[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvulNZi-yABLgljqtE3PkokF7jqHKFplVjn1WIVDm81w":3,"$fpQbiaSVrn4_NDrRclzEvrkPttp8XmkaiCP38_d-zD_w":220,"$f_PL1BOqGUdjt1ZEuJFjao37JPSNQMqG7lqs7Psz9yds":225},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":39,"analysis":40,"fingerprints":204},"page-metrics","Page Metrics","1.5.1","webstartup","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebstartup\u002F","\u003Cp>Page Metrics is based on the script javascript \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fokor\u002Fjustice\" rel=\"nofollow ugc\">justice.js\u003C\u002Fa>, it allows captured and displays top-level measures, it will give you an overview of the performance of your web pages.\u003Cbr \u002F>\nYou can set your own budget. The results are displayed by color depending on the budget and the warning :\u003Cbr \u002F>\nBlue: in the budget, Yellow: the warning and Red off budget.\u003Cbr \u002F>\nIf the warning (WARN threshold) is set at 0.90: Yellow color will be used when exceeding 90% of the budget.\u003Cbr \u002F>\nIndicates the number of second image displayed on a computer screen (fps animation).\u003C\u002Fp>\n","Page Metrics captures and displays top-level measures, it will give you an overview of the performance of your web pages.",10,1679,100,2,"2017-03-02T07:10:00.000Z","4.7.33","4.0","",[20,21,22,23,24],"analysis-metrics","analysis-page-web","justice-js","metrics-js","performance-metrics","http:\u002F\u002Fweb-startup.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},4,20,30,84,"2026-05-20T05:03:18.940Z",[],{"attackSurface":41,"codeSignals":82,"taintFlows":197,"riskAssessment":198,"analyzedAt":203},{"hooks":42,"ajaxHandlers":78,"restRoutes":79,"shortcodes":80,"cronEvents":81,"entryPointCount":28,"unprotectedCount":28},[43,49,53,57,60,64,70,74],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","plugins_loaded","text_domain","page-metrics.php",46,{"type":44,"name":50,"callback":51,"file":47,"line":52},"admin_init","deactivate_auto",53,{"type":44,"name":54,"callback":54,"file":55,"line":56},"admin_menu","plugin\\admin\\page.php",23,{"type":44,"name":50,"callback":58,"file":55,"line":59},"admin_settings",24,{"type":44,"name":61,"callback":62,"file":55,"line":63},"admin_head","admin_css",25,{"type":44,"name":65,"callback":66,"priority":67,"file":68,"line":69},"init","_init",999,"plugin\\front\\init.php",14,{"type":44,"name":71,"callback":72,"priority":67,"file":68,"line":73},"wp_footer","js_to_footer",45,{"type":44,"name":75,"callback":76,"priority":77,"file":68,"line":48},"wp_enqueue_scripts","load_js",1000,[],[],[],[],{"dangerousFunctions":83,"sqlUsage":84,"outputEscaping":86,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":196},[],{"prepared":28,"raw":28,"locations":85},[],{"escaped":28,"rawEcho":87,"locations":88},54,[89,93,94,96,98,100,102,104,106,107,109,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194],{"file":90,"line":91,"context":92},"plugin\\admin\\form.php",15,"raw output",{"file":90,"line":56,"context":92},{"file":90,"line":95,"context":92},32,{"file":90,"line":97,"context":92},33,{"file":90,"line":99,"context":92},34,{"file":90,"line":101,"context":92},35,{"file":90,"line":103,"context":92},36,{"file":90,"line":105,"context":92},37,{"file":90,"line":48,"context":92},{"file":90,"line":108,"context":92},48,{"file":90,"line":87,"context":92},{"file":90,"line":111,"context":92},57,{"file":90,"line":113,"context":92},60,{"file":90,"line":115,"context":92},63,{"file":55,"line":117,"context":92},185,{"file":55,"line":119,"context":92},190,{"file":55,"line":121,"context":92},192,{"file":55,"line":123,"context":92},193,{"file":55,"line":125,"context":92},199,{"file":55,"line":127,"context":92},201,{"file":55,"line":129,"context":92},202,{"file":55,"line":131,"context":92},208,{"file":55,"line":133,"context":92},209,{"file":55,"line":135,"context":92},215,{"file":55,"line":137,"context":92},216,{"file":55,"line":139,"context":92},222,{"file":55,"line":141,"context":92},223,{"file":55,"line":143,"context":92},229,{"file":55,"line":145,"context":92},230,{"file":55,"line":147,"context":92},236,{"file":55,"line":149,"context":92},237,{"file":55,"line":151,"context":92},243,{"file":55,"line":153,"context":92},244,{"file":55,"line":155,"context":92},250,{"file":55,"line":157,"context":92},251,{"file":55,"line":159,"context":92},259,{"file":55,"line":161,"context":92},271,{"file":55,"line":163,"context":92},279,{"file":55,"line":165,"context":92},284,{"file":55,"line":167,"context":92},285,{"file":55,"line":169,"context":92},286,{"file":55,"line":171,"context":92},287,{"file":55,"line":173,"context":92},291,{"file":55,"line":175,"context":92},293,{"file":55,"line":177,"context":92},294,{"file":55,"line":179,"context":92},296,{"file":68,"line":181,"context":92},69,{"file":68,"line":183,"context":92},70,{"file":68,"line":185,"context":92},71,{"file":68,"line":187,"context":92},72,{"file":68,"line":189,"context":92},73,{"file":68,"line":191,"context":92},74,{"file":68,"line":193,"context":92},76,{"file":68,"line":195,"context":92},77,[],[],{"summary":199,"deductions":200},"The \"page-metrics\" v1.5.1 plugin exhibits a generally strong security posture from a code analysis perspective.  The absence of identified dangerous functions, SQL queries not using prepared statements, file operations, external HTTP requests, and zero taint flows with unsanitized paths are all positive indicators.  Furthermore, the plugin's vulnerability history is clean, with no known CVEs, which suggests a history of secure development or diligent patching by its maintainers. The attack surface is also reported as zero, implying no direct entry points like AJAX handlers, REST API routes, or shortcodes that are typically targeted by attackers.\n\nHowever, a significant concern arises from the \"Output escaping\" metric. With 54 total outputs and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by the plugin that originates from user input or external sources is at risk of being injected with malicious scripts, which could then be executed in the context of a logged-in user's browser. The lack of capability checks and nonce checks, while not directly flagged as a risk in this specific analysis due to the absence of an attack surface, would become critical if any entry points were introduced in future versions without proper security measures.\n\nIn conclusion, while the plugin has a clean history and avoids common risky coding practices in many areas, the widespread lack of output escaping represents a substantial security weakness that needs immediate attention. This single issue significantly overshadows the otherwise positive aspects of the code analysis.",[201],{"reason":202,"points":91},"0% output escaping","2026-03-17T00:36:34.490Z",{"wat":205,"direct":212},{"assetPaths":206,"generatorPatterns":208,"scriptPaths":209,"versionParams":211},[207],"\u002Fwp-content\u002Fplugins\u002Fpage-metrics\u002Fplugin\u002Fjs\u002Fjustice.min.js",[],[210],"wp-content\u002Fplugins\u002Fpage-metrics\u002Fplugin\u002Fjs\u002Fjustice.min.js",[],{"cssClasses":213,"htmlComments":214,"htmlAttributes":215,"restEndpoints":216,"jsGlobals":217,"shortcodeOutput":219},[],[],[],[],[218],"Justice",[],{"error":221,"url":222,"statusCode":223,"statusMessage":224,"message":224},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpage-metrics\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":226,"versions":227},9,[228,235,242,249,256,263,270,277,284],{"version":6,"download_url":229,"svn_tag_url":230,"released_at":29,"has_diff":231,"diff_files_changed":232,"diff_lines":29,"trac_diff_url":233,"vulnerabilities":234,"is_current":221},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.5.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.5.0&new_path=%2Fpage-metrics%2Ftags%2F1.5.1",[],{"version":236,"download_url":237,"svn_tag_url":238,"released_at":29,"has_diff":231,"diff_files_changed":239,"diff_lines":29,"trac_diff_url":240,"vulnerabilities":241,"is_current":231},"1.5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.4.1&new_path=%2Fpage-metrics%2Ftags%2F1.5.0",[],{"version":243,"download_url":244,"svn_tag_url":245,"released_at":29,"has_diff":231,"diff_files_changed":246,"diff_lines":29,"trac_diff_url":247,"vulnerabilities":248,"is_current":231},"1.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.4.0&new_path=%2Fpage-metrics%2Ftags%2F1.4.1",[],{"version":250,"download_url":251,"svn_tag_url":252,"released_at":29,"has_diff":231,"diff_files_changed":253,"diff_lines":29,"trac_diff_url":254,"vulnerabilities":255,"is_current":231},"1.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.3.1&new_path=%2Fpage-metrics%2Ftags%2F1.4.0",[],{"version":257,"download_url":258,"svn_tag_url":259,"released_at":29,"has_diff":231,"diff_files_changed":260,"diff_lines":29,"trac_diff_url":261,"vulnerabilities":262,"is_current":231},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.3.0&new_path=%2Fpage-metrics%2Ftags%2F1.3.1",[],{"version":264,"download_url":265,"svn_tag_url":266,"released_at":29,"has_diff":231,"diff_files_changed":267,"diff_lines":29,"trac_diff_url":268,"vulnerabilities":269,"is_current":231},"1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.2.0&new_path=%2Fpage-metrics%2Ftags%2F1.3.0",[],{"version":271,"download_url":272,"svn_tag_url":273,"released_at":29,"has_diff":231,"diff_files_changed":274,"diff_lines":29,"trac_diff_url":275,"vulnerabilities":276,"is_current":231},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.1.0&new_path=%2Fpage-metrics%2Ftags%2F1.2.0",[],{"version":278,"download_url":279,"svn_tag_url":280,"released_at":29,"has_diff":231,"diff_files_changed":281,"diff_lines":29,"trac_diff_url":282,"vulnerabilities":283,"is_current":231},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpage-metrics%2Ftags%2F1.0.0&new_path=%2Fpage-metrics%2Ftags%2F1.1.0",[],{"version":285,"download_url":286,"svn_tag_url":287,"released_at":29,"has_diff":231,"diff_files_changed":288,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":289,"is_current":231},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-metrics.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpage-metrics\u002Ftags\u002F1.0.0\u002F",[],[]]