[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDw42N_2BNcHgsg9DX_FSB-xdBhUIWNPezPNKKldTXnE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":30,"analysis":31,"fingerprints":192},"unloct","Unloct","3.1.0","gabefiftyone","https:\u002F\u002Fprofiles.wordpress.org\u002Fgabefiftyone\u002F","\u003Cp>Unloct is a microsubscription platform. Subscribers pay one monthly fee for unlimited access to an entire network of creators. When creators install this plugin, Unloct subscribers can log into the creators website. When they do, the creator gets paid. Anything that can fit on a website will work on the Unloct platform. Creators can choose how they use the log in system to engage with their fans. Put content behind the paywall, lock down comments so that only subscribers can post, etc.\u003C\u002Fp>\n","Unloct is a microsubscription platform. Subscribers pay one monthly fee for unlimited access to an entire network of creators.",0,950,"2020-12-24T02:22:00.000Z","5.6.0","5.4.2","7.2",[18],"premium-content-subscription-platform-sidehustle-sidegig","https:\u002F\u002Funloct.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funloct.3.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},1,30,84,"2026-04-05T19:01:07.083Z",[],{"attackSurface":32,"codeSignals":99,"taintFlows":152,"riskAssessment":181,"analyzedAt":191},{"hooks":33,"ajaxHandlers":86,"restRoutes":87,"shortcodes":88,"cronEvents":97,"entryPointCount":98,"unprotectedCount":11},[34,40,43,47,51,57,61,65,69,72,77,82],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","admin_notices","unloct_admin_auth_message","core\\core_unloct_login.php",283,{"type":35,"name":41,"callback":37,"file":38,"line":42},"network_admin_notices",285,{"type":35,"name":44,"callback":45,"file":38,"line":46},"login_enqueue_scripts","unloct_login_styles",577,{"type":35,"name":48,"callback":49,"file":38,"line":50},"login_form","unloct_login_form",578,{"type":52,"name":53,"callback":54,"priority":55,"file":38,"line":56},"filter","authenticate","unloct_authenticate",5,579,{"type":52,"name":58,"callback":59,"priority":55,"file":38,"line":60},"login_redirect","unloct_login_redirect",581,{"type":35,"name":62,"callback":63,"priority":26,"file":38,"line":64},"init","unloct_init",582,{"type":35,"name":66,"callback":67,"priority":55,"file":38,"line":68},"admin_init","unloct_admin_init",584,{"type":52,"name":70,"callback":70,"file":38,"line":71},"unloct_get_clientid",588,{"type":52,"name":73,"callback":74,"priority":75,"file":38,"line":76},"plugin_action_links","ga_plugin_action_links",10,590,{"type":35,"name":78,"callback":79,"file":80,"line":81},"widgets_init","unloct_setup_widget","unloct_login.php",119,{"type":35,"name":78,"callback":83,"file":84,"line":85},"closure","unloct_widget.php",20,[],[],[89,93],{"tag":4,"callback":90,"file":91,"line":92},"unloct_shortcode","unloct_short_code.php",33,{"tag":94,"callback":95,"file":96,"line":92},"visitor","visitor_shortcode","visitor_short_code.php",[],2,{"dangerousFunctions":100,"sqlUsage":101,"outputEscaping":103,"fileOperations":11,"externalRequests":98,"nonceChecks":11,"capabilityChecks":98,"bundledLibraries":151},[],{"prepared":11,"raw":11,"locations":102},[],{"escaped":104,"rawEcho":105,"locations":106},38,22,[107,110,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149],{"file":38,"line":108,"context":109},102,"raw output",{"file":38,"line":81,"context":109},{"file":38,"line":112,"context":109},268,{"file":38,"line":114,"context":109},345,{"file":38,"line":116,"context":109},361,{"file":38,"line":118,"context":109},365,{"file":38,"line":120,"context":109},385,{"file":38,"line":122,"context":109},422,{"file":38,"line":124,"context":109},424,{"file":38,"line":126,"context":109},440,{"file":38,"line":128,"context":109},441,{"file":38,"line":130,"context":109},446,{"file":38,"line":132,"context":109},447,{"file":84,"line":134,"context":109},35,{"file":84,"line":136,"context":109},37,{"file":84,"line":138,"context":109},45,{"file":84,"line":140,"context":109},56,{"file":84,"line":142,"context":109},61,{"file":84,"line":144,"context":109},63,{"file":84,"line":146,"context":109},65,{"file":84,"line":148,"context":109},67,{"file":84,"line":150,"context":109},69,[],[153,171],{"entryPoint":154,"graph":155,"unsanitizedCount":26,"severity":170},"unloct_options_do_network_errors (core\\core_unloct_login.php:404)",{"nodes":156,"edges":167},[157,162],{"id":158,"type":159,"label":160,"file":38,"line":161},"n0","source","$_REQUEST",418,{"id":163,"type":164,"label":165,"file":38,"line":124,"wp_function":166},"n1","sink","echo() [XSS]","echo",[168],{"from":158,"to":163,"sanitized":169},false,"medium",{"entryPoint":172,"graph":173,"unsanitizedCount":11,"severity":180},"\u003Ccore_unloct_login> (core\\core_unloct_login.php:0)",{"nodes":174,"edges":177},[175,176],{"id":158,"type":159,"label":160,"file":38,"line":161},{"id":163,"type":164,"label":165,"file":38,"line":124,"wp_function":166},[178],{"from":158,"to":163,"sanitized":179},true,"low",{"summary":182,"deductions":183},"The 'unloct' plugin v3.1.0 demonstrates a generally good security posture based on the static analysis. It features a minimal attack surface with no apparent unprotected entry points. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is a positive indicator. Furthermore, the presence of capability checks suggests an awareness of WordPress security best practices.\n\nHowever, a key concern arises from the taint analysis, which identified one flow with an unsanitized path. While no critical or high severity issues were detected, this single unsanitized path represents a potential avenue for malicious input to be processed insecurely, which could lead to vulnerabilities depending on the context.\n\nThe plugin's history of zero known CVEs is a strong positive, indicating a history of secure development or a lack of discovered vulnerabilities. This, combined with the strengths observed in the code analysis, suggests a relatively safe plugin. Nevertheless, the identified unsanitized path warrants attention as it is the only noted deviation from an otherwise robust security profile.",[184,186,189],{"reason":185,"points":75},"Taint flow with unsanitized path",{"reason":187,"points":188},"Output escaping only 63% properly escaped",6,{"reason":190,"points":55},"No nonce checks on entry points","2026-03-17T06:10:48.822Z",{"wat":193,"direct":202},{"assetPaths":194,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[195,196],"\u002Fwp-content\u002Fplugins\u002Funloct\u002Funloct-login.css","\u002Fwp-content\u002Fplugins\u002Funloct\u002Funloct-login.js",[],[196],[200,201],"unloct-login.css?ver=","unloct-login.js?ver=",{"cssClasses":203,"htmlComments":206,"htmlAttributes":207,"restEndpoints":209,"jsGlobals":210,"shortcodeOutput":212},[204,205],"galogin","galogin-or",[],[208],"data-unloct-login",[],[211],"unloctLogin",[213,214],"[unloct_login]","[visitor_login]"]