[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSdKWPMpMQ-Ch8K_LMpDQH2fVhpxPVQ3YvhLgDP48TWg":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":8,"tags":16,"homepage":18,"download_link":19,"security_score":20,"vuln_count":12,"unpatched_count":12,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":29,"analysis":52,"fingerprints":153},"radiopotok","Radiopotok","0.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fradiopotok\u002F","","Этот виджет предоставляет вам возможность прослушивать онлайн радиостанции выбранные на сайте http:\u002F\u002Fradiopotok.ru\u002Fradio_on_site",10,2566,0,"2013-01-20T06:15:00.000Z","3.5.2","3.0.1",[17],"online-radio","http:\u002F\u002Fradiopotok.ru\u002Finfo\u002Fwp.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fradiopotok.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":4,"display_name":4,"profile_url":7,"plugin_count":25,"total_installs":10,"avg_security_score":20,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},1,30,84,"2026-04-04T22:23:32.104Z",[30],{"slug":31,"name":32,"version":33,"author":34,"author_profile":35,"description":36,"short_description":37,"active_installs":26,"downloaded":38,"rating":39,"num_ratings":40,"last_updated":41,"tested_up_to":42,"requires_at_least":43,"requires_php":8,"tags":44,"homepage":49,"download_link":50,"security_score":20,"vuln_count":12,"unpatched_count":12,"last_vuln_date":21,"fetched_at":51},"fnffm-radio","FnF.FM Radio","1.1","Arifur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartoonistarif\u002F","\u003Cp>FnF.FM is an Online Radio Station that can be used as either a widget or Short code. Now you can engage your visitors into your website.\u003C\u002Fp>\n\u003Ch4>Key Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>FnF.FM Radio is a Wonderful Radio Player that plays Popular Songs 24\u002F7.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fully responsive, work with all kind of web browsers and mobile device.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can use This Radio Player in any Posts or Pages of Your website using Short code. In Posts\u002FPages the player will display song title, artist name and album cover.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After Installing, a new widget named ‘FnF.FM Radio’ will be created. You can use this widget in your website sidebar or any other areas.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After Installing, just use this short code to display the radio player  [fnffm]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Here is live demo: http:\u002F\u002Fwp.fnf.fm\u002Fwp-radio\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>FnF.fm Website: http:\u002F\u002Fwww.fnf.fm\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For receiving any type of support, submit your Query Here:\u003Cbr \u002F>\n  http:\u002F\u002Fwww.fnf.fm\u002Fp\u002Fcontact.html\u003C\u002Fp>\n","FnF.FM is an Online Radio Station that can be used as either a widget or Short code.",15487,100,5,"2016-08-21T01:05:00.000Z","4.6.30","3.0",[17,45,46,47,48],"online-radio-plugin","radio","sidebar","widget","http:\u002F\u002Fwp.fnf.fm\u002Fwp-radio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffnffm-radio.zip","2026-03-15T15:16:48.613Z",{"attackSurface":53,"codeSignals":94,"taintFlows":119,"riskAssessment":147,"analyzedAt":152},{"hooks":54,"ajaxHandlers":90,"restRoutes":91,"shortcodes":92,"cronEvents":93,"entryPointCount":12,"unprotectedCount":12},[55,61,65,69,74,78,82,86],{"type":56,"name":57,"callback":58,"file":59,"line":60},"action","admin_menu","radiopotok_admin_menu","admin.php",2,{"type":56,"name":62,"callback":63,"file":59,"line":64},"admin_notices","radiopotok_version_warning",16,{"type":56,"name":66,"callback":67,"file":59,"line":68},"admin_init","radiopotok_admin_init",21,{"type":70,"name":71,"callback":72,"priority":10,"file":59,"line":73},"filter","plugin_action_links","radiopotok_plugin_action_links",39,{"type":56,"name":75,"callback":76,"file":59,"line":77},"jetpack_admin_menu","radiopotok_load_menu",80,{"type":56,"name":79,"callback":80,"file":81,"line":20},"wp_head","Radiopotok_JS_Vars","radiopotok.php",{"type":56,"name":83,"callback":84,"file":81,"line":85},"init","Radiopotok_JS",86,{"type":56,"name":87,"callback":88,"file":81,"line":89},"widgets_init","Radiopotok_register_widgets",87,[],[],[],[],{"dangerousFunctions":95,"sqlUsage":96,"outputEscaping":98,"fileOperations":12,"externalRequests":12,"nonceChecks":12,"capabilityChecks":25,"bundledLibraries":118},[],{"prepared":12,"raw":12,"locations":97},[],{"escaped":60,"rawEcho":99,"locations":100},8,[101,104,106,108,110,112,114,116],{"file":59,"line":102,"context":103},12,"raw output",{"file":59,"line":105,"context":103},26,{"file":59,"line":107,"context":103},67,{"file":81,"line":109,"context":103},54,{"file":81,"line":111,"context":103},56,{"file":81,"line":113,"context":103},58,{"file":81,"line":115,"context":103},63,{"file":81,"line":117,"context":103},78,[],[120,139],{"entryPoint":121,"graph":122,"unsanitizedCount":12,"severity":138},"radiopotok_conf (admin.php:41)",{"nodes":123,"edges":135},[124,129],{"id":125,"type":126,"label":127,"file":59,"line":128},"n0","source","$_POST",48,{"id":130,"type":131,"label":132,"file":59,"line":133,"wp_function":134},"n1","sink","update_option() [Settings Manipulation]",49,"update_option",[136],{"from":125,"to":130,"sanitized":137},true,"low",{"entryPoint":140,"graph":141,"unsanitizedCount":12,"severity":138},"\u003Cadmin> (admin.php:0)",{"nodes":142,"edges":145},[143,144],{"id":125,"type":126,"label":127,"file":59,"line":128},{"id":130,"type":131,"label":132,"file":59,"line":133,"wp_function":134},[146],{"from":125,"to":130,"sanitized":137},{"summary":148,"deductions":149},"The \"radiopotok\" plugin v0.1 exhibits a generally good security posture based on the provided static analysis. It demonstrates a lack of dangerous functions, no file operations, and no external HTTP requests, which are positive indicators.  Crucially, all identified SQL queries utilize prepared statements, and there are no recorded vulnerabilities or CVEs associated with this plugin, suggesting a history of secure development or limited prior exposure. The presence of a capability check, even with a limited attack surface, is a positive sign of some security awareness.\n\nHowever, a significant concern arises from the output escaping. With 10 total outputs analyzed, only 20% are properly escaped. This indicates a high potential for cross-site scripting (XSS) vulnerabilities, where user-supplied data, if not properly sanitized, could be injected into the output and executed by a user's browser.  While the attack surface is currently reported as zero, this could change with future updates. The absence of nonce checks on AJAX handlers and REST API routes is also a weakness, although currently mitigated by the zero count of these entry points. It's essential to address the output escaping issues proactively to prevent future security breaches.\n\nIn conclusion, \"radiopotok\" v0.1 has strengths in its avoidance of common pitfalls like raw SQL and external requests, and a clean vulnerability history. Nevertheless, the poor output escaping is a critical weakness that needs immediate attention. Addressing this, along with implementing proper nonce checks should these entry points become active, will significantly improve the plugin's overall security.",[150],{"reason":151,"points":64},"Poor output escaping (80% unescaped)","2026-03-16T23:38:55.251Z",{"wat":154,"direct":161},{"assetPaths":155,"generatorPatterns":157,"scriptPaths":158,"versionParams":160},[156],"\u002Fwp-content\u002Fplugins\u002Fradiopotok\u002Fadmin.php",[],[159],"http:\u002F\u002Fradiopotok.ru\u002Ff\u002Fscript4\u002F",[],{"cssClasses":162,"htmlComments":172,"htmlAttributes":173,"restEndpoints":183,"jsGlobals":184,"shortcodeOutput":186},[163,164,165,166,167,168,169,170,171],"RPv4-well","RPv4-well-small","RPv4-radioplayer-wrapper","RPv4-radioplayer","RPv4-btn-group","RPv4-btn","RPv4-dropdown-toggle","RPv4-caret","RPv4-dropdown-menu",[],[174,175,176,177,178,179,180,181,182],"id=\"RP_v4_radio\"","class=\"RPv4-well RPv4-well-small\"","class=\"RPv4-radioplayer-wrapper\"","id=\"RP_v4_radioplayer\"","class=\"RPv4-btn-group\" align=\"left\"","class=\"RPv4-btn RPv4-dropdown-toggle\"","data-toggle=\"dropdown\"","class=\"RPv4-caret\"","class=\"RPv4-dropdown-menu\"",[],[185],"RP_v4_theme",[187],"\u003Cdiv id=\"RP_v4_radio\" align=\"center\" class=\"RPv4-well RPv4-well-small\">\u003Cdiv class=\"RPv4-radioplayer-wrapper\">\u003Cdiv id=\"RP_v4_radioplayer\">\u003C\u002Fdiv>\u003C\u002Fdiv>\u003Cdiv class=\"RPv4-btn-group\" align=\"left\">\u003Ca class=\"RPv4-btn RPv4-dropdown-toggle\" data-toggle=\"dropdown\" href=\"http:\u002F\u002Fradiopotok.ru\u002F\">Онлайн радио\u003Cspan class=\"RPv4-caret\">\u003C\u002Fspan>\u003C\u002Fa>\u003Cul class=\"RPv4-dropdown-menu\">\u003C\u002Ful>\u003C\u002Fdiv>\u003C\u002Fdiv>"]