[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqRhklt-edaMR-ZqwQ2r1uIOZ7QgvpPoGsqkPPDjIdOA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":157},"press-this-v2","Press This v2","0.1","George Stephanis","https:\u002F\u002Fprofiles.wordpress.org\u002Fgeorgestephanis\u002F","\u003Cp>This is a rewrite of the Press This functionality from core.\u003C\u002Fp>\n","This is a rewrite of the Press This functionality from core.",10,2077,20,1,"2012-06-28T03:45:00.000Z","",[],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpress-this-v2\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-this-v2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"georgestephanis",16,15630,86,30,84,"2026-04-04T15:25:09.103Z",[],{"attackSurface":35,"codeSignals":58,"taintFlows":107,"riskAssessment":150,"analyzedAt":156},{"hooks":36,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":21,"unprotectedCount":21},[37,43,49],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_footer","press_this_add_photo_by_url_div","includes\\press-this.php",271,{"type":44,"name":45,"callback":46,"file":47,"line":48},"filter","shortcut_link","v2_shortcut_link","press-this-v2.php",11,{"type":38,"name":50,"callback":51,"file":52,"line":53},"media_buttons","press_this_media_buttons","press-this.php",384,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":21,"externalRequests":21,"nonceChecks":14,"capabilityChecks":105,"bundledLibraries":106},[],{"prepared":21,"raw":21,"locations":61},[],{"escaped":63,"rawEcho":64,"locations":65},54,19,[66,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103],{"file":41,"line":67,"context":68},169,"raw output",{"file":41,"line":70,"context":68},183,{"file":41,"line":72,"context":68},194,{"file":41,"line":74,"context":68},209,{"file":41,"line":76,"context":68},237,{"file":52,"line":78,"context":68},60,{"file":52,"line":80,"context":68},61,{"file":52,"line":82,"context":68},63,{"file":52,"line":84,"context":68},67,{"file":52,"line":86,"context":68},68,{"file":52,"line":88,"context":68},138,{"file":52,"line":90,"context":68},167,{"file":52,"line":92,"context":68},210,{"file":52,"line":94,"context":68},266,{"file":52,"line":96,"context":68},293,{"file":52,"line":98,"context":68},296,{"file":52,"line":100,"context":68},334,{"file":52,"line":102,"context":68},345,{"file":52,"line":104,"context":68},346,8,[],[108,126,134],{"entryPoint":109,"graph":110,"unsanitizedCount":21,"severity":125},"press_this_ajax (includes\\press-this.php:115)",{"nodes":111,"edges":122},[112,117],{"id":113,"type":114,"label":115,"file":41,"line":116},"n0","source","$_SERVER['PHP_SELF'] (x2)",180,{"id":118,"type":119,"label":120,"file":41,"line":116,"wp_function":121},"n1","sink","echo() [XSS]","echo",[123],{"from":113,"to":118,"sanitized":124},true,"low",{"entryPoint":127,"graph":128,"unsanitizedCount":21,"severity":125},"\u003Cpress-this> (includes\\press-this.php:0)",{"nodes":129,"edges":132},[130,131],{"id":113,"type":114,"label":115,"file":41,"line":116},{"id":118,"type":119,"label":120,"file":41,"line":116,"wp_function":121},[133],{"from":113,"to":118,"sanitized":124},{"entryPoint":135,"graph":136,"unsanitizedCount":21,"severity":125},"\u003Cpress-this> (press-this.php:0)",{"nodes":137,"edges":147},[138,140,141,145],{"id":113,"type":114,"label":115,"file":52,"line":139},118,{"id":118,"type":119,"label":120,"file":52,"line":139,"wp_function":121},{"id":142,"type":114,"label":143,"file":52,"line":144},"n2","$_GET (x4)",40,{"id":146,"type":119,"label":120,"file":52,"line":139,"wp_function":121},"n3",[148,149],{"from":113,"to":118,"sanitized":124},{"from":142,"to":146,"sanitized":124},{"summary":151,"deductions":152},"The \"press-this-v2\" plugin v0.1 exhibits a strong security posture based on the provided static analysis.  The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with exposed attack vectors significantly reduces the plugin's vulnerability footprint.  Furthermore, the code demonstrates good security practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks. The low number of identified taint flows, with none exhibiting unsanitized paths or critical\u002Fhigh severity, reinforces this positive assessment. The plugin's vulnerability history being completely clear suggests a history of secure development and maintenance.\n\nWhile the plugin's current state appears secure, the lack of any recorded vulnerabilities might also indicate a limited history of being a target for attackers or a lack of comprehensive security testing over time.  The 74% proper output escaping, while good, still leaves a small margin for potential XSS vulnerabilities if the remaining 26% are used in critical areas, though no such issues were flagged in the taint analysis. Overall, this plugin appears to be well-developed from a security perspective, with a minimal attack surface and good adherence to security best practices.",[153],{"reason":154,"points":155},"74% output escaping, potentially unsafe",4,"2026-03-17T00:32:41.433Z",{"wat":158,"direct":164},{"assetPaths":159,"generatorPatterns":160,"scriptPaths":161,"versionParams":163},[],[],[162],"\u002Fwp-content\u002Fplugins\u002Fpress-this-v2\u002Fpress-this.php",[],{"cssClasses":165,"htmlComments":167,"htmlAttributes":170,"restEndpoints":177,"jsGlobals":178,"shortcodeOutput":194},[166],"press-this-wrap",[168,169],"Press This Display and Handler.","WordPress Administration Bootstrap",[171,172,173,174,175,176],"id=\"extra-fields\"","id=\"embed-code\"","id=\"photo-add-url-div\"","id=\"img_container\"","class=\"close\"","class=\"refresh\"",[],[179,180,181,182,183,184,185,186,187,188,189,190,191,192,193],"addLoadEvent","userSettings","ajaxurl","pagenow","typenow","thousandsSeparator","decimalPoint","isRtl","photostorage","wpActiveEditor","insert_plain_editor","set_editor","insert_editor","append_editor","show",[]]