[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvVav8sky9x95dyDtMTF3BTMeo1wAnpOqU7fCzPXwwHw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":221},"vinvin-seo","Vinvin SEO","2.0.0","vinvin27","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinvin27\u002F","\u003Cp>Vinvin SEO is a small extension allow you to add review on page\u002Fpost. It add review on text also on JSON\u002FLD.\u003Cbr \u002F>\nLots of new features incoming\u003Cbr \u002F>\nIm french \u003Ca href=\"https:\u002F\u002Fwww.vinvin.dev\u002Fdeveloppeur-wordpress-montreal\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> based in Montreal\u003Cbr \u002F>\nGet more information \u003Ca href=\"https:\u002F\u002Fwp-config.info\u002Fblog-optimisation-wordpress\u002F\" rel=\"nofollow ugc\">SEO and Cache plugin\u003C\u002Fa>\u003C\u002Fp>\n","Vinvin SEO is a small extension allow you to add review on page\u002Fpost. It add review on text also on JSON\u002FLD. Lots of new features incoming",10,8167,0,"2022-11-15T19:50:00.000Z","6.1.10","5.0","5.6",[],"https:\u002F\u002Fvinvin.dev\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvinvin-seo.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},4,810,89,30,86,"2026-04-04T13:52:29.075Z",[],{"attackSurface":34,"codeSignals":92,"taintFlows":175,"riskAssessment":212,"analyzedAt":220},{"hooks":35,"ajaxHandlers":72,"restRoutes":73,"shortcodes":74,"cronEvents":91,"entryPointCount":26,"unprotectedCount":13},[36,42,46,50,54,58,62,66,69],{"type":37,"name":38,"callback":39,"priority":11,"file":40,"line":41},"action","page_generator_pro_generate_content_finished","vinvin_turn_post_to_draft","vinvin.php",27,{"type":37,"name":43,"callback":44,"file":40,"line":45},"the_content","vinvin_the_content",38,{"type":37,"name":47,"callback":48,"priority":11,"file":40,"line":49},"vinvin_toto","vinvin_save_post_wpauto",50,{"type":37,"name":51,"callback":52,"file":40,"line":53},"admin_menu","vinvin_plugin_setup_menu",70,{"type":55,"name":43,"callback":56,"file":40,"line":57},"filter","vinvin_review_to_content",521,{"type":37,"name":59,"callback":60,"file":40,"line":61},"save_post","vinvin_save_post",661,{"type":37,"name":63,"callback":64,"file":40,"line":65},"wp_head","vinvin_head",673,{"type":37,"name":59,"callback":67,"priority":11,"file":40,"line":68},"vinvin_save_post_remove_summary",931,{"type":37,"name":59,"callback":70,"priority":11,"file":40,"line":71},"vinvin_generated_thumbnails",1096,[],[],[75,79,83,87],{"tag":76,"callback":77,"file":40,"line":78},"vinvin_site_description","vinvin_site_description_fn",498,{"tag":80,"callback":81,"file":40,"line":82},"vinvin_site_name","vinvin_site_name_fn",505,{"tag":84,"callback":85,"file":40,"line":86},"vinvin_post_title","vinvin_post_title_fn",511,{"tag":88,"callback":89,"file":40,"line":90},"vg_sc_fs_multi_faq","sc_fs_multi_faq_vinvin",836,[],{"dangerousFunctions":93,"sqlUsage":94,"outputEscaping":96,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":173,"bundledLibraries":174},[],{"prepared":13,"raw":13,"locations":95},[],{"escaped":97,"rawEcho":98,"locations":99},2,37,[100,103,105,107,109,111,113,115,117,119,121,123,125,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,161,163,165,167,169,171],{"file":40,"line":101,"context":102},150,"raw output",{"file":40,"line":104,"context":102},215,{"file":40,"line":106,"context":102},329,{"file":40,"line":108,"context":102},333,{"file":40,"line":110,"context":102},342,{"file":40,"line":112,"context":102},346,{"file":40,"line":114,"context":102},350,{"file":40,"line":116,"context":102},354,{"file":40,"line":118,"context":102},358,{"file":40,"line":120,"context":102},362,{"file":40,"line":122,"context":102},367,{"file":40,"line":124,"context":102},377,{"file":40,"line":124,"context":102},{"file":40,"line":127,"context":102},385,{"file":40,"line":129,"context":102},390,{"file":40,"line":131,"context":102},395,{"file":40,"line":133,"context":102},399,{"file":40,"line":135,"context":102},404,{"file":40,"line":137,"context":102},411,{"file":40,"line":139,"context":102},415,{"file":40,"line":141,"context":102},419,{"file":40,"line":143,"context":102},424,{"file":40,"line":145,"context":102},434,{"file":40,"line":147,"context":102},801,{"file":40,"line":149,"context":102},802,{"file":40,"line":151,"context":102},803,{"file":40,"line":153,"context":102},804,{"file":40,"line":155,"context":102},805,{"file":40,"line":157,"context":102},806,{"file":40,"line":159,"context":102},809,{"file":40,"line":27,"context":102},{"file":40,"line":162,"context":102},811,{"file":40,"line":164,"context":102},815,{"file":40,"line":166,"context":102},820,{"file":40,"line":168,"context":102},821,{"file":40,"line":170,"context":102},822,{"file":40,"line":172,"context":102},823,1,[],[176,201],{"entryPoint":177,"graph":178,"unsanitizedCount":13,"severity":200},"vinvin_fn (vinvin.php:75)",{"nodes":179,"edges":196},[180,185,190,194],{"id":181,"type":182,"label":183,"file":40,"line":184},"n0","source","$_POST['vinvin']",103,{"id":186,"type":187,"label":188,"file":40,"line":184,"wp_function":189},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":191,"type":182,"label":192,"file":40,"line":193},"n2","$_POST['vinvin_accepted_posttypes']",109,{"id":195,"type":187,"label":188,"file":40,"line":193,"wp_function":189},"n3",[197,199],{"from":181,"to":186,"sanitized":198},true,{"from":191,"to":195,"sanitized":198},"low",{"entryPoint":202,"graph":203,"unsanitizedCount":13,"severity":200},"\u003Cvinvin> (vinvin.php:0)",{"nodes":204,"edges":209},[205,206,207,208],{"id":181,"type":182,"label":183,"file":40,"line":184},{"id":186,"type":187,"label":188,"file":40,"line":184,"wp_function":189},{"id":191,"type":182,"label":192,"file":40,"line":193},{"id":195,"type":187,"label":188,"file":40,"line":193,"wp_function":189},[210,211],{"from":181,"to":186,"sanitized":198},{"from":191,"to":195,"sanitized":198},{"summary":213,"deductions":214},"The vinvin-seo plugin v2.0.0 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. The plugin also correctly utilizes prepared statements for its SQL queries, which is a significant strength. However, a major concern is the very low percentage of properly escaped output (5%). With 39 total outputs, this indicates that a substantial number of outputs are likely vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks on its entry points (shortcodes) is another significant risk, as it doesn't prevent unauthorized execution of these shortcodes. Despite these concerns, the plugin has no recorded vulnerabilities, which suggests that either existing vulnerabilities have been patched, or the plugin's limited functionality and attack surface haven't been heavily targeted or exploited in the past. The strong adherence to prepared statements is a positive indicator of secure coding practices in database interactions. However, the output escaping and nonce check deficiencies represent significant areas of risk that require immediate attention. In conclusion, while the plugin demonstrates strengths in database security, its handling of user-provided data and request verification presents notable vulnerabilities.",[215,218],{"reason":216,"points":217},"Low percentage of properly escaped output",15,{"reason":219,"points":11},"No nonce checks on shortcodes","2026-03-17T00:14:14.195Z",{"wat":222,"direct":231},{"assetPaths":223,"generatorPatterns":225,"scriptPaths":226,"versionParams":228},[224],"\u002Fwp-content\u002Fplugins\u002Fvinvin-seo\u002Fvinvin.css",[],[227],"\u002Fwp-content\u002Fplugins\u002Fvinvin-seo\u002Fvinvin.js",[229,230],"vinvin-seo\u002Fvinvin.css?ver=","vinvin-seo\u002Fvinvin.js?ver=",{"cssClasses":232,"htmlComments":234,"htmlAttributes":237,"restEndpoints":239,"jsGlobals":240,"shortcodeOutput":242},[233],"v_id_post",[235,236],"\u003C!-- Ajout d'un param pour disable BHM -->","\u003C!-- Antidaté les post -->",[238],"id=\"v_id_post\"",[],[241],"window.vinvin_seo_options",[]]