[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpJqXa-9TMmJKGTGB0VvQnPD5sU9qIBLeDCFFrrcS3AU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":11,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":63},"show-user-name","Show user name","1.0","Benjamin Hagh Parast","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaghs\u002F","\u003Cp>If you want to display the current user name, you can use the following shortcode [name]\u003C\u002Fp>\n","Add the shortcode [name] in the Header, footer ore on any post and page. With this plugin you can display the logged in user name.",100,1725,1,"","6.9.4","6.9","8.0",[4],"https:\u002F\u002Fwordtune.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-user-name.1.0.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":11,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"haghs",18,330,30,94,"2026-04-04T11:06:59.546Z",[],{"attackSurface":34,"codeSignals":45,"taintFlows":53,"riskAssessment":54,"analyzedAt":62},{"hooks":35,"ajaxHandlers":36,"restRoutes":37,"shortcodes":38,"cronEvents":44,"entryPointCount":13,"unprotectedCount":21},[],[],[],[39],{"tag":40,"callback":41,"file":42,"line":43},"name","show_user_name","ShowUserName.php",19,[],{"dangerousFunctions":46,"sqlUsage":47,"outputEscaping":49,"fileOperations":21,"externalRequests":21,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":52},[],{"prepared":21,"raw":21,"locations":48},[],{"escaped":50,"rawEcho":21,"locations":51},2,[],[],[],{"summary":55,"deductions":56},"The \"show-user-name\" v1.0 plugin demonstrates a generally good security posture based on the provided static analysis. The code avoids dangerous functions, utilizes prepared statements for all SQL queries, and properly escapes all identified outputs. There are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The absence of any taint analysis findings further suggests that data handling within the plugin is likely secure.\n\nHowever, there are notable areas for concern. The plugin has a complete lack of nonce checks and capability checks. While the reported attack surface is small (only one shortcode) and appears to have no direct authentication checks on entry points, the absence of these fundamental security mechanisms is a significant weakness. In the event that the shortcode's functionality becomes more complex or is extended in the future, the lack of these checks could easily lead to vulnerabilities such as Cross-Site Request Forgery (CSRF) or unauthorized access. The plugin's vulnerability history is clean, indicating past security diligence or simply a lack of exploitation attempts thus far. Nevertheless, the current implementation presents inherent risks due to the missing authorization and noncing controls.",[57,60],{"reason":58,"points":59},"Missing nonce checks",10,{"reason":61,"points":59},"Missing capability checks","2026-03-16T20:31:58.295Z",{"wat":64,"direct":69},{"assetPaths":65,"generatorPatterns":66,"scriptPaths":67,"versionParams":68},[],[],[],[],{"cssClasses":70,"htmlComments":71,"htmlAttributes":72,"restEndpoints":73,"jsGlobals":74,"shortcodeOutput":75},[],[],[],[],[],[76],"[name]"]