[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuiP4U4UIfebtGAMt3La_-n9sOFjSUcCS6LQk5YyH2Gw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":56,"fingerprints":104},"spip-import","spip_import","1.0","tcrouzet","https:\u002F\u002Fprofiles.wordpress.org\u002Ftcrouzet\u002F","\u003Cp>You want to quit Spip. Fine. This plug-in nanage blog posts and comments (not the tags and images). You have to edit the code to enter your database account and fill the categories conversion array. It’s a prototype use to convert http:\u002F\u002Fnovovision.fr\u003C\u002Fp>\n","Import a Spip blog into WordPress",10,3377,0,"","3.0.5","2.7",[18,19],"inport","spip","http:\u002F\u002Fblog.tcrouzet.com\u002Ftag\u002Fwp2epub\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspip-import.1.01.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,80,90,30,87,"2026-04-05T08:48:33.624Z",[34],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":22,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":53,"download_link":54,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":55},"fg-spip-to-wp","FG SPIP to WordPress","3.36.1","Kerfred","https:\u002F\u002Fprofiles.wordpress.org\u002Fkerfred\u002F","\u003Cp>This plugin migrates categories, articles, news and images from SPIP to WordPress.\u003C\u002Fp>\n\u003Cp>It has been tested with \u003Cstrong>SPIP versions 1.8, 1.9, 2.0, 3.x, and 4.x\u003C\u002Fstrong> and the latest version of WordPress. It is compatible with multisite installations.\u003C\u002Fp>\n\u003Cp>Major features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>migrates categories\u003C\u002Fli>\n\u003Cli>migrates articles\u003C\u002Fli>\n\u003Cli>migrates news\u003C\u002Fli>\n\u003Cli>migrates featured images\u003C\u002Fli>\n\u003Cli>converts SPIP shortcodes\u003C\u002Fli>\n\u003Cli>compatible with the MySQL and SQLite SPIP database drivers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No need to subscribe to an external web site.\u003C\u002Fp>\n\u003Ch4>Premium version\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>Premium version\u003C\u002Fstrong> includes these extra features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>migrates authors with their passwords\u003C\u002Fli>\n\u003Cli>migrates keywords\u003C\u002Fli>\n\u003Cli>migrates forum as WordPress comments\u003C\u002Fli>\n\u003Cli>migrates the syndic sites\u003C\u002Fli>\n\u003Cli>SEO: redirects articles, news, tags and authors URLs\u003C\u002Fli>\n\u003Cli>partial imports : ability to skip some parts of the import: categories, articles, news, users, forum\u003C\u002Fli>\n\u003Cli>ability to run the import by WP CLI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Premium version can be purchased on: \u003Ca href=\"https:\u002F\u002Fwww.fredericgilles.net\u002Ffg-spip-to-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.fredericgilles.net\u002Ffg-spip-to-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Add-ons\u003C\u002Fh4>\n\u003Cp>The Premium version allows the use of add-ons that enhance functionality:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>documents migration\u003C\u002Fli>\n\u003Cli>multilingual content to WPML\u003C\u002Fli>\n\u003Cli>metas SEO data migration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These modules can be purchased on: \u003Ca href=\"https:\u002F\u002Fwww.fredericgilles.net\u002Ffg-spip-to-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.fredericgilles.net\u002Ffg-spip-to-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>French (fr_FR)\u003C\u002Fli>\n\u003Cli>other can be translated\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin to migrate categories, articles, news, and images from SPIP to WordPress",28470,98,32,"2026-01-27T08:02:00.000Z","6.9.4","4.5","5.6",[50,51,52,19],"converter","import","importer","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffg-spip-to-wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffg-spip-to-wp.3.36.1.zip","2026-03-15T15:16:48.613Z",{"attackSurface":57,"codeSignals":69,"taintFlows":92,"riskAssessment":93,"analyzedAt":103},{"hooks":58,"ajaxHandlers":65,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":13,"unprotectedCount":13},[59],{"type":60,"name":61,"callback":62,"file":63,"line":64},"action","admin_menu","spip_admin_menu","spip_import.php",191,[],[],[],[],{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":73,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":91},[],{"prepared":13,"raw":13,"locations":72},[],{"escaped":13,"rawEcho":74,"locations":75},7,[76,79,81,83,85,87,89],{"file":63,"line":77,"context":78},49,"raw output",{"file":63,"line":80,"context":78},76,{"file":63,"line":82,"context":78},99,{"file":63,"line":84,"context":78},139,{"file":63,"line":86,"context":78},183,{"file":63,"line":88,"context":78},186,{"file":63,"line":90,"context":78},187,[],[],{"summary":94,"deductions":95},"The spip-import plugin version 1.0 exhibits a strong foundational security posture with zero known vulnerabilities in its history and a lack of common risky code patterns such as dangerous functions, file operations, or external HTTP requests. The complete absence of SQL queries raises questions about its functionality but also eliminates a common attack vector. Crucially, the static analysis reveals no identified attack surface points like AJAX handlers, REST API routes, or shortcodes, suggesting a very limited integration with WordPress core.\n\nHowever, a significant concern arises from the total lack of output escaping. This means that any data processed and displayed by the plugin, even if it's just internal information, is not being sanitized for malicious characters. If user-controlled data were to somehow enter the plugin's processing pipeline and be outputted, it could lead to cross-site scripting (XSS) vulnerabilities. The absence of taint analysis and capability checks, while potentially reflecting a small or isolated plugin, also means potential vulnerabilities in these areas have not been explicitly identified or ruled out.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and a seemingly small attack surface, the pervasive lack of output escaping represents a serious and exploitable weakness. The absence of critical and high-severity issues in taint analysis is positive, but it's heavily influenced by the lack of entry points and the total absence of SQL queries, which might indicate limited functionality or that the analysis didn't cover all possible code paths. The plugin's security is thus a mixed bag: structurally sound in some areas, but with a critical blind spot in output sanitization.",[96,99,101],{"reason":97,"points":98},"0% output escaping",8,{"reason":100,"points":27},"No capability checks",{"reason":102,"points":27},"No nonce checks","2026-03-16T23:30:08.980Z",{"wat":105,"direct":110},{"assetPaths":106,"generatorPatterns":107,"scriptPaths":108,"versionParams":109},[],[],[],[],{"cssClasses":111,"htmlComments":113,"htmlAttributes":114,"restEndpoints":115,"jsGlobals":116,"shortcodeOutput":117},[112],"wrap",[],[],[],[],[]]