[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdoF6UlIyw2a5hOwUfSMJMiPKlsMirqvIreG0JkJShC0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":17,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":32,"analysis":33,"fingerprints":120},"rk-link-preview","RK Link Preview","1.0","Ruslan Kolibabchuk","https:\u002F\u002Fprofiles.wordpress.org\u002Fxxxborland\u002F","\u003Cp>Get basic website information from any given URL, in JSON format, and creating visual preview for inserting into content\u003C\u002Fp>\n","Get basic website information from any given URL, in JSON format, and creating visual preview for inserting into content",0,930,100,1,"2022-06-06T07:52:00.000Z","5.7.15","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frk-link-preview.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"xxxborland",2,20,89,30,86,"2026-04-04T21:46:57.479Z",[],{"attackSurface":34,"codeSignals":82,"taintFlows":107,"riskAssessment":108,"analyzedAt":119},{"hooks":35,"ajaxHandlers":70,"restRoutes":75,"shortcodes":76,"cronEvents":81,"entryPointCount":26,"unprotectedCount":14},[36,42,46,50,53,58,62,66],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","add_plugin_page","core\\controller\\rklp_admin.class.php",13,{"type":37,"name":43,"callback":44,"file":40,"line":45},"admin_enqueue_scripts","plugin_style",14,{"type":37,"name":47,"callback":48,"file":40,"line":49},"wp_enqueue_scripts","front_style",16,{"type":37,"name":43,"callback":51,"file":40,"line":52},"print_options",17,{"type":37,"name":54,"callback":55,"file":56,"line":57},"admin_head","add_mce_button","core\\controller\\rklp_editor.class.php",6,{"type":37,"name":59,"callback":60,"file":56,"line":61},"init","add_editor_styles",8,{"type":63,"name":64,"callback":65,"file":56,"line":27},"filter","mce_external_plugins","add_tinymce_plugin",{"type":63,"name":67,"callback":68,"file":56,"line":69},"mce_buttons","register_mce_button",21,[71],{"action":72,"nopriv":73,"callback":72,"hasNonce":73,"hasCapCheck":73,"file":40,"line":74},"get_templates",false,15,[],[77],{"tag":78,"callback":79,"file":56,"line":80},"rklp_shortcode","create_shortcode",7,[],{"dangerousFunctions":83,"sqlUsage":84,"outputEscaping":86,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":26,"bundledLibraries":103},[],{"prepared":11,"raw":11,"locations":85},[],{"escaped":87,"rawEcho":80,"locations":88},19,[89,92,95,96,97,100,101],{"file":40,"line":90,"context":91},55,"raw output",{"file":93,"line":94,"context":91},"core\\view\\options\\general.php",11,{"file":93,"line":87,"context":91},{"file":93,"line":29,"context":91},{"file":98,"line":99,"context":91},"core\\view\\options\\templates.php",12,{"file":98,"line":87,"context":91},{"file":98,"line":102,"context":91},22,[104],{"name":105,"version":21,"knownCves":106},"TinyMCE",[],[],{"summary":109,"deductions":110},"The rk-link-preview plugin v1.0 exhibits a mixed security posture. While it demonstrates good practices such as utilizing prepared statements for all SQL queries and avoiding file operations and external HTTP requests, there are significant areas of concern. The presence of an unprotected AJAX handler represents a direct attack vector that could be exploited by unauthenticated users, especially given the lack of nonce checks and capability checks on this entry point. The relatively high percentage of unescaped output, though not critical in severity based on the available data, still poses a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed.\n\nThe plugin has no recorded vulnerability history (CVEs), which is a positive indicator of its past security. However, the static analysis does reveal a small but present attack surface with one unprotected entry point. The absence of any reported taint flows suggests that any potential data handling issues are either not present or not detected by the analysis tools. The reliance on the TinyMCE bundled library is noted, but without information on its specific version and any known vulnerabilities, it's difficult to assess its risk contribution.\n\nOverall, the plugin has some strong security foundations, particularly in database interaction. However, the unprotected AJAX handler is a critical oversight that significantly elevates the risk profile. The less than ideal output escaping also warrants attention. Addressing the unprotected AJAX handler should be the immediate priority to mitigate the most pressing security threat.",[111,113,116],{"reason":112,"points":80},"Unprotected AJAX handler found",{"reason":114,"points":115},"Unescaped output detected (27%)",4,{"reason":117,"points":118},"Bundled TinyMCE library",3,"2026-03-17T06:16:20.645Z",{"wat":121,"direct":136},{"assetPaths":122,"generatorPatterns":128,"scriptPaths":129,"versionParams":130},[123,124,125,126,127],"\u002Fwp-content\u002Fplugins\u002Frk-link-preview\u002Fassets\u002Fbuild\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Frk-link-preview\u002Fassets\u002Fbuild\u002Fcss\u002Ffront.css","\u002Fwp-content\u002Fplugins\u002Frk-link-preview\u002Fassets\u002Fbuild\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Frk-link-preview\u002Fassets\u002Fbuild\u002Fjs\u002Ftinymce-plugins\u002Frk-mce-button.js","\u002Fwp-content\u002Fplugins\u002Frk-link-preview\u002Fassets\u002Fbuild\u002Fjs\u002Ftinymce-plugins\u002Frk-shortcodes.js",[],[125,126,127],[131,132,133,134,135],"rk-link-preview\u002Fstyle.css?ver=","rk-link-preview\u002Ffront.css?ver=","rk-link-preview\u002Fmain.js?ver=","rk-link-preview\u002Frk-mce-button.js?ver=","rk-link-preview\u002Frk-shortcodes.js?ver=",{"cssClasses":137,"htmlComments":144,"htmlAttributes":145,"restEndpoints":148,"jsGlobals":163,"shortcodeOutput":166},[138,139,140,141,142,143],"rklp-modal__preview","rklp-container","rklp-preview","js-preview","rklp-preview__image","rklp-preview__content",[],[146,147],"data-template","data-image",[149,150,151,152,153,154,155,156,157,158,159,160,161,150,162],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftypes","\u002Fwp-json\u002Fwp\u002Fv2\u002Fcategories","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftags","\u002Fwp-json\u002Fwp\u002Fv2\u002Fpages","\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts","\u002Fwp-json\u002Fwp\u002Fv2\u002Fcomments","\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia","\u002Fwp-json\u002Fwp\u002Fv2\u002Fthemes","\u002Fwp-json\u002Fwp\u002Fv2\u002Fplugins","\u002Fwp-json\u002Fwp\u002Fv2\u002Fsettings","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftaxonomies","\u002Fwp-json\u002Fwp\u002Fv2\u002Fstatuses","\u002Fwp-json\u002Fwp\u002Fv2\u002Fsearch",[164,165],"rklkp_ajax_url","window.rk_read_more",[167,168,169,170,171],"\u003Ca href=\"","\" class=\"rklp-modal__preview rklp-container\"","\u003Cdiv class=\"rklp-modal__preview rklp-container\"","\u003Cdiv class=\"rklp-preview js-preview","\u003Cimg src=\""]