[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSCcf3YdWs5H6m5h1zIyU-reR820kLq_epos1uqCMDco":3,"$fWlOYRUjTnz05t0K2wRE7MFaS4wZvoN4-84B-9796S5c":157,"$fRuZer8npt3hgdENFGMFFpiP6VwDg9Db_GB3HkW-uHFA":162},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":25,"download_link":26,"security_score":27,"vuln_count":13,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":37,"analysis":100,"fingerprints":140},"usgs-streamflow-data","USGS River Conditions","1.01","manifestcreative","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanifestcreative\u002F","\u003Cp>This is a WordPress plugin that fetches streamflow and river data from the USGS. It’s intended use is for river guides and fishing outfitters to report conditions. It may also be useful for rafting companies and others who offer services related to rivers and streams.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwaterservices.usgs.gov\u002Frest\u002FIV-Service.html\" rel=\"nofollow ugc\">Documentation on USGS API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwaterservices.usgs.gov\u002Fnwis\u002Fiv?format=json,1.1&stateCd=mt&parameterCd=00060,00065,00010&siteType=ST\" rel=\"nofollow ugc\">Data Source\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwdr.water.usgs.gov\u002Fnwisgmap\u002Findex.html\" rel=\"nofollow ugc\">How to Locate USGS sites\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin fetches streamflow and river data from the USGS.",10,1463,0,"2012-01-24T23:40:00.000Z","3.3.2","2.9","",[19,20,21,22,23,24],"fishing","kayaking","rafting","river-conditions","streamflow","usgs","http:\u002F\u002Fmanifestbozeman.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusgs-streamflow-data.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-05-20T09:20:20.819Z",[38,61,80],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":46,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":27,"vuln_count":13,"unpatched_count":13,"last_vuln_date":28,"fetched_at":60},"usgs-stream-flow-data","USGS Steam Flow Data","23.03.01","Chris Kindred","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrismkindred\u002F","\u003Cp>This plugin allows you to use a shortcode to display the USGS River Data for a site location.  The shortcode can be included in Posts, Pages and Text Widgets.\u003C\u002Fp>\n\u003Cp>The shortcode allows you to set your own title and whether or not to show a graph with it.\u003C\u002Fp>\n\u003Cp>Example Shortcode:\u003Cbr \u002F>\n[USGS location=’09080400′ title=’Great Place To Fish’ graph=’show’]\u003C\u002Fp>\n","This plugin uses shortcodes so you can get the USGS river flow data for a site location.  It also includes a easy to use Site Code Search.",100,7959,6,"2023-03-28T22:18:00.000Z","6.2.9","5.5","7.0",[54,55,56,24,57],"fly-fishing","river-flow","stream-flow","water-level","\u002F\u002Fwordpress.org\u002Fplugins\u002Fusgs-stream-flow-data\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusgs-stream-flow-data.23.03.01.zip","2026-04-06T09:54:40.288Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":13,"downloaded":69,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":17,"download_link":78,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":28,"fetched_at":79},"charter-booker","Charter Booker","1.1.2","mdburnette","https:\u002F\u002Fprofiles.wordpress.org\u002Fmdburnette\u002F","\u003Cp>Charter Booker gives charter businesses a complete booking workflow inside WordPress, from trip setup to customer confirmation.\u003C\u002Fp>\n\u003Cp>Create trip types, assign captains and boats, control capacity, and publish bookable trips on your website with simple shortcodes. Customers can browse availability and submit booking requests in a clean frontend flow, while your team manages schedules, statuses, and notifications from wp-admin.\u003C\u002Fp>\n\u003Cp>Whether you run inshore, offshore, private group, or specialty trips, Charter Booker is designed to help you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Capture more direct bookings from your own website.\u003C\u002Fli>\n\u003Cli>Reduce back-and-forth scheduling and manual admin work.\u003C\u002Fli>\n\u003Cli>Keep bookings, trip data, and communication organized in one place.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Core features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom post types for captains, boats, trips, and bookings.\u003C\u002Fli>\n\u003Cli>Admin dashboards and list tables for operations.\u003C\u002Fli>\n\u003Cli>Trip scheduling with availability checks.\u003C\u002Fli>\n\u003Cli>Capacity controls and overbooking settings.\u003C\u002Fli>\n\u003Cli>Booking status and payment tracking.\u003C\u002Fli>\n\u003Cli>Email templates for customer and admin notifications.\u003C\u002Fli>\n\u003Cli>Optional compatibility with a separately distributed Charter Booker Pro plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Premium features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stripe checkout integration with test\u002Flive mode and connection checks.\u003C\u002Fli>\n\u003Cli>PayPal checkout integration with sandbox\u002Flive mode and connection checks.\u003C\u002Fli>\n\u003Cli>Per-trip deposit controls (fixed amount or percentage) and “must pay in full” options.\u003C\u002Fli>\n\u003Cli>Advanced pricing support for time-based rules and manual price overrides.\u003C\u002Fli>\n\u003Cli>Trip-level max party size overrides for finer capacity control.\u003C\u002Fli>\n\u003Cli>Monthly sales and bookings dashboard panels for quick performance insights.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The WordPress.org package is fully functional for all features included in this plugin and does not require a license key to use those included features.\u003C\u002Fp>\n","Charter Booker helps fishing and boat charter operators accept online bookings, manage schedules, and turn website visits into confirmed trips.",144,"6.9.4","6.0","7.4",[74,75,19,76,77],"boats","charter-booking","payments","trips","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcharter-booker.1.1.2.zip","2026-03-15T10:48:56.248Z",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":13,"downloaded":88,"rating":89,"num_ratings":33,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":27,"vuln_count":13,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29},"nerd-wp","NERD WP Plugin","1.2.5","yoannspace","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoannspace\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkermitt2\u002Fentity-fishing\" rel=\"nofollow ugc\">NERD\u003C\u002Fa> is an application that allows to recognize and disambiguate named entities.\u003Cbr \u002F>\nThis plugin allows integration of the NERD service with WordPress. Each post can be run through NERD and will automatically create tags for it.\u003Cbr \u002F>\nThose tags, in return are used to propose extra information coming from Wikipedia and Wikidata.\u003C\u002Fp>\n\u003Ch3>Installation (via WordPress plugins)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install via \u003Ca href=\"https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Fnerd-wp\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation (manually)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload directory \u003Ccode>nerd-wp\u003C\u002Fcode> to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Add the plugin Widget\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Once in the admin section, go to the Widget section and add the NERD WP Widget to your sidebar\u003C\u002Fli>\n\u003Cli>You may also modify the title of the Widget\u003C\u002Fli>\n\u003C\u002Fol>\n","NERD (https:\u002F\u002Fgithub.com\u002Fkermitt2\u002Fentity-fishing) is an application that allows to recognize and disambiguate named entities.",1505,20,"2021-09-14T05:45:00.000Z","5.8.13","4.9.1","5.6.35",[95,96,97],"disambiguation","entity-fishing","entity-recognition","https:\u002F\u002Fgithub.com\u002Fdariah-eric\u002Fnerd-wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnerd-wp.1.2.5.zip",{"attackSurface":101,"codeSignals":107,"taintFlows":127,"riskAssessment":128,"analyzedAt":139},{"hooks":102,"ajaxHandlers":103,"restRoutes":104,"shortcodes":105,"cronEvents":106,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":108,"sqlUsage":109,"outputEscaping":111,"fileOperations":13,"externalRequests":33,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":126},[],{"prepared":13,"raw":13,"locations":110},[],{"escaped":13,"rawEcho":112,"locations":113},5,[114,118,120,122,124],{"file":115,"line":116,"context":117},"usgs-streamflow-data.php",161,"raw output",{"file":115,"line":119,"context":117},162,{"file":115,"line":121,"context":117},171,{"file":115,"line":123,"context":117},173,{"file":115,"line":125,"context":117},229,[],[],{"summary":129,"deductions":130},"The `usgs-streamflow-data` plugin, version 1.01, exhibits a generally good security posture based on the provided static analysis.  The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code does not use dangerous functions, performs file operations, or contain any vulnerabilities in its vulnerability history. The use of prepared statements for all SQL queries is a strong indication of secure database interaction.\n\nHowever, a significant concern is the complete lack of output escaping, with 0% of the 5 identified outputs being properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious code could be injected and executed within the WordPress dashboard or on the frontend if the plugin's output is displayed to users. While the plugin makes one external HTTP request, without further analysis, it's difficult to assess its security implications. The absence of nonce and capability checks, though mitigated by the limited attack surface, also presents a potential risk if new entry points were ever introduced.\n\nOverall, the plugin benefits from a small attack surface and secure database practices. However, the critical issue of unescaped output creates a clear and present danger for XSS attacks. Until this is addressed, the plugin should be considered moderately risky despite its other strengths.",[131,134,137],{"reason":132,"points":133},"Unescaped output detected",8,{"reason":135,"points":136},"No nonce checks",3,{"reason":138,"points":136},"No capability checks","2026-04-16T12:51:03.303Z",{"wat":141,"direct":146},{"assetPaths":142,"generatorPatterns":143,"scriptPaths":144,"versionParams":145},[],[],[],[],{"cssClasses":147,"htmlComments":150,"htmlAttributes":151,"restEndpoints":154,"jsGlobals":155,"shortcodeOutput":156},[148,149],"rivers","riverName",[],[152,153],"id=\"riverDataMap\"","class=\"riverMap\"",[],[],[],{"error":158,"url":159,"statusCode":160,"statusMessage":161,"message":161},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fusgs-streamflow-data\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":163},[]]