[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f92D5gYovmdqilMWssgBnYZHs5BMUF8brGjRDGv0qG5M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":13,"unpatched_count":13,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":64},"vi-member-content","VI: Member Content","9.1.200310","Knighthawk","https:\u002F\u002Fprofiles.wordpress.org\u002Fknighthawk\u002F","\u003Cp>Allows you to place content intended for different users on the same post\u002Fpage\u003Cbr \u002F>\nContent for logged in\u002Fout users\u003Cbr \u002F>\nContent separated by user role\u002Fability\u003C\u002Fp>\n\u003Cblockquote class=\"wp-embedded-content\" data-secret=\"oxyGOD9XPp\">\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvi-member-content\u002F\" rel=\"ugc\">VI: Member Content\u003C\u002Fa>\u003C\u002Fp>\u003C\u002Fblockquote>\n\u003Cp>\u003Ciframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"„VI: Member Content“ — Plugin Directory\" src=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvi-member-content\u002Fembed\u002F#?secret=0TUyNZ8mvB#?secret=oxyGOD9XPp\" data-secret=\"oxyGOD9XPp\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\">\u003C\u002Fiframe>\u003C\u002Fp>\n","Site Specific Functions",10,885,0,"2020-04-03T23:04:00.000Z","5.3.21","",[],"https:\u002F\u002Fneathawk.com\u002F2019\u002Fplugin-member-content\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvi-member-content.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"knighthawk",2,20,30,84,"2026-04-04T22:49:04.286Z",[],{"attackSurface":33,"codeSignals":48,"taintFlows":56,"riskAssessment":57,"analyzedAt":63},{"hooks":34,"ajaxHandlers":35,"restRoutes":36,"shortcodes":37,"cronEvents":47,"entryPointCount":26,"unprotectedCount":13},[],[],[],[38,43],{"tag":39,"callback":40,"file":41,"line":42},"vi-visitor","visitor_content","vi_member_content.php",154,{"tag":44,"callback":45,"file":41,"line":46},"vi-member","member_content",155,[],{"dangerousFunctions":49,"sqlUsage":50,"outputEscaping":52,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":54,"bundledLibraries":55},[],{"prepared":13,"raw":13,"locations":51},[],{"escaped":13,"rawEcho":13,"locations":53},[],1,[],[],{"summary":58,"deductions":59},"The 'vi-member-content' v9.1.200310 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The code analysis reveals no dangerous functions, a complete absence of raw SQL queries (all use prepared statements), and 100% output escaping. Furthermore, there are no observed file operations or external HTTP requests, and the plugin properly implements capability checks. The limited attack surface, consisting only of two shortcodes with no explicitly un-protected entry points, is also a positive indicator.  The lack of any recorded CVEs or past vulnerabilities further strengthens this assessment. The absence of any identified taint flows suggests that the plugin is not susceptible to common injection-style attacks.\n\nWhile the plugin demonstrates excellent security practices, the absence of nonce checks on its entry points (AJAX and REST API are reported as 0, so shortcodes are the primary entry points here) represents a potential weakness. Although the current version shows no vulnerabilities, a lack of consistent nonce protection can sometimes be exploited in conjunction with other issues or in future versions if not addressed.  However, given the overall clean code and the robust use of capability checks, the immediate risk is low. The plugin's strengths in input sanitization and output escaping significantly mitigate the potential impact of any theoretical attack vectors related to its shortcodes.",[60],{"reason":61,"points":62},"Shortcode entry points lack nonce checks",5,"2026-03-17T01:32:27.272Z",{"wat":65,"direct":70},{"assetPaths":66,"generatorPatterns":67,"scriptPaths":68,"versionParams":69},[],[],[],[],{"cssClasses":71,"htmlComments":72,"htmlAttributes":73,"restEndpoints":74,"jsGlobals":75,"shortcodeOutput":76},[],[],[],[],[],[77,78,79,80],"[vi-visitor]","[\u002Fvi-visitor]","[vi-member]","[\u002Fvi-member]"]