[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3WyLH2lpuNZZ9wcciiFf9RjTyGOKUS8cAhfVGCXRO38":3,"$f89QXIXXuTFQNgT7Lj_ZlOqxkIlyw05mCiGkzaEdoopY":238,"$fHvyhOW8KmAbtCv1o045s2JTJ3eFn5JSyAl8HJ04HMyE":242},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":33,"analysis":93,"fingerprints":212},"toric","Tori Codes","1.0.2","alvinmuthui","https:\u002F\u002Fprofiles.wordpress.org\u002Falvinmuthui\u002F","\u003Cp>\u003Cstrong>Tori Codes\u003C\u002Fstrong> provides an easier way to add \u003Cstrong>QR codes\u003C\u002Fstrong> to your site and display them using \u003Cstrong>shortcodes\u003C\u002Fstrong>. Also, one can use a single QR code on multiple \u003Cstrong>pages\u002Fposts\u003C\u002Fstrong> by adding the QR shortcode to the desired pages or posts.\u003C\u002Fp>\n","Tori Codes adds QR barcodes to your site with ease. Provides UI to edit the QR content and display it on numerous pages using a shortcode.",0,1175,"2026-03-09T15:47:00.000Z","6.9.4","3.0.1","5.6.20",[18],"qr-codes","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftori-codes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoric.1.0.2.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,40,95,30,91,"2026-05-20T06:53:57.217Z",[34,57,74],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":28,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":54,"download_link":55,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23},"wpqr-qr-code","WPQR QR-Code Generator","0.2.6","QRtool","https:\u002F\u002Fprofiles.wordpress.org\u002Fqrtool\u002F","\u003Cp>QR-Code widget and shortcode in one QR-Code generator plugin. Use the QR-Code widget in your sidebars or generate QR-Codes in pages and articles by inserting \u003Cstrong>[qr-code]\u003C\u002Fstrong> right where you want your QR-Code to be displayed.\u003C\u002Fp>\n\u003Cp>The QR Code widget is equipped with configurations for alignment, color (foreground and background), size, margin, error correction of QR-Code and more to suit the needs of your installment.\u003C\u002Fp>\n\u003Cp>The shortcode [qr-code] can be extendet with attributes to achieve the same level of customization as with the widget.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n[qr-code align=”left” class=”my-qr-code” color=”#000000″ background_color=”#FFFFFF” size=”4″ margin=”4″ level=”M” post_id=”0″]\u003C\u002Fp>\n","QR-Code widget and shortcode in one QR-Code generator plugin. Use the QR-Code widget in your sidebars or generate QR-Codes in pages and articles.",14775,80,1,"2012-11-06T14:17:00.000Z","3.4.2","2.6","",[50,51,52,18,53],"generator","qr-code","qr-code-generator","qrcode","http:\u002F\u002Fqrtool.de\u002Fen\u002Fqr-code-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpqr-qr-code.zip",85,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":11,"num_ratings":11,"last_updated":67,"tested_up_to":46,"requires_at_least":68,"requires_php":48,"tags":69,"homepage":72,"download_link":73,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23},"qr-code-adv","Qr Code Adv","1","BranimirIvanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fbranimirivanov\u002F","\u003Cp>Qr Code Adv generates automatically QR code of your current page or home page and displays it in your sidebar. After installing Qr Code Adv you have to go into wp-admin\u002Fwidgets.php and drag and drop our plugin Qr Code Adv into your sidebar. Thats it!\u003C\u002Fp>\n\u003Cp>There are few options for advanced users to customize QR code design (Qr Code color, background color, title etc)\u003C\u002Fp>\n\u003Cp>For experienced QR code advertisers there is an option to input QR Code Raw Data that will allow you to make your code do anything you want (create sms, create email, call some number etc)\u003C\u002Fp>\n","Qr code widget plugin for your WordPress sidebar. Qr code Adv displays QR codes of your site or any other external URL",10,7485,"2012-07-20T17:17:00.000Z","2.0.2",[51,52,70,18,71],"qr-code-widget","qr-widget","http:\u002F\u002Fqr-adv.com\u002Fqr-code-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-code-adv.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":11,"num_ratings":11,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":48,"tags":86,"homepage":90,"download_link":91,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":92},"steeply-qr","Steeply QR","1.0.5","Artur Khylskyi","https:\u002F\u002Fprofiles.wordpress.org\u002Farthurpatriot\u002F","\u003Cp>Generate QR Codes for your Posts, Pages and Custom Post Types.\u003C\u002Fp>\n","Generate QR Codes for your Posts, Pages and Custom Post Types.",928,"2019-11-26T17:07:00.000Z","5.3.21","4.7",[87,51,18,88,89],"qr","qr-generate","qr-post","https:\u002F\u002Fsqr.allsteeply.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsteeply-qr.zip","2026-04-06T09:54:40.288Z",{"attackSurface":94,"codeSignals":141,"taintFlows":174,"riskAssessment":201,"analyzedAt":211},{"hooks":95,"ajaxHandlers":137,"restRoutes":138,"shortcodes":139,"cronEvents":140,"entryPointCount":11,"unprotectedCount":11},[96,102,108,111,115,117,119,122,125,128,131,133,135],{"type":97,"name":98,"callback":99,"file":100,"line":101},"filter","posts_orderby","anonymous","admin\\class-toric-admin.php",557,{"type":103,"name":104,"callback":105,"file":106,"line":107},"action","admin_enqueue_scripts","toric_enqueue_script_callback","includes\\ajax\\class-toric-ajax.php",235,{"type":103,"name":109,"callback":105,"file":106,"line":110},"wp_enqueue_scripts",245,{"type":103,"name":112,"callback":99,"file":113,"line":114},"plugins_loaded","includes\\class-toric.php",308,{"type":103,"name":104,"callback":99,"file":113,"line":116},323,{"type":103,"name":104,"callback":99,"file":113,"line":118},324,{"type":103,"name":120,"callback":99,"file":113,"line":121},"init",325,{"type":97,"name":123,"callback":99,"file":113,"line":124},"add_meta_boxes",326,{"type":97,"name":126,"callback":99,"file":113,"line":127},"do_meta_boxes",327,{"type":97,"name":129,"callback":99,"file":113,"line":130},"pre_get_posts",333,{"type":103,"name":109,"callback":99,"file":113,"line":132},347,{"type":103,"name":109,"callback":99,"file":113,"line":134},348,{"type":103,"name":120,"callback":99,"file":113,"line":136},349,[],[],[],[],{"dangerousFunctions":142,"sqlUsage":156,"outputEscaping":158,"fileOperations":11,"externalRequests":11,"nonceChecks":27,"capabilityChecks":172,"bundledLibraries":173},[143,148,150,152,154],{"fn":144,"file":145,"line":146,"context":147},"assert","includes\\codes\\tc-lib-color\\src\\Pdf.php",84,"assert(true); \u002F\u002F noop",{"fn":144,"file":145,"line":149,"context":147},102,{"fn":144,"file":145,"line":151,"context":147},107,{"fn":144,"file":145,"line":153,"context":147},132,{"fn":144,"file":145,"line":155,"context":147},140,{"prepared":11,"raw":11,"locations":157},[],{"escaped":159,"rawEcho":160,"locations":161},153,4,[162,165,167,170],{"file":100,"line":163,"context":164},484,"raw output",{"file":100,"line":166,"context":164},499,{"file":168,"line":169,"context":164},"includes\\codes\\tc-lib-barcode\\src\\Type.php",354,{"file":168,"line":171,"context":164},466,2,[],[175,193],{"entryPoint":176,"graph":177,"unsanitizedCount":11,"severity":192},"ajax_callback (admin\\class-toric-admin.php:129)",{"nodes":178,"edges":189},[179,183],{"id":180,"type":181,"label":182,"file":100,"line":153},"n0","source","$_REQUEST",{"id":184,"type":185,"label":186,"file":100,"line":187,"wp_function":188},"n1","sink","echo() [XSS]",135,"echo",[190],{"from":180,"to":184,"sanitized":191},true,"low",{"entryPoint":194,"graph":195,"unsanitizedCount":11,"severity":192},"\u003Cclass-toric-admin> (admin\\class-toric-admin.php:0)",{"nodes":196,"edges":199},[197,198],{"id":180,"type":181,"label":182,"file":100,"line":153},{"id":184,"type":185,"label":186,"file":100,"line":187,"wp_function":188},[200],{"from":180,"to":184,"sanitized":191},{"summary":202,"deductions":203},"The \"toric\" v1.0.2 plugin exhibits a generally strong security posture, as indicated by the static analysis. The absence of any known CVEs, unpatched vulnerabilities, or recorded past security issues is a significant positive.  The plugin also demonstrates good coding practices by using prepared statements for all SQL queries and properly escaping a high percentage of output. The limited attack surface with zero exposed AJAX handlers, REST API routes, shortcodes, or cron events is commendable.  Furthermore, the presence of nonce and capability checks, albeit limited in number, suggests an awareness of security principles.\n\nHowever, the presence of five \"dangerous functions,\" specifically `assert`, raises a mild concern. While the taint analysis shows no unsanitized paths, the use of `assert` can be a double-edged sword. If not meticulously implemented and strictly controlled, `assert` statements can sometimes be exploited, especially if they are not properly guarded.  The low number of nonce and capability checks (3 and 2 respectively) also implies that the plugin might not be consistently enforcing authorization for all its potential functionalities, even if the current attack surface is small.  The plugin's lack of bundled libraries is neutral from a security perspective, as it avoids the risks associated with outdated components.\n\nIn conclusion, \"toric\" v1.0.2 appears to be a relatively secure plugin, particularly given its clean vulnerability history and robust handling of SQL and output. The primary area for improvement lies in the careful review and potential mitigation of the `assert` function usage, and potentially increasing the rigor of authorization checks if the plugin were to expand its feature set or attack surface in the future. As it stands, the risks are minimal.",[204,207,209],{"reason":205,"points":206},"Use of dangerous function 'assert'",5,{"reason":208,"points":27},"Limited nonce checks",{"reason":210,"points":27},"Limited capability checks","2026-03-17T06:47:31.971Z",{"wat":213,"direct":226},{"assetPaths":214,"generatorPatterns":219,"scriptPaths":220,"versionParams":221},[215,216,217,218],"\u002Fwp-content\u002Fplugins\u002Ftoric\u002Fcss\u002Ftoric-admin.css","\u002Fwp-content\u002Fplugins\u002Ftoric\u002Fjs\u002Ftoric-admin.js","\u002Fwp-content\u002Fplugins\u002Ftoric\u002Fjs\u002Ftoric-copy-to-clipboard.js","\u002Fwp-content\u002Fplugins\u002Ftoric\u002Fjs\u002Ftoric-ajax.js",[],[],[222,223,224,225],"toric-admin.css?ver=","toric-admin.js?ver=","toric-copy-to-clipboard.js?ver=","toric-ajax.js?ver=",{"cssClasses":227,"htmlComments":229,"htmlAttributes":231,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":237},[228],"toric-admin-wrap",[230],"\u003C!-- generated by Tori Codes QR -->",[232,233],"data-toric-ajax-url","data-toric-nonce",[],[236],"toric_admin_ajax_object",[],{"error":191,"url":239,"statusCode":240,"statusMessage":241,"message":241},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ftoric\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":243},[244,250,257],{"version":6,"download_url":20,"svn_tag_url":245,"released_at":22,"has_diff":246,"diff_files_changed":247,"diff_lines":22,"trac_diff_url":248,"vulnerabilities":249,"is_current":191},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftoric\u002Ftags\u002F1.0.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftoric%2Ftags%2F1.0.1&new_path=%2Ftoric%2Ftags%2F1.0.2",[],{"version":251,"download_url":252,"svn_tag_url":253,"released_at":22,"has_diff":246,"diff_files_changed":254,"diff_lines":22,"trac_diff_url":255,"vulnerabilities":256,"is_current":246},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoric.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftoric\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftoric%2Ftags%2F1.0.0&new_path=%2Ftoric%2Ftags%2F1.0.1",[],{"version":258,"download_url":259,"svn_tag_url":260,"released_at":22,"has_diff":246,"diff_files_changed":261,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":262,"is_current":246},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoric.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftoric\u002Ftags\u002F1.0.0\u002F",[],[]]