[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKhGOAlQkvP-xRt11ByRtXOCT5hTKWTgzTWMuEnIFeaY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":41,"fingerprints":194},"transparenzgesetzat","Transparenzgesetz.at","1.1","Robert Seyfriedsberger","https:\u002F\u002Fprofiles.wordpress.org\u002Fharmr\u002F","\u003Cp>For more details about the initiative please visit \u003Ca href=\"https:\u002F\u002Fwww.transparenzgesetz.at\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.transparenzgesetz.at\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>More infos about how to participate with your website, please visit \u003Ca href=\"https:\u002F\u002Fwww.transparenzgesetz.at\u002Fbanner\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.transparenzgesetz.at\u002Fbanner\u003C\u002Fa>\u003C\u002Fp>\n","\"Transparenzgesetz statt Amtsgeheimnis\" - adds a sticky image to support the online petition for an Austrian Freedom of Information act",10,1847,100,1,"2015-01-27T18:40:00.000Z","4.1.42","2.x","",[20,21,22,23,24],"amtsgeheimnis","osterreich","foi","freedom-of-information","transparenzgesetz","https:\u002F\u002Fwww.transparenzgesetz.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftransparenzgesetzat.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"harmr",3,10310,91,1302,73,"2026-04-04T23:19:20.671Z",[],{"attackSurface":42,"codeSignals":69,"taintFlows":183,"riskAssessment":184,"analyzedAt":193},{"hooks":43,"ajaxHandlers":65,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":28,"unprotectedCount":28},[44,51,55,60],{"type":45,"name":46,"callback":47,"priority":48,"file":49,"line":50},"action","wp_print_styles","tpg_frontend_enqueue_stylesheets",4,"transparenzgesetz-at.php",25,{"type":45,"name":52,"callback":53,"file":49,"line":54},"wp_footer","tpg_footer_code",26,{"type":45,"name":56,"callback":57,"priority":58,"file":49,"line":59},"admin_menu","tpg_admin_menu",5,28,{"type":45,"name":61,"callback":62,"priority":63,"file":49,"line":64},"admin_notices","tpg_admin_notices",6,30,[],[],[],[],{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":77,"fileOperations":28,"externalRequests":28,"nonceChecks":14,"capabilityChecks":28,"bundledLibraries":182},[],{"prepared":28,"raw":14,"locations":72},[73],{"file":74,"line":75,"context":76},"class-tpg-widget.php",127,"$wpdb->get_results() with variable interpolation",{"escaped":28,"rawEcho":78,"locations":79},52,[80,83,85,87,89,91,93,95,97,99,101,103,105,107,108,110,112,114,116,118,120,122,124,126,128,129,131,133,135,137,139,141,143,145,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180],{"file":74,"line":81,"context":82},32,"raw output",{"file":74,"line":84,"context":82},33,{"file":74,"line":86,"context":82},34,{"file":74,"line":88,"context":82},35,{"file":74,"line":90,"context":82},36,{"file":74,"line":92,"context":82},37,{"file":74,"line":94,"context":82},41,{"file":74,"line":96,"context":82},42,{"file":74,"line":98,"context":82},43,{"file":74,"line":100,"context":82},46,{"file":74,"line":102,"context":82},47,{"file":74,"line":104,"context":82},50,{"file":74,"line":106,"context":82},51,{"file":74,"line":78,"context":82},{"file":74,"line":109,"context":82},53,{"file":74,"line":111,"context":82},54,{"file":74,"line":113,"context":82},55,{"file":74,"line":115,"context":82},56,{"file":74,"line":117,"context":82},61,{"file":74,"line":119,"context":82},62,{"file":74,"line":121,"context":82},63,{"file":74,"line":123,"context":82},67,{"file":74,"line":125,"context":82},68,{"file":74,"line":127,"context":82},69,{"file":74,"line":38,"context":82},{"file":74,"line":130,"context":82},74,{"file":74,"line":132,"context":82},75,{"file":74,"line":134,"context":82},76,{"file":74,"line":136,"context":82},78,{"file":74,"line":138,"context":82},79,{"file":74,"line":140,"context":82},80,{"file":74,"line":142,"context":82},82,{"file":74,"line":144,"context":82},83,{"file":74,"line":27,"context":82},{"file":74,"line":147,"context":82},86,{"file":74,"line":149,"context":82},88,{"file":74,"line":151,"context":82},89,{"file":74,"line":153,"context":82},117,{"file":74,"line":155,"context":82},130,{"file":74,"line":157,"context":82},133,{"file":74,"line":159,"context":82},142,{"file":74,"line":161,"context":82},144,{"file":74,"line":163,"context":82},149,{"file":74,"line":165,"context":82},151,{"file":74,"line":167,"context":82},155,{"file":74,"line":169,"context":82},159,{"file":74,"line":171,"context":82},163,{"file":74,"line":173,"context":82},168,{"file":74,"line":175,"context":82},171,{"file":74,"line":177,"context":82},174,{"file":74,"line":179,"context":82},177,{"file":74,"line":181,"context":82},179,[],[],{"summary":185,"deductions":186},"The 'transparenzgesetzat' plugin v1.1 exhibits a generally good security posture in terms of its attack surface and vulnerability history. The static analysis reveals a complete absence of exposed AJAX handlers, REST API routes, shortcodes, and cron events that could be exploited. Furthermore, there are no known vulnerabilities (CVEs) associated with this plugin, indicating a history of secure development or prompt patching.  However, the code analysis does raise significant concerns regarding data handling. The presence of a raw SQL query without prepared statements is a critical flaw, potentially leading to SQL injection vulnerabilities. Equally alarming is the complete lack of proper output escaping, meaning any data rendered to the user could be manipulated, opening the door to cross-site scripting (XSS) attacks.  While the plugin has a clean vulnerability history, the identified code-level weaknesses present a considerable risk that could be exploited if data is ever user-supplied or dynamically generated.",[187,190],{"reason":188,"points":189},"Raw SQL queries without prepared statements",8,{"reason":191,"points":192},"0% of outputs properly escaped",15,"2026-03-17T01:14:53.540Z",{"wat":195,"direct":206},{"assetPaths":196,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[197,198,199,200],"\u002Fwp-content\u002Fplugins\u002Ftransparenzgesetzat\u002Fcss\u002Ftpg.css","\u002Fwp-content\u002Fplugins\u002Ftransparenzgesetzat\u002Fcss\u002Ftpg-ie.css","\u002Fwp-content\u002Fplugins\u002Ftransparenzgesetzat\u002Fimg\u002Ftpg-blank.gif","\u002Fwp-content\u002Fplugins\u002Ftransparenzgesetzat\u002Fimg\u002Ftpg-info.gif",[],[],[204,205],"transparenzgesetzat\u002Fcss\u002Ftpg.css?ver=","transparenzgesetzat\u002Fcss\u002Ftpg-ie.css?ver=",{"cssClasses":207,"htmlComments":211,"htmlAttributes":214,"restEndpoints":215,"jsGlobals":216,"shortcodeOutput":217},[208,209,210],"akct","akpeel","akpreload",[212,213],"\u003C!-- transparenzgesetz.at begin -->","\u003C!-- transparenzgesetz.at ende-->",[],[],[],[]]