[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2_FzfVYp2ebOHx0nC4kM6UoYblIloHqaviOsH704vP8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":61,"fingerprints":196},"who-is-online-now","Who Is Online Now","1.0.2","wpmonkeys","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmonkeys\u002F","\u003Cp>Who is online Now is an Awesome plugin to show who is online right now in your website. Its a ajax based plugin so no need to refresh the page it will auto refresh itsself after your set time period.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Super Easy to use, Search Install Active And you Done!\u003C\u002Fli>\n\u003Cli>Shortcode Powered\u003C\u002Fli>\n\u003Cli>Use [who-is-online-now] to show online visitor anywhere in your website.\u003C\u002Fli>\n\u003Cli>Super Setting Panel.\u003C\u002Fli>\n\u003Cli>Ajax Based.\u003C\u002Fli>\n\u003Cli>Very Lightweight\u003C\u002Fli>\n\u003Cli>You Can set auto refresh time period from setting panel.\u003C\u002Fli>\n\u003Cli>You Show\u002FHide Author Name\u002FProfile Image\u003C\u002Fli>\n\u003Cli>You Can change Author Image Size from setting panel\u003C\u002Fli>\n\u003Cli>You Can change Text Strings from Setting Panel.\u003C\u002Fli>\n\u003Cli>Responsive Design\u003C\u002Fli>\n\u003Cli>Developer Friendly\u003C\u002Fli>\n\u003Cli>Works with any standards compliant WordPress theme\u003C\u002Fli>\n\u003Cli>Plays well with other Plugins\u003C\u002Fli>\n\u003Cli>100% Customizable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes to use Who is online Now\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>[who-is-online-now]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Note:\u003C\u002Fh3>\n\u003Cp>We have fully confidence that our plugin working very well for any theme. But in case you face any problem with our plugin or any customization needed please Contact in our \u003Ca href=\"https:\u002F\u002Fwpmonkeys.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Support Forum\u003C\u002Fa>\u003Cbr \u002F>\nour support team will back to you shortly.\u003C\u002Fp>\n","See how many Visitor and Author's are online also how many from mobile device by this plugin. Its a Ajax based plugin.",70,3681,74,3,"2020-01-02T18:36:00.000Z","5.3.21","3.0.1","5.6",[20,21,22,23],"ajax-online-visitor","live-visitor-count","online-live-visitor","online-visitor","https:\u002F\u002Fwpmonkeys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwho-is-online-now.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},2,80,30,84,"2026-04-04T11:13:00.234Z",[38],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":50,"tags":53,"homepage":58,"download_link":59,"security_score":48,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":60},"lord-linus-online-visitor","Lord Linus Online Visitor Widget","1.2","Aarvansh Infotech","https:\u002F\u002Fprofiles.wordpress.org\u002Frohitashv\u002F","\u003Cp>Lord Linus Online Visitor plusing shows the total number of Online users that are available on your site. Besides that for the help of your users, you can show the IP address of the user on the site there too.\u003C\u002Fp>\n\u003Cp>If the admin needs that he want to show the total number of visitors on his website, then he can show it.\u003C\u002Fp>\n\u003Cp>This plugin is in an initial stage which will come to you with the following features very soon.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Users can see the total Users based on country\u003C\u002Fli>\n\u003Cli>Admin can chat with the online users there without any account on outer side.\u003C\u002Fli>\n\u003Cli>Multilingual\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The Demo of the plugin is available on the Demo page of http:\u002F\u002Fswm99shop.in\u003C\u002Fp>\n\u003Cp>To know more about the plugin you can go to the site http:\u002F\u002Fswm99shop.in or you can send mail at ucerturohit@gmail.com\u003C\u002Fp>\n","Lord Linus Online Visitor Plugin show the total number of Online users showing at the moment Besides that you can show the IP address of the users too …",10,2438,100,1,"","6.4.8","2.0.2",[54,55,56,57],"lordlinus-online-visitor","show-number-of-online-visitors","show-online-users","show-the-ip-address-of-your-user","http:\u002F\u002Fimpulsesoftech.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flord-linus-online-visitor.2.0.zip","2026-03-15T10:48:56.248Z",{"attackSurface":62,"codeSignals":105,"taintFlows":177,"riskAssessment":178,"analyzedAt":195},{"hooks":63,"ajaxHandlers":91,"restRoutes":99,"shortcodes":100,"cronEvents":104,"entryPointCount":14,"unprotectedCount":32},[64,69,74,77,79,83,86],{"type":65,"name":66,"callback":66,"file":67,"line":68},"action","admin_enqueue_scripts","inc\\class\\settings.php",35,{"type":65,"name":70,"callback":71,"file":72,"line":73},"wp_enqueue_scripts","wpmwo_scripts","inc\\wpmwo_enqueue.php",4,{"type":65,"name":66,"callback":75,"file":72,"line":76},"wpmwo_ajax_call_url",14,{"type":65,"name":70,"callback":75,"file":72,"line":78},15,{"type":65,"name":80,"callback":80,"file":81,"line":82},"admin_init","inc\\wpmwo_settings.php",12,{"type":65,"name":84,"callback":84,"file":81,"line":85},"admin_menu",13,{"type":65,"name":87,"callback":88,"file":89,"line":90},"wp_footer","wpmwo_ajax_script","index.php",135,[92,96],{"action":93,"nopriv":94,"callback":93,"hasNonce":94,"hasCapCheck":94,"file":89,"line":95},"wpmwo_member_ajax_search",false,149,{"action":93,"nopriv":97,"callback":93,"hasNonce":94,"hasCapCheck":94,"file":89,"line":98},true,150,[],[101],{"tag":4,"callback":102,"file":103,"line":14},"wpmwo_get_visitor","inc\\wpmwo_shortcode.php",[],{"dangerousFunctions":106,"sqlUsage":111,"outputEscaping":123,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":176},[107],{"fn":108,"file":67,"line":109,"context":110},"create_function",115,"$callback = create_function('', 'echo \"'.str_replace('\"', '\\\"', $section['desc']).'\";');",{"prepared":32,"raw":73,"locations":112},[113,116,118,120],{"file":89,"line":114,"context":115},55,"$wpdb->get_var() with variable interpolation",{"file":89,"line":117,"context":115},56,{"file":89,"line":119,"context":115},57,{"file":89,"line":121,"context":122},58,"$wpdb->get_results() with variable interpolation",{"escaped":124,"rawEcho":125,"locations":126},7,28,[127,130,132,134,136,138,140,142,144,146,148,150,152,154,156,157,159,161,162,164,165,166,167,168,169,170,172,174],{"file":67,"line":128,"context":129},162,"raw output",{"file":67,"line":131,"context":129},178,{"file":67,"line":133,"context":129},198,{"file":67,"line":135,"context":129},217,{"file":67,"line":137,"context":129},237,{"file":67,"line":139,"context":129},253,{"file":67,"line":141,"context":129},262,{"file":67,"line":143,"context":129},275,{"file":67,"line":145,"context":129},281,{"file":67,"line":147,"context":129},317,{"file":67,"line":149,"context":129},333,{"file":67,"line":151,"context":129},349,{"file":67,"line":153,"context":129},429,{"file":67,"line":155,"context":129},442,{"file":103,"line":82,"context":129},{"file":89,"line":158,"context":129},73,{"file":89,"line":160,"context":129},76,{"file":89,"line":33,"context":129},{"file":89,"line":163,"context":129},98,{"file":89,"line":163,"context":129},{"file":89,"line":163,"context":129},{"file":89,"line":48,"context":129},{"file":89,"line":109,"context":129},{"file":89,"line":109,"context":129},{"file":89,"line":109,"context":129},{"file":89,"line":171,"context":129},117,{"file":89,"line":173,"context":129},140,{"file":89,"line":175,"context":129},146,[],[],{"summary":179,"deductions":180},"The 'who-is-online-now' v1.0.2 plugin exhibits several concerning security practices that significantly elevate its risk profile. The static analysis reveals a substantial attack surface with two AJAX handlers, both lacking authentication checks. This is a critical vulnerability as it allows any unauthenticated user to interact with these handlers, potentially triggering unintended actions or exposing sensitive information. Furthermore, the presence of a dangerous function like `create_function` is a red flag, often associated with code injection vulnerabilities. The low percentage of properly escaped output (20%) suggests that user-supplied data might be rendered directly into the HTML, opening the door to Cross-Site Scripting (XSS) attacks.\n\nThe plugin's vulnerability history is notably clean, with no recorded CVEs. While this might seem positive, it does not negate the risks identified in the code. A clean history can sometimes be misleading, especially for plugins that are not widely targeted or have not undergone extensive security audits. The lack of taint analysis results is also a point of concern, as it implies either the analysis tool could not effectively analyze the code or no obvious taint flows were detected, which doesn't necessarily mean the code is secure.\n\nIn conclusion, the 'who-is-online-now' v1.0.2 plugin has a poor security posture due to its unprotected entry points, use of dangerous functions, and inadequate output escaping. The absence of known vulnerabilities should not be interpreted as a guarantee of security, given the identified code-level weaknesses. These issues collectively present a significant risk to any WordPress site using this plugin.",[181,183,186,188,191,193],{"reason":182,"points":46},"Unprotected AJAX handlers",{"reason":184,"points":185},"Dangerous function detected (create_function)",8,{"reason":187,"points":124},"Low output escaping rate",{"reason":189,"points":190},"No nonce checks on AJAX",5,{"reason":192,"points":190},"No capability checks",{"reason":194,"points":73},"Low percentage of prepared SQL statements","2026-03-16T21:36:18.223Z",{"wat":197,"direct":206},{"assetPaths":198,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[199,200],"\u002Fwp-content\u002Fplugins\u002Fwho-is-online-now\u002Finc\u002Fwpmwo_visitor.css","\u002Fwp-content\u002Fplugins\u002Fwho-is-online-now\u002Finc\u002Fwpmwo_visitor.js",[],[200],[204,205],"who-is-online-now\u002Finc\u002Fwpmwo_visitor.css?ver=","who-is-online-now\u002Finc\u002Fwpmwo_visitor.js?ver=",{"cssClasses":207,"htmlComments":210,"htmlAttributes":211,"restEndpoints":216,"jsGlobals":217,"shortcodeOutput":219},[208,209],"wpmwo_member_avatar","wpmwo_member_name",[],[212,213,214,215],"data-avatar_size","data-show_member","data-member_style","data-hide_admin",[],[218],"wpmwo_get_online_user_ajax",[220,221,222,223,224],"\u003Cspan id='mvtotalss'>","\u003Cspan id='mvreguserss'>","\u003Cspan id='mvmbuserss'>","\u003Cli class=\"wpmwo_member_avatar\">","\u003Cli class=\"wpmwo_member_name\">"]