[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0UPBu0dM_OWGGn4ys1SmO2va30kZXAiimam4WaTC8oI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":39,"analysis":40,"fingerprints":327},"wordhue","WordHue","1.5.1","Michael Visser","https:\u002F\u002Fprofiles.wordpress.org\u002Fvisser\u002F","\u003Cp>The WordHue Plugin allows you to do the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Turn on\u002Foff all connected lights\u003C\u002Fli>\n\u003Cli>Turn on\u002Foff individual connected lights\u003C\u002Fli>\n\u003Cli>Set the dimming level of individual connected lights\u003C\u002Fli>\n\u003Cli>Flash notification alerts on all connected lights\u003C\u002Fli>\n\u003Cli>Turn on\u002Foff individual connected lights via the Lights Widgets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>** Note: This Plugin is intended to be run on a WordPress install within your home network, not by exposing your Hue Bridge to the internet **\u003C\u002Fp>\n","Connect your Philips hue Bridge, Lights, Switches and Sensors to WordPress.",10,1335,0,"2018-12-09T23:15:00.000Z","5.0.25","3.0","",[19,20,21,22,23],"hue-bridge","hue-lights","hue-switch","philips","philips-hue","https:\u002F\u002Fwww.visser.io\u002Ftools\u002Fphilips-hue\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordhue.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":32,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"visser","Tom de Visser",7,160,89,2899,71,"2026-04-04T13:09:47.269Z",[],{"attackSurface":41,"codeSignals":110,"taintFlows":190,"riskAssessment":315,"analyzedAt":326},{"hooks":42,"ajaxHandlers":80,"restRoutes":94,"shortcodes":95,"cronEvents":101,"entryPointCount":108,"unprotectedCount":109},[43,48,52,57,61,64,68,72,76],{"type":44,"name":45,"callback":45,"file":46,"line":47},"action","codex_nas_lighting_lights_job","includes\\lighting-lights.php",55,{"type":44,"name":49,"callback":49,"file":50,"line":51},"codex_nas_lighting_sensors_job","includes\\lighting-sensors.php",63,{"type":44,"name":53,"callback":54,"file":55,"line":56},"init","codex_nas_lighting_init","wordhue.php",133,{"type":44,"name":58,"callback":59,"file":55,"line":60},"wp_footer","codex_nas_lighting_lights_slider_javascript",306,{"type":44,"name":58,"callback":62,"file":55,"line":63},"codex_nas_lighting_lights_widget_javascript",357,{"type":44,"name":65,"callback":66,"file":55,"line":67},"wp_enqueue_scripts","codex_nas_lighting_enqueue_styles",364,{"type":44,"name":69,"callback":70,"file":55,"line":71},"widgets_init","codex_nas_load_lighting_widgets",413,{"type":44,"name":73,"callback":74,"file":55,"line":75},"admin_menu","codex_nas_lighting_admin_menu",422,{"type":44,"name":77,"callback":78,"file":55,"line":79},"admin_init","codex_nas_lighting_settings_init",435,[81,86,90],{"action":82,"nopriv":83,"callback":84,"hasNonce":83,"hasCapCheck":83,"file":50,"line":85},"refresh_lighting_sensors",false,"codex_nas_ajax_refresh_lighting_sensors",112,{"action":87,"nopriv":83,"callback":88,"hasNonce":83,"hasCapCheck":83,"file":55,"line":89},"update_light_status","codex_nas_lighting_light_brightness_ajax",378,{"action":91,"nopriv":83,"callback":92,"hasNonce":83,"hasCapCheck":83,"file":55,"line":93},"update_light_state","codex_nas_lighting_light_state_ajax",405,[],[96],{"tag":97,"callback":98,"file":99,"line":100},"philips_hue_lighting","codex_nas_lighting_shortcode","includes\\page.php",130,[102,103,105],{"hook":45,"callback":45,"file":99,"line":11},{"hook":49,"callback":49,"file":99,"line":104},19,{"hook":45,"callback":45,"file":106,"line":107},"includes\\widget.php",39,4,3,{"dangerousFunctions":111,"sqlUsage":112,"outputEscaping":114,"fileOperations":13,"externalRequests":187,"nonceChecks":188,"capabilityChecks":108,"bundledLibraries":189},[],{"prepared":13,"raw":13,"locations":113},[],{"escaped":104,"rawEcho":107,"locations":115},[116,119,121,123,125,127,129,130,132,134,136,138,140,142,144,145,147,149,150,151,153,155,157,158,159,161,162,164,166,168,170,172,173,175,177,179,181,183,185],{"file":50,"line":117,"context":118},75,"raw output",{"file":50,"line":120,"context":118},77,{"file":50,"line":122,"context":118},78,{"file":50,"line":124,"context":118},106,{"file":99,"line":126,"context":118},37,{"file":99,"line":128,"context":118},38,{"file":99,"line":107,"context":118},{"file":99,"line":131,"context":118},40,{"file":99,"line":133,"context":118},46,{"file":99,"line":135,"context":118},47,{"file":99,"line":137,"context":118},48,{"file":99,"line":139,"context":118},50,{"file":99,"line":141,"context":118},51,{"file":99,"line":143,"context":118},53,{"file":99,"line":47,"context":118},{"file":99,"line":146,"context":118},66,{"file":99,"line":148,"context":118},74,{"file":99,"line":120,"context":118},{"file":99,"line":26,"context":118},{"file":99,"line":152,"context":118},87,{"file":99,"line":154,"context":118},88,{"file":99,"line":156,"context":118},116,{"file":106,"line":137,"context":118},{"file":106,"line":139,"context":118},{"file":106,"line":160,"context":118},54,{"file":106,"line":47,"context":118},{"file":106,"line":163,"context":118},56,{"file":106,"line":165,"context":118},58,{"file":106,"line":167,"context":118},65,{"file":106,"line":169,"context":118},82,{"file":106,"line":171,"context":118},83,{"file":106,"line":171,"context":118},{"file":55,"line":174,"context":118},277,{"file":55,"line":176,"context":118},293,{"file":55,"line":178,"context":118},337,{"file":55,"line":180,"context":118},401,{"file":55,"line":182,"context":118},465,{"file":55,"line":184,"context":118},475,{"file":55,"line":186,"context":118},485,9,8,[],[191,225,240,265],{"entryPoint":192,"graph":193,"unsanitizedCount":223,"severity":224},"codex_nas_lighting_init (wordhue.php:23)",{"nodes":194,"edges":218},[195,199,203,209,212,215],{"id":196,"type":197,"label":198,"file":55,"line":171},"n0","source","$_GET",{"id":200,"type":201,"label":202,"file":55,"line":171},"n1","transform","→ codex_nas_lighting_turn_light_on()",{"id":204,"type":205,"label":206,"file":46,"line":207,"wp_function":208},"n2","sink","wp_remote_post() [SSRF]",131,"wp_remote_post",{"id":210,"type":197,"label":198,"file":55,"line":211},"n3",95,{"id":213,"type":201,"label":214,"file":55,"line":211},"n4","→ codex_nas_lighting_turn_light_off()",{"id":216,"type":205,"label":206,"file":46,"line":217,"wp_function":208},"n5",161,[219,220,221,222],{"from":196,"to":200,"sanitized":83},{"from":200,"to":204,"sanitized":83},{"from":210,"to":213,"sanitized":83},{"from":213,"to":216,"sanitized":83},2,"medium",{"entryPoint":226,"graph":227,"unsanitizedCount":239,"severity":224},"codex_nas_lighting_light_brightness_ajax (wordhue.php:366)",{"nodes":228,"edges":236},[229,232,234],{"id":196,"type":197,"label":230,"file":55,"line":231},"$_POST",373,{"id":200,"type":201,"label":233,"file":55,"line":231},"→ codex_nas_lighting_light_brightness()",{"id":204,"type":205,"label":206,"file":55,"line":235,"wp_function":208},218,[237,238],{"from":196,"to":200,"sanitized":83},{"from":200,"to":204,"sanitized":83},1,{"entryPoint":241,"graph":242,"unsanitizedCount":109,"severity":224},"codex_nas_lighting_light_state_ajax (wordhue.php:381)",{"nodes":243,"edges":259},[244,246,249,251,252,253,255,257],{"id":196,"type":197,"label":230,"file":55,"line":245},383,{"id":200,"type":205,"label":247,"file":55,"line":180,"wp_function":248},"echo() [XSS]","echo",{"id":204,"type":197,"label":230,"file":55,"line":250},392,{"id":210,"type":201,"label":202,"file":55,"line":250},{"id":213,"type":205,"label":206,"file":46,"line":207,"wp_function":208},{"id":216,"type":197,"label":230,"file":55,"line":254},396,{"id":256,"type":201,"label":214,"file":55,"line":254},"n6",{"id":258,"type":205,"label":206,"file":46,"line":217,"wp_function":208},"n7",[260,261,262,263,264],{"from":196,"to":200,"sanitized":83},{"from":204,"to":210,"sanitized":83},{"from":210,"to":213,"sanitized":83},{"from":216,"to":256,"sanitized":83},{"from":256,"to":258,"sanitized":83},{"entryPoint":266,"graph":267,"unsanitizedCount":314,"severity":224},"\u003Cwordhue> (wordhue.php:0)",{"nodes":268,"edges":300},[269,271,272,273,274,275,276,277,278,280,282,284,286,288,290,292,294,296,298],{"id":196,"type":197,"label":198,"file":55,"line":270},93,{"id":200,"type":205,"label":206,"file":55,"line":235,"wp_function":208},{"id":204,"type":197,"label":230,"file":55,"line":245},{"id":210,"type":205,"label":247,"file":55,"line":180,"wp_function":248},{"id":213,"type":197,"label":198,"file":55,"line":171},{"id":216,"type":201,"label":202,"file":55,"line":171},{"id":256,"type":205,"label":206,"file":46,"line":207,"wp_function":208},{"id":258,"type":197,"label":198,"file":55,"line":211},{"id":279,"type":201,"label":214,"file":55,"line":211},"n8",{"id":281,"type":205,"label":206,"file":46,"line":217,"wp_function":208},"n9",{"id":283,"type":197,"label":230,"file":55,"line":231},"n10",{"id":285,"type":201,"label":233,"file":55,"line":231},"n11",{"id":287,"type":205,"label":206,"file":55,"line":235,"wp_function":208},"n12",{"id":289,"type":197,"label":230,"file":55,"line":250},"n13",{"id":291,"type":201,"label":202,"file":55,"line":250},"n14",{"id":293,"type":205,"label":206,"file":46,"line":207,"wp_function":208},"n15",{"id":295,"type":197,"label":230,"file":55,"line":254},"n16",{"id":297,"type":201,"label":214,"file":55,"line":254},"n17",{"id":299,"type":205,"label":206,"file":46,"line":217,"wp_function":208},"n18",[301,303,304,305,306,307,308,309,310,311,312,313],{"from":196,"to":200,"sanitized":302},true,{"from":204,"to":210,"sanitized":302},{"from":213,"to":216,"sanitized":83},{"from":216,"to":256,"sanitized":83},{"from":258,"to":279,"sanitized":83},{"from":279,"to":281,"sanitized":83},{"from":283,"to":285,"sanitized":83},{"from":285,"to":287,"sanitized":83},{"from":289,"to":291,"sanitized":83},{"from":291,"to":293,"sanitized":83},{"from":295,"to":297,"sanitized":83},{"from":297,"to":299,"sanitized":83},5,{"summary":316,"deductions":317},"The \"wordhue\" plugin v1.5.1 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query handling, utilizing prepared statements exclusively.  The absence of known CVEs and no recorded past vulnerabilities is a strong indicator of a generally well-maintained and secure plugin. Nonce and capability checks are also present, suggesting an awareness of WordPress security fundamentals.\n\nHowever, significant concerns arise from the attack surface analysis. A notable portion of the entry points, specifically 3 out of 4, lack authentication checks. This is further exacerbated by the taint analysis, which reveals 4 flows with unsanitized paths. While the severity of these flows is not classified as critical or high, the presence of unsanitized paths entering the plugin suggests a potential for unintended data processing or manipulation if these entry points are targeted. The low percentage of properly escaped output (33%) is also a concern, increasing the risk of cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized input paths.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure SQL practices, the lack of authentication on a majority of its entry points and the presence of unsanitized taint flows represent substantial security weaknesses. The poor output escaping further amplifies these risks. Recommendations should focus on implementing robust authentication and authorization checks on all public-facing AJAX handlers and addressing the unsanitized taint paths. Addressing the output escaping is also crucial to mitigate XSS risks.",[318,321,324],{"reason":319,"points":320},"3 unprotected AJAX handlers",15,{"reason":322,"points":323},"4 flows with unsanitized paths",12,{"reason":325,"points":188},"Only 33% of outputs properly escaped","2026-03-17T00:59:03.498Z",{"wat":328,"direct":339},{"assetPaths":329,"generatorPatterns":333,"scriptPaths":334,"versionParams":335},[330,331,332],"\u002Fwp-content\u002Fplugins\u002Fwordhue\u002Fcss\u002Fcodex-nas-lighting.css","\u002Fwp-content\u002Fplugins\u002Fwordhue\u002Fcss\u002Fcodex-nas-lighting-responsive.css","\u002Fwp-content\u002Fplugins\u002Fwordhue\u002Fjs\u002Fcodex-nas-lighting.js",[],[],[336,337,338],"wordhue\u002Fcss\u002Fcodex-nas-lighting.css?ver=","wordhue\u002Fcss\u002Fcodex-nas-lighting-responsive.css?ver=","wordhue\u002Fjs\u002Fcodex-nas-lighting.js?ver=",{"cssClasses":340,"htmlComments":342,"htmlAttributes":343,"restEndpoints":345,"jsGlobals":346,"shortcodeOutput":348},[341],"light-slider",[],[344],"data-brightness",[],[347],"codex_nas_lighting_get_option",[]]