[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fULY5HLYCno-5SZtXDP-7synXTIMnN9-czKQhzi_fsdM":3,"$fXKUMyMfsSTgozb_G5rQyZshkyLWv-JnpsfdRS9s77ps":135,"$ffdBcGEl_pMcxC4tF4hz0Puf2xh1k9e8-444WNvbEOG8":140},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":37,"fingerprints":104},"sc-popup-subscriber-form","SC Popup Subscriber Form","1.2","Anas Mir","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharpcoders\u002F","\u003Cp>jQuery Popup Feedburner Subscriber Form appears on Page Load.\u003C\u002Fp>\n\u003Cp>You can\u003Cbr \u002F>\n1. Enable\u002Fdisable jQuery Popup Subscriber Form from admin panel\u003Cbr \u002F>\n2. You can set the feedburner feed id from admin panel\u003Cbr \u002F>\n3. You can change the Heading and Detail from Popup form from admin panel\u003C\u002Fp>\n\u003Cp>For Support visit: http:\u002F\u002Fsharp-coders.com\u002Fplugins\u002Fwp-plugins\u002Fsc-popup-subscriber-form-wordpress-plugin\u003C\u002Fp>\n","jQuery Popup Feedburner Subscriber Form.",10,7301,100,3,"2014-07-06T09:40:00.000Z","3.9.40","3.0","",[20],"jquery-popup-feedburner-subscriber-form","http:\u002F\u002Fsharp-coders.com\u002Fplugins\u002Fwp-plugins\u002Fsc-popup-subscriber-form-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsc-popup-subscriber-form.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":23,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sharpcoders",5,2100,30,84,"2026-05-19T22:38:04.960Z",[],{"attackSurface":38,"codeSignals":66,"taintFlows":92,"riskAssessment":93,"analyzedAt":103},{"hooks":39,"ajaxHandlers":62,"restRoutes":63,"shortcodes":64,"cronEvents":65,"entryPointCount":24,"unprotectedCount":24},[40,46,51,55,58],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","wp_enqueue_scripts","sc_popup_subscriber_script","sc-popup-subscriber-form.php",156,{"type":47,"name":48,"callback":49,"file":44,"line":50},"filter","wp_head","sc_popup_subscriber_HeadAction",157,{"type":41,"name":52,"callback":53,"file":44,"line":54},"admin_menu","sc_popup_subscriber_form_admin_menu",158,{"type":41,"name":42,"callback":56,"file":44,"line":57},"sc_popup_subscriber_stylesheet",159,{"type":41,"name":59,"callback":60,"file":44,"line":61},"wp_footer","sc_popup_subscriber_form",160,[],[],[],[],{"dangerousFunctions":67,"sqlUsage":72,"outputEscaping":74,"fileOperations":24,"externalRequests":24,"nonceChecks":90,"capabilityChecks":24,"bundledLibraries":91},[68],{"fn":69,"file":44,"line":70,"context":71},"unserialize",129,"$options = unserialize(get_option(\"sc_popup_subscriber_form_options\"));",{"prepared":24,"raw":24,"locations":73},[],{"escaped":75,"rawEcho":76,"locations":77},2,6,[78,81,83,85,87,88],{"file":44,"line":79,"context":80},26,"raw output",{"file":44,"line":82,"context":80},27,{"file":44,"line":84,"context":80},28,{"file":44,"line":86,"context":80},29,{"file":44,"line":33,"context":80},{"file":89,"line":34,"context":80},"sc-popup-subscriber-options.php",1,[],[],{"summary":94,"deductions":95},"The \"sc-popup-subscriber-form\" plugin version 1.2 exhibits a mixed security posture.  On the positive side, it has a zero attack surface through AJAX, REST API, shortcodes, and cron events, with no known past vulnerabilities.  The plugin also correctly uses prepared statements for all SQL queries and performs file operations and external HTTP requests with no observed issues. The presence of a nonce check is also a good indicator of security awareness.\n\nHowever, several concerning signals emerge from the static analysis. The use of the `unserialize` function without apparent sanitization presents a significant risk.  If this function is exposed to user-controlled input, it could lead to remote code execution or denial-of-service vulnerabilities. Furthermore, only 25% of output is properly escaped, indicating a high potential for cross-site scripting (XSS) vulnerabilities if any of the unescaped outputs are rendered with user-supplied data. The absence of capability checks on any potential entry points, though the attack surface is currently zero, is a structural weakness that could become problematic if new entry points are added without corresponding security measures.\n\nIn conclusion, while the plugin has a clean vulnerability history and employs some good security practices like prepared statements and nonce checks, the identified risks with `unserialize` and unescaped output are substantial.  These could be exploited if the plugin interacts with user input in a way that is not evident from the provided data. A thorough review of how `unserialize` is used and what data is being outputted is strongly recommended.",[96,99,101],{"reason":97,"points":98},"Dangerous function unserialize used",15,{"reason":100,"points":76},"Low output escaping (25%)",{"reason":102,"points":31},"Missing capability checks","2026-04-16T12:52:07.196Z",{"wat":105,"direct":112},{"assetPaths":106,"generatorPatterns":108,"scriptPaths":109,"versionParams":110},[107],"\u002Fwp-content\u002Fplugins\u002Fsc-popup-subscriber-form\u002Fsc-popup-subscriber-form.css",[],[],[111],"sc-popup-subscriber-form\u002Fsc-popup-subscriber-form.css?ver=",{"cssClasses":113,"htmlComments":120,"htmlAttributes":121,"restEndpoints":130,"jsGlobals":131,"shortcodeOutput":134},[114,115,116,117,118,119],"sc-modelbox-subscriber-bg","sc-model-box","sc-model-close","sc-model-heading","sc-model-detail","sc-model-credit",[],[122,123,124,125,126,127,128,129],"id=\"sc-modelbox-subscriber-bg\"","id=\"mailing-list\"","class=\"sc-model-box wrapper\"","class=\"inside blue\"","class=\"sc-model-close black\"","class=\"sc-model-heading\"","class=\"sc-model-detail\"","class=\"sc-model-credit\"",[],[132,133],"createCookie","readCookie",[],{"error":136,"url":137,"statusCode":138,"statusMessage":139,"message":139},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsc-popup-subscriber-form\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":141},[142,149,156],{"version":6,"download_url":143,"svn_tag_url":144,"released_at":25,"has_diff":145,"diff_files_changed":146,"diff_lines":25,"trac_diff_url":147,"vulnerabilities":148,"is_current":136},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsc-popup-subscriber-form.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsc-popup-subscriber-form\u002Ftags\u002F1.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsc-popup-subscriber-form%2Ftags%2F1.1&new_path=%2Fsc-popup-subscriber-form%2Ftags%2F1.2",[],{"version":150,"download_url":151,"svn_tag_url":152,"released_at":25,"has_diff":145,"diff_files_changed":153,"diff_lines":25,"trac_diff_url":154,"vulnerabilities":155,"is_current":145},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsc-popup-subscriber-form.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsc-popup-subscriber-form\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsc-popup-subscriber-form%2Ftags%2F1.0&new_path=%2Fsc-popup-subscriber-form%2Ftags%2F1.1",[],{"version":157,"download_url":158,"svn_tag_url":159,"released_at":25,"has_diff":145,"diff_files_changed":160,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":161,"is_current":145},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsc-popup-subscriber-form.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsc-popup-subscriber-form\u002Ftags\u002F1.0\u002F",[],[]]