[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzxujhG7YnQxG0ikqq0td-wMyPbsiCvOTIZ4Xjin5wW4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":16,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":68},"plugin-deactivation-notice","Plugin Deactivation Notice","1.0.0","Akhtarujjaman Shuvo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmdshuvo\u002F","\u003Cp>A simple plugin for showing Alert, Message when deactivating plugins.\u003C\u002Fp>\n\u003Cp>No settings\u002F hook require. just plug and play 🙂\u003C\u002Fp>\n","A simple plugin for showing Alert,Message when deactivating plugins",0,922,"","4.9.29","4.0",[17,18,19,20],"deatcivate-alert","deatcivate-notice","deatcivation-notice","plugin-deatcivation-notice","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-deactivation-notice\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-deactivation-notice.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mdshuvo",10,7170,89,117,71,"2026-04-04T05:03:29.424Z",[],{"attackSurface":37,"codeSignals":49,"taintFlows":60,"riskAssessment":61,"analyzedAt":67},{"hooks":38,"ajaxHandlers":45,"restRoutes":46,"shortcodes":47,"cronEvents":48,"entryPointCount":11,"unprotectedCount":11},[39],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_footer","asr_plugin_deactivate_notice","plugin-deactivation-notice.php",54,[],[],[],[],{"dangerousFunctions":50,"sqlUsage":51,"outputEscaping":53,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":59},[],{"prepared":11,"raw":11,"locations":52},[],{"escaped":11,"rawEcho":54,"locations":55},1,[56],{"file":43,"line":57,"context":58},50,"raw output",[],[],{"summary":62,"deductions":63},"The plugin \"plugin-deactivation-notice\" v1.0.0 exhibits a strong security posture based on the provided static analysis.  The absence of any identified entry points, such as AJAX handlers, REST API routes, shortcodes, or cron events, significantly limits the potential attack surface. Furthermore, the code signals are generally positive, with no dangerous functions, no direct SQL queries, no file operations, and no external HTTP requests detected. This indicates a focus on clean and isolated functionality.\n\nHowever, a critical concern arises from the output escaping. With one total output and 0% properly escaped, any data displayed by this plugin is vulnerable to Cross-Site Scripting (XSS) attacks. This lack of output sanitization represents a direct and exploitable risk to users. The vulnerability history being completely clean is a positive indicator, suggesting a well-maintained or less targeted plugin, but it does not mitigate the immediate risk posed by the unescaped output.\n\nIn conclusion, while the plugin's minimal attack surface and lack of other common vulnerabilities are commendable, the unescaped output is a significant security flaw that needs immediate attention. The strengths lie in its limited integration points and clean code signals for most areas, but the weakness in output sanitization creates a clear and present danger.",[64],{"reason":65,"points":66},"Output not properly escaped",8,"2026-03-17T05:43:15.385Z",{"wat":69,"direct":74},{"assetPaths":70,"generatorPatterns":71,"scriptPaths":72,"versionParams":73},[],[],[],[],{"cssClasses":75,"htmlComments":77,"htmlAttributes":78,"restEndpoints":80,"jsGlobals":81,"shortcodeOutput":83},[76],"plugins .deactivate a",[],[79],"aria-label",[],[82],"jQuery",[]]