[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fp_u4qUcTLwo8T1S7TOpjc3E9MxvNGi9tuWaulMqHbic":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":77,"fingerprints":158},"usgs-stream-flow-data","USGS Steam Flow Data","23.03.01","Chris Kindred","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrismkindred\u002F","\u003Cp>This plugin allows you to use a shortcode to display the USGS River Data for a site location.  The shortcode can be included in Posts, Pages and Text Widgets.\u003C\u002Fp>\n\u003Cp>The shortcode allows you to set your own title and whether or not to show a graph with it.\u003C\u002Fp>\n\u003Cp>Example Shortcode:\u003Cbr \u002F>\n[USGS location=’09080400′ title=’Great Place To Fish’ graph=’show’]\u003C\u002Fp>\n","This plugin uses shortcodes so you can get the USGS river flow data for a site location.  It also includes a easy to use Site Code Search.",100,7893,6,"2023-03-28T22:18:00.000Z","6.2.9","5.5","7.0",[19,20,21,22,23],"fly-fishing","river-flow","stream-flow","usgs","water-level","\u002F\u002Fwordpress.org\u002Fplugins\u002Fusgs-stream-flow-data\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusgs-stream-flow-data.23.03.01.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"chrismkindred",1,30,84,"2026-04-05T02:04:25.557Z",[38,58],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":50,"tags":53,"homepage":55,"download_link":56,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":57},"usgs-river-data","USGS River Data","1.21","J. Tyler Wiest","https:\u002F\u002Fprofiles.wordpress.org\u002Fjtwiest\u002F","\u003Cp>This plugin allows user to insert the USGS river data into their site in real time. By providing the plugin with the USGS ID number a widget or shortcodes can be generated to get the station name, current water level, water level graph and USGS link.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\nDisplay\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widget \u003C\u002Fli>\n\u003Cli>Shortcode (automatically generated using metabox)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Information Available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Station Name\u003C\u002Fli>\n\u003Cli>Current Water Level\u003C\u002Fli>\n\u003Cli>Current Gage Level in feet\u003C\u002Fli>\n\u003Cli>Water Level Graph\u003C\u002Fli>\n\u003Cli>Gage Height Graph\u003C\u002Fli>\n\u003Cli>Station Url\u003C\u002Fli>\n\u003Cli>Cache river information for a designated amount of time to speed up load time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fjtwventures.com\u002Fprojects\u002FUSGS\" rel=\"nofollow ugc\">Plugin’s Official Documentation and Support Page\u003C\u002Fa>\u003C\u002Fp>\n","Enter the USGS Station ID and this plugin provides you with river name, currently water level, graph and station url via a widget or shortcode.",10,2044,90,4,"","3.7.41","3.0",[54,22,23],"river","http:\u002F\u002Fjtwventures.com\u002Fprojects\u002Fusgs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusgs-river-data.zip","2026-03-15T10:48:56.248Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":46,"downloaded":66,"rating":27,"num_ratings":27,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":50,"tags":70,"homepage":75,"download_link":76,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"pegelonline-plugin","PegelOnline-Plugin","0.0.4","daburna","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaburna\u002F","\u003Cp>A plugin for monitoring the water level of e.g. a river into your blog. Works only with water level in Germany, so the following instructions\u003Cbr \u002F>\nare in German.\u003C\u002Fp>\n\u003Cp>Das PegelOnline-Plugin bindet den Pegelstand von Gewässern im Blog ein. Die Daten stammen von gewässerkundlichen Informationssystem der Wasser-\u003Cbr \u002F>\nund Schifffahrtsverwaltung des Bundes.\u003C\u002Fp>\n\u003Ch3>Using the plugin\u003C\u002Fh3>\n\u003Cp>An einer beliebigen Stelle im Blog  einsetzen.\u003C\u002Fp>\n","A plugin for monitoring the water level of e.g. a river into your blog. Works only with water level in Germany, so the following instructions",1857,"2009-07-31T14:14:00.000Z","2.8","2.0.0",[71,72,73,74,23],"embedding","gis","water","water-gage","http:\u002F\u002Fwww.daburna.de\u002Fblog\u002F2008\u002F12\u002F30\u002Fpegelonline-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpegelonline-plugin.0.0.4.zip",{"attackSurface":78,"codeSignals":112,"taintFlows":147,"riskAssessment":148,"analyzedAt":157},{"hooks":79,"ajaxHandlers":99,"restRoutes":105,"shortcodes":106,"cronEvents":110,"entryPointCount":111,"unprotectedCount":33},[80,86,91,95],{"type":81,"name":82,"callback":83,"file":84,"line":85},"action","plugins_loaded","closure","kwcusgs.php",29,{"type":81,"name":87,"callback":88,"file":89,"line":90},"admin_enqueue_scripts","register_admin_scripts","src\\Core.php",43,{"type":81,"name":92,"callback":93,"file":89,"line":94},"wp_enqueue_scripts","register_public_scripts",44,{"type":81,"name":96,"callback":97,"file":89,"line":98},"admin_menu","add_plugin_admin_menu",46,[100],{"action":101,"nopriv":102,"callback":103,"hasNonce":102,"hasCapCheck":102,"file":89,"line":104},"kwcusgsajax",false,"kwcusgsajax_callback",45,[],[107],{"tag":108,"callback":108,"file":89,"line":109},"USGS",50,[],2,{"dangerousFunctions":113,"sqlUsage":114,"outputEscaping":116,"fileOperations":27,"externalRequests":33,"nonceChecks":27,"capabilityChecks":33,"bundledLibraries":146},[],{"prepared":27,"raw":27,"locations":115},[],{"escaped":117,"rawEcho":118,"locations":119},27,12,[120,124,126,128,130,132,134,136,138,140,142,144],{"file":121,"line":122,"context":123},"src\\Admin\\Admin.php",59,"raw output",{"file":121,"line":125,"context":123},64,{"file":121,"line":127,"context":123},111,{"file":129,"line":34,"context":123},"views\\admin.php",{"file":129,"line":131,"context":123},107,{"file":129,"line":133,"context":123},110,{"file":135,"line":104,"context":123},"views\\usgs.php",{"file":135,"line":137,"context":123},69,{"file":135,"line":139,"context":123},93,{"file":135,"line":141,"context":123},120,{"file":135,"line":143,"context":123},128,{"file":135,"line":145,"context":123},136,[],[],{"summary":149,"deductions":150},"The usgs-stream-flow-data plugin version 23.03.01 exhibits a generally positive security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and any recorded historical vulnerabilities is commendable. The plugin also demonstrates good practices by using prepared statements for all SQL queries and performing capability checks on at least one entry point. The limited external HTTP request and lack of critical taint flows further contribute to its secure foundation.\n\nHowever, there are notable areas for improvement. The presence of one AJAX handler without authentication checks presents a potential attack vector, especially if this handler processes user-supplied input. Furthermore, the code signals indicate that 31% of output escaping is not properly handled, which could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is displayed without adequate sanitization. The total lack of taint analysis results is somewhat unusual; while it might indicate no complex data flows, it could also mean the analysis itself was limited in scope.\n\nIn conclusion, while the plugin avoids common critical vulnerabilities like unpatched CVEs or dangerous code patterns, the unprotected AJAX handler and the significant percentage of unescaped output represent the most immediate risks. Addressing these specific points would significantly enhance the plugin's overall security. The plugin's history of no vulnerabilities is a strong positive signal, suggesting a commitment to security from its developers.",[151,154],{"reason":152,"points":153},"AJAX handler without auth check",8,{"reason":155,"points":156},"Significant unescaped output",7,"2026-03-16T21:04:08.939Z",{"wat":159,"direct":170},{"assetPaths":160,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[161,162,163],"\u002Fwp-content\u002Fplugins\u002Fusgs-stream-flow-data\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fusgs-stream-flow-data\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fusgs-stream-flow-data\u002Fassets\u002Fcss\u002Fpublic.css",[],[162],[167,168,169],"usgs-stream-flow-data-admin-styles?ver=","usgs-stream-flow-data-admin-script?ver=","usgs-stream-flow-data-plugin-styles?ver=",{"cssClasses":171,"htmlComments":172,"htmlAttributes":173,"restEndpoints":174,"jsGlobals":175,"shortcodeOutput":176},[],[],[],[],[],[177],"[USGS]"]