[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKrWViWxAPCMGZy89L0L-B80ThguxrG0OpJAmjeJOj5Q":3,"$ffFJD-E52YNtj3ipK1DnWY1MG22FPXPmh8yB3gkE9UMY":111,"$ftozSnUEPmzpR2iPEN9cwHdhOOO6OcJQNog-pq9uaZmM":116},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":39,"fingerprints":91},"photography-glossary","Photography Glossary","1.2.1","benhallbenhall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenhallbenhall\u002F","\u003Cp>The Free Photo Glossary is an easy to use WordPress Plugin that will load a random photography term and display it’s definition. It’s a great sidebar addition to provide fresh content for photography based websites and blogs.\u003C\u002Fp>\n\u003Cp>The plugin includes a sidebar widget so that you can place the glossary easily into your sidebar and wordpress theme.\u003C\u002Fp>\n","This plugin will display a random photography term \u002F definition. It's a great sidebar widget for photo based blogs to add fresh content.",10,2545,74,3,"2013-09-05T05:42:00.000Z","3.6.1","3.0.1","",[20,21,22,4,23],"photo-dictionary","photography-definitions","photography-dictionary","photography-terms","http:\u002F\u002Fwww.dimbal.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphotography-glossary.1.2.1.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},9,80,30,84,"2026-05-19T19:44:55.293Z",[],{"attackSurface":40,"codeSignals":56,"taintFlows":79,"riskAssessment":80,"analyzedAt":90},{"hooks":41,"ajaxHandlers":52,"restRoutes":53,"shortcodes":54,"cronEvents":55,"entryPointCount":27,"unprotectedCount":27},[42,48],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","widgets_init","dimbal_pg_register_widgets","index.php",98,{"type":43,"name":49,"callback":50,"file":46,"line":51},"admin_menu","dimbal_pg_plugin_menu",102,[],[],[],[],{"dangerousFunctions":57,"sqlUsage":58,"outputEscaping":60,"fileOperations":77,"externalRequests":27,"nonceChecks":27,"capabilityChecks":77,"bundledLibraries":78},[],{"prepared":27,"raw":27,"locations":59},[],{"escaped":14,"rawEcho":61,"locations":62},8,[63,66,68,70,71,72,74,76],{"file":46,"line":64,"context":65},36,"raw output",{"file":46,"line":67,"context":65},64,{"file":46,"line":69,"context":65},65,{"file":46,"line":69,"context":65},{"file":46,"line":69,"context":65},{"file":46,"line":73,"context":65},81,{"file":46,"line":75,"context":65},83,{"file":46,"line":26,"context":65},1,[],[],{"summary":81,"deductions":82},"The 'photography-glossary' plugin version 1.2.1 exhibits a strong security posture based on the provided static analysis. The absence of direct entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code signals indicate a responsible approach to database interactions, with 100% of SQL queries utilizing prepared statements, and a single file operation is present but likely benign given the lack of other indicators. The limited number of output operations, with a portion properly escaped, also contributes positively. The plugin also demonstrates adherence to some security best practices by including a capability check.\n\nHowever, the analysis does reveal a significant concern regarding output escaping, with only 27% of 11 outputs being properly escaped. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is not sufficiently sanitized before being displayed. While there are no reported vulnerabilities or known CVEs for this plugin, and the taint analysis shows no immediate critical or high-severity issues, the lack of comprehensive output escaping remains a notable weakness that could be exploited. The absence of nonce checks and a capability check on all identified entry points also presents a missed opportunity to strengthen security, although the lack of entry points mitigates the immediate risk.\n\nIn conclusion, the 'photography-glossary' plugin shows good intentions in its secure coding practices, particularly concerning database operations and a limited attack surface. Its vulnerability history is clean, which is a positive sign. Nevertheless, the low percentage of properly escaped output is a critical oversight that requires attention to prevent potential XSS attacks. Addressing this and strengthening the use of capability checks on any future entry points would further enhance its security.",[83,85,88],{"reason":84,"points":61},"Low percentage of properly escaped output",{"reason":86,"points":87},"Absence of nonce checks on entry points",5,{"reason":89,"points":14},"Only one capability check found","2026-04-16T11:48:49.152Z",{"wat":92,"direct":99},{"assetPaths":93,"generatorPatterns":94,"scriptPaths":95,"versionParams":97},[],[],[96],"\u002Fwp-content\u002Fplugins\u002Fphotography-glossary\u002Fjavascript\u002Fphotography-glossary.js",[98],"photography-glossary\u002Fjavascript\u002Fphotography-glossary.js?ver=",{"cssClasses":100,"htmlComments":101,"htmlAttributes":102,"restEndpoints":104,"jsGlobals":105,"shortcodeOutput":107},[],[],[103],"dbmZone",[],[106],"FB",[108,109,110],"\u003Cdiv>\u003Cp>\u003Cspan style=\"font-weight:bold;\">","\u003C\u002Fspan> : ","\u003C\u002Fp>\u003C\u002Fdiv>",{"error":112,"url":113,"statusCode":114,"statusMessage":115,"message":115},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fphotography-glossary\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":117,"versions":118},4,[119,125,132,139],{"version":6,"download_url":25,"svn_tag_url":120,"released_at":28,"has_diff":121,"diff_files_changed":122,"diff_lines":28,"trac_diff_url":123,"vulnerabilities":124,"is_current":112},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fphotography-glossary\u002Ftags\u002F1.2.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fphotography-glossary%2Ftags%2F1.2.0&new_path=%2Fphotography-glossary%2Ftags%2F1.2.1",[],{"version":126,"download_url":127,"svn_tag_url":128,"released_at":28,"has_diff":121,"diff_files_changed":129,"diff_lines":28,"trac_diff_url":130,"vulnerabilities":131,"is_current":121},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphotography-glossary.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fphotography-glossary\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fphotography-glossary%2Ftags%2F1.1.0&new_path=%2Fphotography-glossary%2Ftags%2F1.2.0",[],{"version":133,"download_url":134,"svn_tag_url":135,"released_at":28,"has_diff":121,"diff_files_changed":136,"diff_lines":28,"trac_diff_url":137,"vulnerabilities":138,"is_current":121},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphotography-glossary.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fphotography-glossary\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fphotography-glossary%2Ftags%2F1.0&new_path=%2Fphotography-glossary%2Ftags%2F1.1.0",[],{"version":140,"download_url":141,"svn_tag_url":142,"released_at":28,"has_diff":121,"diff_files_changed":143,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":144,"is_current":121},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphotography-glossary.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fphotography-glossary\u002Ftags\u002F1.0\u002F",[],[]]