[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVuPp53lSaidGmZaHAgmrqZJ_MSJN7EMj3X7hAbiiThs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":97},"poll-directory","Poll Directory","2.1.0","benhallbenhall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenhallbenhall\u002F","\u003Cp>The Poll Directory is filled with hundreds of pre-made user polls.  Each are assigned to specific popular topics and categories.  Choose a topic from the list and then the Poll Directory does the rest.  It’s a great sidebar addition to provide fresh content for website or blog.\u003C\u002Fp>\n\u003Cp>The plugin includes a sidebar widget so that you can place the polling app easily into your sidebar and wordpress theme.\u003C\u002Fp>\n\u003Cp>After users submit an answer a response graph will show allowing users to see how the public has responded.\u003C\u002Fp>\n\u003Cp>All polls and data is maintained by Dimbal Software via the Holy Poll website at http:\u002F\u002Fwww.holypoll.com – you don’t have to worry about a thing.  Just choose your category and the plugin does the rest.\u003C\u002Fp>\n\u003Cp>Initial Launch supports 5 primary categories: Music, Movies, Television, Technology and Food.  Many other polls and categories will be online soon.\u003C\u002Fp>\n","This plugin allows you to display a random pre-made poll. Choose a topic - we do the rest.  A great sidebar widget to add fresh content.",20,8808,100,1,"2014-11-19T06:56:00.000Z","4.0.38","3.0.1","",[20,4,21,22],"free-user-polls","premade-polls","user-polls","http:\u002F\u002Fwww.holypoll.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpoll-directory.2.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},5,40,30,84,"2026-04-04T11:39:06.344Z",[],{"attackSurface":38,"codeSignals":54,"taintFlows":85,"riskAssessment":86,"analyzedAt":96},{"hooks":39,"ajaxHandlers":50,"restRoutes":51,"shortcodes":52,"cronEvents":53,"entryPointCount":26,"unprotectedCount":26},[40,46],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","widgets_init","dimbal_pd_register_widgets","index.php",168,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_menu","dimbal_pd_plugin_menu",172,[],[],[],[],{"dangerousFunctions":55,"sqlUsage":56,"outputEscaping":58,"fileOperations":26,"externalRequests":14,"nonceChecks":26,"capabilityChecks":14,"bundledLibraries":84},[],{"prepared":26,"raw":26,"locations":57},[],{"escaped":59,"rawEcho":60,"locations":61},3,12,[62,65,67,68,69,71,73,74,76,78,80,82],{"file":44,"line":63,"context":64},104,"raw output",{"file":44,"line":66,"context":64},105,{"file":44,"line":66,"context":64},{"file":44,"line":66,"context":64},{"file":44,"line":70,"context":64},108,{"file":44,"line":72,"context":64},109,{"file":44,"line":72,"context":64},{"file":44,"line":75,"context":64},116,{"file":44,"line":77,"context":64},135,{"file":44,"line":79,"context":64},137,{"file":44,"line":81,"context":64},139,{"file":44,"line":83,"context":64},157,[],[],{"summary":87,"deductions":88},"The static analysis of \"poll-directory\" v2.1.0 reveals a plugin with a seemingly minimal attack surface and no recorded vulnerabilities. The absence of AJAX handlers, REST API routes, shortcodes, cron events, and file operations is a positive sign, indicating fewer potential entry points for attackers. Furthermore, the code's use of prepared statements for all SQL queries and the presence of capability checks are good security practices.\n\nHowever, concerns arise from the limited output escaping, with only 20% of outputs being properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not consistently sanitized before being displayed. The single external HTTP request also warrants investigation to ensure it's not susceptible to vulnerabilities like SSRF or man-in-the-middle attacks. The lack of nonce checks on any identified entry points (though there are none in this analysis) is a weakness that could be exploited if entry points were to be introduced in future versions or if the current analysis missed subtle entry points.\n\nThe complete absence of known CVEs and a vulnerability history is a strong indicator of good past security. This suggests the developers have either been diligent in addressing past issues or the plugin has not been a significant target. However, this also means there's less historical data to confirm long-term security robustness. Overall, while the plugin exhibits several good security practices and a clean vulnerability record, the low percentage of properly escaped output presents a notable risk that requires attention.",[89,92,94],{"reason":90,"points":91},"Low output escaping percentage",8,{"reason":93,"points":59},"External HTTP request without clear sanitization",{"reason":95,"points":31},"No nonce checks on potential entry points","2026-03-16T22:47:35.695Z",{"wat":98,"direct":106},{"assetPaths":99,"generatorPatterns":102,"scriptPaths":103,"versionParams":105},[100,101],"\u002Fwp-content\u002Fplugins\u002Fpoll-directory\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fpoll-directory\u002Fscript.js",[],[104],"http:\u002F\u002Fwww.holypoll.com\u002Fpoll\u002Fhp.js",[],{"cssClasses":107,"htmlComments":110,"htmlAttributes":111,"restEndpoints":115,"jsGlobals":116,"shortcodeOutput":117},[108,109],"dpmWidgetWrapper","hpWidgetWrapper",[],[112,113,114],"dpmZone","dpmZoneDisplayAll","hpZone",[],[],[118,119,120],"\u003Cdiv class=\"hpWidgetWrapper\" hpZone=\"","\">Loading poll from \u003Ca href=\"http:\u002F\u002Fwww.holypoll.com\">HolyPoll\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Fwww.dimbal.com\">Dimbal Poll Manager\u003C\u002Fa>.\u003C\u002Fdiv>","\u003Cscript id=\"hpScript\" src=\"http:\u002F\u002Fwww.holypoll.com\u002Fpoll\u002Fhp.js\" type=\"text\u002Fjavascript\">\u003C\u002Fscript>"]