[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPpIuOpU3lhd5j4sDy9R5TshRtr8AWJkjK_zQkUL-CCQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":39,"fingerprints":242},"runthings-secrets","RunThings Secrets","1.9.0","runthings.dev","https:\u002F\u002Fprofiles.wordpress.org\u002Frunthingsdev\u002F","\u003Cp>RunThings Secrets is a WordPress plugin that allows you to securely share secrets such as passwords. Create a secret URL, and share it with someone instead of leaving a password in a chat log or email thread. Set the maximum views and expiration date, so that the secret doesn’t lurk around forever.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secure encryption of secrets when stored in the database.\u003C\u002Fli>\n\u003Cli>Limit access by views and expiration date to enhance security.\u003C\u002Fli>\n\u003Cli>Allow viewer to delete the secret, or disable this option to prevent manual deletion.\u003C\u002Fli>\n\u003Cli>Easy sharing with a copy-to-clipboard button, featuring a helpful tooltip.\u003C\u002Fli>\n\u003Cli>Options to copy a plain link or a link with instructions and expiration terms.\u003C\u002Fli>\n\u003Cli>Spam protection powered by reCAPTCHA v3, including a score threshold setting.\u003C\u002Fli>\n\u003Cli>Customisable rate limiting, to prevent brute force attacks from bots.\u003C\u002Fli>\n\u003Cli>Timezone-aware expiration dates, synchronized with your site’s timezone settings.\u003C\u002Fli>\n\u003Cli>Flexible integration using shortcodes or WordPress Block Editor blocks.\u003C\u002Fli>\n\u003Cli>Configurable pages for ‘Add Secret,’ ‘Secret Created,’ and ‘View Secret’ actions.\u003C\u002Fli>\n\u003Cli>Customizable templates that can be overridden to fit your site’s design.\u003C\u002Fli>\n\u003Cli>Optional styling for forms can be enqueued as needed.\u003C\u002Fli>\n\u003Cli>Fully translatable.\u003C\u002Fli>\n\u003Cli>Object caching support, to improve performance.\u003C\u002Fli>\n\u003C\u002Ful>\n","Securely share secrets with a time-limited URL, avoiding passwords in chats or emails.",10,991,100,1,"2025-12-16T16:23:00.000Z","6.9.4","6.2","7.2",[20,21,22,23,24],"private-links","secure-sharing","temporary-links","time-limited-access","url-sharing","https:\u002F\u002Frunthings.dev\u002Fwordpress-plugins\u002Fsecrets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frunthings-secrets.1.9.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":13,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"runthingsdev",11,1660,14,94,"2026-04-04T11:04:10.431Z",[],{"attackSurface":40,"codeSignals":167,"taintFlows":233,"riskAssessment":234,"analyzedAt":241},{"hooks":41,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":165,"entryPointCount":166,"unprotectedCount":27},[42,48,51,56,58,62,66,68,71,73,75,77,79,81,83,87,89,93,97,100,103,107,110,113,115,117,121,125,127,130,133,136,141,144,148],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_menu","options_page","includes\\Admin\\OptionsPage.php",20,{"type":43,"name":49,"callback":49,"file":46,"line":50},"admin_footer",21,{"type":43,"name":52,"callback":53,"file":54,"line":55},"admin_init","delete_all_secrets_check","includes\\Admin\\Sections\\AdvancedSettings.php",13,{"type":43,"name":52,"callback":57,"file":54,"line":35},"settings_init",{"type":43,"name":59,"callback":60,"file":54,"line":61},"admin_notices","deleted_secrets_notice",49,{"type":43,"name":52,"callback":63,"file":64,"line":65},"regenerate_internal_encryption_key_check","includes\\Admin\\Sections\\EncryptionSettings.php",23,{"type":43,"name":52,"callback":57,"file":64,"line":67},24,{"type":43,"name":59,"callback":69,"file":64,"line":70},"regenerate_internal_encryption_key_notice",45,{"type":43,"name":59,"callback":59,"file":72,"line":55},"includes\\Admin\\Sections\\PagesSettings.php",{"type":43,"name":74,"callback":74,"file":72,"line":35},"admin_enqueue_scripts",{"type":43,"name":52,"callback":57,"file":72,"line":76},15,{"type":43,"name":52,"callback":57,"file":78,"line":55},"includes\\Admin\\Sections\\RateLimitSettings.php",{"type":43,"name":52,"callback":57,"file":80,"line":55},"includes\\Admin\\Sections\\SpamProtectionSettings.php",{"type":43,"name":52,"callback":57,"file":82,"line":55},"includes\\Admin\\Sections\\StatsSettings.php",{"type":43,"name":84,"callback":85,"file":86,"line":65},"init","register_blocks","includes\\Integration\\BlockEditor\\Blocks.php",{"type":43,"name":88,"callback":88,"file":86,"line":67},"enqueue_block_editor_assets",{"type":43,"name":90,"callback":91,"file":92,"line":50},"template_redirect","handle_form_submit","includes\\Render\\Views\\AddSecret.php",{"type":43,"name":94,"callback":95,"file":92,"line":96},"wp_enqueue_scripts","maybe_enqueue_form_styles",28,{"type":43,"name":94,"callback":98,"file":92,"line":99},"maybe_enqueue_form_scripts",29,{"type":43,"name":94,"callback":101,"file":92,"line":102},"maybe_enqueue_recaptcha",30,{"type":43,"name":94,"callback":104,"file":105,"line":106},"enqueue_styles","includes\\Render\\Views\\SecretCreated.php",26,{"type":43,"name":94,"callback":108,"file":105,"line":109},"enqueue_scripts",27,{"type":43,"name":90,"callback":111,"file":112,"line":50},"handle_delete_submit","includes\\Render\\Views\\ViewSecret.php",{"type":43,"name":94,"callback":104,"file":112,"line":114},60,{"type":43,"name":94,"callback":108,"file":112,"line":116},61,{"type":43,"name":118,"callback":119,"priority":11,"file":120,"line":76},"runthings_secrets_check_rate_limit","handle_action","includes\\Security\\RateLimit.php",{"type":43,"name":59,"callback":122,"file":123,"line":124},"sodium_not_enabled_notice","includes\\Security\\SodiumEncryption.php",18,{"type":43,"name":59,"callback":126,"file":123,"line":67},"key_not_defined_notice",{"type":43,"name":52,"callback":128,"file":129,"line":65},"check_template_versions","includes\\Template\\TemplateChecker.php",{"type":43,"name":59,"callback":131,"file":129,"line":132},"closure",55,{"type":43,"name":84,"callback":84,"file":134,"line":135},"runthings-secrets.php",78,{"type":137,"name":138,"callback":139,"file":134,"line":140},"filter","plugin_action_links_runthings-secrets\u002Frunthings-secrets.php","add_settings_link",88,{"type":43,"name":84,"callback":142,"file":134,"line":143},"schedule_clear_expired_secrets",90,{"type":43,"name":145,"callback":146,"file":134,"line":147},"runthings_secrets_clear_expired_secrets","clear_expired_secrets",91,{"type":43,"name":149,"callback":150,"file":134,"line":151},"plugins_loaded","hooks",220,[],[],[155,159,162],{"tag":156,"callback":157,"file":158,"line":96},"runthings_secrets_add","add_secret_shortcode","includes\\Integration\\Shortcodes\\Shortcodes.php",{"tag":160,"callback":161,"file":158,"line":99},"runthings_secrets_created","secret_created_shortcode",{"tag":163,"callback":164,"file":158,"line":102},"runthings_secrets_view","view_secret_shortcode",[],3,{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":227,"externalRequests":14,"nonceChecks":228,"capabilityChecks":227,"bundledLibraries":229},[],{"prepared":76,"raw":27,"locations":170},[],{"escaped":172,"rawEcho":96,"locations":173},124,[174,177,179,181,183,184,185,187,189,191,193,195,197,199,201,202,204,205,207,209,210,212,214,215,218,221,223,225],{"file":54,"line":175,"context":176},140,"raw output",{"file":54,"line":178,"context":176},147,{"file":54,"line":180,"context":176},154,{"file":54,"line":182,"context":176},162,{"file":64,"line":13,"context":176},{"file":72,"line":106,"context":176},{"file":72,"line":186,"context":176},108,{"file":72,"line":188,"context":176},115,{"file":72,"line":190,"context":176},128,{"file":72,"line":192,"context":176},141,{"file":78,"line":194,"context":176},105,{"file":78,"line":196,"context":176},111,{"file":78,"line":198,"context":176},112,{"file":78,"line":200,"context":176},135,{"file":78,"line":192,"context":176},{"file":78,"line":203,"context":176},142,{"file":80,"line":140,"context":176},{"file":80,"line":206,"context":176},113,{"file":80,"line":208,"context":176},132,{"file":123,"line":116,"context":176},{"file":123,"line":211,"context":176},68,{"file":129,"line":213,"context":176},57,{"file":129,"line":114,"context":176},{"file":216,"line":217,"context":176},"templates\\add-secret-form.php",25,{"file":219,"line":220,"context":176},"templates\\secret-created.php",33,{"file":219,"line":222,"context":176},51,{"file":224,"line":106,"context":176},"templates\\view-secret.php",{"file":224,"line":226,"context":176},46,2,4,[230],{"name":231,"version":28,"knownCves":232},"Select2",[],[],{"summary":235,"deductions":236},"The \"runthings-secrets\" v1.9.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and a lack of recorded historical vulnerabilities suggest a well-maintained and secure codebase.  The code also demonstrates strong adherence to secure coding practices, with all SQL queries utilizing prepared statements and a high percentage of output being properly escaped.  The presence of nonce and capability checks further strengthens its defenses against common web attacks.\n\nHowever, there are minor areas for potential improvement. While the attack surface is small and has no explicitly unprotected entry points, the plugin does utilize shortcodes, which can sometimes be an avenue for exploitation if not carefully handled. The inclusion of bundled libraries like Select2, while not inherently a risk, warrants attention to ensure it's kept up-to-date to prevent potential inherited vulnerabilities.  Overall, the plugin is strong, but vigilance regarding bundled dependencies and careful implementation of shortcode functionality would further enhance its security.",[237,239],{"reason":238,"points":166},"Bundled library (Select2)",{"reason":240,"points":227},"Shortcodes present in attack surface","2026-03-17T00:04:19.931Z",{"wat":243,"direct":260},{"assetPaths":244,"generatorPatterns":251,"scriptPaths":252,"versionParams":253},[245,246,247,248,249,250],"\u002Fwp-content\u002Fplugins\u002Frunthings-secrets\u002Fdist\u002Fcss\u002Frunthings-secrets-admin.css","\u002Fwp-content\u002Fplugins\u002Frunthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-admin.js","\u002Fwp-content\u002Fplugins\u002Frunthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-admin-chunks-vendors.js","\u002Fwp-content\u002Fplugins\u002Frunthings-secrets\u002Fdist\u002Fcss\u002Frunthings-secrets-style.css","\u002Fwp-content\u002Fplugins\u002Frunthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-script.js","\u002Fwp-content\u002Fplugins\u002Frunthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-script-chunks-vendors.js",[],[246,247,249,250],[254,255,256,257,258,259],"runthings-secrets\u002Fdist\u002Fcss\u002Frunthings-secrets-admin.css?ver=","runthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-admin.js?ver=","runthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-admin-chunks-vendors.js?ver=","runthings-secrets\u002Fdist\u002Fcss\u002Frunthings-secrets-style.css?ver=","runthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-script.js?ver=","runthings-secrets\u002Fdist\u002Fjs\u002Frunthings-secrets-script-chunks-vendors.js?ver=",{"cssClasses":261,"htmlComments":263,"htmlAttributes":265,"restEndpoints":268,"jsGlobals":270,"shortcodeOutput":272},[262],"runthings-secrets-settings-wrap",[264],"\u003C!-- runthings-secrets -->",[266,267],"data-runthings-secrets-nonce","data-runthings-secrets-id",[269],"\u002Fwp-json\u002Frunthings-secrets\u002Fv1\u002Fsecrets",[271],"runthingsSecretsAdmin",[]]