[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgG9I-bhV99uwuchUZP-xcMgcmSE90catGLpJ6LRjvlw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":35,"fingerprints":169},"wp-admin-help-videos","WP Admin Help Videos","1.0.2","raiserweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fraiserweb\u002F","\u003Cp>Add help videos and screen recordings to the WordPress admin help tabs.\u003C\u002Fp>\n\u003Cp>Browser Support:\u003Cbr \u002F>\n*   Chrome, FF, Edge\u003Cbr \u002F>\n*   Safari not currently supported (coming soon)\u003C\u002Fp>\n\u003Cp>This plugin is for WordPress developers or trainers who wish to add ‘how to’ videos to the WordPress admin. This plugin lets you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Record a screen recording (with audio) directly from the WordPress admin panel in your browser – no need for 3rd party video screen recording software.\u003C\u002Fli>\n\u003Cli>Add a title and description to the video.\u003C\u002Fli>\n\u003Cli>Place the video on any WordPress admin page (even plugins) within the Help dropdown tab, meaning the video will be available directly on the page it is related to.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Do you ever hand over a WordPress website to a client, only for them to ask lots of questions about how to administer the website? Using this plugin, you can now direct these clients to screen recordings to train them on exactly what you need to.\u003C\u002Fp>\n\u003Cp>Note: recording videos works best in Chrome.\u003C\u002Fp>\n","Add help videos and screen recordings to the WordPress admin help tabs",0,901,100,2,"2020-09-18T16:49:00.000Z","5.5.18","3.0.1","",[20,21,22],"admin-videos","help-videos","training-videos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-admin-help-videos.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},50,93,30,89,"2026-04-05T02:59:39.753Z",[],{"attackSurface":36,"codeSignals":108,"taintFlows":136,"riskAssessment":163,"analyzedAt":168},{"hooks":37,"ajaxHandlers":95,"restRoutes":105,"shortcodes":106,"cronEvents":107,"entryPointCount":14,"unprotectedCount":11},[38,44,48,51,54,58,61,66,70,74,79,83,87,92],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","enqueue_block_editor_assets","closure","includes\\screen-help-class.php",7,{"type":39,"name":45,"callback":46,"file":42,"line":47},"in_admin_header","help_tabs",11,{"type":39,"name":49,"callback":41,"file":42,"line":50},"current_screen",14,{"type":39,"name":52,"callback":41,"file":53,"line":43},"admin_menu","includes\\screen-recorder-class.php",{"type":55,"name":56,"callback":41,"file":53,"line":57},"filter","admin_title",20,{"type":39,"name":59,"callback":41,"file":53,"line":60},"admin_head",24,{"type":39,"name":62,"callback":63,"file":64,"line":65},"add_meta_boxes_admin_help_video","add_meta_boxes","includes\\training-video-cpt-class.php",35,{"type":39,"name":67,"callback":68,"file":64,"line":69},"save_post_admin_help_video","save_admin_video",36,{"type":39,"name":71,"callback":72,"file":64,"line":73},"before_delete_post","delete_admin_help_video",38,{"type":55,"name":75,"callback":76,"file":77,"line":78},"admin_footer_text","modal_preview_content","includes\\video-upload-class.php",9,{"type":55,"name":80,"callback":81,"file":77,"line":82},"upload_dir","set_upload_dir",28,{"type":39,"name":84,"callback":84,"file":85,"line":86},"admin_enqueue_scripts","wp-admin-help-videos.php",52,{"type":39,"name":88,"callback":89,"priority":90,"file":85,"line":91},"admin_bar_menu","toolbar_menu",999,53,{"type":39,"name":93,"callback":41,"file":85,"line":94},"init",137,[96,102],{"action":97,"nopriv":98,"callback":99,"hasNonce":100,"hasCapCheck":100,"file":77,"line":101},"rw_video_upload_video",false,"upload_video",true,13,{"action":103,"nopriv":98,"callback":104,"hasNonce":100,"hasCapCheck":98,"file":77,"line":50},"rw_video_save_video_details","save_video_details",[],[],[],{"dangerousFunctions":109,"sqlUsage":110,"outputEscaping":112,"fileOperations":113,"externalRequests":11,"nonceChecks":133,"capabilityChecks":134,"bundledLibraries":135},[],{"prepared":11,"raw":11,"locations":111},[],{"escaped":113,"rawEcho":114,"locations":115},6,8,[116,119,121,123,125,128,129,131],{"file":42,"line":117,"context":118},15,"raw output",{"file":42,"line":120,"context":118},87,{"file":64,"line":122,"context":118},91,{"file":64,"line":124,"context":118},166,{"file":126,"line":127,"context":118},"includes\\video-stream.php",116,{"file":77,"line":69,"context":118},{"file":77,"line":130,"context":118},56,{"file":77,"line":132,"context":118},109,4,1,[],[137,155],{"entryPoint":138,"graph":139,"unsanitizedCount":11,"severity":154},"upload_video (includes\\video-upload-class.php:18)",{"nodes":140,"edges":152},[141,146],{"id":142,"type":143,"label":144,"file":77,"line":145},"n0","source","$_POST (x2)",31,{"id":147,"type":148,"label":149,"file":77,"line":150,"wp_function":151},"n1","sink","file_put_contents() [File Write]",40,"file_put_contents",[153],{"from":142,"to":147,"sanitized":100},"low",{"entryPoint":156,"graph":157,"unsanitizedCount":11,"severity":154},"\u003Cvideo-upload-class> (includes\\video-upload-class.php:0)",{"nodes":158,"edges":161},[159,160],{"id":142,"type":143,"label":144,"file":77,"line":145},{"id":147,"type":148,"label":149,"file":77,"line":150,"wp_function":151},[162],{"from":142,"to":147,"sanitized":100},{"summary":164,"deductions":165},"The wp-admin-help-videos plugin, version 1.0.2, demonstrates a generally good security posture based on the provided static analysis. The absence of known CVEs and vulnerabilities in its history is a strong positive indicator. Furthermore, the plugin utilizes prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection. It also incorporates nonce checks and capability checks, suggesting an awareness of common WordPress security practices for handling user interactions.\n\nHowever, there are areas for improvement. The most notable concern is the output escaping. With 14 total outputs, only 43% are properly escaped. This means a significant portion of the plugin's output could be vulnerable to Cross-Site Scripting (XSS) attacks, especially if any of the unescaped output contains user-supplied data or data derived from external sources. While the attack surface is small and there are no unprotected entry points, the insufficient output escaping presents a tangible risk.\n\nIn conclusion, the plugin is not critically flawed but requires attention to its output sanitization. The lack of historical vulnerabilities is promising, and the use of prepared statements is commendable. However, the high percentage of unescaped output is a weakness that needs to be addressed to prevent potential XSS vulnerabilities.",[166],{"reason":167,"points":114},"Insufficient output escaping","2026-03-17T06:45:26.258Z",{"wat":170,"direct":191},{"assetPaths":171,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[172,173,174,175,176,177,178,179],"\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fcss\u002Fwpahv-video-training.css","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002FDetectRTC.js","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002FEBML.js","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002FRecordRTC.js","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002Fpolyfill.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002Fadapter.js","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Fwpahv-video-training.js","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Fgutenberg-help.js",[],[173,174,175,176,177,178,179],[183,184,185,186,187,188,189,190],"\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fcss\u002Fwpahv-video-training.css?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002FDetectRTC.js?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002FEBML.js?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002FRecordRTC.js?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002Fpolyfill.min.js?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Frecord-rtc\u002Fadapter.js?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Fwpahv-video-training.js?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-admin-help-videos\u002Fassets\u002Fjs\u002Fgutenberg-help.js?ver=1.0",{"cssClasses":192,"htmlComments":199,"htmlAttributes":200,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":206},[193,194,195,196,197,198],"rwpav-help-videos-container","rwpav-video-box-wrapper","rwpav-video-box","rwpav-video-title","rwpav-video","rw-start-icon",[],[201],"disablePictureInPicture",[],[204,205],"RWPAV_video_training","rwp_vars",[]]