[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuzqA2daJfM91z-BUfnbeStAoO7VocnqUa6sY8ic2c3w":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":121,"fingerprints":170},"rurumo","0.2","Sergey Biryukov","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeybiryukov\u002F","\u003Cp>Allows to get Russian translations for your plugins automatically from the \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fp\u002Fl10n-ru\u002F\" rel=\"nofollow ugc\">l10n-ru\u003C\u002Fa> project repository.\u003C\u002Fp>\n","Allows to get Russian translations for your plugins automatically.",50,12778,0,"2018-12-10T23:56:00.000Z","3.1.4","2.8","",[18,19,20,21],"l10n","plugins","russian","translations","http:\u002F\u002Fcode.google.com\u002Fp\u002Fl10n-ru\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frurumo.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":6,"profile_url":7,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sergeybiryukov",23,312630,86,30,84,"2026-04-04T02:43:09.407Z",[37,57,76,93,104],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":16,"tags":52,"homepage":55,"download_link":56,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"rus-to-eng","Rus-to-Eng","1.3","marapper","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarapper\u002F","\u003Cp>TRANSLATE russian words from post and term slugs to english, or, if Google service is anavaible convert cyrillic in latin. Useful for creating human-readable URLs.\u003C\u002Fp>\n\u003Cp>Work finely with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcyr2lat\u002F\" rel=\"ugc\">Cyr-To-Lat\u003C\u002Fa> (if Google service is anavaible convert cyrillic in latin).\u003C\u002Fp>\n\u003Cp>Based on idea \u003Ca href=\"http:\u002F\u002Fneverlex.com\u002Fcat\u002Fprogramming\u002Ffunction-generating-handsome-friendly-url\u002F\" rel=\"nofollow ugc\">NeverLex\u003C\u002Fa> and the original plugin Cyr-To-Lat by Atrax, SergeyBiryukov, Anton Skorobogatov. Thanks to Alexander Shilyaev for the idea. (regexp: \u003Ca href=\"http:\u002F\u002Fiskariot.ru\" rel=\"nofollow ugc\">Sergey M.\u003C\u002Fa> && \u003Ca href=\"http:\u002F\u002Fwp-kama.ru\" rel=\"nofollow ugc\">Kama\u003C\u002Fa>, first plugin: \u003Ca href=\"http:\u002F\u002F1-sites.info\" rel=\"nofollow ugc\">Pensioner\u003C\u002Fa>)\u003C\u002Fp>\n\u003Cp>В отличие от оригинального плагина Cyr-To-Lat, этот плагин не транслитерирует слаги постов и тегов, но переводит их с помощью Google Translate (если тот недоступен – тогда работает транслитерация). Рекомендуется использовать с \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcyr2lat\u002F\" rel=\"ugc\">Cyr-To-Lat\u003C\u002Fa> – в случае недоступности сервиса будет обеспечена транслитерация слагов (а также транслитерация имен файлов), также это обеспечит доступность старых постов.\u003C\u002Fp>\n","Useful for creating human-readable URLs.",40,7075,100,1,"2010-10-29T10:41:00.000Z","3.0.5","2.3",[18,20,53,21,54],"slugs","transliteration","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frus-to-eng\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frus-to-eng.1.3.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":16,"tags":72,"homepage":74,"download_link":75,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"sp-rtl-rus-to-lat","SP RTL (RusToLat)","1.0.5","Alex Kuimov","https:\u002F\u002Fprofiles.wordpress.org\u002Fspoot1986\u002F","\u003Cp>This plugin converts Cyrillic characters in post, page slugs to Latin characters.\u003C\u002Fp>\n","This plugin converts Cyrillic characters in post, page slugs to Latin characters.",2000,25640,74,3,"2019-03-08T19:37:00.000Z","4.9.29","4.5.3",[20,73,53,21,54],"rustolat","https:\u002F\u002Fcms3.ru\u002Fkirillicu-v-latinicu-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsp-rtl-rus-to-lat.zip",{"slug":77,"name":78,"version":79,"author":6,"author_profile":7,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":12,"num_ratings":12,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":16,"tags":87,"homepage":91,"download_link":92,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"wplang-lite","WPLANG Lite","0.4","\u003Cp>Creates a separate tiny .mo file to use on a site front-end. Allows to save some amount of RAM on a shared hosting server.\u003C\u002Fp>\n\u003Cp>Thanks to MAX for the original non-plugin solution and to AlexPTS for the idea.\u003C\u002Fp>\n","Creates a separate tiny .mo file to use on a site front-end.",500,18246,"2012-04-27T15:24:00.000Z","3.2.1","2.9",[18,88,89,90,21],"memory","optimization","php","http:\u002F\u002Fuplift.ru\u002Fprojects\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwplang-lite.0.4.zip",{"slug":94,"name":95,"version":96,"author":6,"author_profile":7,"description":97,"short_description":98,"active_installs":47,"downloaded":99,"rating":47,"num_ratings":68,"last_updated":100,"tested_up_to":50,"requires_at_least":101,"requires_php":16,"tags":102,"homepage":91,"download_link":103,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"pure-php-localization","Pure PHP Localization","0.6.1","\u003Cp>Converts gettext binary message catalogs to an array of strings. Allows to save some amount of RAM on a shared hosting server.\u003Cbr \u002F>\nWorks with plugin and theme textdomains as well as with the default.\u003C\u002Fp>\n\u003Cp>Thanks to AlexPTS for the idea.\u003C\u002Fp>\n","Converts gettext binary message catalogs to an array of strings.",12738,"2012-04-27T15:25:00.000Z","2.1",[18,88,89,90,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpure-php-localization.0.6.1.zip",{"slug":105,"name":106,"version":107,"author":6,"author_profile":7,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":47,"num_ratings":48,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":16,"tags":115,"homepage":119,"download_link":120,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"restore-automatic-update","Restore Automatic Update (ru_RU)","0.5","\u003Cp>Some alternative (unofficial) Russian localization teams modify the automatic update procedure to download WordPress core packages from their own hosts. The problem is that they systematically fail to deliver updates on time (even security updates) and currently provide no visible support for their releases.\u003C\u002Fp>\n\u003Cp>This plugin allows you to update any outdated Russian WordPress package to the latest release from \u003Ca href=\"https:\u002F\u002Fru.wordpress.org\u002F\" rel=\"nofollow ugc\">ru.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can safely remove the plugin after the update.\u003C\u002Fp>\n\u003Cp>Thanks to AlexPTS for the idea.\u003C\u002Fp>\n","Allows you to update any outdated Russian WordPress package to the latest release from ru.wordpress.org.",80,6571,"2014-09-05T21:26:00.000Z","4.0.38","2.7",[18,116,117,21,118],"releases","ru_ru","update","http:\u002F\u002Fru.forums.wordpress.org\u002Ftopic\u002F7292","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestore-automatic-update.0.5.zip",{"attackSurface":122,"codeSignals":139,"taintFlows":159,"riskAssessment":160,"analyzedAt":169},{"hooks":123,"ajaxHandlers":135,"restRoutes":136,"shortcodes":137,"cronEvents":138,"entryPointCount":12,"unprotectedCount":12},[124,131],{"type":125,"name":126,"callback":127,"priority":128,"file":129,"line":130},"action","after_plugin_row","rurumo_notification",10,"rurumo.php",112,{"type":125,"name":132,"callback":133,"file":129,"line":134},"update-custom_rurumo-get-translation","rurumo_get_translation",136,[],[],[],[],{"dangerousFunctions":140,"sqlUsage":145,"outputEscaping":147,"fileOperations":157,"externalRequests":12,"nonceChecks":48,"capabilityChecks":48,"bundledLibraries":158},[141],{"fn":142,"file":129,"line":143,"context":144},"unserialize",78,"$rurumo = unserialize(get_option('rurumo'));",{"prepared":12,"raw":12,"locations":146},[],{"escaped":12,"rawEcho":68,"locations":148},[149,152,154],{"file":129,"line":150,"context":151},107,"raw output",{"file":129,"line":153,"context":151},131,{"file":155,"line":156,"context":151},"update.php",34,5,[],[],{"summary":161,"deductions":162},"The \"rurumo\" plugin v0.2 exhibits a mixed security posture.  On the positive side, there are no registered CVEs, no known unpatched vulnerabilities, and the plugin demonstrates good practices with 100% of its SQL queries using prepared statements and includes at least one nonce and capability check.  The absence of external HTTP requests and bundled libraries further reduces potential attack vectors.\n\nHowever, significant concerns arise from the static analysis. The presence of the `unserialize` function is a critical risk, as it can lead to Remote Code Execution (RCE) if attacker-controlled data is unserialized. Furthermore, the plugin fails to properly escape any of its output, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. The lack of any taint analysis results is also noteworthy, suggesting either limited analysis was performed or the tool couldn't identify any flows, which is unusual given the presence of `unserialize` and unescaped output.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and good SQL practices, the identified `unserialize` function and complete lack of output escaping present substantial security risks. The absence of taint analysis data is also a point of concern, making it difficult to fully assess the impact of the `unserialize` function. Users should be cautious and consider the potential for XSS and RCE vulnerabilities.",[163,166],{"reason":164,"points":165},"Presence of unserialize function",15,{"reason":167,"points":168},"No output escaping",8,"2026-03-16T21:55:04.265Z",{"wat":171,"direct":176},{"assetPaths":172,"generatorPatterns":173,"scriptPaths":174,"versionParams":175},[],[],[],[],{"cssClasses":177,"htmlComments":178,"htmlAttributes":179,"restEndpoints":180,"jsGlobals":181,"shortcodeOutput":182},[],[],[],[],[],[]]