[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fga4BG3Gmrg_OCB6ib_y-XriqpLSgfModyK6uEDRwWnk":3,"$f2M3rZPzIfSMMzwZMApRJbqQ7ckmRi1nyegpGwrFVQmU":197,"$fcVpWMSWKIWbuyAnSB6CjB0NvrhOju-nnIiaHfXcBYPA":202},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":37,"fingerprints":165},"sas-web-ads-banner-video","SAS WEB ads-banner-video Plugin","1.0.1","Suresh Kumar Mukhiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsureshhardiya\u002F","\u003Cp>SAS WEB ads-banner-video Plugin is a simple plugin that can be used to place sidebar banner with description, full width video with description or half width banner with description. This can be done without any coding knowledge.\u003C\u002Fp>\n","Sidebar ads, banner video plugin allows you to add images, video to your sidebar without coding.",10,1394,0,"2017-09-09T11:14:00.000Z","4.8.28","",[18,19,20,21],"full-width-sidebar-banner","full-width-video-sidebar","half-width-sidebar","sidebar-ads","https:\u002F\u002Fwww.skmukhiya.com.np","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsas-web-ads-banner-video.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":33,"computed_at":35},"sureshhardiya",4,1220,80,30,"2026-05-19T23:29:57.774Z",[],{"attackSurface":38,"codeSignals":58,"taintFlows":152,"riskAssessment":153,"analyzedAt":164},{"hooks":39,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":13,"unprotectedCount":13},[40,46,50],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","wp_enqueue_scripts","sasweb_banner_stylesheet","sidebar-ads-banner-video.php",27,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_menu","sasweb_add_admin_menu",48,{"type":41,"name":51,"callback":52,"file":44,"line":53},"widgets_init","sasweb_half_banner_init",55,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":151},[],{"prepared":13,"raw":13,"locations":61},[],{"escaped":63,"rawEcho":64,"locations":65},12,52,[66,69,71,73,75,77,79,81,83,85,87,89,91,93,95,96,97,99,101,102,103,105,107,108,109,111,113,114,115,117,119,120,121,123,125,126,127,129,131,132,133,135,137,138,139,141,143,144,145,147,149,150],{"file":44,"line":67,"context":68},98,"raw output",{"file":44,"line":70,"context":68},102,{"file":44,"line":72,"context":68},106,{"file":44,"line":74,"context":68},110,{"file":44,"line":76,"context":68},111,{"file":44,"line":78,"context":68},113,{"file":44,"line":80,"context":68},119,{"file":44,"line":82,"context":68},120,{"file":44,"line":84,"context":68},122,{"file":44,"line":86,"context":68},127,{"file":44,"line":88,"context":68},128,{"file":44,"line":90,"context":68},131,{"file":44,"line":92,"context":68},164,{"file":44,"line":94,"context":68},165,{"file":44,"line":94,"context":68},{"file":44,"line":94,"context":68},{"file":44,"line":98,"context":68},170,{"file":44,"line":100,"context":68},171,{"file":44,"line":100,"context":68},{"file":44,"line":100,"context":68},{"file":44,"line":104,"context":68},176,{"file":44,"line":106,"context":68},177,{"file":44,"line":106,"context":68},{"file":44,"line":106,"context":68},{"file":44,"line":110,"context":68},182,{"file":44,"line":112,"context":68},183,{"file":44,"line":112,"context":68},{"file":44,"line":112,"context":68},{"file":44,"line":116,"context":68},188,{"file":44,"line":118,"context":68},189,{"file":44,"line":118,"context":68},{"file":44,"line":118,"context":68},{"file":44,"line":122,"context":68},194,{"file":44,"line":124,"context":68},195,{"file":44,"line":124,"context":68},{"file":44,"line":124,"context":68},{"file":44,"line":128,"context":68},200,{"file":44,"line":130,"context":68},201,{"file":44,"line":130,"context":68},{"file":44,"line":130,"context":68},{"file":44,"line":134,"context":68},206,{"file":44,"line":136,"context":68},207,{"file":44,"line":136,"context":68},{"file":44,"line":136,"context":68},{"file":44,"line":140,"context":68},212,{"file":44,"line":142,"context":68},213,{"file":44,"line":142,"context":68},{"file":44,"line":142,"context":68},{"file":44,"line":146,"context":68},218,{"file":44,"line":148,"context":68},219,{"file":44,"line":148,"context":68},{"file":44,"line":148,"context":68},[],[],{"summary":154,"deductions":155},"The 'sas-web-ads-banner-video' plugin v1.0.1 exhibits a strong security posture based on the provided static analysis. The complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events, coupled with no reported vulnerabilities in its history, suggests a well-contained and non-intrusive plugin. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and refraining from dangerous function calls or file operations, which significantly reduces common attack vectors. There are no indications of taint analysis issues or external HTTP requests, further bolstering its security profile.\n\nHowever, a significant concern arises from the low percentage of properly escaped output (19%). This indicates that a substantial portion of dynamic content generated by the plugin may be vulnerable to Cross-Site Scripting (XSS) attacks. While there are no direct indicators of XSS based on taint analysis, the lack of consistent output escaping is a critical weakness that could be exploited if user-supplied data is indirectly included in the output. The absence of nonce and capability checks on potential, though currently non-existent, entry points is also a theoretical risk, but less concerning given the current attack surface. Overall, while the plugin avoids many common pitfalls, the unescaped output presents a notable, actionable security risk.",[156,159,162],{"reason":157,"points":158},"Low percentage of properly escaped output",6,{"reason":160,"points":161},"No nonce checks on potential entry points",2,{"reason":163,"points":161},"No capability checks on potential entry points","2026-03-17T01:33:13.703Z",{"wat":166,"direct":172},{"assetPaths":167,"generatorPatterns":169,"scriptPaths":170,"versionParams":171},[168],"\u002Fwp-content\u002Fplugins\u002Fsas-web-ads-banner-video\u002Fcss\u002Fsidebar_ads_banner_video.css",[],[],[],{"cssClasses":173,"htmlComments":180,"htmlAttributes":192,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":196},[174,175,176,177,178,179],"banner-widget1-2-outer-wrapper","banner-widget1-2-wrapper","banner-widget1-2","left","right","mb",[181,182,183,184,185,186,187,188,189,190,191],"\u003C!-- @desc: initializing widget -->","\u003C!-- @param:none -->","\u003C!-- @returns:non -->","\u003C!-- Title -->","\u003C!-- Image -->","\u003C!-- Link -->","\u003C!-- Description1 -->","\u003C!-- Image2 -->","\u003C!-- Link2 -->","\u003C!-- Description2 -->","\u003C!-- Bottom Margin -->",[193],"id=\"banner_link\"",[],[],[],{"error":198,"url":199,"statusCode":200,"statusMessage":201,"message":201},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsas-web-ads-banner-video\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":203},[]]