[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSIF2JJ65kGjY6DLylc5oFnpOi4rP1mUPr7Rae_-sqJU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":36,"fingerprints":103},"parole-chiave-in-evidenza","Parole chiave in evidenza","1.0.0","Ovidiu Purdea","https:\u002F\u002Fprofiles.wordpress.org\u002Fpovidiu\u002F","\u003Cp>Questo plugin permette di evidenziare parola importante dentro le pagine e articoli. Hai le possibilità di renderle grassetto, corsivo, sottolineato, cambiare colore di sfondo, colore di primo piano per la parola evidenziata. Si possono utilizzare parole chiave multiple.\u003C\u002Fp>\n\u003Cp>Utilizzando diversi tipi di decorazioni di testo per le parole chiave, tipo: grassetto, corsivo o sottolineato, le rende più importanti e gli mette in evidenza per gli motori di ricerca come Google ma non solo. Usando questo plugin, è possibile fare un passo avanti, mettere in evidenza negli articoli o pagine le parole chiave evidenziate.\u003Cbr \u002F>\n \u003C\u002Fp>\n","Questo plugin permette di evidenziare parola importante dentro le pagine e articoli. Hai le possibilità di renderle grassetto, corsivo, sottolineato,  &hellip;",200,1849,0,"2013-11-25T08:33:00.000Z","3.7.41","2.0.0","",[4,19,20,21,22],"parole-chiave-seo","posizionamento-in-google","posizionamento-seo","seo-parole-chiave","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fparole-chiave-in-evidenza.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"povidiu",4,280,30,84,"2026-04-04T12:30:11.790Z",[],{"attackSurface":37,"codeSignals":62,"taintFlows":90,"riskAssessment":91,"analyzedAt":102},{"hooks":38,"ajaxHandlers":58,"restRoutes":59,"shortcodes":60,"cronEvents":61,"entryPointCount":13,"unprotectedCount":13},[39,45,49,54],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_menu","text_setting_menu","parole-chiave-in-evidenza.php",10,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_init","highlighted_text_register_settings",11,{"type":50,"name":51,"callback":52,"file":43,"line":53},"filter","the_content","apply_pce_word_highligher",168,{"type":40,"name":55,"callback":56,"file":43,"line":57},"wp_head","pce_word_highligher_css",260,[],[],[],[],{"dangerousFunctions":63,"sqlUsage":64,"outputEscaping":66,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":89},[],{"prepared":13,"raw":13,"locations":65},[],{"escaped":13,"rawEcho":44,"locations":67},[68,71,73,75,77,79,81,83,85,87],{"file":43,"line":69,"context":70},77,"raw output",{"file":43,"line":72,"context":70},107,{"file":43,"line":74,"context":70},108,{"file":43,"line":76,"context":70},109,{"file":43,"line":78,"context":70},115,{"file":43,"line":80,"context":70},118,{"file":43,"line":82,"context":70},130,{"file":43,"line":84,"context":70},143,{"file":43,"line":86,"context":70},156,{"file":43,"line":88,"context":70},252,[],[],{"summary":92,"deductions":93},"The \"parole-chiave-in-evidenza\" v1.0.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any identified CVEs in its history and the lack of dangerous functions or file operations are positive indicators.  The plugin also demonstrates strong practices regarding SQL queries by exclusively using prepared statements, and it makes no external HTTP requests.  \n\nHowever, a significant concern arises from the complete lack of output escaping. This means that any data displayed by the plugin is not being sanitized, making it vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks across all potential entry points, although currently limited, is a weakness that could be exploited if the plugin's attack surface were to expand in future versions. \n\nIn conclusion, while the plugin has a clean historical record and employs secure practices in areas like database interaction, the unescaped output represents a critical security flaw. The lack of comprehensive security checks like nonces and capability checks also introduces potential risks, especially if the plugin's functionality grows. Addressing the output escaping is paramount to mitigating immediate XSS vulnerabilities.",[94,97,100],{"reason":95,"points":96},"Output escaping is not implemented",8,{"reason":98,"points":99},"No nonce checks implemented",5,{"reason":101,"points":99},"No capability checks implemented","2026-03-16T20:22:41.131Z",{"wat":104,"direct":109},{"assetPaths":105,"generatorPatterns":106,"scriptPaths":107,"versionParams":108},[],[],[],[],{"cssClasses":110,"htmlComments":112,"htmlAttributes":113,"restEndpoints":114,"jsGlobals":115,"shortcodeOutput":116},[111],"wh_highlighted",[],[],[],[],[]]