[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftL7lU6byjoRTVAZpoE360qp0tSOV2Kv10Ysg_Aeyw2g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":54,"fingerprints":177},"ot-zalo","OT Zalo – Zalo Chat Widget, Follow widget","1.1.0","thinhbg59","https:\u002F\u002Fprofiles.wordpress.org\u002Fthinhbg59\u002F","\u003Cp>OT Zalo – Zalo Chat Widget, Follow widget\u003C\u002Fp>\n","OT Zalo - Zalo Chat Widget, Follow widget",300,8770,0,"2017-09-26T04:57:00.000Z","4.8.28","4.0","",[19,20],"zalo-chat","zalo-widget","https:\u002F\u002Fninewp.com\u002Fplugins\u002Fot-zalo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fot-zalo.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},4,10330,30,84,"2026-04-04T18:30:58.000Z",[34],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":17,"tags":47,"homepage":52,"download_link":53,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"group-contact-buttons-pht-blog","Call Now – Group Contact Buttons – PHT Blog","2.4","Pham Thanh","https:\u002F\u002Fprofiles.wordpress.org\u002Fthanhph\u002F","\u003Cp>Insert quick call buttons, chat Facebook, Skype, Line, quick contact via Zalo, Viber, Contact Form 7 … all wrapped up in a Group Contact button neatly displayed. The plugin is completely free for WordPress websites.\u003C\u002Fp>\n\u003Ch4>Currently the Plugin is providing the following display functions that allow website owners to customize:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Customize phone number\u003C\u002Fli>\n\u003Cli>Customize your Facebook ID to make chat on Messenger\u003C\u002Fli>\n\u003Cli>Customize chat via Zalo, Viber, Skype, Line…\u003C\u002Fli>\n\u003Cli>Customize Shortcode Contact Form\u003C\u002Fli>\n\u003Cli>Add embed code: Google Analytics, verification tag, embed code css, js, script code, meta tags…\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Empty fields mean the corresponding function button is hidden.\u003C\u002Fp>\n\u003Ch4>Need support\u003C\u002Fh4>\n\u003Cp>If you want to get support, please visit \u003Ca href=\"https:\u002F\u002Fwww.phamhuuthanh.com\" rel=\"nofollow ugc\">PHT Blog\u003C\u002Fa> for more detail.\u003C\u002Fp>\n","Insert call now buttons, chat Facebook, quick contact via Zalo, Viber, Skype, Line, Contact Form 7 ... all wrapped up in a Group Contact button neatly …",100,3833,"2020-05-27T10:07:00.000Z","5.4.19","3.5",[48,49,50,51,19],"call-now-button","facebook-chat","group-contact","quick-call-button","https:\u002F\u002Fwww.phamhuuthanh.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgroup-contact-buttons-pht-blog.zip",{"attackSurface":55,"codeSignals":94,"taintFlows":165,"riskAssessment":166,"analyzedAt":176},{"hooks":56,"ajaxHandlers":85,"restRoutes":86,"shortcodes":87,"cronEvents":92,"entryPointCount":93,"unprotectedCount":13},[57,63,67,72,76,80],{"type":58,"name":59,"callback":60,"file":61,"line":62},"action","admin_menu","add_plugin_page","includes\\class-ot-zalo-settings.php",13,{"type":58,"name":64,"callback":65,"file":61,"line":66},"admin_init","page_init",14,{"type":58,"name":68,"callback":69,"file":70,"line":71},"wp_enqueue_scripts","scripts","ot-zalo.php",25,{"type":58,"name":73,"callback":74,"file":70,"line":75},"wp_footer","zalo_widget_chat",26,{"type":58,"name":77,"callback":78,"file":70,"line":79},"widgets_init","zalo_widget_follow",27,{"type":81,"name":82,"callback":83,"file":70,"line":84},"filter","the_content","zalo_button_share_content",28,[],[],[88],{"tag":89,"callback":90,"file":70,"line":91},"zalo_share","zalo_button_share_shortcode",29,[],1,{"dangerousFunctions":95,"sqlUsage":96,"outputEscaping":98,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":164},[],{"prepared":13,"raw":13,"locations":97},[],{"escaped":71,"rawEcho":99,"locations":100},36,[101,104,106,107,109,110,112,114,115,116,118,120,121,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,159,161,162,163],{"file":61,"line":102,"context":103},111,"raw output",{"file":61,"line":105,"context":103},113,{"file":61,"line":105,"context":103},{"file":61,"line":108,"context":103},114,{"file":61,"line":108,"context":103},{"file":111,"line":62,"context":103},"includes\\class-ot-zalo-widget.php",{"file":111,"line":113,"context":103},15,{"file":111,"line":30,"context":103},{"file":111,"line":30,"context":103},{"file":111,"line":117,"context":103},31,{"file":111,"line":119,"context":103},32,{"file":111,"line":119,"context":103},{"file":111,"line":99,"context":103},{"file":111,"line":123,"context":103},51,{"file":111,"line":125,"context":103},52,{"file":111,"line":127,"context":103},53,{"file":111,"line":129,"context":103},58,{"file":111,"line":131,"context":103},59,{"file":111,"line":133,"context":103},60,{"file":111,"line":135,"context":103},66,{"file":111,"line":137,"context":103},68,{"file":111,"line":139,"context":103},69,{"file":111,"line":141,"context":103},73,{"file":111,"line":143,"context":103},74,{"file":111,"line":145,"context":103},75,{"file":111,"line":147,"context":103},79,{"file":111,"line":149,"context":103},80,{"file":111,"line":151,"context":103},81,{"file":111,"line":153,"context":103},86,{"file":111,"line":155,"context":103},87,{"file":111,"line":157,"context":103},88,{"file":70,"line":125,"context":103},{"file":70,"line":160,"context":103},72,{"file":70,"line":160,"context":103},{"file":70,"line":141,"context":103},{"file":70,"line":141,"context":103},[],[],{"summary":167,"deductions":168},"The \"ot-zalo\" v1.1.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL queries (all using prepared statements), file operations, external HTTP requests, and taint flows with unsanitized paths are all positive indicators.  The fact that all identified entry points (AJAX, REST API, shortcodes, cron events) are either non-existent or have proper authentication\u002Fpermission checks is a significant strength.  However, a notable concern is the low percentage of properly escaped output. With 61 outputs and only 41% properly escaped, there's a high risk of cross-site scripting (XSS) vulnerabilities, especially if the data being output originates from user input and is not sufficiently sanitized before display. The complete lack of vulnerability history, while seemingly positive, could also indicate limited testing or reporting, rather than absolute security. Overall, while the foundational security practices related to data handling and access control appear strong, the unescaped output presents a clear and significant risk that needs immediate attention.",[169,171,174],{"reason":170,"points":113},"Low percentage of properly escaped output",{"reason":172,"points":173},"No nonce checks implemented",10,{"reason":175,"points":173},"No capability checks implemented","2026-03-16T20:04:32.573Z",{"wat":178,"direct":188},{"assetPaths":179,"generatorPatterns":182,"scriptPaths":183,"versionParams":185},[180,181],"\u002Fwp-content\u002Fplugins\u002Fot-zalo\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fot-zalo\u002Fassets\u002Fjs\u002Fscript.js",[],[184],"https:\u002F\u002Fsp.zalo.me\u002Fplugins\u002Fsdk.js",[186,187],"ot-zalo\u002Fassets\u002Fcss\u002Fstyle.css?ver=","ot-zalo\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":189,"htmlComments":192,"htmlAttributes":193,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":203},[190,191],"zalo-chat-widget","zalo-share-button",[],[194,195,196,197,198,199,200],"data-oaid","data-welcome-message","data-autopopup","data-href","data-layout","data-color","data-customize",[],[],[204,205],"[zalo_share]","[zalo_share url="]