[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX-q9TTZh97Tpng43xLBCft9wfqYSMteemQGZTIgD4Qw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":70,"fingerprints":313},"walnutmarketing","Walnut.Marketing Portal","0.2.05","ActiveDEMAND Online Agency Marketing Automation","https:\u002F\u002Fprofiles.wordpress.org\u002Fponiard\u002F","\u003Cp>Adds the Walnut.Marketing Portal tracking script to your website.\u003C\u002Fp>\n","Adds the Walnut.Marketing Portal tracking script to your website",10,2152,0,"2019-03-18T21:43:00.000Z","5.1.22","2.8","",[19],"tracking-script","https:\u002F\u002Fwalnut.marketing","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwalnutmarketing.0.2.05.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"poniard",2,1010,87,191,70,"2026-04-04T15:32:58.425Z",[35,57],{"slug":36,"name":37,"version":38,"author":7,"author_profile":8,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":16,"requires_php":17,"tags":47,"homepage":52,"download_link":53,"security_score":54,"vuln_count":55,"unpatched_count":13,"last_vuln_date":56,"fetched_at":24},"activedemand","ActiveDEMAND","0.2.47","\u003Cp>Adds the \u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FvaiXT\" rel=\"nofollow ugc\">ActiveDEMAND\u003C\u002Fa> tracking script to your website. As well this plugin gives you the ability to use shortcodes to embed ActiveDEMAND webforms into your widgets, pages, posts, and sidebars.\u003C\u002Fp>\n\u003Ch4>Personalize your WordPress visitor Experience with ActiveDEMAND\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FN8DSB\" rel=\"nofollow ugc\">Dynamically change website content based on users GEO-IP location, utm_source\u002Fmedium, any visitor history\u002Fcontext\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002F3RDMj\" rel=\"nofollow ugc\">Embed web forms on any page\u002Fpost\u002Fsidebar etc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002F0b1aD\" rel=\"nofollow ugc\">Add custom popups and opt in bars\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FYkfq2\" rel=\"nofollow ugc\">Automatically send emails to people who fill out forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FbNjo5\" rel=\"nofollow ugc\">Track visitors, link clicks etc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FN8DSB\" rel=\"nofollow ugc\">GEO IP lookup of all visitors, email opens, phone calls, etc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FTKVri\" rel=\"nofollow ugc\">Full attribution of marketing activities\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FgomgB\" rel=\"nofollow ugc\">Appointment Scheduling\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For the full list of capabilities, visit \u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FvaiXT\" rel=\"nofollow ugc\">www.ActiveDEMAND.com\u003C\u002Fa>!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F9VsHjxMsHHk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Fully automate your marketing with \u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FvaiXT\" rel=\"nofollow ugc\"> ActiveDEMAND\u003C\u002Fa>.\u003C\u002Fp>\n","ActiveDEMAND, the easy way to add Web Forms, Dynamic Content, and Popups to your WordPress site.",1000,40669,100,6,"2025-10-15T20:37:00.000Z","6.8.5",[48,49,50,51,19],"dynamic-content","geo-ip","opt-in-forms","popup-builder","https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FGnf5n","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivedemand.0.2.47.zip",88,4,"2025-04-16 00:00:00",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":13,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":16,"requires_php":17,"tags":68,"homepage":17,"download_link":69,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24},"pod-marketing-analytics","POD Marketing Analytics","0.2.17","jumpdemand","https:\u002F\u002Fprofiles.wordpress.org\u002Fjumpdemand\u002F","\u003Cp>For those people who have an active Pod Marketing Analytics account, this plugin will add the website tracking script onto your website. To learn more about the Pod Marketing Analytics Portal and to get your Pod Marketing Analytics Portal account, go to http:\u002F\u002Fwww.jumpdemand.me.\u003C\u002Fp>\n","The easy way to integrate the Pod Marketing Analytics Portal to your website.",1666,"2021-06-09T20:49:00.000Z","5.7.15",[19],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpod-marketing-analytics.0.2.17.zip",{"attackSurface":71,"codeSignals":181,"taintFlows":242,"riskAssessment":302,"analyzedAt":312},{"hooks":72,"ajaxHandlers":166,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":180,"unprotectedCount":180},[73,79,84,87,91,95,98,101,104,109,113,116,119,122,124,126,129,132,135,138,141,144,148,150,152,155,158,160,163],{"type":74,"name":75,"callback":76,"file":77,"line":78},"action","wp_enqueue_scripts","anonymous","class-SCCollector.php",142,{"type":80,"name":81,"callback":76,"priority":82,"file":77,"line":83},"filter","the_content",1,182,{"type":80,"name":85,"callback":76,"file":77,"line":86},"widget_text",185,{"type":74,"name":88,"callback":76,"priority":89,"file":77,"line":90},"wp_footer",900,200,{"type":74,"name":92,"callback":76,"file":93,"line":94},"admin_enqueue_scripts","landing-pages.php",13,{"type":74,"name":96,"callback":76,"priority":82,"file":93,"line":97},"wp",48,{"type":74,"name":99,"callback":76,"file":93,"line":100},"add_meta_boxes",124,{"type":74,"name":102,"callback":76,"file":93,"line":103},"save_post",163,{"type":74,"name":105,"callback":106,"file":107,"line":108},"init","initialize_hooks","linked-forms.php",361,{"type":74,"name":110,"callback":111,"file":107,"line":112},"plugins_loaded","initialize_class_vars",362,{"type":74,"name":92,"callback":114,"file":107,"line":115},"closure",421,{"type":74,"name":105,"callback":76,"file":117,"line":118},"WalnutMarketing.php",41,{"type":80,"name":120,"callback":76,"priority":11,"file":117,"line":121},"block_categories",136,{"type":74,"name":105,"callback":76,"file":117,"line":123},140,{"type":74,"name":105,"callback":76,"file":117,"line":125},288,{"type":74,"name":127,"callback":76,"file":117,"line":128},"admin_init",369,{"type":80,"name":130,"callback":76,"file":117,"line":131},"mce_external_plugins",458,{"type":80,"name":133,"callback":76,"file":117,"line":134},"mce_buttons",459,{"type":74,"name":136,"callback":76,"file":117,"line":137},"woocommerce_cart_updated",516,{"type":74,"name":139,"callback":76,"file":117,"line":140},"woocommerce_cart_emptied",527,{"type":74,"name":142,"callback":76,"priority":11,"file":117,"line":143},"woocommerce_order_status_changed",744,{"type":80,"name":145,"callback":76,"priority":146,"file":117,"line":147},"clean_url",11,751,{"type":74,"name":75,"callback":76,"file":117,"line":149},752,{"type":74,"name":92,"callback":76,"file":117,"line":151},754,{"type":74,"name":153,"callback":76,"file":117,"line":154},"admin_menu",756,{"type":80,"name":156,"callback":76,"priority":11,"file":117,"line":157},"plugin_action_links",757,{"type":74,"name":105,"callback":76,"file":117,"line":159},764,{"type":74,"name":161,"callback":76,"file":117,"line":162},"in_admin_footer",765,{"type":74,"name":164,"callback":114,"file":117,"line":165},"woocommerce_after_checkout_form",775,[167,171,174],{"action":168,"nopriv":169,"callback":76,"hasNonce":169,"hasCapCheck":169,"file":107,"line":170},"reset_ad_form_linkage",false,364,{"action":172,"nopriv":169,"callback":76,"hasNonce":169,"hasCapCheck":169,"file":107,"line":173},"update_ad_form_linkage",365,{"action":175,"nopriv":169,"callback":76,"hasNonce":169,"hasCapCheck":169,"file":107,"line":176},"show_form_mapper",366,[],[],[],3,{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":13,"externalRequests":44,"nonceChecks":44,"capabilityChecks":13,"bundledLibraries":238},[],{"prepared":28,"raw":13,"locations":184},[],{"escaped":13,"rawEcho":186,"locations":187},24,[188,191,193,195,197,199,201,203,205,207,210,212,214,216,218,220,222,224,226,228,230,232,234,236],{"file":77,"line":189,"context":190},197,"raw output",{"file":93,"line":192,"context":190},42,{"file":93,"line":194,"context":190},115,{"file":93,"line":196,"context":190},160,{"file":107,"line":198,"context":190},109,{"file":107,"line":200,"context":190},111,{"file":107,"line":202,"context":190},379,{"file":107,"line":204,"context":190},403,{"file":107,"line":206,"context":190},417,{"file":208,"line":209,"context":190},"partials\\tinymce-editor.php",56,{"file":208,"line":211,"context":190},60,{"file":208,"line":213,"context":190},92,{"file":208,"line":215,"context":190},96,{"file":217,"line":192,"context":190},"settings.php",{"file":217,"line":219,"context":190},76,{"file":217,"line":221,"context":190},84,{"file":217,"line":223,"context":190},126,{"file":217,"line":225,"context":190},167,{"file":217,"line":227,"context":190},186,{"file":217,"line":229,"context":190},189,{"file":217,"line":231,"context":190},222,{"file":217,"line":233,"context":190},225,{"file":217,"line":235,"context":190},261,{"file":117,"line":237,"context":190},776,[239],{"name":240,"version":23,"knownCves":241},"TinyMCE",[],[243,261,275,283,293],{"entryPoint":244,"graph":245,"unsanitizedCount":82,"severity":260},"\u003CWalnutMarketing> (WalnutMarketing.php:0)",{"nodes":246,"edges":258},[247,252],{"id":248,"type":249,"label":250,"file":117,"line":251},"n0","source","$_SERVER",253,{"id":253,"type":254,"label":255,"file":117,"line":256,"wp_function":257},"n1","sink","wp_remote_post() [SSRF]",599,"wp_remote_post",[259],{"from":248,"to":253,"sanitized":169},"medium",{"entryPoint":262,"graph":263,"unsanitizedCount":13,"severity":274},"activedemand_ajax_get_landing_html (landing-pages.php:107)",{"nodes":264,"edges":271},[265,268],{"id":248,"type":249,"label":266,"file":93,"line":267},"$_POST",113,{"id":253,"type":254,"label":269,"file":93,"line":194,"wp_function":270},"echo() [XSS]","echo",[272],{"from":248,"to":253,"sanitized":273},true,"low",{"entryPoint":276,"graph":277,"unsanitizedCount":13,"severity":274},"\u003Clanding-pages> (landing-pages.php:0)",{"nodes":278,"edges":281},[279,280],{"id":248,"type":249,"label":266,"file":93,"line":267},{"id":253,"type":254,"label":269,"file":93,"line":194,"wp_function":270},[282],{"from":248,"to":253,"sanitized":273},{"entryPoint":284,"graph":285,"unsanitizedCount":13,"severity":274},"ajax_show_form_mapper (linked-forms.php:410)",{"nodes":286,"edges":291},[287,290],{"id":248,"type":249,"label":288,"file":107,"line":289},"$_GET",411,{"id":253,"type":254,"label":269,"file":107,"line":206,"wp_function":270},[292],{"from":248,"to":253,"sanitized":273},{"entryPoint":294,"graph":295,"unsanitizedCount":13,"severity":274},"\u003Clinked-forms> (linked-forms.php:0)",{"nodes":296,"edges":300},[297,299],{"id":248,"type":249,"label":266,"file":107,"line":298},389,{"id":253,"type":254,"label":269,"file":107,"line":206,"wp_function":270},[301],{"from":248,"to":253,"sanitized":273},{"summary":303,"deductions":304},"The 'walnutmarketing' plugin v0.2.05 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and includes nonce checks for its AJAX handlers.  There is also no recorded vulnerability history, suggesting a generally stable codebase. However, significant concerns arise from the static analysis. A substantial attack surface is exposed, with all three identified AJAX handlers lacking authentication checks. Furthermore, the analysis indicates that none of the 24 identified output points are properly escaped, creating a high risk of cross-site scripting (XSS) vulnerabilities. The single unsanitized path identified in the taint analysis also warrants attention, although its severity is not specified as critical or high. The lack of capability checks on the AJAX handlers, combined with unescaped output, creates a dangerous combination where unauthenticated users could potentially inject malicious scripts that execute within the context of other users' browsers.\n\nDespite the lack of historical CVEs, the identified weaknesses in current code analysis are serious. The absence of authentication on AJAX endpoints and the pervasive lack of output escaping represent fundamental security flaws that could be easily exploited. While the use of prepared statements for SQL is commendable, it does not mitigate the risks posed by XSS or unauthorized actions through unprotected AJAX endpoints.  The plugin's strengths lie in its SQL handling and nonce implementation, but these are overshadowed by the critical vulnerabilities in authentication and output sanitization.  Immediate remediation is advised to address these critical security gaps.",[305,307,310],{"reason":306,"points":11},"AJAX handlers without auth checks",{"reason":308,"points":309},"Unescaped output across all outputs",8,{"reason":311,"points":309},"Unsanitized path in taint analysis","2026-03-17T00:27:27.246Z",{"wat":314,"direct":323},{"assetPaths":315,"generatorPatterns":318,"scriptPaths":319,"versionParams":322},[316,317],"\u002Fwp-content\u002Fplugins\u002Fwalnutmarketing\u002Fgutenberg-blocks\u002Fdynamic-content-blocks\u002Fblock.build.js","\u002Fwp-content\u002Fplugins\u002Fwalnutmarketing\u002Fgutenberg-blocks\u002Fforms\u002Fblock.build.js",[],[320,321],"https:\u002F\u002Fapi.activedemand.com\u002Fv1\u002Fsmart_blocks.json","https:\u002F\u002Fapi.activedemand.com\u002Fv1\u002Fforms.json",[],{"cssClasses":324,"htmlComments":325,"htmlAttributes":326,"restEndpoints":327,"jsGlobals":328,"shortcodeOutput":331},[],[],[],[],[329,330],"activedemand_blocks","activedemand_forms",[332,333],"[activedemand_block","[activedemand_form"]