[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCjtanLdQBZ8vIp74hKixNDh3S_nmsFdaJF8XZTUIREA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":15,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":31,"analysis":32,"fingerprints":94},"oxy-relogin-window","OXY Re-Login Window","1.1","laborin","https:\u002F\u002Fprofiles.wordpress.org\u002Flaborin\u002F","\u003Cp>This free plugin presents a login window right inside Oxygen Builder when the WordPress session expires, to avoid losing your work because of the infamous Oxygen “Error 200” while saving.\u003C\u002Fp>\n\u003Cp>How do I know if it’s working? Easy:\u003C\u002Fp>\n\u003Cp>1 – Open Oxygen Builder\u003Cbr \u002F>\n2 – Using a different browser tab, log-out from WordPress\u003C\u002Fp>\n\u003Cp>Normally, doing this would make you lose any change made in the Oxygen Builder tab. Logging back in using a different browser tab doesn’t help, all unsaved changes in Oxygen Builder will be lost.\u003C\u002Fp>\n\u003Cp>But if you have OXY Re-Login Window active, your Oxygen Builder tab will show a login window and your Oxygen Builder session key will be updated and you will be able to save your data and continue working.\u003C\u002Fp>\n\u003Cp>Why would someone log-out while having unsaved changes in Oxygen Builder? Sadly, it’s common that the WordPress session expires automatically while you are working inside Oxygen Builder.\u003C\u002Fp>\n","Re-Login window for Oxygen Builder.",600,2376,60,2,"","5.7.15","4.7","5.0",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foxy-relogin-window.1.1.zip",100,0,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},1,30,94,"2026-04-05T17:26:20.098Z",[],{"attackSurface":33,"codeSignals":70,"taintFlows":80,"riskAssessment":81,"analyzedAt":93},{"hooks":34,"ajaxHandlers":58,"restRoutes":67,"shortcodes":68,"cronEvents":69,"entryPointCount":14,"unprotectedCount":14},[35,41,44,48,50,54],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","plugins_loaded","detect_oxygen","relogin-for-oxygen.php",15,{"type":36,"name":42,"callback":42,"file":39,"line":43},"init",16,{"type":36,"name":45,"callback":46,"file":39,"line":47},"admin_notices","closure",23,{"type":36,"name":45,"callback":46,"file":39,"line":49},35,{"type":36,"name":51,"callback":52,"file":39,"line":53},"ct_before_builder","inject_relogin_window",84,{"type":36,"name":55,"callback":56,"file":39,"line":57},"wp_enqueue_scripts","enqueue_scripts",86,[59,64],{"action":60,"nopriv":61,"callback":62,"hasNonce":61,"hasCapCheck":61,"file":39,"line":63},"oxy-relogin-window-heartbeat",false,"heartbeat",88,{"action":60,"nopriv":65,"callback":62,"hasNonce":61,"hasCapCheck":61,"file":39,"line":66},true,89,[],[],[],{"dangerousFunctions":71,"sqlUsage":72,"outputEscaping":74,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":79},[],{"prepared":22,"raw":22,"locations":73},[],{"escaped":22,"rawEcho":27,"locations":75},[76],{"file":39,"line":77,"context":78},75,"raw output",[],[],{"summary":82,"deductions":83},"The \"oxy-relogin-window\" v1.1 plugin exhibits significant security concerns due to a lack of proper authentication and output sanitization on its entry points.  The analysis reveals two AJAX handlers, both of which lack any authentication checks. This creates a wide attack surface, as any authenticated user, potentially even those with limited privileges, could interact with these handlers. Furthermore, the plugin fails to properly escape output, meaning data displayed to users could be manipulated, leading to cross-site scripting (XSS) vulnerabilities if the data originates from an untrusted source.\n\nWhile the plugin has no recorded vulnerabilities or known CVEs, this absence of historical issues should not be interpreted as a guarantee of security. The current code analysis reveals foundational security weaknesses that could easily be exploited if an attacker discovers them. The reliance on prepared statements for SQL queries is a positive sign, and the absence of dangerous functions, file operations, external HTTP requests, and bundled libraries suggests some care in development. However, the critical deficiencies in authentication and output escaping overshadow these positive aspects, demanding immediate attention.\n\nIn conclusion, the \"oxy-relogin-window\" v1.1 plugin presents a moderate to high risk due to its unprotected AJAX endpoints and unescaped output. The lack of historical vulnerabilities is a positive, but it does not mitigate the immediate risks posed by the identified code-level weaknesses. Addressing the missing authentication checks and implementing proper output escaping are crucial steps to improving its security posture.",[84,87,90],{"reason":85,"points":86},"AJAX handlers without auth checks",10,{"reason":88,"points":89},"Unescaped output",5,{"reason":91,"points":92},"Missing nonce checks on AJAX",7,"2026-03-16T19:26:23.509Z",{"wat":95,"direct":104},{"assetPaths":96,"generatorPatterns":99,"scriptPaths":100,"versionParams":101},[97,98],"\u002Fwp-content\u002Fplugins\u002Foxy-relogin-window\u002Fassets\u002Foxy-relogin-window.css","\u002Fwp-content\u002Fplugins\u002Foxy-relogin-window\u002Fassets\u002Foxy-relogin-window.js",[],[98],[102,103],"oxy-relogin-window\u002Fassets\u002Foxy-relogin-window.css?ver=","oxy-relogin-window\u002Fassets\u002Foxy-relogin-window.js?ver=",{"cssClasses":105,"htmlComments":108,"htmlAttributes":109,"restEndpoints":113,"jsGlobals":115,"shortcodeOutput":117},[106,107],"opp-login","opp-floating-login-iframe",[],[110,111,112],"id=\"opp-login\"","id=\"opp-floating-login-iframe\"","id=\"opp-login-template\"",[114],"\u002Fwp-json\u002Foxy-relogin-window\u002Fheartbeat",[116],"window.OxyReloginWindowBEData",[]]