[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftqrRXTDuW8B-Hh6mx5-UCX9cEzTZ_YHwcvqXKZKhBZ4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":15,"download_link":17,"security_score":18,"vuln_count":13,"unpatched_count":13,"last_vuln_date":19,"fetched_at":20,"vulnerabilities":21,"developer":22,"crawl_stats":19,"alternatives":29,"analysis":30,"fingerprints":155},"plx-portal-connector","PLX Portal Connector v2 for WordPress","2.0.2","Webmaster","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattstone-plx\u002F","\u003Cp>Connects your WordPress site with the Purplex Portal system.\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cp>Coded by Joshua Phillips (joshua.phillips@ascotgroup.co.uk)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is considered open source however the API it connects to is proprietary software. It has been released under a GPLv3 License.\u003C\u002Fp>\n","Connects your WordPress site with the Purplex Portal system.",200,4245,0,"2023-02-02T09:50:00.000Z","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplx-portal-connector.2.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":23,"display_name":7,"profile_url":8,"plugin_count":24,"total_installs":25,"avg_security_score":18,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},"mattstone-plx",3,430,30,84,"2026-04-04T07:09:04.432Z",[],{"attackSurface":31,"codeSignals":85,"taintFlows":108,"riskAssessment":142,"analyzedAt":154},{"hooks":32,"ajaxHandlers":81,"restRoutes":82,"shortcodes":83,"cronEvents":84,"entryPointCount":13,"unprotectedCount":13},[33,39,44,49,55,59,65,71,76],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","admin_enqueue_scripts","enqueue_admin_styles","PlxPortal\\Admin\\Enqueue.php",9,{"type":34,"name":40,"callback":41,"file":42,"line":43},"add_meta_boxes","add","PlxPortal\\Admin\\MetaBox.php",29,{"type":34,"name":45,"callback":46,"file":47,"line":48},"rest_api_init","registerEndPoint","PlxPortal\\Api\\Api.php",19,{"type":34,"name":50,"callback":51,"priority":52,"file":53,"line":54},"upgrader_process_complete","afterUpdate",10,"PlxPortal\\Config\\PlxPortal.php",27,{"type":34,"name":56,"callback":57,"priority":52,"file":53,"line":58},"update_option_siteurl","updateUrl",28,{"type":34,"name":60,"callback":61,"priority":62,"file":63,"line":64},"wp_insert_post","store",1,"PlxPortal\\Content\\AccessToken.php",13,{"type":66,"name":67,"callback":61,"priority":68,"file":69,"line":70},"filter","wp_insert_post_data",2,"PlxPortal\\Content\\Content.php",12,{"type":34,"name":72,"callback":73,"file":74,"line":75},"init","register_post_type","PlxPortal\\Content\\ContentCpt.php",11,{"type":34,"name":77,"callback":61,"priority":78,"file":79,"line":80},"save_post",99,"PlxPortal\\Content\\Replaceables.php",14,[],[],[],[],{"dangerousFunctions":86,"sqlUsage":87,"outputEscaping":89,"fileOperations":13,"externalRequests":106,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":107},[],{"prepared":13,"raw":13,"locations":88},[],{"escaped":68,"rawEcho":90,"locations":91},5,[92,95,98,101,104],{"file":93,"line":52,"context":94},"includes\\functions.php","raw output",{"file":96,"line":97,"context":94},"PlxPortal\\Admin\\ContentMetaBox.php",36,{"file":99,"line":100,"context":94},"PlxPortal\\Admin\\InformationMetaBox.php",44,{"file":102,"line":103,"context":94},"PlxPortal\\Admin\\ReplacementsMetaBox.php",52,{"file":105,"line":26,"context":94},"PlxPortal\\Admin\\TokenMetaBox.php",4,[],[109,132],{"entryPoint":110,"graph":111,"unsanitizedCount":62,"severity":131},"store (PlxPortal\\Content\\Content.php:21)",{"nodes":112,"edges":127},[113,117,121],{"id":114,"type":115,"label":116,"file":69,"line":58},"n0","source","$_POST",{"id":118,"type":119,"label":120,"file":69,"line":58},"n1","transform","→ requestContent()",{"id":122,"type":123,"label":124,"file":69,"line":125,"wp_function":126},"n2","sink","wp_remote_get() [SSRF]",17,"wp_remote_get",[128,130],{"from":114,"to":118,"sanitized":129},false,{"from":118,"to":122,"sanitized":129},"medium",{"entryPoint":133,"graph":134,"unsanitizedCount":62,"severity":131},"\u003CContent> (PlxPortal\\Content\\Content.php:0)",{"nodes":135,"edges":139},[136,137,138],{"id":114,"type":115,"label":116,"file":69,"line":58},{"id":118,"type":119,"label":120,"file":69,"line":58},{"id":122,"type":123,"label":124,"file":69,"line":125,"wp_function":126},[140,141],{"from":114,"to":118,"sanitized":129},{"from":118,"to":122,"sanitized":129},{"summary":143,"deductions":144},"The plx-portal-connector plugin, version 2.0.2, exhibits a mixed security posture.  On the positive side, static analysis reveals no immediate critical vulnerabilities. There are no dangerous functions, no raw SQL queries, no file operations, and no bundled libraries that might carry known vulnerabilities. The complete absence of known CVEs in its history is also a strong indicator of a well-maintained and secure plugin.\n\nHowever, several concerning areas warrant attention. The analysis shows that 71% of output is not properly escaped, posing a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially if any of the external HTTP requests or the limited flows processed by the plugin involve user-supplied data. Furthermore, the taint analysis indicates two flows with unsanitized paths, which could potentially lead to path traversal vulnerabilities if not handled with extreme care. The lack of nonce checks and capability checks on all entry points (even though the attack surface is currently zero) means that if new entry points are added in future versions without proper security considerations, the plugin could become vulnerable.\n\nWhile the plugin currently has no recorded vulnerabilities and a seemingly small attack surface, the high percentage of unescaped output and the presence of unsanitized paths are significant weaknesses. The developer should prioritize addressing these areas to improve the plugin's overall security. The current strengths lie in its clean SQL practices and lack of known external threats, but the identified code-level concerns present a potential risk that needs mitigation.",[145,148,150,152],{"reason":146,"points":147},"High percentage of unescaped output",7,{"reason":149,"points":52},"Flows with unsanitized paths",{"reason":151,"points":24},"No capability checks on entry points",{"reason":153,"points":24},"No nonce checks on entry points","2026-03-16T20:22:13.588Z",{"wat":156,"direct":164},{"assetPaths":157,"generatorPatterns":159,"scriptPaths":160,"versionParams":161},[158],"\u002Fwp-content\u002Fplugins\u002Fplx-portal-connector\u002Fassets\u002Fstyle.css",[],[],[162,163],"plx_portal_admin_styles","plx-portal-connector\u002Fassets\u002Fstyle.css?ver=2.0.0",{"cssClasses":165,"htmlComments":167,"htmlAttributes":169,"restEndpoints":172,"jsGlobals":174,"shortcodeOutput":175},[166],"post-attributes-label",[168],"\n\n\t\tTM\n████████╗██╗     ███╗   ███╗\n██╔═══██║██║      ███╗ ███╔╝\n████████║██║       ██████╔╝\n██╔═════╝██║      ███╔╝███╗\n██║      ███████╗███╔╝  ███╗\n╚═╝      ╚══════╝╚══╝   ╚══╝\n    POWER YOUR WORDPRESS\n       http:\u002F\u002Fplx.mk\n\n",[170,171],"name=\"plx_meta_noncename\"","name=\"plx_portal_content_connector_side\"",[173],"\u002Fwp-json\u002Fplx-portal\u002Fv1\u002Fsync",[],[176],"plxportal"]