[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxBXXzmvBDYb8BG5u7OOUpVPekOv86892-X5P9NXG-K0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":85,"fingerprints":170},"welcome-ad","Simple Welcome Ad","1.5.0","Matt Pramschufer","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattpramschufer\u002F","\u003Cp>This is a super simple plugin which displays a full page welcome ad for visitors.   I created this plugin out of necessity as I needed a welcome ad plugin that would adhere the new Google Ad Experience guidelines for interstitial ads.  The requirements state that no content can be visible to a user before your interstitial appears, that means even if your content flashes for a split second before your ad shows your site will not pass.\u003C\u002Fp>\n\u003Cp>Like the title of the plugin says, this is super simple.  The welcome ad has only a few options, feel free to request new features and I can try to incorporate.\u003C\u002Fp>\n\u003Cp>The welcome ad is designed to NOT show on mobile devices only Desktops.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Only displays on Desktop\u003C\u002Fli>\n\u003Cli>Adjustable Second Countdown Timer\u003C\u002Fli>\n\u003Cli>Set how long you want ad to be hidden for after someone closes ad\u003C\u002Fli>\n\u003Cli>Ability to upload background image\u003C\u002Fli>\n\u003Cli>Ability to change color of welcome ad background\u003C\u002Fli>\n\u003Cli>NEW Ability to schedule start date and end date for welcome ad to run.\u003C\u002Fli>\n\u003C\u002Ful>\n","Super simple welcome ad that adheres to the new Google Ad Experience guidelines.",10,2574,100,1,"2021-07-13T15:01:00.000Z","5.8.13","3.8","5.6",[20,21,4,22,23],"interstitial","prestitial","welcome-mat","welcome-popup","http:\u002F\u002Fpramadillo.com\u002Fsimple-welcome-ad","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwelcome-ad.1.5.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"mattpramschufer",7,1460,90,30,87,"2026-04-04T13:42:28.367Z",[40,64],{"slug":23,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":14,"unpatched_count":14,"last_vuln_date":63,"fetched_at":29},"Welcome Popup","1.0.10","WeblineIndia","https:\u002F\u002Fprofiles.wordpress.org\u002Fweblineindia\u002F","\u003Cp>Increase user interactivity and create curiosity by welcoming your visitors with a personalized message via Popup message. This plugin will allow WordPress site admin to set a personalized message for every visitor, they visit the site first time. You can use this Popup plugin with various options. Customize the plugin as per your need.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Popup Title\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Popup Content\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cookie based first visit check\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delay to show popup.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Close popup using ESC key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Never show link, better to use when popup is set to show on all pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Control for exclude pages and posts, to not show popup on specific pages and posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Control for restrict Users ( All Users, Login User, Guest User ) to show popup.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Customize your popup theme to match your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Control for display position ( Center Popup – Default, Left Bottom, Right Bottom, Top Bar ).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add your own Custom CSS.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Available in Below Languages\u003C\u002Fp>\n\u003Col>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translation available in following languages\u003C\u002Fh3>\n\u003Col>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003C\u002Fol>\n","Increase user interactivity and create curiosity by welcoming your visitors with a personalized message via Popup message.",200,22797,60,11,"2024-12-10T13:10:00.000Z","6.7.5","3.3","",[56,57,58,23,59],"first-visit-popup","hello-bar","popup","wordpress-popup","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwelcome-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwelcome-popup.1.0.10.zip",71,"2025-03-31 00:00:00",{"slug":22,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":18,"tags":78,"homepage":83,"download_link":84,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"Welcome Mat","1.8","Bas Schuiling","https:\u002F\u002Fprofiles.wordpress.org\u002Fbasszje\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwelcomemat.io\u002F\" rel=\"nofollow ugc\">WordPress Welcome Mat\u003C\u002Fa> creates your highest converting pages for email list building or other offerings. We found it is one of the most effective ways to build your site’s audience.  We use a Welcome Mat on a number of our sites and have found it to be the most effective tool we have.\u003C\u002Fp>\n\u003Cp>Our Welcome Mat plugin runs completely on your site without connecting to outside services.  This is important so that you never lose  email from your visitors or your conversion metrics. Plus it is easier to have all your information available in your WordPress admin panel.\u003C\u002Fp>\n\u003Cp>Welcome Mat comes with with 5 default layouts and with the ability to edit the text and background colors to match your site.\u003C\u002Fp>\n","WordPress Welcome Mat",20,6583,80,3,"2020-07-13T17:13:00.000Z","5.4.19","4.8",[79,80,81,82,22],"list-builder","mailing-list","newsletter","subscription","http:\u002F\u002Fwelcomemat.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwelcome-mat.zip",{"attackSurface":86,"codeSignals":131,"taintFlows":160,"riskAssessment":161,"analyzedAt":169},{"hooks":87,"ajaxHandlers":120,"restRoutes":127,"shortcodes":128,"cronEvents":129,"entryPointCount":130,"unprotectedCount":130},[88,94,100,103,106,109,112,114,117],{"type":89,"name":90,"callback":91,"priority":14,"file":92,"line":93},"filter","rocket_cache_reject_cookies","closure","admin\\class-welcome_ad-admin.php",97,{"type":95,"name":96,"callback":97,"file":98,"line":99},"action","plugins_loaded","anonymous","includes\\class-welcome_ad.php",35,{"type":95,"name":101,"callback":97,"file":98,"line":102},"admin_menu",42,{"type":95,"name":104,"callback":97,"file":98,"line":105},"admin_init",43,{"type":95,"name":107,"callback":97,"file":98,"line":108},"admin_enqueue_scripts",47,{"type":95,"name":110,"callback":97,"file":98,"line":111},"init",50,{"type":95,"name":110,"callback":97,"file":98,"line":113},65,{"type":95,"name":115,"callback":97,"file":98,"line":116},"wp_enqueue_scripts",66,{"type":95,"name":118,"callback":97,"file":98,"line":119},"template_redirect",68,[121,125],{"action":122,"nopriv":123,"callback":97,"hasNonce":123,"hasCapCheck":123,"file":98,"line":124},"set_closed_cookie",false,70,{"action":122,"nopriv":126,"callback":97,"hasNonce":123,"hasCapCheck":123,"file":98,"line":62},true,[],[],[],2,{"dangerousFunctions":132,"sqlUsage":133,"outputEscaping":135,"fileOperations":27,"externalRequests":27,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":159},[],{"prepared":27,"raw":27,"locations":134},[],{"escaped":14,"rawEcho":50,"locations":136},[137,140,142,143,145,146,148,150,152,155,157],{"file":138,"line":130,"context":139},"admin\\partials\\settings.php","raw output",{"file":138,"line":141,"context":139},40,{"file":138,"line":105,"context":139},{"file":138,"line":144,"context":139},52,{"file":138,"line":49,"context":139},{"file":138,"line":147,"context":139},69,{"file":138,"line":149,"context":139},78,{"file":151,"line":102,"context":139},"public\\class-welcome_ad-public.php",{"file":153,"line":154,"context":139},"public\\partials\\welcome_ad.php",12,{"file":153,"line":156,"context":139},17,{"file":153,"line":158,"context":139},58,[],[],{"summary":162,"deductions":163},"The \"welcome-ad\" plugin v1.5.0 presents a concerning security posture due to its unprotected AJAX handlers, which constitute its entire attack surface. While the plugin shows strength in avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests, and correctly utilizes prepared statements for its SQL queries, the lack of authentication on its entry points is a significant weakness. The static analysis indicates no critical or high-severity taint flows, and the vulnerability history is clean, suggesting no publicly known exploits for this version. However, the presence of two AJAX handlers without any form of authentication or capability checks opens the door for potential Cross-Site Request Forgery (CSRF) or unauthorized action vulnerabilities if these handlers perform sensitive operations. The limited output escaping (8%) also introduces a risk of Cross-Site Scripting (XSS) if the dynamically generated content is not properly sanitized before display. Despite a clean historical record, the current code analysis reveals immediate risks that need addressing to improve its security.",[164,166],{"reason":165,"points":11},"AJAX handlers without authentication",{"reason":167,"points":168},"Low output escaping percentage",5,"2026-03-17T00:18:35.740Z",{"wat":171,"direct":186},{"assetPaths":172,"generatorPatterns":177,"scriptPaths":178,"versionParams":181},[173,174,175,176],"\u002Fwp-content\u002Fplugins\u002Fwelcome-ad\u002Fadmin\u002Fcss\u002Fwelcome_ad-admin.css","\u002Fwp-content\u002Fplugins\u002Fwelcome-ad\u002Fadmin\u002Fjs\u002Fwelcome_ad-admin.js","\u002Fwp-content\u002Fplugins\u002Fwelcome-ad\u002Fpublic\u002Fcss\u002Fwelcome_ad-public.css","\u002Fwp-content\u002Fplugins\u002Fwelcome-ad\u002Fpublic\u002Fjs\u002Fwelcome_ad-public.js",[],[179,180],"admin\u002Fjs\u002Fwelcome_ad-admin.js","public\u002Fjs\u002Fwelcome_ad-public.js",[182,183,184,185],"welcome_ad-admin.css?ver=","welcome_ad-admin.js?ver=","welcome_ad-public.css?ver=","welcome_ad-public.js?ver=",{"cssClasses":187,"htmlComments":189,"htmlAttributes":190,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":201},[188],"welcome-ad-popup",[],[191,192,193,194,195,196,197],"data-welcomead-close-text","data-welcomead-close-url","data-welcomead-close-title","data-welcomead-bg-color","data-welcomead-bg-img","data-welcomead-cookie","data-welcomead-countdown",[],[200],"welcome_ad_params",[]]