[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGQAVKn2om1P0zqvkDvk2-_SYnfIK2oG7Kh3YwEOFI0s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":39,"fingerprints":446},"quick-box-popup","Quick Box – Onclick Popup Notification Box","1.2.2","f1logic","https:\u002F\u002Fprofiles.wordpress.org\u002Ff1logic\u002F","\u003Cp>A quicklook into Quick Box – Onclick Popup Notification Box\u003C\u002Fp>\n\u003Cpre>\u003Ccode>★ Create a light weight onclick popup box\n★ Full control on popup content\n★ Standard WordPress content editor\n★ Display based on browsed number of pages\n★ Css settings like color, z-index, border etc\n★ Shortcode for displaying popup in specific pages\n★ Display specificaly in pages\u002Fposts\u002Fhome page\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin allows you to create a Quick Box – Onclick Popup Notification Box window with custom content in your site. You can customize the popup display by adjusting various configurations such as display logic settings and style settings (z-index, color, border etc). The plugin supports automatic and manual (shortcode) display. You can use the plugin to display any type of contents such as special promotions, subscription forms, social media icons, feedback forms, video presentations and much more.\u003C\u002Fp>\n\u003Ch4>Want more features ?\u003C\u002Fh4>\n\u003Cp>Check out the \u003Ca href=\"http:\u002F\u002Fxyzscripts.com\u002Fwordpress-plugins\u002Fxyz-wp-popup\u002F\" title=\"XYZ WP Popup\" rel=\"nofollow ugc\">premium version\u003C\u002Fa> of this plugin.\u003C\u002Fp>\n\u003Ch4>About\u003C\u002Fh4>\n\u003Cp>Quick Box – Onclick Popup Notification Box is developed and maintained by \u003Ca href=\"http:\u002F\u002Fxyzscripts.com\u002F\" title=\"xyzscripts.com\" rel=\"nofollow ugc\">XYZScripts\u003C\u002Fa>. For any support, you may \u003Ca href=\"http:\u002F\u002Fxyzscripts.com\u002Fsupport\u002F\" title=\"XYZScripts Support\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Fquick-box-popup\u002F\" title=\"Quick Box - Onclick Popup Notification Box User Guide\" rel=\"nofollow ugc\">Quick Box – Onclick Popup Notification Box User Guide\u003C\u002Fa>\u003Cbr \u002F>\n★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Fquick-box-popup\u002Ffaq\u002F\" title=\"Quick Box - Onclick Popup Notification Box Popup FAQ\" rel=\"nofollow ugc\">Quick Box – Onclick Popup Notification Box FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Cp>★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Fquick-box-popup\u002F\" title=\"Quick Box - Onclick Popup Notification Box User Guide\" rel=\"nofollow ugc\">Quick Box – Onclick Popup Notification Box User Guide\u003C\u002Fa>\u003Cbr \u002F>\n★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Fquick-box-popup\u002Ffaq\u002F\" title=\"Quick Box - Onclick Popup Notification Box FAQ\" rel=\"nofollow ugc\">Quick Box – Onclick Popup Notification Box FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Troubleshooting\u003C\u002Fh4>\n\u003Cp>Please read the FAQ first if you are having problems.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>WordPress 2.8+\nPHP 5+ (Recommended)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Client\u003C\u002Fp>\n\u003Cpre>\u003Ccode>IE 7+, FireFox 2+, Chrome, Safari 3+, Opera 8+\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>We would like to receive your feedback and suggestions for the betterment of this plugin. You may submit them at our \u003Ca href=\"http:\u002F\u002Fxyzscripts.com\u002Fsupport\u002F\" title=\"XYZScripts Support\" rel=\"nofollow ugc\">support desk\u003C\u002Fa>.\u003C\u002Fp>\n","Create a javascript based, light-weight and non-annoying onclick popup box in your blog.",10,35812,56,6,"2018-07-05T04:29:00.000Z","4.9.29","2.8","",[20,21,4,22,23],"onclick-popup","quick-box","quick-popup","quick-popup-box","http:\u002F\u002Fxyzscripts.com\u002Fwordpress-plugins\u002Fquick-box-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-box-popup.1.2.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},15,142440,92,352,73,"2026-04-04T06:50:36.183Z",[],{"attackSurface":40,"codeSignals":123,"taintFlows":404,"riskAssessment":432,"analyzedAt":445},{"hooks":41,"ajaxHandlers":100,"restRoutes":112,"shortcodes":113,"cronEvents":120,"entryPointCount":121,"unprotectedCount":122},[42,48,53,57,63,68,72,76,78,82,87,91,95],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_notices","wp_quick_admin_notice","admin\\admin-notice.php",62,{"type":43,"name":49,"callback":50,"file":51,"line":52},"admin_menu","qbx_menu","admin\\menu.php",3,{"type":43,"name":54,"callback":55,"file":51,"line":56},"admin_enqueue_scripts","xyz_qbx_admin_style",51,{"type":58,"name":59,"callback":60,"file":61,"line":62},"filter","tiny_mce_before_init","xyz_tinymce_config","admin\\tinymce_filters.php",13,{"type":58,"name":64,"callback":65,"priority":66,"file":61,"line":67},"format_for_editor","xyz_tinymce_htmledit",999,28,{"type":43,"name":69,"callback":70,"file":61,"line":71},"after_wp_tiny_mce","xyz_tinymce_replace",53,{"type":43,"name":73,"callback":74,"file":75,"line":14},"get_footer","xyz_qbx_container","create-quickbox.php",{"type":43,"name":73,"callback":77,"file":75,"line":11},"xyz_qbx_action_callback",{"type":43,"name":79,"callback":80,"file":75,"line":81},"wp","xyz_qbx_lightbox_create",17,{"type":43,"name":83,"callback":84,"file":85,"line":86},"wp_footer","xyz_qbx_credit","quick-box-popup.php",48,{"type":58,"name":88,"callback":89,"file":85,"line":90},"query_vars","xyz_qbx_query_vars",58,{"type":43,"name":92,"callback":93,"file":85,"line":94},"parse_request","xyz_qbx_parse_request",69,{"type":58,"name":96,"callback":97,"priority":11,"file":98,"line":99},"plugin_row_meta","xyz_qbx_links","xyz-functions.php",14,[101,107,110],{"action":102,"nopriv":103,"callback":104,"hasNonce":105,"hasCapCheck":105,"file":106,"line":52},"xyz_qbx_ajax_backlink",false,"xyz_qbx_ajax_backlink_call",true,"admin\\ajax-backlink.php",{"action":108,"nopriv":103,"callback":77,"hasNonce":103,"hasCapCheck":103,"file":75,"line":109},"xyz_qbx_action",35,{"action":108,"nopriv":105,"callback":77,"hasNonce":103,"hasCapCheck":103,"file":75,"line":111},36,[],[114,118],{"tag":115,"callback":116,"file":117,"line":11},"xyz_qbx_default_code","xyz_qbx_shortcode","shortcode-handler.php",{"tag":115,"callback":119,"file":117,"line":32},"xyz_qbx_lightbox_display",[],5,2,{"dangerousFunctions":124,"sqlUsage":125,"outputEscaping":133,"fileOperations":27,"externalRequests":27,"nonceChecks":121,"capabilityChecks":399,"bundledLibraries":400},[],{"prepared":27,"raw":122,"locations":126},[127,131],{"file":128,"line":129,"context":130},"admin\\destruction.php",11,"$wpdb->get_col() with variable interpolation",{"file":132,"line":129,"context":130},"admin\\install.php",{"escaped":134,"rawEcho":135,"locations":136},25,162,[137,141,142,143,145,146,148,149,151,152,154,155,157,158,160,161,163,164,166,167,169,170,172,173,174,175,177,178,179,180,182,184,185,187,188,189,190,191,193,194,196,197,199,200,201,202,204,205,207,208,210,212,213,215,217,218,220,222,223,225,226,227,228,230,231,233,234,236,237,239,240,242,243,245,246,247,248,250,251,253,254,256,257,259,260,261,262,264,265,267,268,270,271,273,274,276,278,279,280,283,284,286,288,290,293,295,297,299,301,303,305,307,309,311,313,315,317,318,320,321,323,324,326,327,329,331,333,335,337,339,341,343,345,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,383,385,387,389,391,393,395,396,397,398],{"file":138,"line":139,"context":140},"admin\\about.php",8,"raw output",{"file":138,"line":111,"context":140},{"file":138,"line":111,"context":140},{"file":138,"line":144,"context":140},37,{"file":138,"line":144,"context":140},{"file":138,"line":147,"context":140},38,{"file":138,"line":147,"context":140},{"file":138,"line":150,"context":140},39,{"file":138,"line":150,"context":140},{"file":138,"line":153,"context":140},40,{"file":138,"line":153,"context":140},{"file":138,"line":156,"context":140},41,{"file":138,"line":156,"context":140},{"file":138,"line":159,"context":140},42,{"file":138,"line":159,"context":140},{"file":138,"line":162,"context":140},43,{"file":138,"line":162,"context":140},{"file":138,"line":165,"context":140},45,{"file":138,"line":165,"context":140},{"file":138,"line":168,"context":140},46,{"file":138,"line":168,"context":140},{"file":138,"line":171,"context":140},47,{"file":138,"line":171,"context":140},{"file":138,"line":86,"context":140},{"file":138,"line":86,"context":140},{"file":138,"line":176,"context":140},49,{"file":138,"line":176,"context":140},{"file":138,"line":56,"context":140},{"file":138,"line":56,"context":140},{"file":138,"line":181,"context":140},52,{"file":138,"line":183,"context":140},54,{"file":138,"line":183,"context":140},{"file":138,"line":186,"context":140},55,{"file":138,"line":186,"context":140},{"file":138,"line":13,"context":140},{"file":138,"line":90,"context":140},{"file":138,"line":90,"context":140},{"file":138,"line":192,"context":140},59,{"file":138,"line":192,"context":140},{"file":138,"line":195,"context":140},60,{"file":138,"line":195,"context":140},{"file":138,"line":198,"context":140},61,{"file":138,"line":198,"context":140},{"file":138,"line":47,"context":140},{"file":138,"line":47,"context":140},{"file":138,"line":203,"context":140},63,{"file":138,"line":203,"context":140},{"file":138,"line":206,"context":140},64,{"file":138,"line":206,"context":140},{"file":138,"line":209,"context":140},65,{"file":138,"line":211,"context":140},66,{"file":138,"line":211,"context":140},{"file":138,"line":214,"context":140},67,{"file":138,"line":216,"context":140},68,{"file":138,"line":94,"context":140},{"file":138,"line":219,"context":140},70,{"file":138,"line":221,"context":140},71,{"file":138,"line":221,"context":140},{"file":138,"line":224,"context":140},72,{"file":138,"line":224,"context":140},{"file":138,"line":36,"context":140},{"file":138,"line":36,"context":140},{"file":138,"line":229,"context":140},74,{"file":138,"line":229,"context":140},{"file":138,"line":232,"context":140},77,{"file":138,"line":232,"context":140},{"file":138,"line":235,"context":140},78,{"file":138,"line":235,"context":140},{"file":138,"line":238,"context":140},79,{"file":138,"line":238,"context":140},{"file":138,"line":241,"context":140},81,{"file":138,"line":241,"context":140},{"file":138,"line":244,"context":140},82,{"file":138,"line":244,"context":140},{"file":138,"line":26,"context":140},{"file":138,"line":26,"context":140},{"file":138,"line":249,"context":140},86,{"file":138,"line":249,"context":140},{"file":138,"line":252,"context":140},87,{"file":138,"line":252,"context":140},{"file":138,"line":255,"context":140},88,{"file":138,"line":255,"context":140},{"file":138,"line":258,"context":140},89,{"file":138,"line":258,"context":140},{"file":138,"line":34,"context":140},{"file":138,"line":34,"context":140},{"file":138,"line":263,"context":140},93,{"file":138,"line":263,"context":140},{"file":138,"line":266,"context":140},94,{"file":138,"line":266,"context":140},{"file":138,"line":269,"context":140},97,{"file":138,"line":269,"context":140},{"file":138,"line":272,"context":140},98,{"file":138,"line":272,"context":140},{"file":138,"line":275,"context":140},103,{"file":138,"line":277,"context":140},104,{"file":46,"line":153,"context":140},{"file":46,"line":156,"context":140},{"file":281,"line":282,"context":140},"admin\\footer.php",19,{"file":281,"line":134,"context":140},{"file":281,"line":285,"context":140},123,{"file":281,"line":287,"context":140},133,{"file":289,"line":275,"context":140},"admin\\header.php",{"file":291,"line":292,"context":140},"admin\\quickbox-settings.php",353,{"file":291,"line":294,"context":140},364,{"file":291,"line":296,"context":140},412,{"file":291,"line":298,"context":140},421,{"file":291,"line":300,"context":140},541,{"file":291,"line":302,"context":140},554,{"file":291,"line":304,"context":140},559,{"file":291,"line":306,"context":140},563,{"file":291,"line":308,"context":140},567,{"file":291,"line":310,"context":140},571,{"file":291,"line":312,"context":140},597,{"file":291,"line":314,"context":140},598,{"file":291,"line":316,"context":140},599,{"file":75,"line":244,"context":140},{"file":75,"line":319,"context":140},142,{"file":75,"line":319,"context":140},{"file":75,"line":322,"context":140},143,{"file":75,"line":322,"context":140},{"file":75,"line":325,"context":140},146,{"file":75,"line":325,"context":140},{"file":75,"line":328,"context":140},147,{"file":75,"line":330,"context":140},149,{"file":75,"line":332,"context":140},151,{"file":75,"line":334,"context":140},167,{"file":75,"line":336,"context":140},169,{"file":75,"line":338,"context":140},171,{"file":75,"line":340,"context":140},176,{"file":75,"line":342,"context":140},177,{"file":75,"line":344,"context":140},180,{"file":75,"line":344,"context":140},{"file":75,"line":347,"context":140},187,{"file":75,"line":349,"context":140},188,{"file":75,"line":351,"context":140},189,{"file":75,"line":353,"context":140},190,{"file":75,"line":355,"context":140},191,{"file":75,"line":357,"context":140},192,{"file":75,"line":359,"context":140},193,{"file":75,"line":361,"context":140},335,{"file":75,"line":363,"context":140},336,{"file":75,"line":365,"context":140},337,{"file":75,"line":367,"context":140},338,{"file":75,"line":369,"context":140},339,{"file":75,"line":371,"context":140},340,{"file":75,"line":373,"context":140},341,{"file":75,"line":375,"context":140},479,{"file":75,"line":377,"context":140},499,{"file":75,"line":379,"context":140},529,{"file":75,"line":381,"context":140},532,{"file":75,"line":381,"context":140},{"file":75,"line":384,"context":140},534,{"file":75,"line":386,"context":140},556,{"file":75,"line":388,"context":140},566,{"file":75,"line":390,"context":140},569,{"file":75,"line":392,"context":140},589,{"file":394,"line":109,"context":140},"iframe.php",{"file":394,"line":144,"context":140},{"file":394,"line":147,"context":140},{"file":394,"line":153,"context":140},{"file":85,"line":181,"context":140},1,[401],{"name":402,"version":28,"knownCves":403},"TinyMCE",[],[405,421],{"entryPoint":406,"graph":407,"unsanitizedCount":27,"severity":420},"\u003Cheader> (admin\\header.php:0)",{"nodes":408,"edges":418},[409,413],{"id":410,"type":411,"label":412,"file":289,"line":62},"n0","source","$_POST (x5)",{"id":414,"type":415,"label":416,"file":289,"line":282,"wp_function":417},"n1","sink","update_option() [Settings Manipulation]","update_option",[419],{"from":410,"to":414,"sanitized":105},"low",{"entryPoint":422,"graph":423,"unsanitizedCount":27,"severity":420},"\u003Cquickbox-settings> (admin\\quickbox-settings.php:0)",{"nodes":424,"edges":430},[425,428],{"id":410,"type":411,"label":426,"file":291,"line":427},"$_POST (x17)",23,{"id":414,"type":415,"label":416,"file":291,"line":429,"wp_function":417},163,[431],{"from":410,"to":414,"sanitized":105},{"summary":433,"deductions":434},"The \"quick-box-popup\" plugin version 1.2.2 presents a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs) and no critical or high severity taint flows were identified, suggesting a generally stable code base and a good track record regarding publicly disclosed security issues. The presence of nonce checks for all identified entry points is also a positive security practice.\n\nHowever, several areas of concern are evident from the static analysis. The plugin exposes three AJAX handlers, two of which lack authentication checks. This is a significant risk as it could allow unauthenticated users to trigger plugin functionalities, potentially leading to unintended behavior or information disclosure. Furthermore, the plugin uses raw SQL queries without prepared statements, indicating a risk of SQL injection vulnerabilities, especially if user input is incorporated into these queries. The low percentage of properly escaped output (13%) is another major concern, as it points to a high likelihood of cross-site scripting (XSS) vulnerabilities.\n\nWhile the absence of known vulnerabilities is reassuring, the identified weaknesses in AJAX handler authentication, SQL query sanitization, and output escaping create potential attack vectors. The plugin's strengths lie in its lack of past vulnerabilities and its use of nonces. The key weaknesses are the unprotected AJAX endpoints and poor output escaping, which should be prioritized for remediation.",[435,437,440,442],{"reason":436,"points":139},"Unprotected AJAX handlers",{"reason":438,"points":439},"SQL queries without prepared statements",7,{"reason":441,"points":14},"Low percentage of properly escaped output",{"reason":443,"points":444},"Small attack surface without auth",4,"2026-03-16T23:42:21.455Z",{"wat":447,"direct":457},{"assetPaths":448,"generatorPatterns":451,"scriptPaths":452,"versionParams":454},[449,450],"\u002Fwp-content\u002Fplugins\u002Fquick-box-popup\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fquick-box-popup\u002Fjs\u002Fnotice.js",[],[453],"\u002Fwp-content\u002Fplugins\u002Fquick-box-popup\u002Fjs\u002Fqbx_request.js",[455,456],"quick-box-popup\u002Fstyle.css?ver=","quick-box-popup\u002Fjs\u002Fnotice.js?ver=",{"cssClasses":458,"htmlComments":459,"htmlAttributes":460,"restEndpoints":462,"jsGlobals":464,"shortcodeOutput":465},[74],[],[461],"xyz_qbx_ajax_object",[463],"\u002Fwp-json\u002Fxyz_qbx_action",[461],[466],"\u003Cspan id='xyz_qbx_container'>\u003C\u002Fspan>"]