[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJJA04zJWCVhJA9q_qZqV9uYnTW15Pd8R7bVJRRqbfmE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":110},"shortcode-usage","Shortcode Usage","1.0.1","windyjonas","https:\u002F\u002Fprofiles.wordpress.org\u002Fwindyjonas\u002F","\u003Cp>Have you ever been in a situation where you have site with lots of content, a theme with lots of shortcodes and you have no idea where those shortcodes are used and if it is safe to remove any of them?\u003C\u002Fp>\n\u003Cp>With this plugin you can search through all content and list the posts, pages and CPTs that use a specific shortcode, with direct links to edit each post.\u003C\u002Fp>\n","List the posts and pages where a specific shortcode is used",10,2033,0,"2019-03-19T14:08:00.000Z","5.1.22","4.9","",[19],"shortcodes-usage","http:\u002F\u002Fjonasnordstrom.se\u002Fplugins\u002Fshortcode-usage\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcode-usage.1.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,130,78,30,79,"2026-04-04T13:04:35.858Z",[],{"attackSurface":35,"codeSignals":47,"taintFlows":74,"riskAssessment":101,"analyzedAt":109},{"hooks":36,"ajaxHandlers":43,"restRoutes":44,"shortcodes":45,"cronEvents":46,"entryPointCount":13,"unprotectedCount":13},[37],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_menu","init","bu-shortcode-usage.php",50,[],[],[],[],{"dangerousFunctions":48,"sqlUsage":49,"outputEscaping":52,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":50,"bundledLibraries":73},[],{"prepared":50,"raw":13,"locations":51},1,[],{"escaped":53,"rawEcho":54,"locations":55},2,9,[56,59,61,63,64,66,68,70,72],{"file":41,"line":57,"context":58},94,"raw output",{"file":41,"line":60,"context":58},109,{"file":41,"line":62,"context":58},111,{"file":41,"line":62,"context":58},{"file":41,"line":65,"context":58},112,{"file":41,"line":67,"context":58},113,{"file":41,"line":69,"context":58},140,{"file":41,"line":71,"context":58},160,{"file":41,"line":71,"context":58},[],[75,93],{"entryPoint":76,"graph":77,"unsanitizedCount":13,"severity":92},"shortcode_page (bu-shortcode-usage.php:67)",{"nodes":78,"edges":89},[79,84],{"id":80,"type":81,"label":82,"file":41,"line":83},"n0","source","$_GET (x4)",76,{"id":85,"type":86,"label":87,"file":41,"line":57,"wp_function":88},"n1","sink","echo() [XSS]","echo",[90],{"from":80,"to":85,"sanitized":91},true,"low",{"entryPoint":94,"graph":95,"unsanitizedCount":13,"severity":92},"\u003Cbu-shortcode-usage> (bu-shortcode-usage.php:0)",{"nodes":96,"edges":99},[97,98],{"id":80,"type":81,"label":82,"file":41,"line":83},{"id":85,"type":86,"label":87,"file":41,"line":57,"wp_function":88},[100],{"from":80,"to":85,"sanitized":91},{"summary":102,"deductions":103},"The 'shortcode-usage' plugin version 1.0.1 exhibits a generally strong security posture based on the static analysis provided. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant positive. Furthermore, the plugin utilizes prepared statements for all its SQL queries and has no recorded vulnerabilities or CVEs, which is highly reassuring.  The lack of file operations and external HTTP requests also contributes to its robust security.\n\nHowever, a notable area of concern is the low percentage of properly escaped output (18%). This indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not consistently handled with care when displayed. The presence of only one capability check and zero nonce checks, combined with a total of zero unprotected entry points, suggests that any potential vulnerabilities would likely require authenticated access or be triggered in very specific, controlled circumstances. The overall assessment is positive due to the lack of critical technical flaws and a clean vulnerability history, but the output escaping should be addressed to achieve a fully secure state.",[104,107],{"reason":105,"points":106},"Low percentage of properly escaped output",7,{"reason":108,"points":27},"No nonce checks","2026-03-17T00:24:42.150Z",{"wat":111,"direct":116},{"assetPaths":112,"generatorPatterns":113,"scriptPaths":114,"versionParams":115},[],[],[],[],{"cssClasses":117,"htmlComments":121,"htmlAttributes":122,"restEndpoints":124,"jsGlobals":125,"shortcodeOutput":126},[118,119,120],"wrap","icon32","widefat",[],[123],"data-post-id",[],[],[127,128,129,130,131,132,133,134,135,136,137],"\u003Ch2>Usage of shortcode","\u003Cth>Type\u003C\u002Fth>","\u003Cth>Id\u003C\u002Fth>","\u003Cth>Title\u003C\u002Fth>","\u003Cth>Status\u003C\u002Fth>","\u003Cth>Date\u003C\u002Fth>","\u003Ch4>Shortcode [","] is not used anywhere.","\u003Cinput type=\"hidden\" name=\"page\" value=\"shortcode-usage\" \u002F>","\u003Cinput type=\"hidden\" name=\"action\" value=\"su-search\" \u002F>","\u003Ch3>Registered shortcodes\u003C\u002Fh3>"]