[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fK-goC-Q7n_iqJarEWuMe__YzlHq2sCoNvUUCo1l0tX8":3,"$fkyXci-YM5u57iE4_S_w-Vs0IdaRA3mbDKTjsrZKNaKA":110,"$flS8ER5wJEIpWl8wJC86e7rQyNgr5tcIU3kmr4fChkHk":115},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":37,"analysis":52,"fingerprints":93},"stand-with-ukraine","Stand With Ukraine","1.0.5","Jonathan Bossenger","https:\u002F\u002Fprofiles.wordpress.org\u002Fpsykro\u002F","\u003Cp>Displays a banner on your site to show your support for Ukraine. Customize your banner using the \u003Ccode>#stand_with_ukraine_overlay\u003C\u002Fcode> CSS ID-attribute.\u003C\u002Fp>\n","Displays a banner and link on your site to show your support for Ukraine. Styles are output inline for performance reasons, but can be filtered using &hellip;",10,1491,100,6,"2022-03-08T18:46:00.000Z","5.9.13","4.6","5.6",[20],"standwithukraine","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstand-with-ukraine.1.0.5.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"psykro",2,20,93,30,89,"2026-05-20T01:14:12.758Z",[38],{"slug":20,"name":5,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":24,"num_ratings":24,"last_updated":45,"tested_up_to":16,"requires_at_least":46,"requires_php":18,"tags":47,"homepage":21,"download_link":50,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":51},"1.0.3","imsadhappy","https:\u002F\u002Fprofiles.wordpress.org\u002Fimsadhappy\u002F","\u003Cp>This plugin is written and distriubted only in infromation purposes. No payments and no analytics are implemented through this plugin.\u003C\u002Fp>\n\u003Cp>This plugin simply adds button to the bottom of the page or a full-page line (at the top or at the bottom of the page). See all the available styles on the screenshots below. When user clicks the button – a popup appears with the following text:\u003C\u002Fp>\n\u003Cp>StandWithUkraine\u003C\u002Fp>\n\u003Cp>We don’t know how long the war will last. But what we do know is that we can’t stand aside and watch.\u003C\u002Fp>\n\u003Cp>The fastest way you can help too is to support Ukraine financially. The National Bank of Ukraine (NBU) has opened a multi-currency account for that purpose.\u003C\u002Fp>\n\u003Cp>This account accepts donations in US, Canadian and Australian dollars, euros, British pounds, Swiss francs, yuan and yen.\u003C\u002Fp>\n\u003Cp>UA823000010000032302338301027\u003C\u002Fp>\n\u003Cp>Also accepting cryptocurrency donations – the fastest way to help.\u003C\u002Fp>\n\u003Cp>BTC – 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P\u003Cbr \u002F>\nETH, USDT (ERC-20) – 0x165CD37b4C644C2921454429E7F9358d18A45e14\u003C\u002Fp>\n\u003Cp>Spread the word!\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install using the WordPress built-in Plugin installer, or Extract the zip file and drop the contents in the \u003Ccode>wp-content\u002Fplugins\u002F\u003C\u002Fcode> directory of your WordPress installation.\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to Stand with Ukraine settings page in menu\u003C\u002Fli>\n\u003Cli>Select format and style for the banner.\u003C\u002Fli>\n\u003C\u002Fol>\n","Inform visitors of your website that you support Ukraine. Tell them how they can help too - donate to Ukrainian Army and government.",1063,"2022-03-22T17:31:00.000Z","5.0",[48,4,20,49],"help-ukraine","ukraine","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstandwithukraine.1.0.3.zip","2026-04-06T09:54:40.288Z",{"attackSurface":53,"codeSignals":69,"taintFlows":81,"riskAssessment":82,"analyzedAt":92},{"hooks":54,"ajaxHandlers":65,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":24,"unprotectedCount":24},[55,61],{"type":56,"name":57,"callback":58,"file":59,"line":60},"action","wp_enqueue_scripts","swu_enqueue_script","stand-with-ukraine.php",21,{"type":56,"name":62,"callback":63,"file":59,"line":64},"wp_head","swu_output_css",46,[],[],[],[],{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":73,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":80},[],{"prepared":24,"raw":24,"locations":72},[],{"escaped":74,"rawEcho":75,"locations":76},3,1,[77],{"file":59,"line":78,"context":79},48,"raw output",[],[],{"summary":83,"deductions":84},"The \"stand-with-ukraine\" plugin v1.0.5 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL injection vulnerabilities (all queries are prepared), file operations, external HTTP requests, and a clean taint analysis report are all positive indicators.  Furthermore, the plugin appears to have a minimal attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. The vulnerability history also shows no recorded CVEs, suggesting a well-maintained and secure development practice to date.\n\nHowever, there are a couple of areas that warrant attention. The lack of nonce checks and capability checks across all entry points, while currently having zero entry points, indicates a potential weakness if the attack surface were to expand in future versions without corresponding security checks being implemented. Additionally, a significant portion of the output (25%) is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully. While the current lack of vulnerabilities is commendable, the potential for XSS and the absence of authorization checks on potential future entry points are areas that require vigilance.\n\nIn conclusion, the \"stand-with-ukraine\" plugin is currently in a good security state, with no critical vulnerabilities identified. Its proactive approach to SQL security and minimal attack surface are strengths. The primary concerns lie in the potential for XSS due to unescaped output and the lack of explicit authorization checks, which, while not currently exploitable, represent risks that should be addressed to maintain a robust security profile.",[85,87,90],{"reason":86,"points":14},"25% of output not properly escaped",{"reason":88,"points":89},"No nonce checks on entry points",5,{"reason":91,"points":89},"No capability checks on entry points","2026-03-16T23:44:17.922Z",{"wat":94,"direct":101},{"assetPaths":95,"generatorPatterns":97,"scriptPaths":98,"versionParams":99},[96],"\u002Fwp-content\u002Fplugins\u002Fstand-with-ukraine\u002Fstand_with_ukraine.js",[],[96],[100],"stand-with-ukraine\u002Fstand_with_ukraine.js?ver=",{"cssClasses":102,"htmlComments":103,"htmlAttributes":104,"restEndpoints":105,"jsGlobals":106,"shortcodeOutput":108},[],[],[],[],[107],"swu_options",[109],"\u003Cstyle>\n\t\t\t#stand_with_ukraine_overlay {\n\t\t\t\tborder: 10px solid #0057B8;\n\t\t\t\tpadding: 5px;\n\t\t\t\ttext-align: center;\n\t\t\t\ttext-combine: #0057B8;\n\t\t\t\tbackground-color: #FFD700;\n\t\t\t}\n\t\t\t#stand_with_ukraine_overlay a {\n\t\t\t\tdisplay: inline-block;\n\t\t\t\tpadding: 3px 6px;\n\t\t\t\tcolor: #0057B8;\n\t\t\t\tborder: 2px transparent dashed;\n\t\t\t\ttext-decoration: underline;\n\t\t\t}\n\t\t\t#stand_with_ukraine_overlay a:hover,\n\t\t\t#stand_with_ukraine_overlay a:focus {\n\t\t\t\tborder: 2px #0057B8 dashed;\n\t\t\t\ttext-decoration: underline;\n\t\t\t}\n\t\t\u003C\u002Fstyle>\n\t",{"error":111,"url":112,"statusCode":113,"statusMessage":114,"message":114},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fstand-with-ukraine\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":116},[117,123,130,136,143,150],{"version":6,"download_url":22,"svn_tag_url":118,"released_at":25,"has_diff":119,"diff_files_changed":120,"diff_lines":25,"trac_diff_url":121,"vulnerabilities":122,"is_current":111},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fstand-with-ukraine\u002Ftags\u002F1.0.5\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fstand-with-ukraine%2Ftags%2F1.0.4&new_path=%2Fstand-with-ukraine%2Ftags%2F1.0.5",[],{"version":124,"download_url":125,"svn_tag_url":126,"released_at":25,"has_diff":119,"diff_files_changed":127,"diff_lines":25,"trac_diff_url":128,"vulnerabilities":129,"is_current":119},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstand-with-ukraine.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fstand-with-ukraine\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fstand-with-ukraine%2Ftags%2F1.0.3&new_path=%2Fstand-with-ukraine%2Ftags%2F1.0.4",[],{"version":39,"download_url":131,"svn_tag_url":132,"released_at":25,"has_diff":119,"diff_files_changed":133,"diff_lines":25,"trac_diff_url":134,"vulnerabilities":135,"is_current":119},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstand-with-ukraine.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fstand-with-ukraine\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fstand-with-ukraine%2Ftags%2F1.0.2&new_path=%2Fstand-with-ukraine%2Ftags%2F1.0.3",[],{"version":137,"download_url":138,"svn_tag_url":139,"released_at":25,"has_diff":119,"diff_files_changed":140,"diff_lines":25,"trac_diff_url":141,"vulnerabilities":142,"is_current":119},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstand-with-ukraine.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fstand-with-ukraine\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fstand-with-ukraine%2Ftags%2F1.0.1&new_path=%2Fstand-with-ukraine%2Ftags%2F1.0.2",[],{"version":144,"download_url":145,"svn_tag_url":146,"released_at":25,"has_diff":119,"diff_files_changed":147,"diff_lines":25,"trac_diff_url":148,"vulnerabilities":149,"is_current":119},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstand-with-ukraine.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fstand-with-ukraine\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fstand-with-ukraine%2Ftags%2F1.0.0&new_path=%2Fstand-with-ukraine%2Ftags%2F1.0.1",[],{"version":151,"download_url":152,"svn_tag_url":153,"released_at":25,"has_diff":119,"diff_files_changed":154,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":155,"is_current":119},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstand-with-ukraine.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fstand-with-ukraine\u002Ftags\u002F1.0.0\u002F",[],[]]