[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT4ETzjQlJmjI-_bKuBjFZCm6Rg7tx3HeHuNSxVjPw78":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":19,"security_score":20,"vuln_count":13,"unpatched_count":13,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":30,"analysis":31,"fingerprints":321},"thorium-extension","Thorium Extensions","1.0.0","Marvin Kome","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarvinkome\u002F","\u003Cp>Adds sections and new features to Thorium WordPress theme. 6 sections (Services, Portfolio, About Us, Team, Clients, Contact) are included to make your homepage look awesome. You can download \u003Ca href=\"http:\u002F\u002Fwww.acosmin.com\u002Ftheme\u002Fbusinessx\u002F?utm_source=wporg&utm_medium=readme&utm_campaign=bx_plugin_page\" title=\"Download Thorium WordPress Theme\" rel=\"friend nofollow ugc\">Thorium WordPress theme\u003C\u002Fa> from here.\u003C\u002Fp>\n","Adds sections and new features to Thorium WordPress theme. 6 sections (Services, Portfolio, About Us, Team, Clients, Contact ) are included to make yo &hellip;",10,2278,0,"2017-11-07T12:04:00.000Z","4.8.28","4.5","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthorium-extension.1.0.0.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"marvinkome",1,30,84,"2026-04-04T15:34:24.069Z",[],{"attackSurface":32,"codeSignals":125,"taintFlows":306,"riskAssessment":307,"analyzedAt":320},{"hooks":33,"ajaxHandlers":121,"restRoutes":122,"shortcodes":123,"cronEvents":124,"entryPointCount":13,"unprotectedCount":13},[34,40,44,47,51,54,58,64,68,72,76,81,85,89,93,97,100,102,104,107,109,112,116,118],{"type":35,"name":36,"callback":37,"priority":11,"file":38,"line":39},"action","thorium_frontpage_sections","thorium_ext_services_template","front-sections\\general-template.php",50,{"type":35,"name":36,"callback":41,"priority":42,"file":38,"line":43},"thorium_ext_portfolio_template",20,51,{"type":35,"name":36,"callback":45,"priority":27,"file":38,"line":46},"thorium_ext_about_template",52,{"type":35,"name":36,"callback":48,"priority":49,"file":38,"line":50},"thorium_ext_team_template",40,53,{"type":35,"name":36,"callback":52,"priority":39,"file":38,"line":53},"thorium_ext_client_template",54,{"type":35,"name":36,"callback":55,"priority":56,"file":38,"line":57},"thorium_ext_contact_template",60,55,{"type":35,"name":59,"callback":60,"priority":61,"file":62,"line":63},"customize_register","thorium_ext_customize_register",11,"inc\\customize\\customizer.php",68,{"type":35,"name":65,"callback":66,"file":62,"line":67},"customize_controls_print_styles","thorium_ext_customizer_css_load",75,{"type":35,"name":69,"callback":70,"file":62,"line":71},"customize_controls_enqueue_scripts","thorium_ext_customizer_control_js",83,{"type":35,"name":73,"callback":74,"file":62,"line":75},"customize_preview_init","thorium_ext_customize_preview_js",93,{"type":77,"name":78,"callback":79,"file":80,"line":56},"filter","dynamic_sidebar_params","thorium_ext_about_widget_classes","inc\\functions.php",{"type":35,"name":82,"callback":83,"file":80,"line":84},"wp_head","thorium_ext_dynamic_styles",92,{"type":35,"name":86,"callback":87,"file":80,"line":88},"admin_enqueue_scripts","thorium_ext_admin_scripts",164,{"type":35,"name":90,"callback":91,"file":80,"line":92},"init","thorium_ext_register_menu",175,{"type":35,"name":94,"callback":95,"file":96,"line":39},"widgets_init","thorium_ext_widgets_init","inc\\general-widget.php",{"type":35,"name":86,"callback":98,"file":99,"line":11},"enqueue_scripts","inc\\widgets\\class-widget-about.php",{"type":35,"name":94,"callback":101,"file":99,"line":92},"thorium_ext_register_widget_about",{"type":35,"name":86,"callback":98,"file":103,"line":11},"inc\\widgets\\class-widget-client.php",{"type":35,"name":94,"callback":105,"file":103,"line":106},"thorium_ext_register_widget_client",114,{"type":35,"name":86,"callback":98,"file":108,"line":11},"inc\\widgets\\class-widget-project.php",{"type":35,"name":94,"callback":110,"file":108,"line":111},"thorium_ext_register_widget_portfolio",200,{"type":35,"name":94,"callback":113,"file":114,"line":115},"thorium_ext_register_widget_services","inc\\widgets\\class-widget-services.php",754,{"type":35,"name":86,"callback":98,"file":117,"line":11},"inc\\widgets\\class-widget-team.php",{"type":35,"name":94,"callback":119,"file":117,"line":120},"thorium_ext_register_widget_team",148,[],[],[],[],{"dangerousFunctions":126,"sqlUsage":127,"outputEscaping":134,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":305},[],{"prepared":128,"raw":26,"locations":129},2,[130],{"file":131,"line":132,"context":133},"inc\\customize\\controls\\contact-form.php",34,"$wpdb->get_results() with variable interpolation",{"escaped":135,"rawEcho":136,"locations":137},100,108,[138,142,144,146,147,149,151,152,154,156,158,159,160,162,164,166,168,169,171,173,174,176,177,178,180,182,183,184,185,187,188,190,192,193,195,197,198,199,200,201,202,204,205,207,208,209,210,211,213,214,215,216,217,219,221,223,225,227,228,230,232,233,234,235,237,238,240,242,243,245,247,248,250,251,252,254,256,257,259,261,262,264,266,267,268,270,271,273,275,276,278,280,281,282,283,285,286,288,289,290,292,294,295,297,299,300,302,304],{"file":139,"line":140,"context":141},"front-sections\\sections\\section-about.php",16,"raw output",{"file":139,"line":143,"context":141},17,{"file":145,"line":140,"context":141},"front-sections\\sections\\section-contact.php",{"file":145,"line":143,"context":141},{"file":145,"line":148,"context":141},24,{"file":150,"line":140,"context":141},"front-sections\\sections\\section-portfolio.php",{"file":150,"line":143,"context":141},{"file":153,"line":143,"context":141},"front-sections\\sections\\section-services.php",{"file":153,"line":155,"context":141},18,{"file":157,"line":140,"context":141},"front-sections\\sections\\section-team.php",{"file":157,"line":143,"context":141},{"file":131,"line":50,"context":141},{"file":80,"line":161,"context":141},73,{"file":80,"line":163,"context":141},76,{"file":80,"line":165,"context":141},79,{"file":80,"line":167,"context":141},82,{"file":80,"line":20,"context":141},{"file":99,"line":170,"context":141},31,{"file":99,"line":172,"context":141},77,{"file":99,"line":165,"context":141},{"file":99,"line":175,"context":141},113,{"file":99,"line":106,"context":141},{"file":99,"line":106,"context":141},{"file":99,"line":179,"context":141},118,{"file":99,"line":181,"context":141},119,{"file":99,"line":181,"context":141},{"file":99,"line":181,"context":141},{"file":99,"line":181,"context":141},{"file":99,"line":186,"context":141},120,{"file":99,"line":186,"context":141},{"file":99,"line":189,"context":141},124,{"file":99,"line":191,"context":141},125,{"file":99,"line":191,"context":141},{"file":99,"line":194,"context":141},129,{"file":99,"line":196,"context":141},130,{"file":99,"line":196,"context":141},{"file":103,"line":170,"context":141},{"file":103,"line":43,"context":141},{"file":103,"line":50,"context":141},{"file":103,"line":161,"context":141},{"file":103,"line":203,"context":141},74,{"file":103,"line":203,"context":141},{"file":103,"line":206,"context":141},78,{"file":103,"line":165,"context":141},{"file":103,"line":165,"context":141},{"file":103,"line":165,"context":141},{"file":103,"line":165,"context":141},{"file":103,"line":212,"context":141},80,{"file":103,"line":212,"context":141},{"file":103,"line":28,"context":141},{"file":103,"line":20,"context":141},{"file":103,"line":20,"context":141},{"file":108,"line":218,"context":141},32,{"file":108,"line":220,"context":141},102,{"file":108,"line":222,"context":141},104,{"file":108,"line":224,"context":141},138,{"file":108,"line":226,"context":141},139,{"file":108,"line":226,"context":141},{"file":108,"line":229,"context":141},143,{"file":108,"line":231,"context":141},144,{"file":108,"line":231,"context":141},{"file":108,"line":231,"context":141},{"file":108,"line":231,"context":141},{"file":108,"line":236,"context":141},145,{"file":108,"line":236,"context":141},{"file":108,"line":239,"context":141},149,{"file":108,"line":241,"context":141},150,{"file":108,"line":241,"context":141},{"file":108,"line":244,"context":141},154,{"file":108,"line":246,"context":141},155,{"file":108,"line":246,"context":141},{"file":114,"line":249,"context":141},22,{"file":114,"line":50,"context":141},{"file":114,"line":57,"context":141},{"file":114,"line":253,"context":141},695,{"file":114,"line":255,"context":141},696,{"file":114,"line":255,"context":141},{"file":114,"line":258,"context":141},700,{"file":114,"line":260,"context":141},701,{"file":114,"line":260,"context":141},{"file":114,"line":263,"context":141},709,{"file":114,"line":265,"context":141},710,{"file":114,"line":265,"context":141},{"file":117,"line":170,"context":141},{"file":117,"line":269,"context":141},66,{"file":117,"line":63,"context":141},{"file":117,"line":272,"context":141},90,{"file":117,"line":274,"context":141},91,{"file":117,"line":274,"context":141},{"file":117,"line":277,"context":141},95,{"file":117,"line":279,"context":141},96,{"file":117,"line":279,"context":141},{"file":117,"line":279,"context":141},{"file":117,"line":279,"context":141},{"file":117,"line":284,"context":141},97,{"file":117,"line":284,"context":141},{"file":117,"line":287,"context":141},101,{"file":117,"line":220,"context":141},{"file":117,"line":220,"context":141},{"file":117,"line":291,"context":141},106,{"file":117,"line":293,"context":141},107,{"file":117,"line":293,"context":141},{"file":117,"line":296,"context":141},111,{"file":117,"line":298,"context":141},112,{"file":117,"line":298,"context":141},{"file":117,"line":301,"context":141},116,{"file":117,"line":303,"context":141},117,{"file":117,"line":303,"context":141},[],[],{"summary":308,"deductions":309},"The static analysis of the \"thorium-extension\" plugin v1.0.0 reveals a generally strong security posture, with no identified dangerous functions, file operations, or external HTTP requests.  The absence of any CVEs in its vulnerability history is also a positive indicator. However, there are significant areas for concern, primarily stemming from the complete lack of capability checks and nonce checks, coupled with a low percentage of properly escaped output. This suggests a potential for privilege escalation and Cross-Site Scripting (XSS) vulnerabilities, as the plugin does not implement standard WordPress security mechanisms to protect its entry points, even though the attack surface is currently reported as zero.\n\nThe vulnerability history, while clean, could also be interpreted cautiously. A lack of documented vulnerabilities might mean the plugin is new, not widely used, or has not been subjected to rigorous security testing. The low percentage of properly escaped output (48%) is a critical flag. While the attack surface is currently reported as zero, any future addition of AJAX handlers, REST API routes, or shortcodes without proper authentication and authorization checks, combined with unescaped output, would present a high risk.\n\nIn conclusion, the plugin demonstrates good practices by avoiding common pitfalls like dangerous functions and SQL injection through prepared statements. However, the absence of fundamental security checks like capability and nonce verifications, alongside a concerning rate of unescaped output, indicates a significant weakness that requires immediate attention. The clean vulnerability history is a positive, but the potential for exploitation due to the identified code signals should not be underestimated.",[310,312,314,317],{"reason":311,"points":11},"Missing nonce checks on AJAX handlers (implied)",{"reason":313,"points":11},"Missing capability checks on entry points (implied)",{"reason":315,"points":316},"Low percentage of properly escaped output",8,{"reason":318,"points":319},"SQL queries without prepared statements (67% prepared implies 33% raw)",5,"2026-03-16T23:34:18.056Z",{"wat":322,"direct":333},{"assetPaths":323,"generatorPatterns":327,"scriptPaths":328,"versionParams":329},[324,325,326],"\u002Fwp-content\u002Fplugins\u002Fthorium-extension\u002Fcss\u002Fcustomizer.css","\u002Fwp-content\u002Fplugins\u002Fthorium-extension\u002Fjs\u002Fcustomizer-ext.js","\u002Fwp-content\u002Fplugins\u002Fthorium-extension\u002Fjs\u002Fcustomizer-ext-preview.js",[],[325,326],[330,331,332],"thorium-extension\u002Fcss\u002Fcustomizer.css?ver=","thorium-extension\u002Fjs\u002Fcustomizer-ext.js?ver=","thorium-extension\u002Fjs\u002Fcustomizer-ext-preview.js?ver=",{"cssClasses":334,"htmlComments":335,"htmlAttributes":336,"restEndpoints":338,"jsGlobals":339,"shortcodeOutput":341},[],[],[337],"class=\"timeline-inverted\"",[],[340],"var thorium_ext_widget_num",[]]