[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiwZ92yagdDVxhGC6u_O2wc_K0UG9RpamEXcL-VFM-gM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":54,"fingerprints":156},"rhythms","Rhythms","1.1.2","Thomas Patrick Levy","https:\u002F\u002Fprofiles.wordpress.org\u002Fthomasplevy\u002F","\u003Cp>Rhythms, the only WordPress plugin that automatically optimizes your website with lesser-known speed-reading hacks so that your readers can read your content faster than anywhere else on the web.\u003C\u002Fp>\n","Rhythms, the only WordPress plugin that automatically optimizes your website with lesser-known speed-reading hacks so that your readers can read your  …",0,1354,100,2,"2017-06-11T17:21:00.000Z","4.7.32","4.7.4","",[20,21],"reading-optimization","speed-reading","https:\u002F\u002Fgithub.com\u002Fthomasplevy\u002Frhythms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frhythms.1.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"thomasplevy",93,30,89,"2026-04-04T14:08:35.468Z",[35],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":14,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":18,"tags":48,"homepage":52,"download_link":53,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"rocket-reader-speed-reader","Rocket Reader (Speed-Reader)","1.6.2","cageehv","https:\u002F\u002Fprofiles.wordpress.org\u002Fcageehv\u002F","\u003Ch4>Introduction\u003C\u002Fh4>\n\u003Cp>This plugin allows the visitor to read the content of a WordPress web page \u002F post, using the ‘Rocket Reader’\u003C\u002Fp>\n\u003Cp>It’s a nifty Speed-Reading plugin. Using the Rocket Reader you can decrease the reading time of an article by, maybe, as much as 80%!\u003C\u002Fp>\n\u003Cp>The key is to reduce the eye movement while reading.\u003Cbr \u002F>\nIn the traditional way of reading, your eyes are constantly moving left to right, and back, loosing precious time (and it’s very tiring too!).\u003C\u002Fp>\n\u003Cp>This plugin is presenting the words one by one and it uses a focal point (also called Optical Recognition Point, ORP).\u003Cbr \u002F>\nResearch proved that your eyes are always looking for a specific point within a word for faster recognition of the pattern.\u003Cbr \u002F>\nSo by highlighting that focal point it makes reading even way faster!\u003C\u002Fp>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>You can find the settings page in the WP Admin Panel » Settings » Rocket Reader Opts.\u003C\u002Fp>\n\u003Ch4>Author\u003C\u002Fh4>\n\u003Cp>CAGE Web Design | Rolf van Gelder, Eindhoven, The Netherlands – http:\u002F\u002Fcagewebdev.com – http:\u002F\u002Frvg.cage.nl\u003C\u002Fp>\n\u003Ch4>Plugin URL + Live Demo\u003C\u002Fh4>\n\u003Cp>http:\u002F\u002Fcagewebdev.com\u002Frocket-reader\u002F\u003C\u002Fp>\n\u003Ch4>Download URL\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frocket-reader\u002F\u003C\u002Fp>\n\u003Ch4>Currently supported languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English [en_US] – default language, by Rolf van Gelder, CAGE Web Design – http:\u002F\u002Fcagewebdev.com\u003C\u002Fli>\n\u003Cli>Dutch   [nl_NL] – translated by Rolf van Gelder, CAGE Web Design – http:\u002F\u002Fcagewebdev.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugins by CAGE Web Design | Rolf van Gelder\u003C\u002Fh4>\n\u003Cp>WordPress plugins created by CAGE Web Design | Rolf van Gelder\u003Cbr \u002F>\nhttp:\u002F\u002Fcagewebdev.com\u002Fcategory\u002Fnews-tech-art\u002Fwordpress\u002F\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>NO WARRANTY, USE AT OWN RISK!\u003C\u002Fp>\n","Introduction",20,13267,"2022-05-06T13:55:00.000Z","6.0.11","2.8",[49,50,51,21],"reader","speed","speed-reader","http:\u002F\u002Fcagewebdev.com\u002Frocket-reader\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frocket-reader-speed-reader.1.6.2.zip",{"attackSurface":55,"codeSignals":87,"taintFlows":109,"riskAssessment":144,"analyzedAt":155},{"hooks":56,"ajaxHandlers":83,"restRoutes":84,"shortcodes":85,"cronEvents":86,"entryPointCount":11,"unprotectedCount":11},[57,63,67,74,78],{"type":58,"name":59,"callback":60,"file":61,"line":62},"action","admin_menu","register_page","inc\\class-rhythms-admin-settings.php",18,{"type":58,"name":64,"callback":65,"file":61,"line":66},"admin_init","save",19,{"type":68,"name":69,"callback":70,"priority":71,"file":72,"line":73},"filter","rhythms_filters","get_integration_filters",10,"inc\\class-rhythms-filters.php",21,{"type":58,"name":75,"callback":75,"priority":11,"file":76,"line":77},"init","rhythms.php",76,{"type":58,"name":79,"callback":80,"priority":81,"file":76,"line":82},"admin_bar_menu","output_facts",999,79,[],[],[],[],{"dangerousFunctions":88,"sqlUsage":89,"outputEscaping":91,"fileOperations":11,"externalRequests":11,"nonceChecks":107,"capabilityChecks":11,"bundledLibraries":108},[],{"prepared":11,"raw":11,"locations":90},[],{"escaped":92,"rawEcho":93,"locations":94},3,7,[95,97,99,100,102,104,105],{"file":61,"line":24,"context":96},"raw output",{"file":61,"line":98,"context":96},86,{"file":61,"line":98,"context":96},{"file":61,"line":101,"context":96},87,{"file":61,"line":103,"context":96},110,{"file":61,"line":103,"context":96},{"file":61,"line":106,"context":96},112,1,[],[110,134],{"entryPoint":111,"graph":112,"unsanitizedCount":107,"severity":133},"save (inc\\class-rhythms-admin-settings.php:23)",{"nodes":113,"edges":129},[114,119,123],{"id":115,"type":116,"label":117,"file":61,"line":118},"n0","source","$_POST[?]",36,{"id":120,"type":121,"label":122,"file":61,"line":118},"n1","transform","→ set_option()",{"id":124,"type":125,"label":126,"file":61,"line":127,"wp_function":128},"n2","sink","update_option() [Settings Manipulation]",73,"update_option",[130,132],{"from":115,"to":120,"sanitized":131},false,{"from":120,"to":124,"sanitized":131},"low",{"entryPoint":135,"graph":136,"unsanitizedCount":107,"severity":133},"\u003Cclass-rhythms-admin-settings> (inc\\class-rhythms-admin-settings.php:0)",{"nodes":137,"edges":141},[138,139,140],{"id":115,"type":116,"label":117,"file":61,"line":118},{"id":120,"type":121,"label":122,"file":61,"line":118},{"id":124,"type":125,"label":126,"file":61,"line":127,"wp_function":128},[142,143],{"from":115,"to":120,"sanitized":131},{"from":120,"to":124,"sanitized":131},{"summary":145,"deductions":146},"The \"rhythms\" plugin v1.1.2 exhibits a generally positive security posture, with no known vulnerabilities in its history and a strong adherence to secure coding practices in several areas. The absence of CVEs and a clean vulnerability history indicate a well-maintained plugin that has likely undergone security scrutiny. The static analysis reveals a notably small attack surface with no detected AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the code signals demonstrate a commitment to security by using prepared statements for all SQL queries and performing nonce checks. \n\nHowever, there are areas of concern that temper this otherwise positive assessment. The taint analysis identified two flows with unsanitized paths, which, despite not being categorized as critical or high severity, represent potential avenues for security exploits if user-supplied data is not handled with sufficient sanitization. Additionally, the output escaping is only properly implemented in 30% of cases, posing a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially if untrusted data is outputted without proper sanitization. The lack of capability checks for any entry points is also a concern, as it implies that these potential entry points, however few, might be accessible to users without the necessary permissions. \n\nIn conclusion, while the \"rhythms\" plugin has a strong foundation in terms of vulnerability history and attack surface management, the identified unsanitized paths and insufficient output escaping are critical weaknesses that require immediate attention. The plugin's strengths lie in its clean history and the use of prepared statements. The weaknesses, however, present tangible risks that could be exploited by attackers.",[147,149,152],{"reason":148,"points":93},"Unsanitized paths found in taint analysis",{"reason":150,"points":151},"Low percentage of properly escaped output",8,{"reason":153,"points":154},"No capability checks for entry points",5,"2026-03-17T06:12:43.297Z",{"wat":157,"direct":162},{"assetPaths":158,"generatorPatterns":159,"scriptPaths":160,"versionParams":161},[],[],[],[],{"cssClasses":163,"htmlComments":164,"htmlAttributes":165,"restEndpoints":166,"jsGlobals":167,"shortcodeOutput":168},[],[],[],[],[],[]]