[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZgfpaPwZPQS2_NxKYkA5dnAE0s4ZKXFOrdjtUFQ-lfg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":29,"analysis":30,"fingerprints":94},"stock-market-updates-dow-jones","Plugin Name: Stock Market Updates","2.0","hagens","https:\u002F\u002Fprofiles.wordpress.org\u002Fhagens\u002F","\u003Cp>Display stock market data on your WordPress site. The Dow is probably the most popular benchmark for tracking overall US stock market activity & exchange health. Place the short code [sm_update] to display our widget anywhere on your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stock information automatically updated every 15 minutes during trading hours\u003C\u002Fli>\n\u003Cli>To add the plugin directly into posts you can also use our Javascript code at isthedow.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Quotes Are Delayed 15 minutes\u003C\u002Fh3>\n\u003Cp>Feed updates Monday – Friday 9:30 – 4PM EST\u003C\u002Fp>\n\u003Cp>Check out more information at \u003Ca href=\"https:\u002F\u002Fisthedow.com\" rel=\"nofollow ugc\">IsTheDow\u003C\u002Fa>\u003C\u002Fp>\n","Show stock market price updates for the DOW on your website",10,2180,100,1,"2016-03-29T21:44:00.000Z","",[],"https:\u002F\u002Fwww.isthedow.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstock-market-updates-dow-jones.zip",85,0,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},30,84,"2026-04-04T05:44:53.712Z",[],{"attackSurface":31,"codeSignals":55,"taintFlows":80,"riskAssessment":81,"analyzedAt":93},{"hooks":32,"ajaxHandlers":47,"restRoutes":48,"shortcodes":49,"cronEvents":54,"entryPointCount":14,"unprotectedCount":21},[33,39,43],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","widgets_init","anonymous","get-data.php",105,{"type":34,"name":40,"callback":41,"file":37,"line":42},"admin_print_scripts-widgets.php","sample_load_color_picker_script",113,{"type":34,"name":44,"callback":45,"file":37,"line":46},"admin_print_styles-widgets.php","sample_load_color_picker_style",114,[],[],[50],{"tag":51,"callback":52,"file":37,"line":53},"sm_update","display_sm_update",50,[],{"dangerousFunctions":56,"sqlUsage":60,"outputEscaping":62,"fileOperations":14,"externalRequests":21,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":79},[57],{"fn":58,"file":37,"line":38,"context":59},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"sm_data\");'));",{"prepared":21,"raw":21,"locations":61},[],{"escaped":63,"rawEcho":64,"locations":65},2,6,[66,69,71,73,75,77],{"file":37,"line":67,"context":68},15,"raw output",{"file":37,"line":70,"context":68},45,{"file":37,"line":72,"context":68},47,{"file":37,"line":74,"context":68},75,{"file":37,"line":76,"context":68},77,{"file":37,"line":78,"context":68},79,[],[],{"summary":82,"deductions":83},"The 'stock-market-updates-dow-jones' v2.0 plugin exhibits a generally positive security posture with several good practices in place. The absence of known CVEs and a clean vulnerability history, coupled with the use of prepared statements for all SQL queries, are strong indicators of a well-maintained and secure codebase. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, also contributes to its security.\n\nHowever, there are notable areas of concern identified during static analysis. The presence of the `create_function` dangerous function is a significant risk, as it can lead to arbitrary code execution if not handled with extreme care. Furthermore, only 25% of output is properly escaped, leaving room for potential Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks on the identified shortcode is also a weakness, as it could allow unauthorized users to trigger its functionality. The single file operation also warrants scrutiny, though without further context, its risk is difficult to quantify.\n\nOverall, while the plugin benefits from a clean historical record and good SQL practices, the identified code signals present tangible security risks that require immediate attention. The presence of a dangerous function and insufficient output escaping are the most pressing issues, demanding remediation to mitigate potential exploits.",[84,86,89,91],{"reason":85,"points":67},"Dangerous function used (create_function)",{"reason":87,"points":88},"Low output escaping percentage (25%)",8,{"reason":90,"points":11},"No nonce checks on entry points",{"reason":92,"points":11},"No capability checks on entry points","2026-03-16T23:36:09.670Z",{"wat":95,"direct":100},{"assetPaths":96,"generatorPatterns":97,"scriptPaths":98,"versionParams":99},[],[],[],[],{"cssClasses":101,"htmlComments":105,"htmlAttributes":106,"restEndpoints":109,"jsGlobals":110,"shortcodeOutput":111},[102,103,104],"sm_block","sm_widget_class","sm_widget_title",[],[107,108],"background","quote",[],[],[112,113],"\u003Cdiv class='sm_block'","\u003Cp style=\"text-align: center\">"]