[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-eAxZLA5EZvQ6q4e3jKmhlwM6BTt7x16X0zFIVYyeTQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":59,"fingerprints":91},"wopo-web-screensaver","WoPo Web Screensaver","1.0.0","WoPo Web","https:\u002F\u002Fprofiles.wordpress.org\u002Fthanhbinh8703\u002F","\u003Cp>Web based screensaver for website.\u003C\u002Fp>\n\u003Cp>You can add shortcode [wopo-web-screensaver] to page you want to show app windows. It will show 3D Pipes Screensaver after 60 seconds if you don’t move mouse or key press.\u003C\u002Fp>\n","Web based screensaver for website",0,761,"2021-08-04T11:35:00.000Z","5.8.13","5.2","7.1",[18,19,20,21,4],"3d-pipes","screensaver","web-screensaver","wopo-screensaver","https:\u002F\u002Fwopoweb.com\u002Fcontact-us\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwopo-web-screensaver.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"thanhbinh8703",10,280,90,30,87,"2026-04-04T23:33:25.051Z",[37],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":30,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"energy-saver","Energy Saver","0.1.1","bimagency","https:\u002F\u002Fprofiles.wordpress.org\u002Fbimagency\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.stereoagency.com\u002Flab\u002Fenergy-saver\u002F\" rel=\"nofollow ugc\">For an Introduction & Demo to Energy Saver, visit the plugin’s page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Energy Saver is a lightweight plugin for your website or blog that spares energy by dimming the brightness of the page when it’s not in focus.\u003C\u002Fp>\n\u003Cp>Energy Saver is 101% free. We made this plugin with the hope that we can lower the amount of energy used around the web, thanks to the help of webmasters, bloggers and site owners. If you use it, it will save electricity for all your visitors, but it will also increase the response time and availability of your WordPress (that’s the extra 1%).\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Admin panel with multiple settings\u003C\u002Fli>\n\u003Cli>Show \u002F hide the plugin\u003C\u002Fli>\n\u003Cli>Show \u002F hide the splash screen\u003C\u002Fli>\n\u003Cli>Set cookie duration (to determine recent visits and display message accordingly)\u003C\u002Fli>\n\u003Cli>Customize the message displayed when energy saving mode is active\u003C\u002Fli>\n\u003Cli>Select transitions speed\u003C\u002Fli>\n\u003Cli>Customize the amount of energy saved by adjusting the overlay opacity\u003C\u002Fli>\n\u003Cli>Customize the buttons and links colors\u003C\u002Fli>\n\u003Cli>Add custom Javascript to pause \u002F resume other animated ressources at the same time (like a slideshow…)\u003C\u002Fli>\n\u003Cli>Optimize your site’s speed through customization of the .htaccess file\u003C\u002Fli>\n\u003Cli>Choose between various methods to optimize file compression\u003C\u002Fli>\n\u003Cli>Modify these settings, while we make a safety copy of your original .htaccess file\u003C\u002Fli>\n\u003Cli>Requires that jQuery is installed and running on your WP theme\u003C\u002Fli>\n\u003C\u002Ful>\n","Contribute to a better, greener Internet by saving your website's Energy consumption.",1936,100,1,"2014-03-05T17:31:00.000Z","3.7.41","3.6","",[53,54,55,56,19],"ecology","energy","green","optimisation","http:\u002F\u002Fwww.stereoagency.com\u002Flab\u002Fenergy-saver\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenergy-saver.zip",{"attackSurface":60,"codeSignals":75,"taintFlows":82,"riskAssessment":83,"analyzedAt":90},{"hooks":61,"ajaxHandlers":68,"restRoutes":69,"shortcodes":70,"cronEvents":74,"entryPointCount":47,"unprotectedCount":11},[62],{"type":63,"name":64,"callback":65,"file":66,"line":67},"action","wp_enqueue_scripts","wopocc_enqueue_scripts","wopo-web-screensaver.php",21,[],[],[71],{"tag":4,"callback":72,"file":66,"line":73},"wopo_web_screensaver_shortcode",37,[],{"dangerousFunctions":76,"sqlUsage":77,"outputEscaping":79,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":81},[],{"prepared":11,"raw":11,"locations":78},[],{"escaped":47,"rawEcho":11,"locations":80},[],[],[],{"summary":84,"deductions":85},"The \"wopo-web-screensaver\" v1.0.0 plugin exhibits a generally positive security posture based on the provided static analysis. The code demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring all identified outputs are properly escaped, which mitigates risks of SQL injection and cross-site scripting (XSS) respectively. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface. Furthermore, the plugin has no recorded vulnerabilities or CVEs, indicating a potentially stable and secure codebase.\n\nHowever, a significant concern arises from the complete lack of nonce checks and capability checks. While the current entry points (one shortcode) do not appear to have direct authentication checks in the static analysis, the absence of nonces leaves these shortcodes, and any future additions, vulnerable to CSRF (Cross-Site Request Forgery) attacks if they perform any sensitive actions. The lack of capability checks means that any user, regardless of their role or permissions, could potentially interact with the shortcode's functionality, which could be a security risk depending on what the shortcode actually does. The taint analysis showing zero flows is also noteworthy but could be due to the limited scope of analysis or a very simple plugin; it doesn't inherently guarantee complete safety.\n\nIn conclusion, the plugin is strong in its handling of data manipulation (SQL, output) and avoids common risky functionalities. The primary weakness lies in the fundamental security checks (nonces, capabilities) that are essential for protecting against common web vulnerabilities, even with a small attack surface. Future development should prioritize implementing these checks to bolster its security.",[86,88],{"reason":87,"points":30},"Missing Nonce Checks",{"reason":89,"points":30},"Missing Capability Checks","2026-03-17T06:42:05.787Z",{"wat":92,"direct":101},{"assetPaths":93,"generatorPatterns":96,"scriptPaths":97,"versionParams":98},[94,95],"\u002Fwp-content\u002Fplugins\u002Fwopo-web-screensaver\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fwopo-web-screensaver\u002Fassets\u002Fjs\u002Fmain.js",[],[95],[99,100],"wopo-web-screensaver\u002Fassets\u002Fcss\u002Fmain.css?ver=","wopo-web-screensaver\u002Fassets\u002Fjs\u002Fmain.js?ver=",{"cssClasses":102,"htmlComments":105,"htmlAttributes":106,"restEndpoints":110,"jsGlobals":111,"shortcodeOutput":113},[103,104],"wopo_web_screensaver_window","wopo_web_screensaver_overlay",[],[107,108,109],"id=\"wopo_web_screensaver_window\"","id=\"wopo_web_screensaver\"","id=\"wopo_web_screensaver_overlay\"",[],[112],"wopo_web_screensaver",[114],"\u003Cdiv id=\"wopo_web_screensaver_window\">\n        \u003Ciframe id=\"wopo_web_screensaver\">\u003C\u002Fiframe>\n        \u003Cdiv id=\"wopo_web_screensaver_overlay\">\u003C\u002Fdiv>\n    \u003C\u002Fdiv>"]