[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffwwGezC4daSYSQ6fP8D9sgtefwc-sZNcRjA9REe3bYc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":134,"fingerprints":318},"ti-stat","TI Stat","0.4","TIgor4eg","https:\u002F\u002Fprofiles.wordpress.org\u002Ftigor4eg\u002F","\u003Cp>This plugin posts different charts from Yandex.Metrika on page.\u003C\u002Fp>\n\u003Cp>There is a widget, showing the most popular pages in last days.\u003C\u002Fp>\n\u003Cp>Go to \u003Ca href=\"http:\u002F\u002Ftigor.org.ua\u002Fstatistika\u002F\" rel=\"nofollow ugc\">Example Page\u003C\u002Fa> to see how this plugin works.\u003C\u002Fp>\n\u003Cp>This plugin uses \u003Ca href=\"http:\u002F\u002Famcharts.com\u002F\" rel=\"nofollow ugc\">amCharts\u003C\u002Fa> v.2 Java-Script version.\u003C\u002Fp>\n","Plugins shows charts from Yandex.Metrika on page.",10,3715,0,"2012-03-02T11:41:00.000Z","3.2.1","2.8","",[19,20,21],"metrika","widget","yandex","http:\u002F\u002Ftigor.org.ua\u002Fti-stat\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fti-stat.0.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"tigor4eg",3,80,30,84,"2026-04-04T15:19:50.477Z",[36,59,76,97,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"yandex-metrica","Yandex Metrica","2.0.2","Mustafa Uysal","https:\u002F\u002Fprofiles.wordpress.org\u002Fm_uysl\u002F","\u003Cp>The best Yandex Metrica plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>What is Metrica\u003C\u002Fh4>\n\u003Cp>Metrica is an analytics tool like just like google analytics. You can learn more about from \u003Ca href=\"https:\u002F\u002Fmetrica.yandex.com\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to manage counter’s  tracking options.\u003C\u002Fli>\n\u003Cli>Role based user tracking\u003C\u002Fli>\n\u003Cli>Dashboard widget that displays Metrica graphics,, summary of site usage, top pages etc..\u003C\u002Fli>\n\u003Cli>Role based user access for the displaying dashboard widget\u003C\u002Fli>\n\u003Cli>Basic mode is ready! If you don’t want to give API access, you can try basic mode.\u003C\u002Fli>\n\u003Cli>i18n support: Completely translation ready!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (en_US), built-in\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR), native support\u003C\u002Fli>\n\u003Cli>Russian (ru_RU), \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Foleg0789\" rel=\"nofollow ugc\">oleg0789\u003C\u002Fa> and Ксения Рыбка\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmustafauysal\u002Fyandex-metrica\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you like Yandex Metrica, then consider checking out my other projects:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3WIGUTg\" rel=\"friend nofollow ugc\">Powered Cache\u003C\u002Fa> – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F4ag2OAc\" rel=\"friend nofollow ugc\">Magic Login Pro\u003C\u002Fa> – Easy, secure, and passwordless authentication for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3wAFSxM\" rel=\"friend nofollow ugc\">Easy Text-to-Speech for WordPress\u003C\u002Fa> – Transform your textual content into high-quality synthesized speech with Amazon Polly.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F4bk1Tjp\" rel=\"friend nofollow ugc\">Handywriter\u003C\u002Fa> – AI-powered writing assistant that can help you create content for your WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F44GZOf8\" rel=\"friend nofollow ugc\">PaddlePress PRO\u003C\u002Fa> – Paddle Plugin for WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy way to use Yandex Metrica on your WordPress site.",20000,421614,76,33,"2025-02-23T12:49:00.000Z","6.7.5","5.0","5.6",[53,54,19,55,21],"analytics","metrica","stats","https:\u002F\u002Fgithub.com\u002Fmustafauysal\u002Fyandex-metrica","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyandex-metrica.2.0.2.zip",92,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":17,"download_link":75,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"yandex-metrika","Яндекс Метрика","0.8.4","Konstantin Kovshenin","https:\u002F\u002Fprofiles.wordpress.org\u002Fkovshenin\u002F","\u003Cp>Данный плагин позволит вам легко вставить код счётчика Яндекс Метрика на ваш сайт. При этом вам не нужно редактировать файлы вашей темы, и счётчик продолжит работать даже при смене вашей активной темы.\u003C\u002Fp>\n\u003Cp>После активации плагина зайдите в раздел Настройки – Яндекс Метрика для того, чтобы вставить код вашего счётчика. Учтите, что для редактирования кода счетчика, вам необходимы права администратора на сайте WordPress (или супер-администратора в режиме Multisite).\u003C\u002Fp>\n","Яндекс Метрика для вашего сайта на WordPress.",10000,153632,90,15,"2017-11-28T09:37:00.000Z","4.6.30","3.0",[53,54,19,55,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyandex-metrika.0.8.4.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":95,"download_link":96,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wt-yandex-metrika","WT Yandex Metrika","1.1","Roman Kusty","https:\u002F\u002Fprofiles.wordpress.org\u002Fkustyrt\u002F","\u003Cp>С помощью этого плагина вы можете c легкость добавить на свой сайт счетчик \u003Cstrong>Яндекс.Метрика\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\" rel=\"nofollow ugc\">Яндекс.Метрика\u003C\u002Fa> — инструмент для оценки посещаемости сайтов, анализа поведения посетителей и эффективности рекламы. Метрика работает по традиционному принципу интернет-счетчиков: код, установленный на страницах вашего сайта, регистрирует каждое посещение, собирая о нем данные.\u003C\u002Fp>\n\u003Ch4>Возможности плагина\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Выбор расположения кода счетчика: Header \u002F Footer\u003C\u002Fli>\n\u003Cli>Отключение счетчика при посещении сайта администратором\u003C\u002Fli>\n\u003Cli>Активация счетчика в панели администратора\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>После установки и активации плагина в \u003Cstrong>настройках сайта\u003C\u002Fstrong> появится раздел \u003Cstrong>WT Яндекс Метрика\u003C\u002Fstrong>, в котором необходимо вставить код счетчика и настроить отображение.\u003C\u002Fp>\n\u003Ch4>Поддержка\u003C\u002Fh4>\n\u003Cp>Домашняя страница и документация плагина: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress\u002F\" rel=\"nofollow ugc\">WT Yandex Metrika\u003C\u002Fa>.\u003Cbr \u002F>\nРазработка и поддержка: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\" rel=\"nofollow ugc\">АИТ “Web Technology”\u003C\u002Fa>.\u003Cbr \u002F>\nСообщество Вконтакте: \u003Ca href=\"https:\u002F\u002Fvk.com\u002Fagency_web_technology\" rel=\"nofollow ugc\">vk.com\u002Fagency_web_technology\u003C\u002Fa>.\u003C\u002Fp>\n","Простое добавление на сайт счетчика Яндекс.Метрика",6000,45465,100,2,"2020-05-25T14:17:00.000Z","5.4.19","3.9",[92,93,94,60],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81","%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-yandex-metrika.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":86,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":17,"download_link":114,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"dco-insert-analytics-code","DCO Insert Analytics Code","1.1.3","Denis Yanchevskiy","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenisco\u002F","\u003Cp>DCO Insert Analytics Code is a WordPress plugin is intended for insert analytics code(or any custom code) before \u003C\u002Fhead> or after \u003Cbody> or before \u003C\u002Fbody>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>After installation and activation, you can insert the necessary code to the respective fields on the plugin settings page.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyadenis\u002FDCO-Insert-Analytics-Code\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Before \u003C\u002Fhead> code\u003C\u002Fli>\n\u003Cli>After \u003Cbody> code\u003C\u002Fli>\n\u003Cli>Before \u003C\u002Fbody> code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filters list\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>dco_iac_get_options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter for hardcoding override plugin settings. You won’t be able to edit them on the settings page anymore when using this filter.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_insert_before_head\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to change the code is inserted before \u003C\u002Fhead>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_insert_before_head_show\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to change show the code is inserted before \u003C\u002Fhead>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_insert_after_body\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to change the code is inserted after \u003Cbody>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_insert_after_body_show\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to change show the code is inserted after \u003Cbody>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_insert_before_body\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to change the code is inserted before \u003C\u002Fbody>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_insert_before_body_show\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to change show the code is inserted before \u003C\u002Fbody>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>dco_iac_disable_do_shortcode\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter to disable shortcode processing in inserted codes\u003C\u002Fp>\n\u003Ch4>Examples of using filters\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hardcoding override plugin settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F*\n* $current - current plugin settings\n*\n* $options - plugin settings from database\n*\n* $default - default plugin settings\n*\u002F\n\nfunction custom_get_options($current, $options, $default) {\n    $array = array(\n        'before_head' => '\u003C!-- before \u003C\u002Fhead> -->',\n        'before_head_show' => '0',\n        'after_body' => '\u003C!-- after \u003Cbody> -->',\n        'after_body_show' => '1',\n        'before_body' => '\u003C!-- before \u003C\u002Fbody> -->',\n        'before_body_show' => '2'\n    );\n\n    return $array;\n}\n\nadd_filter('dco_iac_get_options', 'custom_get_options', 10, 3);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Change before \u003C\u002Fhead> code\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F*\n* $code - value from \"before \u003C\u002Fhead>\" setting\n*\u002F\n\nfunction custom_before_head_code( $code ) {\n    return $code . '\u003C!-- before \u003Chead> -->' . \"\\n\";\n}\n\nadd_filter( 'dco_iac_insert_before_head', 'custom_before_head_code' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Change before \u003C\u002Fbody> code show\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F*\n* $value - value from \"before \u003C\u002Fbody> show\" setting\n*\u002F\n\nfunction custom_before_head_code( $value ) {\n    return '2';\n}\n\nadd_filter( 'dco_iac_insert_before_body_show', 'custom_before_body_show' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Disable shortcode processing in insert codes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('dco_iac_disable_do_shortcode', '__return_true');\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allows you to insert analytics code before \u003C\u002Fhead> or after \u003Cbody> or before \u003C\u002Fbody>",4000,38518,8,"2021-07-28T12:29:00.000Z","5.8.13","4.6","5.3",[53,113,19,37],"google-analytics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdco-insert-analytics-code.1.1.3.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":86,"num_ratings":87,"last_updated":125,"tested_up_to":126,"requires_at_least":90,"requires_php":17,"tags":127,"homepage":129,"download_link":130,"security_score":131,"vuln_count":132,"unpatched_count":132,"last_vuln_date":133,"fetched_at":26},"abwp-simple-counter","Simple Counter","1.0.3","abwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fabwp\u002F","\u003Cp>The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.\u003C\u002Fp>\n\u003Cp>Tools webmaster:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebmaster.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Webmaster\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fwebmasters\u002Ftools\u002F\" rel=\"nofollow ugc\">Google Search Console\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Code counters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Metrika\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.",1000,11365,"2024-04-22T19:17:00.000Z","6.5.8",[92,94,19,128,21],"statistics","https:\u002F\u002Fab-wp.com\u002Fplugins\u002Fsimple-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabwp-simple-counter.1.0.3.zip",71,1,"2023-12-19 00:00:00",{"attackSurface":135,"codeSignals":167,"taintFlows":308,"riskAssessment":309,"analyzedAt":317},{"hooks":136,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":162,"entryPointCount":132,"unprotectedCount":13},[137,143,147,151],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_init","register_ti_stat_settings","ti_stat.php",975,{"type":138,"name":144,"callback":145,"file":141,"line":146},"plugins_loaded","ti_stat_init",1501,{"type":138,"name":148,"callback":149,"file":141,"line":150},"admin_menu","admin_ti_stat_menu",1502,{"type":138,"name":152,"callback":153,"file":141,"line":154},"ti_stat_daily_event","ti_stat_daily",1503,[],[],[158],{"tag":159,"callback":160,"file":141,"line":161},"ystat","ti_stat_shortcode",967,[163,165],{"hook":152,"callback":152,"file":141,"line":164},123,{"hook":152,"callback":152,"file":141,"line":166},1495,{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":305,"externalRequests":306,"nonceChecks":13,"capabilityChecks":132,"bundledLibraries":307},[],{"prepared":13,"raw":13,"locations":170},[],{"escaped":13,"rawEcho":172,"locations":173},65,[174,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303],{"file":141,"line":175,"context":176},95,"raw output",{"file":141,"line":178,"context":176},142,{"file":141,"line":180,"context":176},152,{"file":141,"line":182,"context":176},191,{"file":141,"line":184,"context":176},196,{"file":141,"line":186,"context":176},236,{"file":141,"line":188,"context":176},237,{"file":141,"line":190,"context":176},238,{"file":141,"line":192,"context":176},239,{"file":141,"line":194,"context":176},267,{"file":141,"line":196,"context":176},272,{"file":141,"line":198,"context":176},324,{"file":141,"line":200,"context":176},334,{"file":141,"line":202,"context":176},379,{"file":141,"line":204,"context":176},382,{"file":141,"line":206,"context":176},385,{"file":141,"line":208,"context":176},387,{"file":141,"line":210,"context":176},389,{"file":141,"line":212,"context":176},391,{"file":141,"line":214,"context":176},477,{"file":141,"line":216,"context":176},487,{"file":141,"line":218,"context":176},492,{"file":141,"line":220,"context":176},497,{"file":141,"line":222,"context":176},502,{"file":141,"line":224,"context":176},507,{"file":141,"line":226,"context":176},517,{"file":141,"line":228,"context":176},522,{"file":141,"line":230,"context":176},527,{"file":141,"line":232,"context":176},532,{"file":141,"line":234,"context":176},537,{"file":141,"line":236,"context":176},547,{"file":141,"line":238,"context":176},552,{"file":141,"line":240,"context":176},557,{"file":141,"line":242,"context":176},562,{"file":141,"line":244,"context":176},567,{"file":141,"line":246,"context":176},593,{"file":141,"line":248,"context":176},678,{"file":141,"line":250,"context":176},688,{"file":141,"line":252,"context":176},693,{"file":141,"line":254,"context":176},698,{"file":141,"line":256,"context":176},703,{"file":141,"line":258,"context":176},708,{"file":141,"line":260,"context":176},718,{"file":141,"line":262,"context":176},723,{"file":141,"line":264,"context":176},728,{"file":141,"line":266,"context":176},733,{"file":141,"line":268,"context":176},738,{"file":141,"line":270,"context":176},748,{"file":141,"line":272,"context":176},753,{"file":141,"line":274,"context":176},758,{"file":141,"line":276,"context":176},763,{"file":141,"line":278,"context":176},768,{"file":141,"line":280,"context":176},794,{"file":141,"line":282,"context":176},816,{"file":141,"line":284,"context":176},820,{"file":141,"line":286,"context":176},878,{"file":141,"line":288,"context":176},884,{"file":141,"line":290,"context":176},886,{"file":141,"line":292,"context":176},895,{"file":141,"line":294,"context":176},907,{"file":141,"line":296,"context":176},942,{"file":141,"line":298,"context":176},945,{"file":141,"line":300,"context":176},948,{"file":141,"line":302,"context":176},954,{"file":141,"line":304,"context":176},1554,59,4,[],[],{"summary":310,"deductions":311},"The ti-stat plugin v0.4 exhibits a mixed security posture.  On the positive side, it shows no known CVEs, no critical or high severity taint flows, and all SQL queries are properly prepared.  It also demonstrates some security consciousness by including capability checks and a relatively small attack surface in terms of exposed entry points.\n\nHowever, significant concerns arise from the static analysis. The complete lack of output escaping on all 65 detected outputs is a major weakness, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks, especially given the presence of file operations and external HTTP requests, is another red flag, potentially opening avenues for Cross-Site Request Forgery (CSRF) or other injection attacks when combined with unescaped output.\n\nWhile the plugin has no recorded vulnerability history, this does not guarantee its current security. The identified code signals strongly suggest exploitable weaknesses. The plugin has strengths in its lack of known vulnerabilities and secure SQL practices, but the critical deficiency in output sanitization and the absence of nonce checks present substantial risks that need immediate attention.",[312,314],{"reason":313,"points":107},"0% of outputs properly escaped",{"reason":315,"points":316},"No nonce checks implemented",5,"2026-03-17T01:23:31.274Z",{"wat":319,"direct":324},{"assetPaths":320,"generatorPatterns":321,"scriptPaths":322,"versionParams":323},[],[],[],[],{"cssClasses":325,"htmlComments":328,"htmlAttributes":329,"restEndpoints":331,"jsGlobals":332,"shortcodeOutput":333},[326,327],"wrap","form-table",[],[330],"scope=\"row\"",[],[],[]]