line":221,"context":130},136,{"file":197,"line":223,"context":130},192,{"file":197,"line":225,"context":130},193,{"file":197,"line":227,"context":130},231,{"file":197,"line":229,"context":130},232,{"file":197,"line":231,"context":130},247,{"file":197,"line":233,"context":130},248,{"file":197,"line":235,"context":130},266,{"file":197,"line":237,"context":130},267,{"file":197,"line":239,"context":130},290,{"file":197,"line":241,"context":130},291,{"file":197,"line":243,"context":130},324,{"file":197,"line":243,"context":130},{"file":197,"line":246,"context":130},325,{"file":197,"line":248,"context":130},330,{"file":197,"line":250,"context":130},332,{"file":197,"line":250,"context":130},{"file":197,"line":253,"context":130},336,{"file":197,"line":160,"context":130},{"file":197,"line":160,"context":130},{"file":197,"line":257,"context":130},342,{"file":197,"line":259,"context":130},344,{"file":197,"line":259,"context":130},{"file":197,"line":262,"context":130},369,{"file":197,"line":264,"context":130},405,{"file":197,"line":264,"context":130},{"file":197,"line":264,"context":130},{"file":197,"line":264,"context":130},{"file":197,"line":264,"context":130},{"file":197,"line":270,"context":130},412,{"file":197,"line":272,"context":130},439,{"file":197,"line":274,"context":130},440,{"file":197,"line":276,"context":130},441,{"file":197,"line":278,"context":130},446,{"file":197,"line":278,"context":130},{"file":197,"line":278,"context":130},{"file":197,"line":282,"context":130},451,{"file":197,"line":284,"context":130},456,{"file":197,"line":284,"context":130},{"file":197,"line":284,"context":130},{"file":197,"line":288,"context":130},460,{"file":197,"line":290,"context":130},466,{"file":197,"line":292,"context":130},502,{"file":197,"line":292,"context":130},{"file":197,"line":292,"context":130},{"file":197,"line":292,"context":130},{"file":197,"line":292,"context":130},{"file":197,"line":150,"context":130},{"file":197,"line":150,"context":130},{"file":197,"line":300,"context":130},507,{"file":197,"line":300,"context":130},{"file":197,"line":300,"context":130},{"file":197,"line":304,"context":130},522,{"file":197,"line":306,"context":130},529,{"file":197,"line":308,"context":130},535,{"file":197,"line":310,"context":130},553,{"file":197,"line":312,"context":130},559,{"file":314,"line":315,"context":130},"include_files\\admin-themeOptionPage.php",27,{"file":314,"line":317,"context":130},56,{"file":314,"line":319,"context":130},64,{"file":321,"line":322,"context":130},"include_files\\user-viewFormPage.php",276,7,[],[326,351,361,375,384],{"entryPoint":327,"graph":328,"unsanitizedCount":350,"severity":35},"\u003CthemeClass> (class\\themeClass.php:0)",{"nodes":329,"edges":346},[330,334,339,341],{"id":331,"type":332,"label":333,"file":128,"line":113},"n0","source","$_POST (x2)",{"id":335,"type":336,"label":337,"file":128,"line":129,"wp_function":338},"n1","sink","echo() [XSS]","echo",{"id":340,"type":332,"label":333,"file":128,"line":113},"n2",{"id":342,"type":336,"label":343,"file":128,"line":344,"wp_function":345},"n3","file_get_contents() [SSRF\u002FLFI]",79,"file_get_contents",[347,349],{"from":331,"to":335,"sanitized":348},false,{"from":340,"to":342,"sanitized":348},4,{"entryPoint":352,"graph":353,"unsanitizedCount":44,"severity":35},"post_set (diagnosisClass.php:358)",{"nodes":354,"edges":359},[355,358],{"id":331,"type":332,"label":356,"file":78,"line":357},"$_POST (x3)",391,{"id":335,"type":336,"label":337,"file":78,"line":136,"wp_function":338},[360],{"from":331,"to":335,"sanitized":348},{"entryPoint":362,"graph":363,"unsanitizedCount":24,"severity":374},"optionPost (diagnosisAdminClass.php:373)",{"nodes":364,"edges":372},[365,368],{"id":331,"type":332,"label":366,"file":67,"line":367},"$_POST",375,{"id":335,"type":336,"label":369,"file":67,"line":370,"wp_function":371},"update_option() [Settings Manipulation]",376,"update_option",[373],{"from":331,"to":335,"sanitized":348},"low",{"entryPoint":376,"graph":377,"unsanitizedCount":13,"severity":374},"\u003CdiagnosisAdminClass> (diagnosisAdminClass.php:0)",{"nodes":378,"edges":381},[379,380],{"id":331,"type":332,"label":366,"file":67,"line":367},{"id":335,"type":336,"label":369,"file":67,"line":370,"wp_function":371},[382],{"from":331,"to":335,"sanitized":383},true,{"entryPoint":385,"graph":386,"unsanitizedCount":63,"severity":374},"\u003CdiagnosisClass> (diagnosisClass.php:0)",{"nodes":387,"edges":391},[388,390],{"id":331,"type":332,"label":389,"file":78,"line":357},"$_POST (x6)",{"id":335,"type":336,"label":337,"file":78,"line":136,"wp_function":338},[392],{"from":331,"to":335,"sanitized":348},{"summary":394,"deductions":395},"The \"os-diagnosis-generator\" plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and includes a reasonable number of nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities.  The absence of external HTTP requests and bundled libraries also reduces potential attack vectors.  However, significant concerns arise from the taint analysis, which identified 4 flows with unsanitized paths. While these were not classified as critical or high severity, this indicates a potential for input sanitization to be overlooked in certain code paths, which could be exploited if a proper vector is found.\n\nThe plugin's vulnerability history is a major red flag. With one known medium-severity CVE that remains unpatched, it directly demonstrates a real-world security flaw. The recurring theme of \"Missing Authorization\" in past vulnerabilities is particularly worrying, as it suggests a persistent weakness in how the plugin handles user permissions. This, combined with the unsanitized paths found in static analysis, points to a potential for unauthorized access or data manipulation if a vulnerability is actively exploited. While some security best practices are in place, the unpatched vulnerability and the taint analysis findings necessitate careful consideration and prompt remediation.",[396,399,402,404],{"reason":397,"points":398},"Unpatched CVE (medium severity)",15,{"reason":400,"points":401},"Taint analysis: unsanitized paths found",12,{"reason":403,"points":68},"Vulnerability history: Missing Authorization pattern",{"reason":405,"points":59},"Output escaping: low coverage (20%)","2026-03-16T19:26:15.771Z",{"wat":408,"direct":421},{"assetPaths":409,"generatorPatterns":414,"scriptPaths":415,"versionParams":416},[410,411,412,413],"\u002Fwp-content\u002Fplugins\u002Fos-diagnosis-generator\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fos-diagnosis-generator\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fos-diagnosis-generator\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fos-diagnosis-generator\u002Fjs\u002Fmain.js",[],[],[417,418,419,420],"os-diagnosis-generator\u002Fcss\u002Fadmin-style.css?ver=","os-diagnosis-generator\u002Fcss\u002Fstyle.css?ver=","os-diagnosis-generator\u002Fjs\u002Fadmin.js?ver=","os-diagnosis-generator\u002Fjs\u002Fmain.js?ver=",{"cssClasses":422,"htmlComments":424,"htmlAttributes":426,"restEndpoints":428,"jsGlobals":429,"shortcodeOutput":431},[423],"osdg_body",[425],"\u003C!-- OS DIAGNOSIS GENERATOR -->",[427],"data-diagnosis-id",[],[430],"osdg_data",[]]