[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjZK3i2yc3YOnYJiQs_FFGmGlFzxKDK7kHEZnunel6zY":3,"$fjTUBUbr9YsrLEH96TFt25CR_sjVr6cXX03kgckxICQY":109,"$fBHfsWcz4pQfW_t6Ayn4uO8KSgMIzge-6u3RgibHk8UI":114},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":88},"scriptrr-google-profile","Scriptrr Google + Profile widget","0.7.1","Sandeep Verma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsvnlabs\u002F","\u003Cp>Google Plus Profile Widget allows users to add plugin on their blog or website to invite visitors to new Google + Profile.\u003C\u002Fp>\n\u003Cp>Please send us an email to scriptrr@gmail.com for your questions or suggestions.\u003C\u002Fp>\n\u003Cp>Plus.scriptrr.com is a tool to generate plugin\u002Fwidget for Google + Profile. Plus.scriptrr.com free, it does not require your personal information. Plus.scriptrr.com is third party product for widgets.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Blog: http:\u002F\u002Fblog.svnlabs.com\u002F2011\u002F07\u002Fgoogle-plus-profile-widget\u002F\u003Cbr \u002F>\nDownload Plugin: http:\u002F\u002Fplus.scriptrr.com\u002F\u003C\u002Fp>\n\u003Cp>Follow me:\u003C\u002Fp>\n\u003Cp>Facebook: http:\u002F\u002Fwww.facebook.com\u002Fsvnlabs\u003Cbr \u002F>\nTwitter: http:\u002F\u002Fwww.twitter.com\u002Fsvnlabs\u003C\u002Fp>\n\u003Cp>Subscribe me:\u003Cbr \u002F>\nYoutube: http:\u002F\u002Fwww.youtube.com\u002Fuser\u002Fsvnlabs\u003Cbr \u002F>\nFeeds: http:\u002F\u002Fblog.svnlabs.com\u002Ffeed\u002F\u003C\u002Fp>\n","Google Plus Profile Widget allows users to add plugin on their blog or website to invite visitors to new Google + Profile.",10,4011,0,"2011-08-12T18:51:00.000Z","3.2.1","2.0.2","",[19],"scriptrr-google-plus-profile-widget","http:\u002F\u002Fplus.scriptrr.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscriptrr-google-profile.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"svnlabs",1190,80,392,65,"2026-05-20T00:14:09.044Z",[],{"attackSurface":36,"codeSignals":48,"taintFlows":76,"riskAssessment":77,"analyzedAt":87},{"hooks":37,"ajaxHandlers":44,"restRoutes":45,"shortcodes":46,"cronEvents":47,"entryPointCount":13,"unprotectedCount":13},[38],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","widgets_init","widget_scriptrr_google_plus_profile_widget_init","scriptrr_google_plus_profile_widget.php",141,[],[],[],[],{"dangerousFunctions":49,"sqlUsage":50,"outputEscaping":52,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":75},[],{"prepared":13,"raw":13,"locations":51},[],{"escaped":13,"rawEcho":11,"locations":53},[54,57,59,61,63,65,67,69,71,73],{"file":42,"line":55,"context":56},48,"raw output",{"file":42,"line":58,"context":56},49,{"file":42,"line":60,"context":56},50,{"file":42,"line":62,"context":56},51,{"file":42,"line":64,"context":56},114,{"file":42,"line":66,"context":56},115,{"file":42,"line":68,"context":56},117,{"file":42,"line":70,"context":56},119,{"file":42,"line":72,"context":56},122,{"file":42,"line":74,"context":56},125,[],[],{"summary":78,"deductions":79},"The scriptrr-google-profile plugin v0.7.1 exhibits a seemingly strong security posture based on the provided static analysis. There are no identified dangerous functions, SQL injection vulnerabilities due to prepared statements, file operations, external HTTP requests, or cron events. Furthermore, the absence of known CVEs and a clean vulnerability history are positive indicators of the plugin's maintenance and security awareness.  The plugin also boasts a very small attack surface with no identified entry points that are unprotected.\n\nHowever, the analysis does reveal significant concerns, particularly regarding output escaping. With 10 total outputs and 0% properly escaped, there is a high likelihood of cross-site scripting (XSS) vulnerabilities. This lack of sanitization on output data could allow attackers to inject malicious scripts into the website, impacting users. Additionally, the complete absence of nonce and capability checks across all entry points, while the entry points are currently reported as zero, raises a red flag. If any new entry points are introduced or if the current count is an anomaly, these missing checks would create critical security gaps.\n\nIn conclusion, while the plugin benefits from a lack of known critical vulnerabilities and well-handled SQL queries, the pervasive issue with output escaping presents a substantial risk. The missing authorization checks, even with a small attack surface, also warrant attention. Developers should prioritize addressing the output escaping to mitigate XSS risks and ensure robust authorization mechanisms are in place for any future additions to the plugin's functionality.",[80,83,85],{"reason":81,"points":82},"0% output escaping on 10 outputs",20,{"reason":84,"points":11},"0 capability checks on entry points",{"reason":86,"points":11},"0 nonce checks on entry points","2026-03-16T23:24:37.093Z",{"wat":89,"direct":94},{"assetPaths":90,"generatorPatterns":91,"scriptPaths":92,"versionParams":93},[],[],[],[],{"cssClasses":95,"htmlComments":96,"htmlAttributes":97,"restEndpoints":105,"jsGlobals":106,"shortcodeOutput":107},[],[],[98,99,100,101,102,103,104],"scriptrr_google_plus_profile_widget-userid","scriptrr_google_plus_profile_widget-width","scriptrr_google_plus_profile_widget-height","scriptrr_google_plus_profile_widget-host","scriptrr_google_plus_profile_widget-color","scriptrr_google_plus_profile_widget-links","scriptrr_google_plus_profile_widget-submit",[],[],[108],"\u003Ciframe src=\"http:\u002F\u002Fplus.scriptrr.com\u002Fscriptrr.php?id=",{"error":110,"url":111,"statusCode":112,"statusMessage":113,"message":113},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fscriptrr-google-profile\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":115},[]]