[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fi3RWmUOHT-c3xYhitLDP0L_Kz-Sdc2fwM-kXAvFbBbk":3,"$fTpsLnLm5jFcnYkB_loSHMzVMH4aAdVCWYTrN9CHn0Rg":118,"$fkHfistTqJ9MuRBH8MB2ySn5zOxA-BFFEmxfmVjzmmg4":123},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":89},"scriptrr-google-activity-feed-widget","Scriptrr Google + Activity Feed widget","0.7.1","Sandeep Verma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsvnlabs\u002F","\u003Cp>Google Plus Activity Feed Widget allows users to add plugin on their blog or website to explore latest posts \u002F feeds on Google + Profile.\u003C\u002Fp>\n\u003Cp>Please send us an email to scriptrr@gmail.com for your questions or suggestions.\u003C\u002Fp>\n\u003Cp>Plus.scriptrr.com is a tool to generate plugin\u002Fwidget for Google + Activity Feed. Plus.scriptrr.com free, it does not require your personal information. Plus.scriptrr.com is third party product for widgets.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Blog: http:\u002F\u002Fblog.svnlabs.com\u002F2011\u002F08\u002Fgoogle-activity-feeds-widget\u002F\u003Cbr \u002F>\nDownload Plugin: http:\u002F\u002Fplus.scriptrr.com\u002F\u003C\u002Fp>\n\u003Cp>Follow me:\u003C\u002Fp>\n\u003Cp>Facebook: http:\u002F\u002Fwww.facebook.com\u002Fsvnlabs\u003Cbr \u002F>\nTwitter: http:\u002F\u002Fwww.twitter.com\u002Fsvnlabs\u003C\u002Fp>\n\u003Cp>Subscribe me:\u003Cbr \u002F>\nYoutube: http:\u002F\u002Fwww.youtube.com\u002Fuser\u002Fsvnlabs\u003Cbr \u002F>\nFeeds: http:\u002F\u002Fblog.svnlabs.com\u002Ffeed\u002F\u003C\u002Fp>\n","Google Plus Activity Feed Widget allows users to add plugin on their blog or website to explore latest posts \u002F feeds on Google + Profile.",10,2192,0,"2011-08-14T06:39:00.000Z","3.2.1","2.0.2","",[19],"scriptrr-google-plus-activity-feed-live-stream-widget","http:\u002F\u002Fplus.scriptrr.com\u002Ffeeds.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscriptrr-google-activity-feed-widget.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"svnlabs",1190,80,392,65,"2026-05-20T00:15:52.556Z",[],{"attackSurface":36,"codeSignals":48,"taintFlows":76,"riskAssessment":77,"analyzedAt":88},{"hooks":37,"ajaxHandlers":44,"restRoutes":45,"shortcodes":46,"cronEvents":47,"entryPointCount":13,"unprotectedCount":13},[38],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","widgets_init","widget_scriptrr_google_plus_activity_feed_widget_init","scriptrr_google_plus_activity_feed_widget.php",146,[],[],[],[],{"dangerousFunctions":49,"sqlUsage":50,"outputEscaping":52,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":75},[],{"prepared":13,"raw":13,"locations":51},[],{"escaped":13,"rawEcho":11,"locations":53},[54,57,59,61,63,65,67,69,71,73],{"file":42,"line":55,"context":56},49,"raw output",{"file":42,"line":58,"context":56},50,{"file":42,"line":60,"context":56},51,{"file":42,"line":62,"context":56},52,{"file":42,"line":64,"context":56},117,{"file":42,"line":66,"context":56},119,{"file":42,"line":68,"context":56},120,{"file":42,"line":70,"context":56},122,{"file":42,"line":72,"context":56},124,{"file":42,"line":74,"context":56},127,[],[],{"summary":78,"deductions":79},"The security posture of the scriptrr-google-activity-feed-widget plugin version 0.7.1 appears to be strong based on the provided static analysis and vulnerability history. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the analysis indicates no dangerous functions, no file operations, and no external HTTP requests, all of which are positive indicators. The fact that all SQL queries use prepared statements and there are no recorded CVEs or vulnerability history suggests a well-maintained and secure codebase.\n\nHowever, a notable concern arises from the output escaping analysis. With 10 total outputs and 0% properly escaped, this presents a significant risk. Any user-supplied data that is not properly escaped before being displayed to the user could lead to cross-site scripting (XSS) vulnerabilities. While the taint analysis shows no unsanitized paths, this could be due to the limited attack surface or that the taint analysis itself was not comprehensive enough to identify these flows. The lack of nonce checks and capability checks, while not directly leading to issues in this version due to the limited attack surface, represents a weakness that could be exploited if new entry points were introduced in future updates.\n\nIn conclusion, the plugin exhibits good practices by minimizing its attack surface and employing prepared statements for SQL. The absence of known vulnerabilities is also a strong positive. The primary and most immediate risk stems from the complete lack of output escaping, which warrants immediate attention. While the current lack of exploits might be circumstantial, the underlying insecurity in output handling needs to be addressed to prevent potential XSS attacks.",[80,83,86],{"reason":81,"points":82},"All outputs unescaped",20,{"reason":84,"points":85},"No nonce checks",5,{"reason":87,"points":85},"No capability checks","2026-04-16T11:39:16.308Z",{"wat":90,"direct":95},{"assetPaths":91,"generatorPatterns":92,"scriptPaths":93,"versionParams":94},[],[],[],[],{"cssClasses":96,"htmlComments":97,"htmlAttributes":98,"restEndpoints":106,"jsGlobals":107,"shortcodeOutput":108},[],[],[99,100,101,102,103,104,105],"scriptrr_google_plus_activity_feed_widget-title","scriptrr_google_plus_activity_feed_widget-userid","scriptrr_google_plus_activity_feed_widget-width","scriptrr_google_plus_activity_feed_widget-height","scriptrr_google_plus_activity_feed_widget-host","scriptrr_google_plus_activity_feed_widget-color","scriptrr_google_plus_activity_feed_widget-submit",[],[],[109,110,111,112,113,114,115,116,117],"\u003Ciframe src=\"http:\u002F\u002Fplus.scriptrr.com\u002Ffeeds\u002Ffeeds.php?plusid=","&host=","&height=","&width=","&color=","&links=","\" frameborder=\"0\" scrolling=\"no\" height=\"","\" width=\"","\">\u003C\u002Fiframe>",{"error":119,"url":120,"statusCode":121,"statusMessage":122,"message":122},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fscriptrr-google-activity-feed-widget\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":124},[]]