[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9LU1pyhn5q9XaNSsKZPoW1sIHsO3Wb7UVzzilL1nPtQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":33,"analysis":34,"fingerprints":109},"quickreviewer-html-review","QuickReviewer HTML Review Plugin","1.3","abdulkidwai","https:\u002F\u002Fprofiles.wordpress.org\u002Fabdulkidwai\u002F","\u003Cp>The QuickReviewer Proofing plugin for WordPress is used for proofing HTML websites in the QuickReviewer Proofing module. For more information on the plugin, visit https:\u002F\u002Fwww.quickreviewer.com and head to knowledgebase articles.\u003C\u002Fp>\n\u003Cp>This plugin works only along with the 3rd party QuickReviewer service. In order for this plugin to work, you will need to create an account at https:\u002F\u002Fwww.quickreviewer.com\u002Fquickreviewer\u002Freviewmanager\u002F#\u002Fregister. Once you have created an account, you can use the QuickReviewer platform to add your website links and send them out for review to your stake holders. The stake holders get an email with a link to review and can add comments or provide feedback without the need to send emails back and forth. But before you do that, you will need to install this plugin on your WordPress website.\u003C\u002Fp>\n\u003Cp>To get a summary about how it works, follow the link https:\u002F\u002Fwww.quickreviewer.com\u002Fhow-quickreviewer-works\u002F. Or dive into our short video tutorials at https:\u002F\u002Fwww.quickreviewer.com\u002Fvideo-tutorials\u002F\u003C\u002Fp>\n\u003Cp>Once the review process is over you can just deactivate\u002Funinstall the plugin. We take security and privacy of our user very seriously. You can read about our privacy policy at https:\u002F\u002Fwww.quickreviewer.com\u002Fprivacy-policy\u002F.\u003C\u002Fp>\n\u003Ch4>Why use this plugin:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin inserts a script in the head of your website on each page in order to allow the proofing system to communicate with your web site.\u003C\u002Fli>\n\u003C\u002Ful>\n","The QuickReviewer Proofing plugin for WordPress is used for proofing HTML websites in the QuickReviewer Proofing module. For more information on the p …",70,2144,100,1,"2026-02-11T10:56:00.000Z","5.7.15","4.0","",[20,21,22],"html-proofing","quickreviewer","website-proofing","http:\u002F\u002Fwww.quickreviewer.com\u002Fqr-html-review","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquickreviewer-html-review.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},30,94,"2026-04-05T08:51:30.504Z",[],{"attackSurface":35,"codeSignals":51,"taintFlows":58,"riskAssessment":97,"analyzedAt":108},{"hooks":36,"ajaxHandlers":47,"restRoutes":48,"shortcodes":49,"cronEvents":50,"entryPointCount":25,"unprotectedCount":25},[37,43],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","init","qrhtmlplug_add_cors_http_header","QR-Proof.php",36,{"type":38,"name":44,"callback":45,"priority":14,"file":41,"line":46},"wp_enqueue_scripts","qrhtmlplug_theJS",37,[],[],[],[],{"dangerousFunctions":52,"sqlUsage":53,"outputEscaping":55,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":57},[],{"prepared":25,"raw":25,"locations":54},[],{"escaped":25,"rawEcho":25,"locations":56},[],[],[59,86],{"entryPoint":60,"graph":61,"unsanitizedCount":84,"severity":85},"qrhtmlplug_add_cors_http_header (QR-Proof.php:11)",{"nodes":62,"edges":80},[63,68,73,77],{"id":64,"type":65,"label":66,"file":41,"line":67},"n0","source","$_SERVER['HTTP_ORIGIN']",20,{"id":69,"type":70,"label":71,"file":41,"line":67,"wp_function":72},"n1","sink","header() [Header Injection]","header",{"id":74,"type":65,"label":75,"file":41,"line":76},"n2","$_SERVER",22,{"id":78,"type":70,"label":71,"file":41,"line":79,"wp_function":72},"n3",23,[81,83],{"from":64,"to":69,"sanitized":82},false,{"from":74,"to":78,"sanitized":82},2,"medium",{"entryPoint":87,"graph":88,"unsanitizedCount":84,"severity":85},"\u003CQR-Proof> (QR-Proof.php:0)",{"nodes":89,"edges":94},[90,91,92,93],{"id":64,"type":65,"label":66,"file":41,"line":67},{"id":69,"type":70,"label":71,"file":41,"line":67,"wp_function":72},{"id":74,"type":65,"label":75,"file":41,"line":76},{"id":78,"type":70,"label":71,"file":41,"line":79,"wp_function":72},[95,96],{"from":64,"to":69,"sanitized":82},{"from":74,"to":78,"sanitized":82},{"summary":98,"deductions":99},"The \"quickreviewer-html-review\" v1.3 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of known vulnerabilities (CVEs) and the plugin's clean vulnerability history are positive indicators. Furthermore, the static analysis reveals no dangerous functions, no direct SQL queries (all use prepared statements), and all output is properly escaped.  The lack of file operations and external HTTP requests also reduces potential attack vectors.\n\nHowever, there are notable concerns arising from the taint analysis. The report indicates two flows with unsanitized paths, which, despite not being classified as critical or high severity in this instance, represent a potential risk. The absence of any capability checks or nonce checks across all entry points (even though the attack surface is currently zero) is a significant oversight. If the attack surface were to expand in future versions, these missing security controls would expose the plugin to considerable risks.\n\nIn conclusion, while the current version of \"quickreviewer-html-review\" appears secure due to its limited functionality and lack of direct exploitable flaws, the presence of unsanitized paths and the complete absence of authorization and authentication checks are weaknesses that should be addressed. Developers should ensure that any future additions to the plugin's functionality include robust security measures.",[100,103,106],{"reason":101,"points":102},"Taint flows with unsanitized paths",8,{"reason":104,"points":105},"No capability checks on any entry points",15,{"reason":107,"points":105},"No nonce checks on any entry points","2026-03-16T21:31:31.249Z",{"wat":110,"direct":116},{"assetPaths":111,"generatorPatterns":112,"scriptPaths":113,"versionParams":115},[],[],[114],"https:\u002F\u002Fapp.quickreviewer.com\u002Fproof\u002Fwebproof\u002Fqrv2.js",[],{"cssClasses":117,"htmlComments":118,"htmlAttributes":119,"restEndpoints":120,"jsGlobals":121,"shortcodeOutput":122},[],[],[],[],[],[]]