[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6Kzts33u1JsB6ixj0vuktY_HkotOoMeDx8JjEUaohVM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":82},"pull-quotes","Pull Quotes","1.0.2","Aaron D. Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Faaroncampbell\u002F","\u003Cp>Pull Quotes done right.  The pull quotes are created with javascript, so that\u003Cbr \u002F>\nyou don’t have any problems with out of order or duplicate content.\u003C\u002Fp>\n\u003Cp>Collaborate on the plugin: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faaroncampbell\u002Fpull-quotes\" rel=\"nofollow ugc\">Pull Quotes on GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Brought to you by \u003Ca href=\"http:\u002F\u002Faarondcampbell.com\u002F\" title=\"WordPress Plugins\" rel=\"nofollow ugc\">Aaron D. Campbell\u003C\u002Fa>\u003C\u002Fp>\n","Pull Quotes done right!  No duplicate or out of order content.  Create pull quotes right from your editor.",10,4561,0,"2017-03-26T19:16:00.000Z","4.8.28","3.5","",[],"http:\u002F\u002Faarondcampbell.com\u002Fwordpress-plugin\u002Fpull-quotes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpull-quotes.1.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"aaroncampbell",2,110,93,30,89,"2026-04-05T09:06:57.277Z",[],{"attackSurface":35,"codeSignals":63,"taintFlows":74,"riskAssessment":75,"analyzedAt":81},{"hooks":36,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":61,"entryPointCount":62,"unprotectedCount":13},[37,42,45,48,52],{"type":38,"name":39,"callback":39,"file":40,"line":41},"action","init","pull-quotes.php",24,{"type":38,"name":43,"callback":43,"file":40,"line":44},"wp_enqueue_scripts",25,{"type":38,"name":46,"callback":46,"file":40,"line":47},"admin_enqueue_scripts",26,{"type":49,"name":50,"callback":50,"file":40,"line":51},"filter","mce_external_plugins",33,{"type":49,"name":53,"callback":53,"file":40,"line":54},"mce_buttons",34,[],[],[58],{"tag":59,"callback":59,"file":40,"line":60},"pullquote",27,[],1,{"dangerousFunctions":64,"sqlUsage":65,"outputEscaping":67,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":27,"bundledLibraries":70},[],{"prepared":13,"raw":13,"locations":66},[],{"escaped":68,"rawEcho":13,"locations":69},4,[],[71],{"name":72,"version":22,"knownCves":73},"TinyMCE",[],[],{"summary":76,"deductions":77},"The 'pull-quotes' plugin v1.0.2 exhibits a generally strong security posture based on the static analysis.  It demonstrates excellent practices by not using dangerous functions, all SQL queries utilize prepared statements, and all identified outputs are properly escaped. Furthermore, there are no file operations or external HTTP requests, and the absence of identified taint flows with unsanitized paths is a significant positive. The presence of capability checks further reinforces its secure coding approach.  The lack of any recorded vulnerabilities, including critical or high severity ones, and no recent CVEs, suggests a history of well-maintained and secure code.\n\nHowever, a notable area for potential concern is the absence of nonce checks on its single shortcode, which represents its sole entry point. While the capability checks are present, the lack of nonces on shortcodes could, in specific circumstances, open the door to certain types of attacks if the shortcode itself handles user-supplied data in a way that could be manipulated without proper session validation. This is a minor concern given the overall positive analysis but warrants attention for a fully robust security profile.  In conclusion, the plugin is commendably secure with a clean vulnerability history and good coding practices, but the omission of nonce checks on the shortcode is a slight weakness.",[78],{"reason":79,"points":80},"Missing nonce check on shortcode",7,"2026-03-16T23:55:39.464Z",{"wat":83,"direct":92},{"assetPaths":84,"generatorPatterns":89,"scriptPaths":90,"versionParams":91},[85,86,87,88],"\u002Fwp-content\u002Fplugins\u002Fpull-quotes\u002Fjs\u002Fpull-quotes.js","\u002Fwp-content\u002Fplugins\u002Fpull-quotes\u002Fjs\u002Ftext-editor-plugin.js","\u002Fwp-content\u002Fplugins\u002Fpull-quotes\u002Fcss\u002Fpull-quotes.css","\u002Fwp-content\u002Fplugins\u002Fpull-quotes\u002Fjs\u002Ftinymce-plugin.js",[],[88,85,86],[],{"cssClasses":93,"htmlComments":96,"htmlAttributes":97,"restEndpoints":101,"jsGlobals":102,"shortcodeOutput":103},[59,94,95],"alignleft","alignright",[],[98,99,100],"data-back","data-forward","data-wrap",[],[],[104,105,106],"\u003Cspan class=\"pullquote","\u003Cspan class=\"pullquote alignleft","\u003Cspan class=\"pullquote alignright"]