[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f84RA7qSFah0GrYscfO9dI5xbgZKEb3LTjtoi7INNk-E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":130},"pomo-editor","PO\u002FMO Editor","1.4.2","Doug Wollison","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougwollison\u002F","\u003Cp>\u003Cstrong>This plugin is no longer being developed. I personally recommend using \u003Ca href=\"https:\u002F\u002Fpoedit.net\u002F\" rel=\"nofollow ugc\">POEdit\u003C\u002Fa> for a more robust, external solution. Anyone interested in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdougwollison\u002Fpomo-editor\" rel=\"nofollow ugc\">taking over development\u003C\u002Fa> is welcome to.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is no longer being developed. I personally recommend using POEdit for a more robust, external solution. Anyone interested in taking over d …",1000,37579,84,13,"2018-06-06T15:16:00.000Z","0.0.0","99.99.99","",[],"https:\u002F\u002Fgithub.com\u002Fdougwollison\u002Fpomo-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpomo-editor.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"dougwollison",7,1170,90,30,87,"2026-04-04T21:57:47.079Z",[],{"attackSurface":37,"codeSignals":43,"taintFlows":87,"riskAssessment":117,"analyzedAt":129},{"hooks":38,"ajaxHandlers":39,"restRoutes":40,"shortcodes":41,"cronEvents":42,"entryPointCount":23,"unprotectedCount":23},[],[],[],[],[],{"dangerousFunctions":44,"sqlUsage":45,"outputEscaping":47,"fileOperations":48,"externalRequests":23,"nonceChecks":48,"capabilityChecks":23,"bundledLibraries":86},[],{"prepared":23,"raw":23,"locations":46},[],{"escaped":48,"rawEcho":49,"locations":50},2,18,[51,55,57,58,61,63,64,66,67,69,70,72,74,76,78,80,82,84],{"file":52,"line":53,"context":54},"includes\\class-pomoeditor-backend.php",95,"raw output",{"file":52,"line":56,"context":54},201,{"file":52,"line":56,"context":54},{"file":59,"line":60,"context":54},"includes\\class-pomoeditor-manager.php",202,{"file":59,"line":62,"context":54},235,{"file":59,"line":62,"context":54},{"file":59,"line":65,"context":54},242,{"file":59,"line":65,"context":54},{"file":59,"line":68,"context":54},249,{"file":59,"line":68,"context":54},{"file":59,"line":71,"context":54},273,{"file":59,"line":73,"context":54},282,{"file":59,"line":75,"context":54},284,{"file":59,"line":77,"context":54},322,{"file":59,"line":79,"context":54},323,{"file":59,"line":81,"context":54},341,{"file":59,"line":83,"context":54},379,{"file":59,"line":85,"context":54},461,[],[88,107],{"entryPoint":89,"graph":90,"unsanitizedCount":105,"severity":106},"project_editor (includes\\class-pomoeditor-manager.php:310)",{"nodes":91,"edges":102},[92,97],{"id":93,"type":94,"label":95,"file":59,"line":96},"n0","source","$_GET",313,{"id":98,"type":99,"label":100,"file":59,"line":79,"wp_function":101},"n1","sink","echo() [XSS]","echo",[103],{"from":93,"to":98,"sanitized":104},false,1,"medium",{"entryPoint":108,"graph":109,"unsanitizedCount":23,"severity":116},"\u003Cclass-pomoeditor-manager> (includes\\class-pomoeditor-manager.php:0)",{"nodes":110,"edges":113},[111,112],{"id":93,"type":94,"label":95,"file":59,"line":96},{"id":98,"type":99,"label":100,"file":59,"line":79,"wp_function":101},[114],{"from":93,"to":98,"sanitized":115},true,"low",{"summary":118,"deductions":119},"The \"pomo-editor\" v1.4.2 plugin exhibits a generally good security posture based on the static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history are positive indicators.  The plugin demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and including nonce checks.  However, there are areas for improvement. The low percentage of properly escaped output (10%) is a significant concern, indicating a potential for cross-site scripting (XSS) vulnerabilities, especially given the presence of file operations. The taint analysis revealing one flow with unsanitized paths, although not classified as critical or high, warrants attention as it suggests a potential vector for unintended file access or manipulation.\n\nWhile the plugin's attack surface appears minimal with no exposed AJAX handlers, REST API routes, shortcodes, or cron events, the identified code signals and taint flow are the primary areas of concern. The low output escaping percentage is a notable weakness that could be exploited if user-supplied data reaches these unescaped outputs. The presence of file operations combined with insufficient output escaping and a taint flow with unsanitized paths could potentially lead to local file inclusion or other file-related vulnerabilities if not carefully managed.  Overall, the plugin is relatively secure due to its lack of historical vulnerabilities and good handling of database queries and authentication checks, but the output escaping and taint flow issues present identifiable risks that should be addressed.",[120,123,126],{"reason":121,"points":122},"Low percentage of properly escaped output",15,{"reason":124,"points":125},"Flows with unsanitized paths",10,{"reason":127,"points":128},"File operations present",5,"2026-03-16T18:54:34.498Z",{"wat":131,"direct":142},{"assetPaths":132,"generatorPatterns":136,"scriptPaths":137,"versionParams":138},[133,134,135],"\u002Fwp-content\u002Fplugins\u002Fpomo-editor\u002Fcss\u002Finterface.css","\u002Fwp-content\u002Fplugins\u002Fpomo-editor\u002Fjs\u002Fframework.js","\u002Fwp-content\u002Fplugins\u002Fpomo-editor\u002Fjs\u002Finterface.js",[],[134,135],[139,140,141],"pomo-editor\u002Fcss\u002Finterface.css?ver=1.3.0","pomo-editor\u002Fjs\u002Fframework.js?ver=1.3.0","pomo-editor\u002Fjs\u002Finterface.js?ver=1.3.0",{"cssClasses":143,"htmlComments":145,"htmlAttributes":146,"restEndpoints":147,"jsGlobals":148,"shortcodeOutput":150},[144],"pomo-editor-notice",[],[],[],[149],"pomoeditorL10n",[]]