[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fu7AfzHOoDtyl6rglxcFTwXA1F0wQ5DBoaM_DrCHRUKw":3,"$fVxUUrvxjFKq4UYQhnjG_TZkb0-H4-B0UlCAGAQPYdls":165,"$fONLUTXHrq8uCpNLR84Nn4PufvqsjUwP99Z6D9ko-FGM":170},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":39,"fingerprints":144},"twitter-hash-tag-shortcode","Twitter Hash Tag Shortcode","0.6.2","Bainternet","https:\u002F\u002Fprofiles.wordpress.org\u002Fbainternet\u002F","\u003Cp>Displaying the most recent twitter status updates for a particular hash tag in your posts\u002Fpages using shortcode.\u003C\u002Fp>\n\u003Cp>Usage:\u003Cbr \u002F>\n    [hashtag_tweets hashtag=”YOUR_TAG” number=”NUMBER_OF_TWEETS_TO_GET” cache=”hours to cache”]\u003C\u002Fp>\n\u003Cp>Feuture relase will have a templating feature but for now i’ll live the design to you with CSS\u003C\u002Fp>\n","Displaying the most recent twitter status updates for a particular hash tag in your posts\u002Fpages using shortcode.",20,7035,1,"2016-12-11T12:47:00.000Z","4.7.0","2.9.2","",[19,20,21],"tweets-hashtag","twitter-hashtag","twitter-shortcode","http:\u002F\u002Fen.bainternet.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-hash-tag-shortcode.0.6.2.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"bainternet",19,8500,84,30,83,"2026-05-20T05:45:03.386Z",[],{"attackSurface":40,"codeSignals":77,"taintFlows":131,"riskAssessment":132,"analyzedAt":143},{"hooks":41,"ajaxHandlers":69,"restRoutes":70,"shortcodes":71,"cronEvents":76,"entryPointCount":13,"unprotectedCount":25},[42,49,54,58,62,66],{"type":43,"name":44,"callback":45,"priority":46,"file":47,"line":48},"filter","plugin_row_meta","ba_tweets_my_plugin_links",10,"bath.php",39,{"type":50,"name":51,"callback":51,"file":52,"line":53},"action","admin_menu","inc\\SimplePanelClass.php",180,{"type":50,"name":55,"callback":56,"file":52,"line":57},"admin_init","register_settings",183,{"type":43,"name":59,"callback":60,"file":52,"line":61},"wp_handle_upload_prefilter","Validate_upload_file_type",186,{"type":43,"name":63,"callback":64,"file":52,"line":65},"admin_footer","_sortable_js",483,{"type":50,"name":63,"callback":67,"file":52,"line":68},"_color_js",625,[],[],[72],{"tag":73,"callback":74,"file":47,"line":75},"hashtag_tweets","ba_tweets_by_hashtag_9867",40,[],{"dangerousFunctions":78,"sqlUsage":79,"outputEscaping":81,"fileOperations":25,"externalRequests":129,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":130},[],{"prepared":25,"raw":25,"locations":80},[],{"escaped":32,"rawEcho":82,"locations":83},22,[84,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127],{"file":52,"line":85,"context":86},297,"raw output",{"file":52,"line":88,"context":86},388,{"file":52,"line":90,"context":86},425,{"file":52,"line":92,"context":86},445,{"file":52,"line":94,"context":86},448,{"file":52,"line":96,"context":86},467,{"file":52,"line":98,"context":86},487,{"file":52,"line":100,"context":86},489,{"file":52,"line":102,"context":86},510,{"file":52,"line":104,"context":86},531,{"file":52,"line":106,"context":86},559,{"file":52,"line":108,"context":86},560,{"file":52,"line":110,"context":86},561,{"file":52,"line":112,"context":86},563,{"file":52,"line":114,"context":86},565,{"file":52,"line":116,"context":86},595,{"file":52,"line":118,"context":86},596,{"file":52,"line":120,"context":86},597,{"file":52,"line":122,"context":86},599,{"file":52,"line":124,"context":86},601,{"file":52,"line":126,"context":86},624,{"file":52,"line":128,"context":86},982,2,[],[],{"summary":133,"deductions":134},"The \"twitter-hash-tag-shortcode\" v0.6.2 plugin exhibits a generally good security posture, with no known vulnerabilities in its history and a limited attack surface. The static analysis shows a complete absence of dangerous functions, SQL queries are exclusively handled by prepared statements, and there are no file operations or external HTTP requests flagged as malicious by taint analysis. The plugin also avoids bundling external libraries, which can be a source of outdated and vulnerable code.  However, there are areas for improvement. A significant concern is the low rate of proper output escaping, with only 46% of outputs being safely handled. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Furthermore, the complete lack of nonce checks and capability checks on the identified entry point (a shortcode) is a notable weakness. While there are no AJAX handlers or REST API routes without checks, the shortcode itself represents an unprotected entry point that could potentially be exploited, especially if it interacts with user-controlled data.  In conclusion, while the plugin's foundation is solid due to its avoidance of critical issues like raw SQL and dangerous functions, the insufficient output escaping and absence of authorization checks on its sole entry point present a tangible risk that should be addressed.",[135,138,141],{"reason":136,"points":137},"Low output escaping percentage",7,{"reason":139,"points":140},"No nonce checks on entry points",5,{"reason":142,"points":140},"No capability checks on entry points","2026-03-16T22:55:35.983Z",{"wat":145,"direct":151},{"assetPaths":146,"generatorPatterns":148,"scriptPaths":149,"versionParams":150},[147],"\u002Fwp-content\u002Fplugins\u002Ftwitter-hash-tag-shortcode\u002Finc\u002FSimplePanelClass.php",[],[],[],{"cssClasses":152,"htmlComments":155,"htmlAttributes":158,"restEndpoints":159,"jsGlobals":160,"shortcodeOutput":161},[153,154],"twitter-hash-tag","view-all",[156,157],"{$token->errors['message']}","{$raw_response->errors['http_request_failed'][0]}",[],[],[],[162,163,164],"\u003Cdiv class='twitter-hash-tag'>","\u003Cdiv class='view-all'>\u003Ca href='http:\u002F\u002Fsearch.twitter.com\u002Fsearch?q=%23","\u003C\u002Fdiv>",{"error":166,"url":167,"statusCode":168,"statusMessage":169,"message":169},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ftwitter-hash-tag-shortcode\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":171,"versions":172},6,[173,179,186,193,200,207],{"version":6,"download_url":23,"svn_tag_url":174,"released_at":26,"has_diff":175,"diff_files_changed":176,"diff_lines":26,"trac_diff_url":177,"vulnerabilities":178,"is_current":166},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftwitter-hash-tag-shortcode\u002Ftags\u002F0.6.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.6.1&new_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.6.2",[],{"version":180,"download_url":181,"svn_tag_url":182,"released_at":26,"has_diff":175,"diff_files_changed":183,"diff_lines":26,"trac_diff_url":184,"vulnerabilities":185,"is_current":175},"0.6.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-hash-tag-shortcode.0.6.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftwitter-hash-tag-shortcode\u002Ftags\u002F0.6.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.6&new_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.6.1",[],{"version":187,"download_url":188,"svn_tag_url":189,"released_at":26,"has_diff":175,"diff_files_changed":190,"diff_lines":26,"trac_diff_url":191,"vulnerabilities":192,"is_current":175},"0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-hash-tag-shortcode.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftwitter-hash-tag-shortcode\u002Ftags\u002F0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.5&new_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.6",[],{"version":194,"download_url":195,"svn_tag_url":196,"released_at":26,"has_diff":175,"diff_files_changed":197,"diff_lines":26,"trac_diff_url":198,"vulnerabilities":199,"is_current":175},"0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-hash-tag-shortcode.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftwitter-hash-tag-shortcode\u002Ftags\u002F0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.4&new_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.5",[],{"version":201,"download_url":202,"svn_tag_url":203,"released_at":26,"has_diff":175,"diff_files_changed":204,"diff_lines":26,"trac_diff_url":205,"vulnerabilities":206,"is_current":175},"0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-hash-tag-shortcode.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftwitter-hash-tag-shortcode\u002Ftags\u002F0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.3&new_path=%2Ftwitter-hash-tag-shortcode%2Ftags%2F0.4",[],{"version":208,"download_url":209,"svn_tag_url":210,"released_at":26,"has_diff":175,"diff_files_changed":211,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":212,"is_current":175},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-hash-tag-shortcode.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ftwitter-hash-tag-shortcode\u002Ftags\u002F0.3\u002F",[],[]]