[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_aaoZ1dCnyh8vvbHETfHJ85DLKZZTxXnkZs0Hx2TeAs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":38,"fingerprints":137},"wp-adsterra-dashboard","WP Adsterra Dashboard","2.0.0","Vincenzo","https:\u002F\u002Fprofiles.wordpress.org\u002Fvluongo\u002F","\u003Cp>WP AdsTerra Dashboard allows you to view your Adsterra advertising statistics directly in your WordPress admin dashboard. This plugin provides a convenient widget that displays your daily earnings, impressions, clicks, CPM, and CTR data with beautiful charts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Secure AJAX calls with CSRF protection\u003Cbr \u002F>\n* Optimized API performance with caching\u003Cbr \u002F>\n* Real-time statistics dashboard widget\u003Cbr \u002F>\n* Monthly data filtering\u003Cbr \u002F>\n* Interactive charts with Chart.js\u003Cbr \u002F>\n* Robust error handling and validation\u003Cbr \u002F>\n* WordPress security best practices compliance\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Version 2.0.0 Highlights:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Complete security overhaul with XSS and CSRF protection\u003Cbr \u002F>\n* Performance optimization with API call reduction and caching\u003Cbr \u002F>\n* Enhanced mathematical accuracy for CPM\u002FCTR calculations\u003Cbr \u002F>\n* Improved error handling and user experience\u003C\u002Fp>\n","Secure and optimized WP AdsTerra Dashboard for viewing statistics via API with enhanced performance and security features.",500,14274,100,1,"2025-10-03T20:09:00.000Z","6.7.5","5.0","7.4",[20,21,22],"adsterra-dashboard","adsterra-publishers-dashboard","adsterra-stats","https:\u002F\u002Fwordpress-plugins.luongovincenzo.it\u002F#wp-adsterra-dashboard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-adsterra-dashboard.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"vluongo",5,1530,94,30,90,"2026-04-05T00:41:11.322Z",[],{"attackSurface":39,"codeSignals":74,"taintFlows":103,"riskAssessment":130,"analyzedAt":136},{"hooks":40,"ajaxHandlers":59,"restRoutes":70,"shortcodes":71,"cronEvents":72,"entryPointCount":73,"unprotectedCount":25},[41,47,51,55],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","wp_dashboard_setup","dashboard_widget","index.php",43,{"type":42,"name":48,"callback":49,"file":45,"line":50},"admin_menu","create_admin_menu",45,{"type":42,"name":52,"callback":53,"file":45,"line":54},"admin_enqueue_scripts","widget_dashboard_ajax_script",48,{"type":42,"name":56,"callback":57,"file":45,"line":58},"admin_init","_registerOptions",115,[60,66],{"action":61,"nopriv":62,"callback":63,"hasNonce":64,"hasCapCheck":62,"file":45,"line":65},"adsterra_update_month_filter",false,"wp_adsterra_update_month_filter_action",true,49,{"action":67,"nopriv":62,"callback":68,"hasNonce":64,"hasCapCheck":62,"file":45,"line":69},"adsterra_refresh_cache","wp_adsterra_refresh_cache_action",50,[],[],[],2,{"dangerousFunctions":75,"sqlUsage":76,"outputEscaping":83,"fileOperations":25,"externalRequests":25,"nonceChecks":73,"capabilityChecks":25,"bundledLibraries":102},[],{"prepared":25,"raw":73,"locations":77},[78,81],{"file":45,"line":79,"context":80},74,"$wpdb->query() with variable interpolation",{"file":45,"line":82,"context":80},75,{"escaped":84,"rawEcho":85,"locations":86},31,7,[87,90,92,94,96,98,100],{"file":45,"line":88,"context":89},422,"raw output",{"file":45,"line":91,"context":89},445,{"file":45,"line":93,"context":89},655,{"file":45,"line":95,"context":89},703,{"file":45,"line":97,"context":89},711,{"file":45,"line":99,"context":89},714,{"file":45,"line":101,"context":89},756,[],[104,122],{"entryPoint":105,"graph":106,"unsanitizedCount":25,"severity":121},"wp_adsterra_update_month_filter_action (index.php:53)",{"nodes":107,"edges":119},[108,113],{"id":109,"type":110,"label":111,"file":45,"line":112},"n0","source","$_POST",59,{"id":114,"type":115,"label":116,"file":45,"line":117,"wp_function":118},"n1","sink","update_option() [Settings Manipulation]",61,"update_option",[120],{"from":109,"to":114,"sanitized":64},"low",{"entryPoint":123,"graph":124,"unsanitizedCount":25,"severity":121},"\u003Cindex> (index.php:0)",{"nodes":125,"edges":128},[126,127],{"id":109,"type":110,"label":111,"file":45,"line":112},{"id":114,"type":115,"label":116,"file":45,"line":117,"wp_function":118},[129],{"from":109,"to":114,"sanitized":64},{"summary":131,"deductions":132},"The wp-adsterra-dashboard plugin version 2.0.0 exhibits a generally strong security posture, particularly concerning its limited attack surface and the absence of known vulnerabilities. The static analysis reveals that all identified entry points, specifically AJAX handlers, are protected by nonce checks. The plugin also demonstrates good practices in output escaping, with a high percentage of outputs being properly sanitized, minimizing the risk of cross-site scripting (XSS) vulnerabilities.\n\nHowever, a significant concern arises from the handling of SQL queries. The analysis indicates that none of the two SQL queries utilize prepared statements, which presents a substantial risk for SQL injection vulnerabilities. Although no taint flows with unsanitized paths were found, the lack of prepared statements is a critical oversight that could be exploited if user input is directly incorporated into these queries. The absence of capability checks on AJAX handlers, while mitigated by nonce checks, could still be a point of consideration for further hardening, though it's less critical than the raw SQL queries.\n\nGiven the lack of historical vulnerabilities, it suggests the developers may be diligent in addressing past issues or that the plugin has not been a significant target. Nevertheless, the current code analysis highlights the critical need to address the unescaped SQL queries. The plugin's strengths lie in its controlled attack surface and output sanitization, but its primary weakness is the direct use of SQL queries without prepared statements, which requires immediate attention to prevent potential security breaches.",[133],{"reason":134,"points":135},"SQL queries without prepared statements",10,"2026-03-16T19:35:50.922Z",{"wat":138,"direct":149},{"assetPaths":139,"generatorPatterns":143,"scriptPaths":144,"versionParams":145},[140,141,142],"\u002Fwp-content\u002Fplugins\u002Fwp-adsterra-dashboard\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-adsterra-dashboard\u002Fjs\u002Fchartjs.js","\u002Fwp-content\u002Fplugins\u002Fwp-adsterra-dashboard\u002Fjs\u002Fmain.js",[],[141,142],[146,147,148],"wp-adsterra-dashboard\u002Fcss\u002Fstyle.css?ver=","wp-adsterra-dashboard\u002Fjs\u002Fchartjs.js?ver=","wp-adsterra-dashboard\u002Fjs\u002Fmain.js?ver=",{"cssClasses":150,"htmlComments":155,"htmlAttributes":163,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":170},[151,152,153,154],"adsterra-settings-wrap","adsterra-settings-header","adsterra-earnings-wrap","adsterra-earnings-graph",[156,157,158,159,160,161,162],"\u003C!-- Plugin Name: WP Adsterra Dashboard -->","\u003C!-- Plugin URI: https:\u002F\u002Fwordpress-plugins.luongovincenzo.it\u002F#wp-adsterra-dashboard -->","\u003C!-- Description: WP AdsTerra Dashboard for view statistics via API -->","\u003C!-- Author: Vincenzo Luongo -->","\u003C!-- Author URI: https:\u002F\u002Fwww.luongovincenzo.it\u002F -->","\u003C!-- License: GPLv2 or later -->","\u003C!-- Text Domain: wp-adsterra-dashboard -->",[164,165,166],"data-adsterra-widget-filter-month","data-adsterra-nonce","data-adsterra-refresh-nonce",[],[169],"adsterra_ajax_object",[]]