[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0jfkw67ohlfJxfU61KfOv7i-oWQWI-sQeYLPJVgW9OY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":34,"fingerprints":89},"wp-highlight-box","WP Highlight Box","1.0","spinthewheelgame","https:\u002F\u002Fprofiles.wordpress.org\u002Fshopcode\u002F","\u003Cp>Create Highlight Box content for wordpress with Wp Highlight Box Plugin support Shortcode with tinymce, easy using\u003C\u002Fp>\n","Create Highlight Box content for wordpress with Wp Highlight Box Plugin support Shortcode with tinymce, easy using",0,1134,"2018-11-30T23:47:00.000Z","4.9.29","4.0","",[18,19,20],"highlight-box","highlight-box-content","highlight-box-css","http:\u002F\u002Fshopcode.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-highlight-box.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"shopcode",3,30,84,"2026-04-05T02:04:34.787Z",[],{"attackSurface":35,"codeSignals":74,"taintFlows":81,"riskAssessment":82,"analyzedAt":88},{"hooks":36,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":72,"entryPointCount":73,"unprotectedCount":11},[37,43,47,50,55,59,63],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","init","ewhb_highlight_box_shortcode","wp-highlight-box.php",27,{"type":38,"name":44,"callback":45,"file":41,"line":46},"wp_enqueue_scripts","ewhb_highlight_box_style",48,{"type":38,"name":39,"callback":48,"file":41,"line":49},"ewhb_highlight_box_tinymce_init",64,{"type":51,"name":52,"callback":53,"file":41,"line":54},"filter","mce_external_plugins","ewhb_highlight_box_jquery_tinymce",67,{"type":51,"name":56,"callback":57,"file":41,"line":58},"mce_buttons","ewhb_highlight_box_button_tinymce",68,{"type":38,"name":60,"callback":61,"file":41,"line":62},"admin_enqueue_scripts","ewhb_highlight_box_editor_style",90,{"type":38,"name":64,"callback":61,"file":41,"line":65},"login_enqueue_scripts",91,[],[],[69],{"tag":18,"callback":70,"file":41,"line":71},"ewhb_highlight_box_name",24,[],1,{"dangerousFunctions":75,"sqlUsage":76,"outputEscaping":78,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":80},[],{"prepared":11,"raw":11,"locations":77},[],{"escaped":11,"rawEcho":11,"locations":79},[],[],[],{"summary":83,"deductions":84},"The wp-highlight-box plugin v1.0 exhibits a strong security posture based on the provided static analysis.  There are no identified dangerous functions, all SQL queries utilize prepared statements, and all output appears to be properly escaped.  Furthermore, the absence of file operations and external HTTP requests reduces potential attack vectors.  The taint analysis reveals no vulnerabilities, indicating that data flowing through the plugin's code is handled securely.\n\nThe plugin's vulnerability history is completely clean, with no recorded CVEs of any severity. This, combined with the static analysis findings, suggests a well-developed and secure plugin at this version. The only identified entry point is a shortcode, and it's noted as unprotected. While the lack of other entry points is positive, the unprotected shortcode represents a potential, albeit small, attack surface.\n\nIn conclusion, wp-highlight-box v1.0 appears to be a very secure plugin. The extensive use of prepared statements, proper output escaping, and a clean vulnerability history are significant strengths. The sole concern is the unprotected shortcode, which, in the absence of other vulnerabilities or dangerous code patterns, presents a minimal risk. However, best practice dictates that all entry points should have appropriate authorization checks.",[85],{"reason":86,"points":87},"Unprotected shortcode entry point",5,"2026-03-17T07:14:35.186Z",{"wat":90,"direct":98},{"assetPaths":91,"generatorPatterns":94,"scriptPaths":95,"versionParams":97},[92,93],"\u002Fwp-content\u002Fplugins\u002Fwp-highlight-box\u002Feditor-highlight-box.css","\u002Fwp-content\u002Fplugins\u002Fwp-highlight-box\u002Fhighlight-box-style.css",[],[96],"\u002Fwp-content\u002Fplugins\u002Fwp-highlight-box\u002Fjs\u002Fewhb-highlight-box-jquery.js",[],{"cssClasses":99,"htmlComments":100,"htmlAttributes":101,"restEndpoints":102,"jsGlobals":103,"shortcodeOutput":104},[4],[],[],[],[],[105,106],"\u003Cdiv class='wp-highlight-box'>","\u003Cdiv class='"]