[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAjJ7j6f7il0AsDdcrGLjbzfho9DnoQLCATm7MUU0vRY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":37,"fingerprints":131},"supaz-text-headlines","Supaz Text Headlines – A simple text headlines plugin","1.0.2","Supazthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fsupazthemes\u002F","\u003Cp>Supaz Text Headlines – A simple text headlines plugin\u003C\u002Fp>\n\u003Cp>Supaz Text Headlines is a simple to use text headline plugin that enables you to post your news in a simple text highlight fashion. It is best suited if you want a quick large block text content in your site. It is best if you want a headline section for your newspaper site, magazine sites, personal blogs, etc.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy configuration\u003C\u002Fli>\n\u003Cli>Supports 4 new boards; 1 large board and 3 small boards\u003C\u002Fli>\n\u003Cli>Supports 20+ awesome headline fonts\u003C\u002Fli>\n\u003Cli>Supports 2 layouts: horizontal and vertical layhout\u003C\u002Fli>\n\u003Cli>Custom color and border settings.\u003C\u002Fli>\n\u003C\u002Ful>\n","Supaz Text Headlines - A simple text headlines plugin",0,1310,100,2,"2018-03-28T01:13:00.000Z","4.8.28","4.0.0","",[20,21,22,23,24],"block-text-plugin","header-plugin","headline-plugin","notice-plugin","text-display-plugin","http:\u002F\u002Fwww.supazthemes.com\u002Fplugins\u002Fsupaz-text-headlines","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupaz-text-headlines.1.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":13,"avg_security_score":27,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"supazthemes",30,84,"2026-04-05T01:03:12.651Z",[],{"attackSurface":38,"codeSignals":74,"taintFlows":120,"riskAssessment":121,"analyzedAt":130},{"hooks":39,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":72,"entryPointCount":73,"unprotectedCount":11},[40,46,50,54,58,62],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","init","mh_init","supaz-text-headlines.php",20,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_enqueue_scripts","register_backend_assets",21,{"type":41,"name":51,"callback":52,"file":44,"line":53},"wp_enqueue_scripts","register_frontend_assets",22,{"type":41,"name":55,"callback":56,"file":44,"line":57},"admin_menu","mh_menu",23,{"type":41,"name":59,"callback":60,"file":44,"line":61},"admin_post_mh_settings_save_action","mh_save_settings",25,{"type":41,"name":63,"callback":64,"file":44,"line":65},"admin_post_mh_restore_settings","mh_restore_settings",27,[],[],[69],{"tag":70,"callback":70,"file":44,"line":71},"supaz_text_headlines",26,[],1,{"dangerousFunctions":75,"sqlUsage":76,"outputEscaping":78,"fileOperations":11,"externalRequests":11,"nonceChecks":14,"capabilityChecks":11,"bundledLibraries":119},[],{"prepared":11,"raw":11,"locations":77},[],{"escaped":79,"rawEcho":80,"locations":81},70,18,[82,85,86,88,90,93,95,97,99,101,103,105,107,109,111,113,115,117],{"file":83,"line":61,"context":84},"inc\\backend\\settings.php","raw output",{"file":83,"line":33,"context":84},{"file":83,"line":87,"context":84},97,{"file":83,"line":89,"context":84},415,{"file":91,"line":92,"context":84},"inc\\frontend\\shortcode.php",202,{"file":91,"line":94,"context":84},203,{"file":91,"line":96,"context":84},204,{"file":91,"line":98,"context":84},205,{"file":91,"line":100,"context":84},208,{"file":91,"line":102,"context":84},209,{"file":91,"line":104,"context":84},210,{"file":91,"line":106,"context":84},211,{"file":91,"line":108,"context":84},215,{"file":91,"line":110,"context":84},218,{"file":91,"line":112,"context":84},222,{"file":91,"line":114,"context":84},226,{"file":91,"line":116,"context":84},230,{"file":91,"line":118,"context":84},234,[],[],{"summary":122,"deductions":123},"The \"supaz-text-headlines\" plugin v1.0.2 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and raw SQL queries is a strong positive indicator. Furthermore, the plugin demonstrates a commitment to security by utilizing prepared statements for all SQL queries and having a high percentage of properly escaped output. The presence of nonce checks further strengthens its defenses. However, the complete lack of capability checks on any of its entry points, including the single shortcode, represents a significant potential weakness. While the current static and taint analysis did not reveal exploitable flaws, the absence of permission controls means that any user, regardless of their role, can interact with the plugin's functionality, which could lead to unintended consequences if the shortcode's functionality were to be misused or if future vulnerabilities were introduced.",[124,127],{"reason":125,"points":126},"No capability checks on any entry points",15,{"reason":128,"points":129},"8% of output is not properly escaped",4,"2026-03-17T06:35:30.342Z",{"wat":132,"direct":149},{"assetPaths":133,"generatorPatterns":140,"scriptPaths":141,"versionParams":142},[134,135,136,137,138,139],"\u002Fwp-content\u002Fplugins\u002Fsupaz-text-headlines\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Fsupaz-text-headlines\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fsupaz-text-headlines\u002Fjs\u002Fwp-color-picker-alpha.js","\u002Fwp-content\u002Fplugins\u002Fsupaz-text-headlines\u002Fjs\u002Fbackend.js","\u002Fwp-content\u002Fplugins\u002Fsupaz-text-headlines\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fsupaz-text-headlines\u002Fjs\u002Ffrontend.js",[],[136,137,139],[143,144,145,146,147,148],"supaz-text-headlines\u002Fcss\u002Fbackend.css?ver=","supaz-text-headlines\u002Fcss\u002Ffont-awesome.min.css?ver=","supaz-text-headlines\u002Fjs\u002Fwp-color-picker-alpha.js?ver=","supaz-text-headlines\u002Fjs\u002Fbackend.js?ver=","supaz-text-headlines\u002Fcss\u002Ffrontend.css?ver=","supaz-text-headlines\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":150,"htmlComments":154,"htmlAttributes":157,"restEndpoints":169,"jsGlobals":170,"shortcodeOutput":171},[151,152,153],"supaz-text-headline-main","supaz-text-headline-main-wrap","mh-font-awesome-style",[155,156],"\u003C!-- supaz text headlines starts -->","\u003C!-- supaz text headlines ends -->",[158,159,160,161,162,163,164,165,166,167,168],"data-mh-font-family","data-mh-main-font-size","data-mh-nav-font-size","data-mh-main-font-color","data-mh-nav-font-color","data-mh-left-border-style","data-mh-left-border-width","data-mh-left-border-color","data-mh-nav-left-border-style","data-mh-nav-left-border-width","data-mh-nav-left-border-color",[],[],[172,173,174],"[supaz_text_headlines]","[supaz_text_headlines title=\"Main Headline\"]","[supaz_text_headlines title=\"Main Headline\" sub_title=\"Sub Headline\"]"]