[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSrZBcJf2vpYOWPya1UP_V0m3NjHzkBC3OtST534ff0M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":86},"plugins-speed-test","Plugins Speed Test","1.1","d3wp","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3wp\u002F","\u003Cp>This used, shows impact of installed plugins (only for those located in the official WordPress plugin repository) on your blogs’\u003Cbr \u002F>\nspeed.\u003Cbr \u002F>\n In other words, with this plugin, you can easily determine which plugins from the WordPress\u003Cbr \u002F>\nplugin repository are less resource intensive, and which ones can slow down your WordPress blog when used.\u003C\u002Fp>\n\u003Cp>The plugin shows four results (see screenshot):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Impact of the installed plugin on Google PageSpeed score for blogs’ Home page\u003C\u002Fli>\n\u003Cli>Impact of the installed plugin on Google PageSpeed score for blogs’ sample Post page\u003C\u002Fli>\n\u003Cli>Resources added to post page after plugin has been installed (in kB)\u003C\u002Fli>\n\u003Cli>Number of DB tables created by the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More than 25.000 plugins were tested lately.\u003C\u002Fp>\n\u003Cp>Every plugin was tested on a fresh WordPress installed instance populated with a sample content.\u003Cbr \u002F>\nNo additional plugins were installed to avoid any unwanted impact on the speed test.\u003C\u002Fp>\n\u003Cp>NOTE:\u003Cbr \u002F>\nThis plugin calls \u003Ca href=\"http:\u002F\u002Fwww.wpspeedster.com\" rel=\"nofollow ugc\">wpspeedster.com\u003C\u002Fa> API to obtain necessary information about Speed Impact details.\u003Cbr \u002F>\nOnly plugin slugs are send to the API, no additional or personal information is send.\u003C\u002Fp>\n","This plugin shows impact of installed plugins on your blogs' speed.",10,21628,0,"","4.1.42","3.0.1",[18],"plugin-speed-test","http:\u002F\u002Fblog.wpspeedster.com\u002Fplugins-speed-test-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugins-speed-test.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},11,2110,87,30,85,"2026-04-05T09:18:38.665Z",[],{"attackSurface":34,"codeSignals":55,"taintFlows":74,"riskAssessment":75,"analyzedAt":85},{"hooks":35,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":54,"entryPointCount":13,"unprotectedCount":13},[36,42,47],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_enqueue_scripts","wp_pst_plugin_scripts_init","plugins-speed-test.php",32,{"type":43,"name":44,"callback":45,"file":40,"line":46},"filter","manage_plugins_columns","wp_pst_add_plugins_column",33,{"type":37,"name":48,"callback":49,"priority":11,"file":40,"line":50},"manage_plugins_custom_column","wp_pst_render_plugins_column",34,[],[],[],[],{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":59,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":73},[],{"prepared":13,"raw":13,"locations":58},[],{"escaped":13,"rawEcho":60,"locations":61},5,[62,65,67,69,71],{"file":40,"line":63,"context":64},54,"raw output",{"file":40,"line":66,"context":64},55,{"file":40,"line":68,"context":64},56,{"file":40,"line":70,"context":64},57,{"file":40,"line":72,"context":64},59,[],[],{"summary":76,"deductions":77},"The \"plugins-speed-test\" v1.1 plugin demonstrates a seemingly robust security posture based on the provided static analysis.  It has a remarkably small attack surface, with no identifiable AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, the code signals indicate no usage of dangerous functions, no direct file operations, and no external HTTP requests, all of which are positive security indicators.  The complete absence of known vulnerabilities in its history also suggests a well-maintained or less targeted plugin.\n\nHowever, a significant concern arises from the complete lack of output escaping.  This means that any dynamic data processed and displayed by the plugin is not being sanitized, opening it up to potential Cross-Site Scripting (XSS) vulnerabilities. While there are no immediate critical taint flows detected, the lack of output escaping creates a substantial risk for any data that passes through the plugin's rendering process.  Additionally, the absence of nonce and capability checks on any potential (though currently zero) entry points means that if any were to be introduced in future versions, they might not be adequately secured by default.\n\nIn conclusion, while the plugin's current attack surface and lack of known vulnerabilities are strengths, the pervasive lack of output escaping is a critical weakness that significantly undermines its overall security.  It is essential to address this unescaped output to prevent potential XSS attacks. The current score reflects the absence of critical vulnerabilities but acknowledges the high risk introduced by unescaped output.",[78,81,83],{"reason":79,"points":80},"Outputs are not properly escaped",8,{"reason":82,"points":60},"No capability checks on entry points",{"reason":84,"points":60},"No nonce checks on entry points","2026-03-16T23:13:45.522Z",{"wat":87,"direct":94},{"assetPaths":88,"generatorPatterns":91,"scriptPaths":92,"versionParams":93},[89,90],"\u002Fwp-content\u002Fplugins\u002Fplugins-speed-test\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fplugins-speed-test\u002Fassets\u002Fcss\u002Fstyle.css",[],[89],[],{"cssClasses":95,"htmlComments":97,"htmlAttributes":98,"restEndpoints":103,"jsGlobals":104,"shortcodeOutput":105},[96],"wp_pst",[],[99,100,101,102],"id=\"hp_\u003C?php echo $plugin_data['slug']?>\"","id=\"pp_\u003C?php echo $plugin_data['slug']?>\"","id=\"rs_\u003C?php echo $plugin_data['slug']?>\"","id=\"db_\u003C?php echo $plugin_data['slug']?>\"",[],[],[]]