[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbJE03MatLsiu12sdWkYN1uZisg-pAUeo3Vl0UGWULnI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":20,"download_link":21,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":72},"prevent-skype-overwriting","Prevent Skype Overwriting","0.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>This plugin adds a simple meta code which prevents Skype from hijacking your site and overwriting all phone numbers with their widget. In a lot of designs, their widget ends up breaking the design by pushing items to the next line or ruining the padding.\u003C\u002Fp>\n\u003Cp>This plugin is a simple activate and forget about it deal. It has no baring on your site’s load time what so ever because it functions silently in the background.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fsmub\" title=\"Check out my other plugins\" rel=\"ugc\">Check out my other plugins\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\" title=\"Visit WPBeginner for any tutorials or support\" rel=\"nofollow ugc\">Visit WPBeginner for any tutorials or support\u003C\u002Fa>\u003C\u002Fp>\n","This plugin adds a simple meta code which prevents Skype from hijacking your site and overwriting all phone numbers with their widget.",30,2773,100,1,"","3.2.1","3.0",[4,19],"skype-hijacking-wordpress","http:\u002F\u002Fwww.wpbeginner.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-skype-overwriting.0.1.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"smub",94,23510130,91,795,73,"2026-04-03T17:39:37.874Z",[],{"attackSurface":36,"codeSignals":51,"taintFlows":64,"riskAssessment":65,"analyzedAt":71},{"hooks":37,"ajaxHandlers":47,"restRoutes":48,"shortcodes":49,"cronEvents":50,"entryPointCount":22,"unprotectedCount":22},[38,44],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","wp_head","overwrite_skype_meta","preventskypeoverwriting.php",28,{"type":39,"name":45,"callback":46,"file":42,"line":11},"wp_dashboard_setup","skypeoverwrite_dashboard_widgets",[],[],[],[],{"dangerousFunctions":52,"sqlUsage":53,"outputEscaping":55,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":63},[],{"prepared":22,"raw":22,"locations":54},[],{"escaped":22,"rawEcho":56,"locations":57},2,[58,61],{"file":42,"line":59,"context":60},58,"raw output",{"file":42,"line":62,"context":60},59,[],[],{"summary":66,"deductions":67},"The plugin \"prevent-skype-overwriting\" v0.1 exhibits a generally strong security posture in terms of its attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited.  The code analysis also shows a positive absence of dangerous functions, file operations, external HTTP requests, and vulnerabilities through taint analysis.  The use of prepared statements for all SQL queries is a significant strength, demonstrating good practice in preventing SQL injection.\n\nHowever, a critical concern arises from the output escaping. With 100% of the 2 total outputs being unescaped, this presents a significant risk for Cross-Site Scripting (XSS) vulnerabilities. Any data processed and displayed by this plugin without proper sanitization and escaping could be leveraged by attackers to inject malicious scripts into a user's browser. The absence of nonce checks and capability checks, while not immediately exploitable due to the limited attack surface, indicates a potential weakness if the plugin's functionality were to expand or if future vulnerabilities were discovered in its entry points. The clean vulnerability history is reassuring but does not negate the immediate risk posed by unescaped output.\n\nIn conclusion, while the plugin's foundational structure and data handling appear secure, the lack of output escaping is a serious oversight that significantly lowers its overall security. This single weakness introduces a high potential for client-side attacks like XSS. Addressing this immediately is paramount to improving the plugin's security.",[68],{"reason":69,"points":70},"Unescaped output detected",6,"2026-03-16T22:22:07.170Z",{"wat":73,"direct":78},{"assetPaths":74,"generatorPatterns":75,"scriptPaths":76,"versionParams":77},[],[],[],[],{"cssClasses":79,"htmlComments":81,"htmlAttributes":82,"restEndpoints":85,"jsGlobals":86,"shortcodeOutput":87},[80],"rsswidget",[],[83,84],"name=\"SKYPE_TOOLBAR\"","content=\"SKYPE_TOOLBAR_PARSER_COMPATIBLE\"",[],[],[]]