[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT43B3eVObtXnVrEhSsdiftpK32zhNmZatZ14EJ9dk2Q":3,"$fP8URVkH8nFSg0aUGTOasshSrDAr-ytvjEM-eKL0fV9k":124,"$fIpsBszQ5u74MMIFv5n5or3r4cquo5J-xSCo4eB391dw":128},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":37,"fingerprints":100},"skolmaten","Snillrik Skolmaten.se","2.0.0","mattiaspkallio","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattiaspkallio\u002F","\u003Cp>Skolmaten.se is a service where schools can handle their lunch menu so students, and hungry teachers too, can get information about today’s lunch, and the next couple of weeks too.\u003Cbr \u002F>\nThis plugin uses information from that service and displays it on your wordpress site using widget and\u002For shortcodes.\u003C\u002Fp>\n\u003Cp>Your school have to have be registered at skolmaten.se for this plugin to be useful. To use their service you can visit them here: http:\u002F\u002Fskolmaten.se\u002F\u003C\u002Fp>\n\u003Cp>Snillrik is not connected to Skolmaten.se, this is simply a plugin using their brilliant service and API\u002FFeed.\u003C\u002Fp>\n","Fetch your schools lunch menu from skolmaten.se",0,1862,90,2,"2026-01-06T15:50:00.000Z","6.9.4","4.5","",[20,21],"dinskolmat","lunchmeny","http:\u002F\u002Fwww.snillrik.se\u002Fskolmaten\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskolmaten.2.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},4,30,98,404,78,"2026-05-20T06:56:27.001Z",[],{"attackSurface":38,"codeSignals":81,"taintFlows":90,"riskAssessment":91,"analyzedAt":99},{"hooks":39,"ajaxHandlers":70,"restRoutes":71,"shortcodes":72,"cronEvents":80,"entryPointCount":14,"unprotectedCount":11},[40,46,52,56,60,62,66],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_notices","closure","classes\u002Fskolmaten_api.php",40,{"type":41,"name":47,"callback":48,"priority":49,"file":50,"line":51},"init","widget_snillrik_skolmaten",20000,"classes\u002Fwidgets.php",14,{"type":41,"name":53,"callback":54,"file":50,"line":55},"widgets_init","create_the_widget",15,{"type":41,"name":57,"callback":43,"file":58,"line":59},"admin_menu","settings.php",6,{"type":41,"name":61,"callback":43,"file":58,"line":55},"admin_init",{"type":41,"name":63,"callback":64,"file":65,"line":31},"wp_enqueue_scripts","skolmaten_styles","skolmaten.php",{"type":41,"name":67,"callback":68,"file":65,"line":69},"admin_enqueue_scripts","skolmaten_styles_admin",36,[],[],[73,77],{"tag":74,"callback":74,"file":75,"line":76},"skolmaten_vecka","classes\u002Fshortcodes.php",17,{"tag":78,"callback":78,"file":75,"line":79},"skolmaten_day",18,[],{"dangerousFunctions":82,"sqlUsage":83,"outputEscaping":86,"fileOperations":11,"externalRequests":84,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":89},[],{"prepared":84,"raw":11,"locations":85},1,[],{"escaped":87,"rawEcho":11,"locations":88},58,[],[],[],{"summary":92,"deductions":93},"The \"skolmaten\" v2.0.0 plugin exhibits a strong security posture based on the provided static analysis.  The absence of dangerous functions, all SQL queries utilizing prepared statements, and 100% properly escaped output are excellent security practices.  The plugin also demonstrates good security by avoiding direct file operations and external HTTP requests where possible, and importantly, all identified entry points (shortcodes) appear to have implicit or explicit protection mechanisms, as none are listed as unprotected. The vulnerability history being entirely clean further reinforces this positive assessment.\n\nDespite the positive indicators, there are a few areas that warrant attention. The complete absence of nonce checks and capability checks across all identified code signals is a significant concern. While the current attack surface is small and seemingly protected, this omission leaves the plugin vulnerable to CSRF attacks and privilege escalation if any future functionality introduces new entry points or if the existing implicit protections are bypassed. The lack of taint analysis results, while potentially indicating no critical flows, also means there's no specific assurance that unsanitized data isn't being processed in unexpected ways.\n\nIn conclusion, \"skolmaten\" v2.0.0 is well-developed with a clear focus on secure coding practices regarding SQL and output sanitization. However, the lack of explicit authorization and CSRF protection mechanisms in its codebase represents a notable weakness that could be exploited. Addressing these omissions would significantly enhance the plugin's overall security.",[94,97],{"reason":95,"points":96},"Missing nonce checks",10,{"reason":98,"points":96},"Missing capability checks","2026-04-16T14:21:26.182Z",{"wat":101,"direct":109},{"assetPaths":102,"generatorPatterns":106,"scriptPaths":107,"versionParams":108},[103,104,105],"\u002Fwp-content\u002Fplugins\u002Fskolmaten\u002Fcss\u002Fskolmaten.css","\u002Fwp-content\u002Fplugins\u002Fskolmaten\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fskolmaten\u002Fcss\u002Fsettings-page.css",[],[],[],{"cssClasses":110,"htmlComments":114,"htmlAttributes":116,"restEndpoints":119,"jsGlobals":120,"shortcodeOutput":121},[111,112,113],"skolmaten_list","skolmaten_fromto","widget-title",[115,115],"Shortcodes for skolmaten",[117,118,111,112],"skolmaten-admin","skolmaten-admin-settings",[],[],[122,123],"[skolmaten_vecka","[skolmaten_day",{"error":125,"url":126,"statusCode":33,"statusMessage":127,"message":127},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fskolmaten\u002Fbundle","no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":129,"versions":130},5,[131,137,144,151,158],{"version":6,"download_url":23,"svn_tag_url":132,"released_at":25,"has_diff":133,"diff_files_changed":134,"diff_lines":25,"trac_diff_url":135,"vulnerabilities":136,"is_current":125},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fskolmaten\u002Ftags\u002F2.0.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fskolmaten%2Ftags%2F1.9.0&new_path=%2Fskolmaten%2Ftags%2F2.0.0",[],{"version":138,"download_url":139,"svn_tag_url":140,"released_at":25,"has_diff":133,"diff_files_changed":141,"diff_lines":25,"trac_diff_url":142,"vulnerabilities":143,"is_current":133},"1.9.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskolmaten.1.9.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fskolmaten\u002Ftags\u002F1.9.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fskolmaten%2Ftags%2F1.8.1&new_path=%2Fskolmaten%2Ftags%2F1.9.0",[],{"version":145,"download_url":146,"svn_tag_url":147,"released_at":25,"has_diff":133,"diff_files_changed":148,"diff_lines":25,"trac_diff_url":149,"vulnerabilities":150,"is_current":133},"1.8.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskolmaten.1.8.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fskolmaten\u002Ftags\u002F1.8.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fskolmaten%2Ftags%2F1.8.0&new_path=%2Fskolmaten%2Ftags%2F1.8.1",[],{"version":152,"download_url":153,"svn_tag_url":154,"released_at":25,"has_diff":133,"diff_files_changed":155,"diff_lines":25,"trac_diff_url":156,"vulnerabilities":157,"is_current":133},"1.8.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskolmaten.1.8.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fskolmaten\u002Ftags\u002F1.8.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fskolmaten%2Ftags%2F1.7.1&new_path=%2Fskolmaten%2Ftags%2F1.8.0",[],{"version":159,"download_url":160,"svn_tag_url":161,"released_at":25,"has_diff":133,"diff_files_changed":162,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":163,"is_current":133},"1.7.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskolmaten.1.7.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fskolmaten\u002Ftags\u002F1.7.1\u002F",[],[]]