[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8DNVhv90M86dv8-68tf5H0jSarZ92viuMQmcK78IuHM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":66},"realtime-visitor-counter","Realtime Visitor Counter","1.0","Benjamin Hagh Parast","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaghs\u002F","\u003Cp>If you want to display the current Visitor Count, you can use the following shortcode [rtvc]\u003C\u002Fp>\n","Add the shortcode [rtvc] in the Header, footer ore on any post and page. With this plugin you can display in Realtime Visitor Count.",10,866,0,"2026-01-09T17:45:00.000Z","6.9.4","6.9","8.0",[4],"https:\u002F\u002Fwordtune.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frealtime-visitor-counter.1.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"haghs",18,330,30,94,"2026-04-04T11:20:54.713Z",[],{"attackSurface":34,"codeSignals":45,"taintFlows":54,"riskAssessment":55,"analyzedAt":65},{"hooks":35,"ajaxHandlers":36,"restRoutes":37,"shortcodes":38,"cronEvents":43,"entryPointCount":44,"unprotectedCount":13},[],[],[],[39],{"tag":40,"callback":40,"file":41,"line":42},"rtvc","RealtimeVisitorCounter.php",24,[],1,{"dangerousFunctions":46,"sqlUsage":47,"outputEscaping":49,"fileOperations":52,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":53},[],{"prepared":13,"raw":13,"locations":48},[],{"escaped":50,"rawEcho":13,"locations":51},2,[],3,[],[],{"summary":56,"deductions":57},"The realtime-visitor-counter plugin v1.0 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, the use of prepared statements for all SQL queries, and proper output escaping are significant strengths. The limited attack surface, with only one shortcode and no AJAX, REST API, or cron events without authentication checks, further contributes to its security. The plugin also has no known vulnerabilities in its history, suggesting a consistent track record of security.\n\nHowever, there are notable areas for improvement. The complete lack of nonce checks and capability checks across all entry points is a significant concern. While the attack surface is small, any code executed by the shortcode is essentially unprotected against potential CSRF attacks or unauthorized access, even if the code itself doesn't exhibit obvious vulnerabilities in this version. The absence of taint analysis results is also not ideal, as it means potential data flow vulnerabilities might have been missed. The three file operations, while not explicitly flagged as dangerous, warrant closer inspection to ensure they do not introduce vulnerabilities, especially in the absence of other security checks.\n\nIn conclusion, the plugin demonstrates good fundamental coding practices in handling data and queries. Its lack of historical vulnerabilities is a positive indicator. Nevertheless, the absence of any authentication or authorization checks on its sole entry point (the shortcode) presents a clear risk that needs to be addressed to improve its overall security. A more thorough dynamic or manual analysis would be beneficial to complement the static findings.",[58,60,62],{"reason":59,"points":11},"Missing nonce checks on shortcode",{"reason":61,"points":11},"Missing capability checks on shortcode",{"reason":63,"points":64},"No taint analysis performed",5,"2026-03-16T23:53:58.918Z",{"wat":67,"direct":72},{"assetPaths":68,"generatorPatterns":69,"scriptPaths":70,"versionParams":71},[],[],[],[],{"cssClasses":73,"htmlComments":74,"htmlAttributes":75,"restEndpoints":76,"jsGlobals":77,"shortcodeOutput":78},[],[],[],[],[],[79],"echo esc_attr ($counter . \"\\n\");"]