[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ft9rYPlEP9ynZipN1DqHeyOrg1JnvW6V1z9GyhEjC_X4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":38,"fingerprints":112},"rscards-maker","RsCards Maker","1.0.0","RS Software","https:\u002F\u002Fprofiles.wordpress.org\u002Ftherssoftware\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>RsCards Maker brings your creativity to life with a suite of powerful features:\u003C\u002Fstrong> \u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Christmas Cards:\u003C\u002Fstrong> Celebrate the season with beautifully designed, customizable Christmas cards.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Subject Titles:\u003C\u002Fstrong> Personalize your card titles to make them truly unique.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Color and Font Customization:\u003C\u002Fstrong> Easily change colors and choose from a wide variety of fonts to match any style or occasion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes:\u003C\u002Fstrong> Seamlessly integrate cards into your website with user-friendly shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send Customizable Cards:\u003C\u002Fstrong> Share your creations directly with recipients for a personal touch.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>Whether it’s for spreading holiday cheer or marking any special occasion, RsCards Maker provides all the tools you need to craft and share memorable greeting cards.\u003C\u002Fp>\n\u003Ch3>Privacy Policy and Terms of Service\u003C\u002Fh3>\n\u003Cp>This plugin interacts with an external server to fetch festive cards.\u003Cbr \u002F>\n    https:\u002F\u002Faptest.therssoftware.com\u002Frscardmaker\u002Fcardimages\u002F is used to host the image files.\u003Cbr \u002F>\nWhen the plugin is enabled, the plugin will request image files from the server.\u003Cbr \u002F>\nOnly the image file that needs to be downloaded is sent to the server.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin utilizes external services to enhance its functionality. Below is a breakdown of the services used:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Festive Christmas Cards\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service\u003C\u002Fstrong>: \u003Ccode>https:\u002F\u002Faptest.therssoftware.com\u002Frscardmaker\u002Fcardimages\u002F\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To fetch and download festive Christmas card image files. These images are hosted on the external server and are requested only when the Christmas cards feature is enabled.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: The plugin sends a request specifying the file name of the image to be downloaded. No personal or user-identifiable data is transmitted.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Received\u003C\u002Fstrong>: A large image file (up to 20 MB) containing the selected Christmas card design.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Google Fonts for Card Generation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service\u003C\u002Fstrong>: \u003Ccode>https:\u002F\u002Faptest.therssoftware.com\u002Frscardmaker\u002Ffonts\u002F\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To fetch fonts used in generating customized Christmas card designs. These fonts are hosted on the external server and are requested as part of the card customization process.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: The plugin sends a request for specific font files. No personal or user-identifiable data is transmitted.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Received\u003C\u002Fstrong>: Font files necessary for rendering text on the generated Christmas card.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Image Preview with Simple Lightbox\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Library\u003C\u002Fstrong>: \u003Ccode>simple-lightbox.js\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To provide a large preview of Christmas card images in a lightbox modal.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: No data is sent externally. This is a client-side JavaScript library used for image display purposes.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Received\u003C\u002Fstrong>: None. The library operates locally within the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Terms and Privacy\u003C\u002Fstrong>:\u003Cbr \u002F>\nUsers can refer to the following links for more information on the services’ terms and privacy policies:\u003Cbr \u002F>\n– \u003Ca href=\"#\" rel=\"nofollow ugc\">R&S Card Maker Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"#\" rel=\"nofollow ugc\">R&S Card Maker Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>The unminified source code for JavaScript and CSS files is included in the \u003Ccode>public\u003C\u002Fcode> directory within the plugin.\u003C\u002Fp>\n\u003Cp>For third-party libraries like \u003Ccode>simple-lightbox.js\u003C\u002Fcode>, the unminified version is also available in the plugin.\u003C\u002Fp>\n\u003Ch3>Third-Party Libraries\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple Lightbox (https:\u002F\u002Fgithub.com\u002Fandreknieriem\u002Fsimplelightbox)\u003Cbr \u002F>\nLicensed under MIT License.\u003C\u002Fli>\n\u003C\u002Ful>\n","RsCards Maker is a versatile tool designed to create and customize greeting Christmas  cards.",10,591,100,1,"2024-11-21T05:20:00.000Z","6.7.5","5.7","7.0",[20,21,22],"christmas-card","send-email-christmas-card","wish-your-friend-christmas-card","https:\u002F\u002Ftherssoftware.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frscards-maker.1.0.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"therssoftware",3,150,30,88,"2026-04-04T15:19:21.654Z",[],{"attackSurface":39,"codeSignals":91,"taintFlows":104,"riskAssessment":105,"analyzedAt":111},{"hooks":40,"ajaxHandlers":76,"restRoutes":83,"shortcodes":84,"cronEvents":89,"entryPointCount":90,"unprotectedCount":26},[41,47,52,55,57,60,62,66,69,72],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","admin_menu","rs_cards_maker_admin_menu","admin\\class-rscards-maker-admin.php",55,{"type":42,"name":48,"callback":49,"file":50,"line":51},"plugins_loaded","anonymous","includes\\class-rscards-maker.php",142,{"type":42,"name":53,"callback":49,"file":50,"line":54},"admin_enqueue_scripts",157,{"type":42,"name":53,"callback":49,"file":50,"line":56},158,{"type":42,"name":58,"callback":49,"file":50,"line":59},"wp_enqueue_scripts",173,{"type":42,"name":58,"callback":49,"file":50,"line":61},174,{"type":42,"name":58,"callback":63,"file":64,"line":65},"enqueue_styles","public\\class-rscards-maker-public.php",101,{"type":42,"name":58,"callback":67,"file":64,"line":68},"enqueue_scripts",102,{"type":42,"name":48,"callback":70,"file":64,"line":71},"rscards_maker_load_assets",105,{"type":42,"name":53,"callback":73,"file":74,"line":75},"rs_cards_maker_enqueue_scripts","rscards-maker.php",205,[77],{"action":78,"nopriv":79,"callback":80,"hasNonce":81,"hasCapCheck":79,"file":74,"line":82},"rs_card_image_download",false,"rs_card_image_download_handler",true,85,[],[85],{"tag":86,"callback":87,"file":64,"line":88},"rs-cards-maker","rscards_maker_shortcode",53,[],2,{"dangerousFunctions":92,"sqlUsage":93,"outputEscaping":96,"fileOperations":90,"externalRequests":90,"nonceChecks":90,"capabilityChecks":26,"bundledLibraries":103},[],{"prepared":94,"raw":26,"locations":95},4,[],{"escaped":97,"rawEcho":14,"locations":98},63,[99],{"file":100,"line":101,"context":102},"admin\\partials\\rscards-maker-admin-display.php",54,"raw output",[],[],{"summary":106,"deductions":107},"The rscards-maker plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities (CVEs) or recorded past issues is a significant positive indicator. The code demonstrates good practices such as using prepared statements for all SQL queries and a very high percentage of properly escaped output, minimizing risks of SQL injection and Cross-Site Scripting (XSS). The limited attack surface of two entry points, both of which appear to be protected by nonces and capability checks, further bolsters its security.\n\nHowever, the analysis does highlight a critical area for improvement: the complete lack of capability checks on any entry points. While nonces are present for two identified entry points, the absence of capability checks means that even authenticated users might be able to access or manipulate functionalities they shouldn't. This could lead to privilege escalation or unauthorized actions if an attacker can trick a logged-in user into interacting with these endpoints. The presence of file operations and external HTTP requests, while not inherently insecure, are areas that warrant careful review to ensure they are not inadvertently creating vulnerabilities.\n\nIn conclusion, rscards-maker v1.0.0 is off to a promising start with robust handling of SQL and output sanitization, and no historical vulnerabilities. The key weakness lies in the missing capability checks, which should be addressed immediately to prevent potential unauthorized access and privilege escalation. The limited number of entry points makes this a manageable fix. Further scrutiny of file operations and external requests is recommended for comprehensive security.",[108],{"reason":109,"points":110},"Missing capability checks on entry points",15,"2026-03-17T01:29:23.333Z",{"wat":113,"direct":120},{"assetPaths":114,"generatorPatterns":116,"scriptPaths":117,"versionParams":119},[115],"\u002Fwp-content\u002Fplugins\u002Frscards-maker\u002Fadmin\u002Fimages\u002Floading.gif",[],[118],"\u002Fwp-content\u002Fplugins\u002Frscards-maker\u002Fadmin\u002Fjs\u002Frscards-maker-custom-script.js",[],{"cssClasses":121,"htmlComments":122,"htmlAttributes":123,"restEndpoints":124,"jsGlobals":125,"shortcodeOutput":127},[],[],[],[],[126],"rsCardsMaker",[]]