[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fv9edM4LkAsUJtp5RsibYepXzFii8HLTZUBiojhR50RI":3,"$fyOw36syA8VnMOERsenSE9MwnFxBES6JUQqRsxJ-XC9I":192,"$fo_dD16Fv-XNFBANv6p_d7WfaVtRAvLzRFPNGQ7bPM1A":196},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"discovery_status":23,"vulnerabilities":24,"developer":25,"crawl_stats":21,"alternatives":33,"analysis":34,"fingerprints":169},"toc-maker","Table of contents Maker","0.9.2","ZIPANG","https:\u002F\u002Fprofiles.wordpress.org\u002Fzipang\u002F","\u003Cp>Table of contents Maker is a plugin that checks the headings in an article and automatically inserts a table of contents.\u003C\u002Fp>\n","Table of contents Maker automatically creates a table of contents from headings.",0,805,"2025-04-08T22:59:00.000Z","6.8.5","4.9.8","5.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoc-maker.0.9.2.zip",92,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"zipang",5,330,86,4,90,"2026-05-20T02:35:50.471Z",[],{"attackSurface":35,"codeSignals":76,"taintFlows":103,"riskAssessment":163,"analyzedAt":168},{"hooks":36,"ajaxHandlers":72,"restRoutes":73,"shortcodes":74,"cronEvents":75,"entryPointCount":11,"unprotectedCount":11},[37,43,48,52,58,62,67],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","wp_enqueue_scripts","toc_maker_enqueue_scripts","inc\\front.php",19,{"type":38,"name":44,"callback":45,"file":46,"line":47},"plugins_loaded","toc_maker_textdomain_load","inc\\settings\\admin.php",13,{"type":38,"name":49,"callback":50,"file":46,"line":51},"admin_menu","toc_maker_add_menu",22,{"type":53,"name":54,"callback":55,"priority":56,"file":46,"line":57},"filter","plugin_action_links","toc_maker_plugin_action_links",10,59,{"type":38,"name":59,"callback":60,"file":46,"line":61},"admin_init","toc_maker_version_check",79,{"type":53,"name":63,"callback":64,"priority":65,"file":66,"line":56},"the_content","toc_maker_replace_content",1000,"inc\\toc.php",{"type":38,"name":68,"callback":69,"file":70,"line":71},"widgets_init","toc_maker_register_widget","inc\\widget\\widget-toc.php",104,[],[],[],[],{"dangerousFunctions":77,"sqlUsage":78,"outputEscaping":80,"fileOperations":11,"externalRequests":11,"nonceChecks":101,"capabilityChecks":101,"bundledLibraries":102},[],{"prepared":11,"raw":11,"locations":79},[],{"escaped":81,"rawEcho":82,"locations":83},94,7,[84,87,89,92,95,97,99],{"file":85,"line":20,"context":86},"inc\\settings\\content\\settings-environment.php","raw output",{"file":85,"line":88,"context":86},125,{"file":90,"line":91,"context":86},"inc\\settings\\content\\settings-main.php",83,{"file":93,"line":94,"context":86},"inc\\settings\\content\\settings-wrap.php",60,{"file":70,"line":96,"context":86},45,{"file":70,"line":98,"context":86},49,{"file":70,"line":100,"context":86},66,1,[],[104,130,142,155],{"entryPoint":105,"graph":106,"unsanitizedCount":128,"severity":129},"toc_maker_environment_page (inc\\settings\\content\\settings-environment.php:9)",{"nodes":107,"edges":124},[108,113,118,121],{"id":109,"type":110,"label":111,"file":85,"line":112},"n0","source","$_SERVER['SERVER_SOFTWARE']",96,{"id":114,"type":115,"label":116,"file":85,"line":112,"wp_function":117},"n1","sink","echo() [XSS]","echo",{"id":119,"type":110,"label":120,"file":85,"line":56},"n2","$_SERVER",{"id":122,"type":115,"label":116,"file":85,"line":123,"wp_function":117},"n3",109,[125,127],{"from":109,"to":114,"sanitized":126},false,{"from":119,"to":122,"sanitized":126},2,"medium",{"entryPoint":131,"graph":132,"unsanitizedCount":128,"severity":141},"\u003Csettings-environment> (inc\\settings\\content\\settings-environment.php:0)",{"nodes":133,"edges":138},[134,135,136,137],{"id":109,"type":110,"label":111,"file":85,"line":112},{"id":114,"type":115,"label":116,"file":85,"line":112,"wp_function":117},{"id":119,"type":110,"label":120,"file":85,"line":56},{"id":122,"type":115,"label":116,"file":85,"line":123,"wp_function":117},[139,140],{"from":109,"to":114,"sanitized":126},{"from":119,"to":122,"sanitized":126},"low",{"entryPoint":143,"graph":144,"unsanitizedCount":11,"severity":141},"toc_maker_admin_wrap_page (inc\\settings\\content\\settings-wrap.php:9)",{"nodes":145,"edges":152},[146,148],{"id":109,"type":110,"label":147,"file":93,"line":96},"$_POST",{"id":114,"type":115,"label":149,"file":93,"line":150,"wp_function":151},"update_option() [Settings Manipulation]",58,"update_option",[153],{"from":109,"to":114,"sanitized":154},true,{"entryPoint":156,"graph":157,"unsanitizedCount":11,"severity":141},"\u003Csettings-wrap> (inc\\settings\\content\\settings-wrap.php:0)",{"nodes":158,"edges":161},[159,160],{"id":109,"type":110,"label":147,"file":93,"line":96},{"id":114,"type":115,"label":149,"file":93,"line":150,"wp_function":151},[162],{"from":109,"to":114,"sanitized":154},{"summary":164,"deductions":165},"The \"toc-maker\" plugin v0.9.2 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and the plugin's clean vulnerability history are positive indicators. The code analysis shows a commendable adherence to security best practices, with no dangerous functions, no direct SQL queries (all use prepared statements), and a very high percentage of properly escaped output. The presence of nonce and capability checks, while only one each, suggests an awareness of authentication and authorization mechanisms. The limited attack surface with no apparent unprotected entry points further strengthens this assessment.\n\nHowever, the taint analysis reveals a minor concern: two flows with unsanitized paths. While these are not flagged as critical or high severity, unsanitized paths can sometimes be exploited in specific contexts, especially if they interact with file operations or external requests, which are not present here. The absence of any file operations or external HTTP requests is a significant positive. The plugin also lacks bundled libraries, eliminating risks associated with outdated dependencies. \n\nIn conclusion, \"toc-maker\" v0.9.2 appears to be a relatively secure plugin. The primary area for improvement is addressing the identified unsanitized paths, even though they haven't manifested as exploitable vulnerabilities. The plugin's clean history and robust coding practices for SQL and output escaping are strong points. The overall security is good, with only a minor area for enhancement.",[166],{"reason":167,"points":27},"Flows with unsanitized paths","2026-03-17T07:25:32.942Z",{"wat":170,"direct":183},{"assetPaths":171,"generatorPatterns":176,"scriptPaths":177,"versionParams":178},[172,173,174,175],"\u002Fwp-content\u002Fplugins\u002Ftoc-maker\u002Fassets\u002Fcss\u002Ffront\u002Ftoc.min.css","\u002Fwp-content\u002Fplugins\u002Ftoc-maker\u002Fassets\u002Fcss\u002Fskin\u002F","\u002Fwp-content\u002Fplugins\u002Ftoc-maker\u002Fassets\u002Fcss\u002Fadmin\u002Fadmin.min.css","\u002Fwp-content\u002Fplugins\u002Ftoc-maker\u002Fassets\u002Fjs\u002Fadmin\u002Fadmin.min.js",[],[175],[179,180,181,182],"toc-maker\u002Fassets\u002Fcss\u002Ffront\u002Ftoc.min.css?ver=","toc-maker\u002Fassets\u002Fcss\u002Fskin\u002F","toc-maker\u002Fassets\u002Fcss\u002Fadmin\u002Fadmin.min.css?ver=","toc-maker\u002Fassets\u002Fjs\u002Fadmin\u002Fadmin.min.js?ver=",{"cssClasses":184,"htmlComments":186,"htmlAttributes":187,"restEndpoints":188,"jsGlobals":189,"shortcodeOutput":191},[185],"toc_maker_skin",[],[],[],[190],"admin_zipang_translations",[],{"error":154,"url":193,"statusCode":194,"statusMessage":195,"message":195},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ftoc-maker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":128,"versions":197},[198,203],{"version":6,"download_url":19,"svn_tag_url":199,"released_at":21,"has_diff":126,"diff_files_changed":200,"diff_lines":21,"trac_diff_url":201,"vulnerabilities":202,"is_current":154},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftoc-maker\u002Ftags\u002F0.9.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftoc-maker%2Ftags%2F0.9.1&new_path=%2Ftoc-maker%2Ftags%2F0.9.2",[],{"version":204,"download_url":205,"svn_tag_url":206,"released_at":21,"has_diff":126,"diff_files_changed":207,"diff_lines":21,"trac_diff_url":21,"vulnerabilities":208,"is_current":126},"0.9.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoc-maker.0.9.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftoc-maker\u002Ftags\u002F0.9.1\u002F",[],[]]