[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIgLvsjw9vBy09nphAKwhKIEyQvAT-mDg-FEJJ32gAyI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":39,"fingerprints":115},"wp-dont-go","WP Don't GO","1.1","Mustafa KUCUK","https:\u002F\u002Fprofiles.wordpress.org\u002Ftruser\u002F","\u003Cp>This plug-in changes the tab title and favicon when your visitors skip to another tab.\u003Cbr \u002F>\nThanks, Don’t GO JS : https:\u002F\u002Fgithub.com\u002Ftiaanduplessis\u002Fdont-go\u003C\u002Fp>\n","This plug-in changes the tab title and favicon when your visitors skip to another tab.",40,1647,100,9,"2017-09-13T16:15:00.000Z","4.8.28","3.0","",[20,21,22,23],"tab-focus","title-change-differant-tab","wordpress-do-not-go","wordpress-favicon","https:\u002F\u002Fwpajans.net\u002Feklentiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dont-go.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":26,"computed_at":37},"truser",7,70,87,30,"2026-04-05T01:54:49.876Z",[],{"attackSurface":40,"codeSignals":60,"taintFlows":79,"riskAssessment":107,"analyzedAt":114},{"hooks":41,"ajaxHandlers":56,"restRoutes":57,"shortcodes":58,"cronEvents":59,"entryPointCount":27,"unprotectedCount":27},[42,48,52],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_enqueue_scripts","dontgoAdminAssets","admin_page.php",8,{"type":43,"name":49,"callback":50,"file":46,"line":51},"admin_menu","dontgo_admin_menu",17,{"type":43,"name":53,"callback":54,"file":55,"line":33},"wp_footer","dontgoFront","init.php",[],[],[],[],{"dangerousFunctions":61,"sqlUsage":62,"outputEscaping":64,"fileOperations":27,"externalRequests":77,"nonceChecks":77,"capabilityChecks":27,"bundledLibraries":78},[],{"prepared":27,"raw":27,"locations":63},[],{"escaped":65,"rawEcho":66,"locations":67},3,4,[68,71,73,75],{"file":46,"line":69,"context":70},57,"raw output",{"file":46,"line":72,"context":70},60,{"file":46,"line":74,"context":70},63,{"file":55,"line":76,"context":70},5,1,[],[80,99],{"entryPoint":81,"graph":82,"unsanitizedCount":27,"severity":98},"dontgoSettings (admin_page.php:36)",{"nodes":83,"edges":95},[84,89],{"id":85,"type":86,"label":87,"file":46,"line":88},"n0","source","$_POST (x3)",41,{"id":90,"type":91,"label":92,"file":46,"line":93,"wp_function":94},"n1","sink","update_option() [Settings Manipulation]",44,"update_option",[96],{"from":85,"to":90,"sanitized":97},true,"low",{"entryPoint":100,"graph":101,"unsanitizedCount":27,"severity":98},"\u003Cadmin_page> (admin_page.php:0)",{"nodes":102,"edges":105},[103,104],{"id":85,"type":86,"label":87,"file":46,"line":88},{"id":90,"type":91,"label":92,"file":46,"line":93,"wp_function":94},[106],{"from":85,"to":90,"sanitized":97},{"summary":108,"deductions":109},"The wp-dont-go plugin v1.1 exhibits a generally good security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a minimal attack surface with no unprotected entry points. The absence of dangerous functions, raw SQL queries, and file operations is also a positive indicator. However, a concerning finding is that only 43% of output is properly escaped, leaving potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is directly outputted without sufficient sanitization. While the plugin makes one external HTTP request, the analysis does not specify if this is a security concern. The presence of one nonce check is noted, but the absence of capability checks on any entry points could be a weakness if such entry points were discovered. The vulnerability history is clean, with no known CVEs, suggesting a history of secure development or a lack of prior focused security scrutiny. Overall, the plugin's strengths lie in its small attack surface and lack of risky code patterns, but the unescaped output is a significant concern that requires attention to prevent potential client-side attacks.",[110,112],{"reason":111,"points":33},"Low percentage of properly escaped output",{"reason":113,"points":76},"No capability checks on entry points","2026-03-16T22:17:44.956Z",{"wat":116,"direct":127},{"assetPaths":117,"generatorPatterns":121,"scriptPaths":122,"versionParams":123},[118,119,120],"\u002Fwp-content\u002Fplugins\u002Fwp-dont-go\u002Fassets\u002Fcss\u002FwpajansPanel.css","\u002Fwp-content\u002Fplugins\u002Fwp-dont-go\u002Fassets\u002Fjs\u002FwpajansPlugin.js","\u002Fwp-content\u002Fplugins\u002Fwp-dont-go\u002Fassets\u002Fjs\u002Fdontgo.js",[],[119,120],[124,125,126],"wp-dont-go\u002Fassets\u002Fcss\u002FwpajansPanel.css?ver=","wp-dont-go\u002Fassets\u002Fjs\u002FwpajansPlugin.js?ver=","wp-dont-go\u002Fassets\u002Fjs\u002Fdontgo.js?ver=",{"cssClasses":128,"htmlComments":135,"htmlAttributes":138,"restEndpoints":141,"jsGlobals":142,"shortcodeOutput":144},[129,130,131,132,133,134],"wpajansNotice","wpajansInput","wpnlh_navbar","wpnlh_content","wpnlh_content_block","wpajansLogo",[136,137],"\u003C!-- Plugin CODES -->","\u003C!-- #Plugin CODES -->",[139,140],"data-nonce_field","data-nonce_action",[],[143],"dontgoSettings",[]]