[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fntsG6jYJPpFHyu3ur78LsBjTBBcJ-zlhHH9L4UWqYu8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":53,"analysis":142,"fingerprints":385},"pre-party-browser-hints","Pre* Party Resource Hints","1.8.20","Sam Perrow","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamperrow\u002F","\u003Cp>This plugin allows users to automatically and easily embed resource hints to improve page load time.\u003C\u002Fp>\n\u003Cp>DNS prefetch, prerender, preconnect, prefetch, and preload are all supported.\u003C\u002Fp>\n\u003Cp>After installation, preconnect hints will automatically be created the next time your website is visited.\u003C\u002Fp>\n\u003Cp>You have the choice to include these resource hints in the HTTP header or the website’s .\u003C\u002Fp>\n\u003Ch3>Installation Video\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FAha9E3AXvJQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Take advantage of browser resource hints and plug-and-play features to improve page load time.",6000,174565,100,28,"2024-02-17T18:36:00.000Z","6.3.8","4.4","7.0.0",[20,21,22,23,24],"dns-prefetch","preconnect","prefetch","preload","prerender","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpre-party-browser-hints\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpre-party-browser-hints.zip",85,1,0,"2023-12-21 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-50855","pre-party-resource-hints-authenticatedadministrator-sql-injection","Pre* Party Resource Hints \u003C 1.8.19 - Authenticated(Administrator+) SQL Injection","The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions before 1.8.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that the vulnerability appears to have been patched without a version update - users on version 1.8.19 should reinstall the plugin to ensure that they are running the patched version.",null,"\u003C1.8.19","1.8.19","medium",6.6,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-01-29 14:03:38",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7c043945-d327-4f26-98b4-99ac5b4761f1?source=api-prod",40,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":51,"computed_at":52},"samperrow",78,"2026-04-04T01:20:33.001Z",[54,74,89,104,122],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":28,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"prerender-and-prefetch","Prerender and Prefetch","0.93","Francisco Torres","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrantorres\u002F","\u003Cp>¿What is \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fchrome\u002Fwhitepapers\u002Fprerender\" rel=\"nofollow ugc\">Prerender\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FLink_prefetching\" rel=\"nofollow ugc\">Prefetch\u003C\u002Fa>? Nice question. It’s a new-navigators technique (ok i’m a liar, Mozilla do it from 2003!) that loads in background the next page you believe the visitor is going to visit.\u003C\u002Fp>\n\u003Cp>This plugin puts the required metatag in your WordPress pages, based on settings you can change, allowing those compatible navigators to do a pre-load of the next page. When the visitor try to visit that page Boom! it just appears without need to wait for it!\u003C\u002Fp>\n\u003Ch4>Testing Prerender and Prefetch Support in your navigator\u003C\u002Fh4>\n\u003Cp>You can \u003Ca href=\"http:\u002F\u002Fprerender-test.appspot.com\u002F\" rel=\"nofollow ugc\">test here Chrome’s prerender\u003C\u002Fa> with any page.\u003C\u002Fp>\n\u003Ch4>Install and after install\u003C\u002Fh4>\n\u003Cp>*When installing, remember to set the server’s load limit on settings.\u003Cbr \u002F>\n*This is a plugin in development, feel free to ask questions in “Support” section and colaborate with it.\u003C\u002Fp>\n","Puts Prerender and Prefetch tag in the page. Allowing compatible navigators to do a pre-load of the page you figure the visitor is going to go.",50,2388,80,"2012-11-12T15:56:00.000Z","3.4.2","3.1","",[70,22,23,24,71],"load","speed","http:\u002F\u002Ffrantorres.es\u002Fprerender-and-prefetch-wp-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprerender-and-prefetch.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":29,"num_ratings":29,"last_updated":84,"tested_up_to":66,"requires_at_least":85,"requires_php":68,"tags":86,"homepage":68,"download_link":88,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"fast-forward","Fast Forward","0.1","Albert Bertilsson","https:\u002F\u002Fprofiles.wordpress.org\u002Falbert-bertilsson\u002F","\u003Cp>A classical optimization on a web site is to configure cache headers of a page to enable the browser to display the page instantly if it has been loaded recently. This works very well when the user is hitting the back button to go back to the previous page.\u003C\u002Fp>\n\u003Cp>What if we could do the same for the next page that the user will request? With this plugin this is now possible!\u003C\u002Fp>\n\u003Cp>Fast Forward works by analyzing which pages are most frequently navigated to from the current page. The page with most traffic is then given as a preload hint to the users browser. For technical details please see: http:\u002F\u002Falbertsnotes.blogspot.se\u002F2012\u002F06\u002Fbrowser-preloading.html.\u003C\u002Fp>\n","Help browsers preload content to speed up the next page view.",10,2408,"2012-06-18T14:42:00.000Z","3.4",[87,22,23,24,71],"cache","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-forward.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":82,"downloaded":97,"rating":13,"num_ratings":28,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":68,"tags":101,"homepage":102,"download_link":103,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wukch-dns-prefetch-prerender","wuk.ch DNS-Prefetch \u002F Prerender","1.1.4","Stefan M.","https:\u002F\u002Fprofiles.wordpress.org\u002Fstefan-m-1\u002F","\u003Cp>The Plugin implements 2 things:\u003C\u002Fp>\n\u003Cp>DNS-Prefetch\u003C\u002Fp>\n\u003Cp>It looks for all CSS and JS Files which are loaded from external webpages and implement a dns-prefetch header tag.\u003Cbr \u002F>\nThis saves a lot of connection time on page load.\u003C\u002Fp>\n\u003Cp>HTML5 Prefetch and Google Prerender\u003C\u002Fp>\n\u003Cp>It makes a new table with small statistics and measures (internal) referal page to next page.\u003Cbr \u002F>\nWith these statistics, the most clicked “next” page will be automatically added as prerender. Prerender opens with very small CPU load the “next” guessed page already as a hidden Tab in the client browser. If the client select this page, the page can instantly showed without delay.\u003Cbr \u002F>\nTests have shown a pageload decrease of 68%.\u003C\u002Fp>\n\u003Cp>Please note: The prerender needs some stats to work correctly. Don’t try to generate some statistic, wait few days \u002F weeks and you have organic and true statistic.\u003C\u002Fp>\n\u003Cp>If you have questions, please do not hesitate to contact us: \u003Ca href=\"http:\u002F\u002Fwuk.ch\u002F\" title=\"web updates kmu GmbH\" rel=\"nofollow ugc\">wuk.ch\u003C\u002Fa>\u003C\u002Fp>\n","Adds dns-prefetch and prerender functionalities on WordPress for better PageSpeed.",2611,"2017-09-09T09:53:00.000Z","4.5.33","4.0",[20,24,71],"http:\u002F\u002Fwww.wuk.ch\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwukch-dns-prefetch-prerender.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":29,"downloaded":112,"rating":29,"num_ratings":29,"last_updated":68,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":68,"download_link":120,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":121},"speculative-page-loader","Speculative Page Loader – Prefetch and Prerender","1.0.0","WeblineIndia","https:\u002F\u002Fprofiles.wordpress.org\u002Fweblineindia\u002F","\u003Cp>\u003Cstrong>Improve your WordPress site’s speed, SEO, and user experience with speculative loading technology.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Speculative Page Loader plugin intelligently \u003Cstrong>prefetches\u003C\u002Fstrong> and \u003Cstrong>prerenders\u003C\u002Fstrong> important resources to deliver near-instant page loads across your site. By predicting which pages users are likely to visit next, it reduces perceived load times and boosts engagement.\u003C\u002Fp>\n\u003Cp>It leverages advanced \u003Cstrong>speculative loading techniques\u003C\u002Fstrong> to preload internal links, optimize interactions, and enhance Core Web Vitals. Easily configure settings to enable preloading for specific post types, popular pages, and custom URLs.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enable or disable speculative loading with a toggle.\u003C\u002Fli>\n\u003Cli>Define custom speculation rules for prefetching content.\u003C\u002Fli>\n\u003Cli>Add up to 2 custom URLs for speculative prefetching\u002Fprerendering.\u003C\u002Fli>\n\u003Cli>Choose allowed post types for custom URL inclusion.\u003C\u002Fli>\n\u003Cli>Add up to 1 custom URLs post\u002Fpage specific for speculative prefetching\u002Fprerendering.\u003C\u002Fli>\n\u003Cli>Exclude specific URLs from being prefetched\u002Fprerendered to save server resources.\u003C\u002Fli>\n\u003Cli>SEO-optimized and Core Web Vitals-friendly.\u003C\u002Fli>\n\u003Cli>Seamlessly works with other popular plugins.\u003C\u002Fli>\n\u003Cli>User-friendly admin interface for easy configuration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Currently, this feature is only supported on Chromium-based browsers running version 121 or later. We plan to gracefully introduce support for other browsers as they begin to adopt speculation rules.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to \u003Cstrong>Speculative Page Loader\u003C\u002Fstrong> in admin menu.\u003C\u002Fli>\n\u003Cli>Configure your speculative loading rules and plugin options.\u003C\u002Fli>\n\u003Cli>Save your settings.\u003C\u002Fli>\n\u003Cli>The plugin will begin prefetching resources based on your configured rules.\u003C\u002Fli>\n\u003C\u002Fol>\n","Improve Core Web Vitals and SEO with speculative loading. This plugin prefetches and prerenders web pages to enable near-instant loads and faster perf &hellip;",215,"6.8.5","6.3","7.4",[22,117,24,118,119],"preloading","speculative-loading","speed-optimization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspeculative-page-loader.zip","2026-03-15T10:48:56.248Z",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":13,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":140,"download_link":141,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"speculation-rules","Speculative Loading","1.6.0","WordPress Performance Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fperformanceteam\u002F","\u003Cp>This plugin adds support for the \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FAPI\u002FSpeculation_Rules_API\" rel=\"nofollow ugc\">Speculation Rules API\u003C\u002Fa>, which allows defining rules by which certain URLs are dynamically prefetched or prerendered. This core Speculative Loading functionality was \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2025\u002F03\u002F06\u002Fspeculative-loading-in-6-8\u002F\" rel=\"nofollow ugc\">merged into WordPress 6.8\u003C\u002Fa>, but it only prefetches with conservative eagerness by default. In contrast, this plugin defaults to prerendering with moderate eagerness (i.e. when interacting with a link), and it provides a user interface to customize the mode and eagerness via the “Speculative Loading” section on the \u003Cem>Settings > Reading\u003C\u002Fem> admin screen.\u003C\u002Fp>\n\u003Cp>By default, speculative loading is only enabled for logged-out users, since unauthenticated pages are typically only eligible for caching and so more efficient to prefetch\u002Fprerender. This means that sites with frequent logged-in users on the frontend—such as e-commerce, forums, or membership sites—will not benefit from the feature. If your server can handle the additional load (for example, with persistent object caching), you can opt in to enable speculative loading for all logged-in users or for administrators only. This setting exclusively affects frontend pages; admin screens are always excluded.\u003C\u002Fp>\n\u003Cp>A filter can be used to exclude certain URL paths from being eligible for prefetching and prerendering (see FAQ section). Alternatively, you can add the \u003Ccode>no-prerender\u003C\u002Fcode> CSS class to any link (\u003Ccode>\u003Ca>\u003C\u002Fcode> tag) that should not be prerendered. See FAQ for more information.\u003C\u002Fp>\n\u003Ch4>Browser support\u003C\u002Fh4>\n\u003Cp>The Speculation Rules API is a new web API, and the functionality used by the plugin is supported in Chromium-based browsers such as Chrome, Edge, or Opera using version 121 or above. Other browsers such as Safari and Firefox will ignore the functionality with no ill effects; they will simply not benefit from the speculative loading. Note that certain browser extensions may disable preloading by default.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaniuse.com\u002Fmdn-html_elements_script_type_speculationrules\" rel=\"nofollow ugc\">Browser support for the Speculation Rules API in general\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.chrome.com\u002Fdocs\u002Fweb-platform\u002Fprerender-pages\" rel=\"nofollow ugc\">Information on document rules syntax support used by the plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>This plugin was formerly known as Speculation Rules.\u003C\u002Fem>\u003C\u002Fp>\n","Enables browsers to speculatively prerender or prefetch pages to achieve near-instant loads based on user interaction.",70000,400885,18,"2025-12-02T22:34:00.000Z","6.9.4","6.6","7.2",[138,139,22,24,123],"javascript","performance","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Ftree\u002Ftrunk\u002Fplugins\u002Fspeculation-rules","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspeculation-rules.1.6.0.zip",{"attackSurface":143,"codeSignals":149,"taintFlows":307,"riskAssessment":373,"analyzedAt":384},{"hooks":144,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":29,"unprotectedCount":29},[],[],[],[],[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":160,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":306},[],{"prepared":132,"raw":152,"locations":153},2,[154,157],{"file":155,"line":51,"context":156},"includes\\common\\DAO.php","$wpdb->query() with variable interpolation",{"file":158,"line":159,"context":156},"uninstall.php",14,{"escaped":161,"rawEcho":162,"locations":163},30,70,[164,168,170,173,175,177,180,182,184,186,188,190,192,194,196,198,200,202,204,207,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,239,241,243,244,245,246,248,249,251,253,255,257,260,262,264,265,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,301,304],{"file":165,"line":166,"context":167},"includes\\admin\\Dashboard.php",61,"raw output",{"file":165,"line":169,"context":167},88,{"file":171,"line":172,"context":167},"includes\\admin\\DisplayHints.php",131,{"file":171,"line":174,"context":167},142,{"file":171,"line":176,"context":167},144,{"file":178,"line":179,"context":167},"includes\\admin\\NewHint.php",79,{"file":178,"line":181,"context":167},103,{"file":178,"line":183,"context":167},104,{"file":178,"line":185,"context":167},115,{"file":178,"line":187,"context":167},116,{"file":178,"line":189,"context":167},127,{"file":178,"line":191,"context":167},128,{"file":178,"line":193,"context":167},139,{"file":178,"line":195,"context":167},140,{"file":178,"line":197,"context":167},151,{"file":178,"line":199,"context":167},152,{"file":178,"line":201,"context":167},177,{"file":178,"line":203,"context":167},227,{"file":205,"line":206,"context":167},"includes\\admin\\views\\FAQ.php",130,{"file":205,"line":172,"context":167},{"file":205,"line":209,"context":167},132,{"file":205,"line":211,"context":167},133,{"file":205,"line":213,"context":167},154,{"file":205,"line":215,"context":167},172,{"file":205,"line":217,"context":167},174,{"file":205,"line":219,"context":167},193,{"file":205,"line":221,"context":167},194,{"file":205,"line":223,"context":167},195,{"file":205,"line":225,"context":167},197,{"file":205,"line":227,"context":167},208,{"file":205,"line":229,"context":167},266,{"file":205,"line":231,"context":167},267,{"file":205,"line":233,"context":167},277,{"file":205,"line":235,"context":167},280,{"file":237,"line":238,"context":167},"includes\\admin\\views\\SettingsView.php",42,{"file":237,"line":240,"context":167},53,{"file":237,"line":242,"context":167},54,{"file":237,"line":51,"context":167},{"file":237,"line":13,"context":167},{"file":237,"line":172,"context":167},{"file":237,"line":247,"context":167},141,{"file":237,"line":197,"context":167},{"file":237,"line":250,"context":167},161,{"file":237,"line":252,"context":167},171,{"file":237,"line":254,"context":167},181,{"file":237,"line":256,"context":167},191,{"file":258,"line":259,"context":167},"includes\\admin\\wp-list-table.php",377,{"file":258,"line":261,"context":167},425,{"file":258,"line":263,"context":167},473,{"file":258,"line":263,"context":167},{"file":258,"line":263,"context":167},{"file":258,"line":267,"context":167},479,{"file":258,"line":269,"context":167},484,{"file":258,"line":271,"context":167},901,{"file":258,"line":273,"context":167},1153,{"file":258,"line":275,"context":167},1170,{"file":258,"line":277,"context":167},1177,{"file":258,"line":279,"context":167},1215,{"file":258,"line":281,"context":167},1246,{"file":258,"line":283,"context":167},1272,{"file":258,"line":285,"context":167},1331,{"file":258,"line":287,"context":167},1335,{"file":258,"line":289,"context":167},1337,{"file":258,"line":291,"context":167},1343,{"file":258,"line":293,"context":167},1347,{"file":258,"line":295,"context":167},1348,{"file":258,"line":297,"context":167},1349,{"file":299,"line":300,"context":167},"includes\\client\\ClientAjaxInit.php",83,{"file":302,"line":303,"context":167},"includes\\client\\SendHints.php",74,{"file":305,"line":242,"context":167},"includes\\utils\\Utils.php",[],[308,347],{"entryPoint":309,"graph":310,"unsanitizedCount":346,"severity":41},"search_box (includes\\admin\\wp-list-table.php:356)",{"nodes":311,"edges":340},[312,317,322,326,328,332,334,338],{"id":313,"type":314,"label":315,"file":258,"line":316},"n0","source","$_REQUEST['orderby']",364,{"id":318,"type":319,"label":320,"file":258,"line":316,"wp_function":321},"n1","sink","echo() [XSS]","echo",{"id":323,"type":314,"label":324,"file":258,"line":325},"n2","$_REQUEST['order']",367,{"id":327,"type":319,"label":320,"file":258,"line":325,"wp_function":321},"n3",{"id":329,"type":314,"label":330,"file":258,"line":331},"n4","$_REQUEST['post_mime_type']",370,{"id":333,"type":319,"label":320,"file":258,"line":331,"wp_function":321},"n5",{"id":335,"type":314,"label":336,"file":258,"line":337},"n6","$_REQUEST['detached']",373,{"id":339,"type":319,"label":320,"file":258,"line":337,"wp_function":321},"n7",[341,343,344,345],{"from":313,"to":318,"sanitized":342},false,{"from":323,"to":327,"sanitized":342},{"from":329,"to":333,"sanitized":342},{"from":335,"to":339,"sanitized":342},4,{"entryPoint":348,"graph":349,"unsanitizedCount":371,"severity":372},"\u003Cwp-list-table> (includes\\admin\\wp-list-table.php:0)",{"nodes":350,"edges":365},[351,352,353,354,355,356,357,358,359,363],{"id":313,"type":314,"label":315,"file":258,"line":316},{"id":318,"type":319,"label":320,"file":258,"line":316,"wp_function":321},{"id":323,"type":314,"label":324,"file":258,"line":325},{"id":327,"type":319,"label":320,"file":258,"line":325,"wp_function":321},{"id":329,"type":314,"label":330,"file":258,"line":331},{"id":333,"type":319,"label":320,"file":258,"line":331,"wp_function":321},{"id":335,"type":314,"label":336,"file":258,"line":337},{"id":339,"type":319,"label":320,"file":258,"line":337,"wp_function":321},{"id":360,"type":314,"label":361,"file":258,"line":362},"n8","$_SERVER",1089,{"id":364,"type":319,"label":320,"file":258,"line":287,"wp_function":321},"n9",[366,367,368,369,370],{"from":313,"to":318,"sanitized":342},{"from":323,"to":327,"sanitized":342},{"from":329,"to":333,"sanitized":342},{"from":335,"to":339,"sanitized":342},{"from":360,"to":364,"sanitized":342},5,"low",{"summary":374,"deductions":375},"The plugin \"pre-party-browser-hints\" v1.8.20 exhibits a mixed security posture. On the positive side, it boasts a zero attack surface regarding common entry points like AJAX handlers, REST API routes, shortcodes, and cron events, indicating strong control over its execution paths.  Furthermore, the code signals reveal a high percentage of SQL queries utilizing prepared statements and a complete absence of file operations and external HTTP requests, which are excellent security practices.\n\nHowever, several concerns emerge from the analysis. The taint analysis shows two flows with unsanitized paths, though thankfully of no critical or high severity in this scan. More concerningly, 70% of the total outputs are not properly escaped, presenting a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also has a history of one medium severity SQL Injection vulnerability, with the last known incident being in late 2023, suggesting past issues with input sanitization for database operations.\n\nIn conclusion, while the plugin demonstrates good practices in limiting its attack surface and using prepared statements for SQL, the high percentage of unescaped output is a critical weakness. The past SQL injection vulnerability, though patched, highlights a need for continued vigilance in sanitizing user-provided data. The current lack of critical or high severity issues in the taint analysis is positive, but the unescaped output remains the most pressing concern.",[376,379,382],{"reason":377,"points":378},"High percentage of unescaped output",8,{"reason":380,"points":381},"Medium severity SQLi vulnerability history",15,{"reason":383,"points":371},"Flows with unsanitized paths (low severity)","2026-03-16T18:03:02.583Z",{"wat":386,"direct":396},{"assetPaths":387,"generatorPatterns":391,"scriptPaths":392,"versionParams":393},[388,389,390],"\u002Fwp-content\u002Fplugins\u002Fpre-party-browser-hints\u002Fimages\u002Flightning.png","\u002Fwp-content\u002Fplugins\u002Fpre-party-browser-hints\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fpre-party-browser-hints\u002Fjs\u002Fadmin.js",[],[390],[394,395],"pre-party-browser-hints\u002Fcss\u002Fstyles.css?ver=","pre-party-browser-hints\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":397,"htmlComments":399,"htmlAttributes":400,"restEndpoints":401,"jsGlobals":402,"shortcodeOutput":404},[398],"pprh-plugin-settings",[],[],[],[403],"pprh_data",[]]