[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHDfYVtCzM70My0EB9vrWHY-8DSiQz5y_0yTT6Sk0wzc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":76,"fingerprints":462},"risk-list","Risk List","1.0","Mike Stott","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikemayhem3030\u002F","\u003Cp>Do you know why you do what you do? Is there anything else you should be doing? Risk List lets you manage the risks which may stop you reaching your objectives.\u003C\u002Fp>\n\u003Ch4>Manage your Risks\u003C\u002Fh4>\n\u003Cp>Do you know what might stop you from reaching your objectives? Risk List lets your link Risks to Objectives. Does the following sound familiar to you?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>I want to get more sales\u003C\u002Fli>\n\u003Cli>I want to improve customer service\u003C\u002Fli>\n\u003Cli>I want to spend less time doing [xyz]\u003C\u002Fli>\n\u003Cli>I want to Grow Big\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Using Risk List as your Risk Management tool lets you assign risks against these objectives. You can’t get more sales if your website keeps going down. That’s a Risk.\u003C\u002Fp>\n\u003Ch4>Control your Risks\u003C\u002Fh4>\n\u003Cp>Once you know your risks, you can control them. Add controls and link them to risks. Assign an owner to the control. Make sure that it’s operational and helps you to manage the risk. For example running pingdom or other server monitoring tools is a control which helps you detect whether your website keeps going down. Classify controls\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detective – is there a problem? What is your downtime report showing \u003C\u002Fli>\n\u003Cli>Preventative  – if a condition is not met, then this will stop something going ahead\u003C\u002Fli>\n\u003Cli>Corrective – this is something which is done after something happens. If your site goes down you’d contact the host, complain, perhaps even move host\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The above uses the risk of your website going down as an example.\u003C\u002Fp>\n\u003Ch4>Track Metrics\u003C\u002Fh4>\n\u003Cp>Do you know what measures your success? What should you and your team be focussing on?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Grow monthly sales revenue\u003C\u002Fli>\n\u003Cli>Increase email subscribers\u003C\u002Fli>\n\u003Cli>Improve customer response times\u003C\u002Fli>\n\u003Cli>Grow Twitter following\u003C\u002Fli>\n\u003Cli>Create and track your metrics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Manage Processes\u003C\u002Fh4>\n\u003Cp>Do you know how your processes tie in to which risk you are managing? Who does what.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>See what’s due when\u003C\u002Fli>\n\u003Cli>See who needs to do what\u003C\u002Fli>\n\u003Cli>Set frequency (recurring monthly, weekly, daily)\u003C\u002Fli>\n\u003Cli>Mark complete \u002F incomplete\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Risk Dashboard Overview\u003C\u002Fh4>\n\u003Cp>Risk List adds new Dashboard widgets so you can see at a glance your Risk Information.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>See your risks on a Heat Map\u003C\u002Fli>\n\u003Cli>See your top risks in your Risk Overview\u003C\u002Fli>\n\u003Cli>Track actions\u003C\u002Fli>\n\u003Cli>View upcoming processes\u003C\u002Fli>\n\u003Cli>Plus much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Some feature\u003C\u002Fli>\n\u003Cli>Another feature\u003C\u002Fli>\n\u003Cli>Something else about the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>something\u003C\u002Fli>\n\u003Cli>something else\u003C\u002Fli>\n\u003Cli>third thing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s a link to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" title=\"Your favorite software\" rel=\"ugc\">WordPress\u003C\u002Fa> and one to \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" title=\"Markdown is what the parser uses to process much of the readme file\" rel=\"nofollow ugc\">Markdown’s Syntax Documentation\u003C\u002Fa>.\u003Cbr \u002F>\nTitles are optional, naturally.\u003C\u002Fp>\n\u003Cp>Markdown uses email style notation for blockquotes and I’ve been told:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Asterisks for \u003Cem>emphasis\u003C\u002Fem>. Double it up  for \u003Cstrong>strong\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cpre>\u003Ccode>\u003C?php code(); \u002F\u002F goes in backticks ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Risk List brings Risk Management into your WordPress Dashboard. Manage your risks. Track your Metrics. Grow big.",10,1729,100,1,"2017-01-09T11:58:00.000Z","4.7.32","4.6","",[20,21],"risk-management","risks","http:\u002F\u002Frisklist.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frisk-list.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mikemayhem3030",3,30,84,"2026-04-05T02:58:11.032Z",[36,58],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":31,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":55,"download_link":56,"security_score":57,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"autentify-anti-fraud-for-woocommerce","Autentify anti fraud for WooCommerce","2.2.1","autentify","https:\u002F\u002Fprofiles.wordpress.org\u002Fautentify\u002F","\u003Cp>AUTENTIFY é uma plataforma de prevenção a fraude em tempo real que ajuda comerciantes de todos os tamanhos na tomada de decisão. Este plugin se integra diretamente à plataforma AUTENTIFY e permite que os comerciantes comecem a combater a fraude imediatamente.\u003C\u002Fp>\n\u003Ch4>Score de usuários em tempo real\u003C\u002Fh4>\n\u003Cp>O AUTENTIFY analisa os usuários cadastrados, fornecendo uma pontuação única que avalia o risco de fraude apresentado por cada usuário. Se a pontuação de um usuário for de alto risco, você pode investigar o usuário antes mesmo que ocorra um pedido.\u003C\u002Fp>\n\u003Ch4>Pontuação de risco\u003C\u002Fh4>\n\u003Cp>Nosso algoritmo de pontuação exclusivo rastreia e analisa diversos atributos, usando apenas o email do usuário como chave primária, permitindo assim que você avalie facilmente o risco de fraude e automatize seu processo de revisão.\u003C\u002Fp>\n\u003Ch4>Verificação de identidade\u003C\u002Fh4>\n\u003Cp>Utilize nossas outras verificações como o AutentiD (checagem de dados cadastrais) ou AutentiFace (validação biométrica facial) como etapas extras de verificação. O nível de impacto no usuário pode ser personalizado e ajustável com base na pontuação que cada usuário recebe.\u003C\u002Fp>\n\u003Ch4>Preços\u003C\u002Fh4>\n\u003Cp>O AUTENTIFY é um serviço pré-pago com preços flexíveis com base no número de consultas recebidas por mês. Uma conta AUTENTIFY separada é necessária para liberação do token e utilização das consultas. Após o período de teste gratuito de 7 dias, o preço começa em R$ 199,90 por mês. Para obter mais informações, visite https:\u002F\u002Fwww.autentify.com.br.\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>Anti-fraude em tempo real para e-commerces, protegendo transações e auxiliando na tomada de decisões seguras.\u003C\u002Fp>\n","AUTENTIFY é uma plataforma de prevenção a fraude em tempo real que ajuda comerciantes de todos os tamanhos na tomada de decisão.",1997,"2024-11-10T00:33:00.000Z","6.6.5","4.7","5.6",[50,51,52,53,54],"e-commerce-security","fraud-prevention","payment-protection","risk-management-plugin","woocommerce-anti-fraud","https:\u002F\u002Fautentify.com.br\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautentify-anti-fraud-for-woocommerce.2.2.1.zip",92,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":25,"downloaded":66,"rating":25,"num_ratings":25,"last_updated":18,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":73,"download_link":74,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":75},"ambriel-anti-fraud","Ambriel Anti Fraud for WooCommerce","1.0.0","Ambriel Dev","https:\u002F\u002Fprofiles.wordpress.org\u002Fambrieldev\u002F","\u003Cp>Ambriel is a next-generation \u003Ca href=\"https:\u002F\u002Fambriel.io\" rel=\"nofollow ugc\">fraud prevention and risk intelligence\u003C\u002Fa> platform designed to protect businesses from financial crime, abuse, and compliance risks. Whether you operate in fintech, iGaming, banking, retail, or marketplaces, Ambriel provides AI-powered monitoring, real-time risk scoring, and fraud detection tools to safeguard your operations.\u003C\u002Fp>\n\u003Cp>From preventing account takeovers and multi-accounting to detecting bonus abuse, payment fraud, and transaction anomalies, Ambriel ensures your platform remains secure while delivering a seamless experience for genuine users. With integrations for onboarding, monitoring, and compliance, Ambriel helps businesses stay one step ahead of fraud while meeting global regulatory standards.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin uses Ambriel’s third‑party fraud and risk intelligence service to perform real‑time \u003Ca href=\"https:\u002F\u002Fambriel.io\u002Fscoring-engine\" rel=\"nofollow ugc\">risk scoring\u003C\u002Fa>, fraud detection, and \u003Ca href=\"https:\u002F\u002Fambriel.io\u002Fscreening\" rel=\"nofollow ugc\">AML checks\u003C\u002Fa> for transactions and user accounts.\u003C\u002Fp>\n\u003Cp>What the service is and what it is used for\u003Cbr \u002F>\n– Ambriel provides fraud scoring and risk intelligence to help detect account takeover, multi‑accounting, payment fraud, bonus abuse, and other suspicious activity. The plugin sends data to Ambriel and receives a risk score and related risk signals used to automate or inform fraud decisions.\u003C\u002Fp>\n\u003Cp>What data is sent and when\u003Cbr \u002F>\n– Data sent depends on the action being evaluated (checkout, order creation, user registration, onboarding reviews, or manual\u002Fadmin-initiated checks). Typical fields include customer and account identifiers and metadata such as:\u003Cbr \u002F>\n  – name, email, phone\u003Cbr \u002F>\n  – IP address and user agent\u003Cbr \u002F>\n  – billing\u002Fshipping address\u003Cbr \u002F>\n  – order\u002Ftransaction details (order id, amount, currency)\u003Cbr \u002F>\n  – device or session identifiers and other behavioral metadata\u003Cbr \u002F>\n– Exact request fields are documented here: https:\u002F\u002Fdocs.ambriel.io\u002Fdocs\u002Fapi\u002Ffraud\u002Fscoring\u003Cbr \u002F>\n– Data is transmitted to Ambriel when the plugin performs a risk check (for example during checkout, on order creation, during onboarding, or when an admin triggers a manual check). You can control which checks run from the plugin settings.\u003C\u002Fp>\n\u003Cp>Where the data is sent\u003Cbr \u002F>\n– Data is sent to \u003Ca href=\"https:\u002F\u002Fapi.ambriel.io\" rel=\"nofollow ugc\">Ambriel’s API endpoints\u003C\u002Fa> operated by Ambriel. All communications use HTTPS.\u003C\u002Fp>\n\u003Cp>Why the data is sent\u003Cbr \u002F>\n– To compute fraud\u002Frisk scores and return signals that help your store decide whether to allow, review, or block activity and to meet AML\u002Fcompliance workflows.\u003C\u002Fp>\n\u003Cp>Terms and privacy\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fambriel.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Ambriel terms of service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fambriel.io\u002F\u002Fprivacy-policy\" rel=\"nofollow ugc\">Ambriel privacy policy\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fdocs.ambriel.io\u002Fdocs\u002Fapi\u002Ffraud\u002Fscoring\" rel=\"nofollow ugc\">API request\u002Ffield reference\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Additional notes\u003Cbr \u002F>\n– If you do not want this data transmitted, disable the Ambriel features in the plugin settings or deactivate the plugin. Data handling and retention are governed by Ambriel’s privacy policy and terms above.\u003C\u002Fp>\n","Ambriel is a fraud prevention and risk intelligence platform that helps businesses to detect fraud, monitor risks, and protect customers in real time.",165,"6.8.5","6.3",[70,71,72,20],"aml-complience","anti-fraud","fraud-detection","https:\u002F\u002Fgithub.com\u002Fambriel-io\u002Fwordpress-ambriel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fambriel-anti-fraud.1.0.0.zip","2026-03-15T10:48:56.248Z",{"attackSurface":77,"codeSignals":180,"taintFlows":448,"riskAssessment":449,"analyzedAt":461},{"hooks":78,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":25,"unprotectedCount":25},[79,85,90,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,135,139,143,147,151,155,159,163,167,171],{"type":80,"name":81,"callback":82,"file":83,"line":84},"action","wp_dashboard_setup","risklist_add_dashboard_widgets","includes\\risk-list-dashboard.php",38,{"type":80,"name":86,"callback":87,"file":88,"line":89},"add_meta_boxes","create_meta_box","includes\\risk-list-risk-meta.php",28,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":94},"filter","save_post","save_meta_box",29,{"type":80,"name":86,"callback":87,"file":88,"line":96},122,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":98},123,{"type":80,"name":86,"callback":87,"file":88,"line":100},220,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":102},221,{"type":80,"name":86,"callback":87,"file":88,"line":104},315,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":106},316,{"type":80,"name":86,"callback":87,"file":88,"line":108},409,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":110},410,{"type":80,"name":86,"callback":87,"file":88,"line":112},695,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":114},696,{"type":80,"name":86,"callback":87,"file":88,"line":116},842,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":118},843,{"type":80,"name":86,"callback":87,"file":88,"line":120},960,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":122},961,{"type":80,"name":86,"callback":87,"file":88,"line":124},1054,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":126},1055,{"type":80,"name":86,"callback":87,"file":88,"line":128},1132,{"type":91,"name":92,"callback":93,"priority":11,"file":88,"line":130},1133,{"type":80,"name":132,"callback":133,"file":134,"line":32},"init","risklist_init","risk-list.php",{"type":80,"name":136,"callback":137,"file":134,"line":138},"admin_init","risklist_admin_init",31,{"type":80,"name":140,"callback":141,"file":134,"line":142},"admin_menu","risklist_remove_menu",188,{"type":80,"name":144,"callback":145,"file":134,"line":146},"restrict_manage_posts","risklist_filter_by_the_author",869,{"type":80,"name":148,"callback":149,"priority":11,"file":134,"line":150},"admin_enqueue_scripts","risklist_add_admin_styles",910,{"type":91,"name":152,"callback":153,"file":134,"line":154},"manage_risklist_risk_posts_columns","risklist_set_custom_edit_risklist_risk_columns",949,{"type":80,"name":156,"callback":157,"priority":11,"file":134,"line":158},"manage_risklist_risk_posts_custom_column","risklist_custom_risklist_risk_column",950,{"type":80,"name":160,"callback":161,"file":134,"line":162},"admin_footer","risklist_admin_footer_function",1103,{"type":91,"name":164,"callback":165,"file":134,"line":166},"manage_risklist_risk_columns","risklist_thumbnail_column_order",1119,{"type":91,"name":168,"callback":169,"file":134,"line":170},"admin_footer_text","risklist_remove_footer_admin",1134,{"type":91,"name":172,"callback":173,"priority":174,"file":134,"line":175},"update_footer","risklist_footer_ver",11,1140,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":198,"fileOperations":14,"externalRequests":25,"nonceChecks":11,"capabilityChecks":25,"bundledLibraries":447},[],{"prepared":183,"raw":183,"locations":184},6,[185,188,190,192,194,196],{"file":88,"line":186,"context":187},51,"$wpdb->get_results() with variable interpolation",{"file":88,"line":189,"context":187},145,{"file":88,"line":191,"context":187},243,{"file":88,"line":193,"context":187},338,{"file":88,"line":195,"context":187},983,{"file":134,"line":197,"context":187},1108,{"escaped":25,"rawEcho":199,"locations":200},126,[201,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,239,241,243,245,247,249,251,253,255,257,259,261,263,265,266,268,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,314,316,318,319,321,323,325,327,329,331,333,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,370,372,374,376,378,380,382,384,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445],{"file":88,"line":202,"context":203},64,"raw output",{"file":88,"line":205,"context":203},71,{"file":88,"line":207,"context":203},72,{"file":88,"line":209,"context":203},155,{"file":88,"line":211,"context":203},157,{"file":88,"line":213,"context":203},158,{"file":88,"line":215,"context":203},159,{"file":88,"line":217,"context":203},168,{"file":88,"line":219,"context":203},169,{"file":88,"line":221,"context":203},256,{"file":88,"line":223,"context":203},263,{"file":88,"line":225,"context":203},264,{"file":88,"line":227,"context":203},346,{"file":88,"line":229,"context":203},347,{"file":88,"line":231,"context":203},348,{"file":88,"line":233,"context":203},357,{"file":88,"line":235,"context":203},358,{"file":88,"line":237,"context":203},473,{"file":88,"line":237,"context":203},{"file":88,"line":240,"context":203},572,{"file":88,"line":242,"context":203},586,{"file":88,"line":244,"context":203},604,{"file":88,"line":246,"context":203},619,{"file":88,"line":248,"context":203},629,{"file":88,"line":250,"context":203},630,{"file":88,"line":252,"context":203},739,{"file":88,"line":254,"context":203},742,{"file":88,"line":256,"context":203},745,{"file":88,"line":258,"context":203},760,{"file":88,"line":260,"context":203},789,{"file":88,"line":262,"context":203},790,{"file":88,"line":264,"context":203},874,{"file":88,"line":264,"context":203},{"file":88,"line":267,"context":203},891,{"file":88,"line":267,"context":203},{"file":88,"line":270,"context":203},901,{"file":88,"line":272,"context":203},902,{"file":88,"line":274,"context":203},996,{"file":88,"line":276,"context":203},1003,{"file":88,"line":278,"context":203},1004,{"file":88,"line":280,"context":203},1080,{"file":88,"line":282,"context":203},1081,{"file":88,"line":284,"context":203},1082,{"file":88,"line":286,"context":203},1176,{"file":88,"line":288,"context":203},1179,{"file":88,"line":290,"context":203},1182,{"file":88,"line":292,"context":203},1197,{"file":88,"line":294,"context":203},1226,{"file":88,"line":296,"context":203},1227,{"file":134,"line":298,"context":203},325,{"file":134,"line":300,"context":203},327,{"file":134,"line":302,"context":203},330,{"file":134,"line":304,"context":203},333,{"file":134,"line":306,"context":203},336,{"file":134,"line":308,"context":203},339,{"file":134,"line":310,"context":203},343,{"file":134,"line":312,"context":203},345,{"file":134,"line":231,"context":203},{"file":134,"line":315,"context":203},351,{"file":134,"line":317,"context":203},354,{"file":134,"line":233,"context":203},{"file":134,"line":320,"context":203},361,{"file":134,"line":322,"context":203},363,{"file":134,"line":324,"context":203},366,{"file":134,"line":326,"context":203},369,{"file":134,"line":328,"context":203},372,{"file":134,"line":330,"context":203},375,{"file":134,"line":332,"context":203},379,{"file":134,"line":334,"context":203},381,{"file":134,"line":336,"context":203},384,{"file":134,"line":338,"context":203},387,{"file":134,"line":340,"context":203},390,{"file":134,"line":342,"context":203},393,{"file":134,"line":344,"context":203},397,{"file":134,"line":346,"context":203},399,{"file":134,"line":348,"context":203},402,{"file":134,"line":350,"context":203},405,{"file":134,"line":352,"context":203},408,{"file":134,"line":354,"context":203},411,{"file":134,"line":356,"context":203},416,{"file":134,"line":358,"context":203},418,{"file":134,"line":360,"context":203},420,{"file":134,"line":362,"context":203},422,{"file":134,"line":364,"context":203},424,{"file":134,"line":366,"context":203},583,{"file":134,"line":368,"context":203},584,{"file":134,"line":242,"context":203},{"file":134,"line":371,"context":203},588,{"file":134,"line":373,"context":203},589,{"file":134,"line":375,"context":203},601,{"file":134,"line":377,"context":203},602,{"file":134,"line":379,"context":203},603,{"file":134,"line":381,"context":203},605,{"file":134,"line":383,"context":203},606,{"file":134,"line":246,"context":203},{"file":134,"line":386,"context":203},620,{"file":134,"line":388,"context":203},622,{"file":134,"line":390,"context":203},624,{"file":134,"line":392,"context":203},625,{"file":134,"line":394,"context":203},636,{"file":134,"line":396,"context":203},683,{"file":134,"line":398,"context":203},684,{"file":134,"line":400,"context":203},685,{"file":134,"line":402,"context":203},686,{"file":134,"line":404,"context":203},687,{"file":134,"line":406,"context":203},694,{"file":134,"line":408,"context":203},723,{"file":134,"line":410,"context":203},724,{"file":134,"line":412,"context":203},725,{"file":134,"line":414,"context":203},726,{"file":134,"line":416,"context":203},727,{"file":134,"line":418,"context":203},734,{"file":134,"line":420,"context":203},766,{"file":134,"line":422,"context":203},767,{"file":134,"line":424,"context":203},768,{"file":134,"line":426,"context":203},769,{"file":134,"line":428,"context":203},776,{"file":134,"line":430,"context":203},812,{"file":134,"line":432,"context":203},818,{"file":134,"line":434,"context":203},819,{"file":134,"line":436,"context":203},828,{"file":134,"line":438,"context":203},829,{"file":134,"line":440,"context":203},1043,{"file":134,"line":442,"context":203},1049,{"file":134,"line":444,"context":203},1115,{"file":134,"line":446,"context":203},1190,[],[],{"summary":450,"deductions":451},"The \"risk-list\" v1.0 plugin exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The complete absence of any known CVEs, coupled with zero critical or high severity vulnerabilities in its history, suggests a development team that is either highly diligent or has not yet attracted significant security scrutiny. The static analysis reveals a very small attack surface with no identified unprotected entry points, which is a strong indicator of secure coding practices in this regard.  Furthermore, the presence of nonce checks is encouraging.\n\nHowever, significant concerns arise from the output escaping and SQL query practices. With 100% of outputs not properly escaped, there is a very high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed by the plugin is susceptible to malicious injection. While 50% of SQL queries utilize prepared statements, the remaining half are potentially vulnerable to SQL injection, especially if they handle user-supplied input without proper sanitization, though the taint analysis didn't find any such flows.\n\nThe plugin's lack of capability checks is also a notable weakness, as it implies that access to certain functionalities might not be properly restricted to authorized users. This, combined with the unescaped output, creates a concerning environment for potential privilege escalation or data manipulation if certain functionalities are accessible to lower-privileged users.  Despite the clean vulnerability history, the identified coding issues in output escaping and capability checks necessitate immediate attention to mitigate these risks.",[452,455,458],{"reason":453,"points":454},"0% properly escaped output",15,{"reason":456,"points":457},"50% SQL queries not prepared",7,{"reason":459,"points":460},"0 capability checks",8,"2026-03-17T00:42:12.237Z",{"wat":463,"direct":472},{"assetPaths":464,"generatorPatterns":467,"scriptPaths":468,"versionParams":469},[465,466],"\u002Fwp-content\u002Fplugins\u002Frisk-list\u002Fcss\u002Frisk-list.css","\u002Fwp-content\u002Fplugins\u002Frisk-list\u002Fjs\u002Frisk-list.js",[],[466],[470,471],"risk-list\u002Fcss\u002Frisk-list.css?ver=","risk-list\u002Fjs\u002Frisk-list.js?ver=",{"cssClasses":473,"htmlComments":474,"htmlAttributes":480,"restEndpoints":481,"jsGlobals":482,"shortcodeOutput":483},[],[475,476,477,478,479],"\u003C!--COMMENT} Define Paths","\u003C!--COMMENT} Risk Manager","#COMMENT} For all zerobs users :)","\u003C!-- COMMENT} Translations","\u002F* DASHBOARD FUNCTIONS *\u002F",[],[],[],[]]