[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fECSH4TYJhsdlKietoeh3N_ZD312j4Xrct0CI8RCY67A":3,"$faT4ZmQzZmM6ZvRh9QMZleDFIpxQd9BlEfqJUWv3wX6c":146,"$fIXIlE6izpZ6V4iyoADK9d6Wzl0Q9KDmfZe1LtCgbWlo":151},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":33,"analysis":34,"fingerprints":128},"redirection-https-for-apache","Redirection HTTPS for Apache","1.0","infranetworking","https:\u002F\u002Fprofiles.wordpress.org\u002Finfranetworking\u002F","\u003Cp>Plugin to create redirection HTTPS on Apache or LiteSpeed servers\u003C\u002Fp>\n","Redirection HTTPS for Apache is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published …",30,2881,100,1,"2024-02-04T00:10:00.000Z","6.4.8","5.0","",[20],"http-https-apache","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fredirection-https-for-apache.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":22,"avg_patch_time_days":11,"trust_score":31,"computed_at":32},2,40,84,"2026-05-20T08:57:19.134Z",[],{"attackSurface":35,"codeSignals":51,"taintFlows":59,"riskAssessment":115,"analyzedAt":127},{"hooks":36,"ajaxHandlers":47,"restRoutes":48,"shortcodes":49,"cronEvents":50,"entryPointCount":23,"unprotectedCount":23},[37,43],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","init","rhfpa_apache301_install","redirection-https-for-apache.php",79,{"type":38,"name":44,"callback":45,"file":41,"line":46},"deactivated_plugin","rhfpa_apache301_disable",82,[],[],[],[],{"dangerousFunctions":52,"sqlUsage":53,"outputEscaping":55,"fileOperations":57,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":58},[],{"prepared":23,"raw":23,"locations":54},[],{"escaped":23,"rawEcho":23,"locations":56},[],8,[],[60,88,102],{"entryPoint":61,"graph":62,"unsanitizedCount":86,"severity":87},"rhfpa_apache301_install (redirection-https-for-apache.php:33)",{"nodes":63,"edges":82},[64,69,74,77],{"id":65,"type":66,"label":67,"file":41,"line":68},"n0","source","$_SERVER (x2)",37,{"id":70,"type":71,"label":72,"file":41,"line":30,"wp_function":73},"n1","sink","fopen() [File Access]","fopen",{"id":75,"type":66,"label":76,"file":41,"line":68},"n2","$_SERVER",{"id":78,"type":71,"label":79,"file":41,"line":80,"wp_function":81},"n3","file_get_contents() [SSRF\u002FLFI]",45,"file_get_contents",[83,85],{"from":65,"to":70,"sanitized":84},false,{"from":75,"to":78,"sanitized":84},3,"medium",{"entryPoint":89,"graph":90,"unsanitizedCount":29,"severity":87},"rhfpa_apache301_disable (redirection-https-for-apache.php:57)",{"nodes":91,"edges":99},[92,94,96,97],{"id":65,"type":66,"label":76,"file":41,"line":93},61,{"id":70,"type":71,"label":79,"file":41,"line":95,"wp_function":81},63,{"id":75,"type":66,"label":76,"file":41,"line":93},{"id":78,"type":71,"label":72,"file":41,"line":98,"wp_function":73},73,[100,101],{"from":65,"to":70,"sanitized":84},{"from":75,"to":78,"sanitized":84},{"entryPoint":103,"graph":104,"unsanitizedCount":114,"severity":87},"\u003Credirection-https-for-apache> (redirection-https-for-apache.php:0)",{"nodes":105,"edges":111},[106,108,109,110],{"id":65,"type":66,"label":107,"file":41,"line":68},"$_SERVER (x3)",{"id":70,"type":71,"label":72,"file":41,"line":30,"wp_function":73},{"id":75,"type":66,"label":67,"file":41,"line":68},{"id":78,"type":71,"label":79,"file":41,"line":80,"wp_function":81},[112,113],{"from":65,"to":70,"sanitized":84},{"from":75,"to":78,"sanitized":84},5,{"summary":116,"deductions":117},"The plugin \"redirection-https-for-apache\" v1.0 presents a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with or without authentication significantly limits the potential attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries utilizing prepared statements and all outputs being properly escaped, indicating a robust approach to preventing common web vulnerabilities like SQL injection and cross-site scripting. The plugin also shows no history of known vulnerabilities, which is a strong indicator of its current stability and security.\n\nHowever, there are areas that warrant attention. The static analysis revealed 3 \"flows with unsanitized paths.\" While these are not classified as critical or high severity in the taint analysis, unsanitized path flows can still be a vector for directory traversal or other file-related attacks if not handled carefully. The presence of 8 \"file operations\" also suggests that the plugin interacts with the file system, making the unsanitized path flows a more significant concern. The lack of nonce checks and capability checks, while not directly exploitable due to the limited attack surface, suggests a potential weakness if new entry points were to be introduced in future versions without proper security controls.\n\nIn conclusion, \"redirection-https-for-apache\" v1.0 is currently in a good security state with a minimal attack surface and strong adherence to secure coding practices for SQL and output handling. The primary concern lies with the identified unsanitized path flows within file operations, which, although not rated critically, should be thoroughly reviewed and mitigated to ensure comprehensive security. The lack of vulnerability history is a definite strength, but the plugin's security should be continuously monitored, especially concerning the file operation vulnerabilities and the absence of robust authentication checks on potential future entry points.",[118,121,123,125],{"reason":119,"points":120},"Flows with unsanitized paths",7,{"reason":122,"points":86},"File operations present",{"reason":124,"points":114},"No nonce checks",{"reason":126,"points":114},"No capability checks","2026-03-16T22:36:37.854Z",{"wat":129,"direct":134},{"assetPaths":130,"generatorPatterns":131,"scriptPaths":132,"versionParams":133},[],[],[],[],{"cssClasses":135,"htmlComments":136,"htmlAttributes":142,"restEndpoints":143,"jsGlobals":144,"shortcodeOutput":145},[],[137,138,139,140,141]," BEGIN Redirection HTTPS for Apache (Infranetworking)"," The directives (lines) between `BEGIN Redirect to HTTPS` and `END Redirect to HTTPS` are"," dynamically generated, and should only be modified via WordPress filters."," Any changes to the directives between these markers will be overwritten."," END Redirection HTTPS for Apache (Infranetworking)",[],[],[],[],{"error":147,"url":148,"statusCode":149,"statusMessage":150,"message":150},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fredirection-https-for-apache\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":23,"versions":152},[]]