[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRkjw432QUy43E0PLo8SGmVDm_9nc_nDps02Jt4kyav4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":39,"fingerprints":145},"webeki-soccer-scores","Soccer Widgets – Football Results & Rankings","1.3","widgetlab","https:\u002F\u002Fprofiles.wordpress.org\u002Fnvmnewvision\u002F","\u003Cp>Show football scores and table rankings in your WordPress website using Soccer Widgets shortcodes. Free data, updated automatically, from 250+ football competitions from all over the world, available in multiple languages.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>widgets with football table rankings and latest match results from 250+ competitions around the world\u003C\u002Fli>\n\u003Cli>data available for pull in 16 languages (English, Spanish, French, German, Swedish, Danish, Norwegian, Finnish, Dutch, Italian, Portuguese, Polish, Romanian, Hungarian, Czech, Greek)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How to use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>install the plugin and activate it in your WordPress website\u003C\u002Fli>\n\u003Cli>in the left side menu in Admin area look for Soccer Widgets item\u003C\u002Fli>\n\u003Cli>go to Soccer Widgets to generate the shortcode for any data options like results and table rankings\u003C\u002Fli>\n\u003Cli>copy the shortcode and paste it in your blog post or page\u003C\u002Fli>\n\u003Cli>optional: most data in widgets are presented in table formats, with 100% width. You can use html code to control the size of the width\u003C\u002Fli>\n\u003Cli>optional: data tables from these widgets make use of your website CSS style. However if you do not like how they look in your pages, play with the Customization option of the plugin to change style colors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Soccer Widgets: use shortcodes to deliver updated soccer data like various table rankings and football results by competition.",100,5966,1,"2024-01-22T02:31:00.000Z","6.4.8","4.1","",[19,20,21,22,23],"football-rankings","football-tables","soccer-results","soccer-statistics","soccer-widgets","https:\u002F\u002Fwww.widgetlab.net\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebeki-soccer-scores.1.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"nvmnewvision",2,130,30,84,"2026-04-04T12:26:20.587Z",[],{"attackSurface":40,"codeSignals":79,"taintFlows":105,"riskAssessment":132,"analyzedAt":144},{"hooks":41,"ajaxHandlers":62,"restRoutes":71,"shortcodes":72,"cronEvents":77,"entryPointCount":78,"unprotectedCount":33},[42,48,51,54,58],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_menu","codended_sswidget_add_admin_menu","SoccerScores-widget.php",76,{"type":43,"name":49,"callback":49,"file":46,"line":50},"admin_enqueue_scripts",77,{"type":43,"name":49,"callback":52,"file":46,"line":53},"admin_enqueue_styles",78,{"type":43,"name":55,"callback":56,"file":46,"line":57},"wp_enqueue_scripts","frontend_enqueue_script",80,{"type":43,"name":59,"callback":60,"file":46,"line":61},"admin_init","register_settings",82,[63,68],{"action":64,"nopriv":65,"callback":66,"hasNonce":65,"hasCapCheck":65,"file":46,"line":67},"ce_ssw_fetchGroup",false,"my_ajax_fetchGroup_handler",83,{"action":69,"nopriv":65,"callback":70,"hasNonce":65,"hasCapCheck":65,"file":46,"line":36},"ce_ssw_processPreview","my_ajax_processPreview_handler",[],[73],{"tag":74,"callback":75,"file":46,"line":76},"soccerstats","soccerstats_shortcode",72,[],3,{"dangerousFunctions":80,"sqlUsage":81,"outputEscaping":98,"fileOperations":13,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":104},[],{"prepared":27,"raw":82,"locations":83},5,[84,88,90,93,96],{"file":85,"line":86,"context":87},"admin\\customization.php",6,"$wpdb->get_results() with variable interpolation",{"file":89,"line":86,"context":87},"admin\\settings.php",{"file":46,"line":91,"context":92},22,"$wpdb->query() with variable interpolation",{"file":46,"line":94,"context":95},46,"$wpdb->get_var() with variable interpolation",{"file":46,"line":97,"context":87},113,{"escaped":99,"rawEcho":13,"locations":100},60,[101],{"file":46,"line":102,"context":103},104,"raw output",[],[106,122],{"entryPoint":107,"graph":108,"unsanitizedCount":13,"severity":121},"my_ajax_processPreview_handler (SoccerScores-widget.php:98)",{"nodes":109,"edges":119},[110,114],{"id":111,"type":112,"label":113,"file":46,"line":11},"n0","source","$_POST",{"id":115,"type":116,"label":117,"file":46,"line":102,"wp_function":118},"n1","sink","echo() [XSS]","echo",[120],{"from":111,"to":115,"sanitized":65},"medium",{"entryPoint":123,"graph":124,"unsanitizedCount":33,"severity":131},"\u003CSoccerScores-widget> (SoccerScores-widget.php:0)",{"nodes":125,"edges":129},[126,128],{"id":111,"type":112,"label":127,"file":46,"line":11},"$_POST (x2)",{"id":115,"type":116,"label":117,"file":46,"line":102,"wp_function":118},[130],{"from":111,"to":115,"sanitized":65},"low",{"summary":133,"deductions":134},"The webeki-soccer-scores plugin v1.3 exhibits a mixed security posture. While it demonstrates good practices in output escaping, with 98% of outputs properly handled, and has no recorded vulnerability history, several significant concerns are raised by the static analysis.\n\nThe plugin's attack surface includes two AJAX handlers, both of which lack authentication checks. This is a critical weakness, as it allows any authenticated user to potentially trigger these handlers, leading to security vulnerabilities. Furthermore, the analysis reveals that 100% of SQL queries within the plugin do not utilize prepared statements. This is a substantial risk, as it makes the plugin highly susceptible to SQL injection attacks.\n\nThe absence of any recorded CVEs and its clean vulnerability history is a positive sign, suggesting a lack of previously discovered critical flaws. However, the identified security weaknesses in the code itself, particularly the unauthenticated AJAX endpoints and the widespread use of raw SQL queries, present a considerable risk that outweighs the historical safety. The plugin has strengths in output handling but significant vulnerabilities in input validation and database interaction that need immediate attention.",[135,138,140,142],{"reason":136,"points":137},"AJAX handlers without authentication",10,{"reason":139,"points":137},"SQL queries without prepared statements",{"reason":141,"points":82},"No nonce checks",{"reason":143,"points":82},"No capability checks","2026-03-16T20:55:03.341Z",{"wat":146,"direct":154},{"assetPaths":147,"generatorPatterns":151,"scriptPaths":152,"versionParams":153},[148,149,150],"\u002Fwp-content\u002Fplugins\u002Fwebeki-soccer-scores\u002Fadmin\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwebeki-soccer-scores\u002Fadmin\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fwebeki-soccer-scores\u002Ffrontend\u002Fcss\u002Fstyle.css",[],[149],[],{"cssClasses":155,"htmlComments":157,"htmlAttributes":158,"restEndpoints":166,"jsGlobals":167,"shortcodeOutput":168},[156],"isLeague",[],[159,160,161,162,163,164,165],"id=\"sswidget-generator\"","id=\"sswidgetlanguage\"","id=\"sswidgetdatatype\"","id=\"sswidgettournament\"","id=\"sswidgetgroup\"","id=\"ShortcodePrev\"","id=\"sswidgetPreviewDemo\"",[],[],[169],"[soccerstats"]