[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsUEk4GCqN2QN5g9Ujwt2dPLj7wU_w4aiHBXh8IyfFac":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":77},"wp-html-imports-helper","WP HTML Imports Helper","0.1","Daisuke Takahashi","https:\u002F\u002Fprofiles.wordpress.org\u002Fextendwings\u002F","\u003Cp>This plugin adds support for HTML Imports enqueue.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Copyright (c) 2012-2014 \u003Ca href=\"http:\u002F\u002Fwww.extendwings.com\u002F\" rel=\"nofollow ugc\">Daisuke Takahashi(Extend Wings)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portions (c) 2010-2012 Web Online.\u003C\u002Fli>\n\u003Cli>Unless otherwise stated, all files in this repo is licensed under \u003Cem>GNU GENERAL PUBLIC LICENSE, Version 3\u003C\u002Fem>. See \u003Cem>LICENSE\u003C\u002Fem> file.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add support for HTML Imports enqueue",10,1994,0,"2016-01-14T03:47:00.000Z","4.4.34","4.3","",[],"https:\u002F\u002Fgithub.com\u002Fshield-9\u002Fwp-html-imports-helper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-html-imports-helper.0.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"extendwings",6,270,30,84,"2026-04-04T19:46:03.118Z",[],{"attackSurface":34,"codeSignals":47,"taintFlows":65,"riskAssessment":66,"analyzedAt":76},{"hooks":35,"ajaxHandlers":43,"restRoutes":44,"shortcodes":45,"cronEvents":46,"entryPointCount":13,"unprotectedCount":13},[36],{"type":37,"name":38,"callback":39,"priority":40,"file":41,"line":42},"action","wp_head","wp_print_documents",8,"wp-html-import-helper.php",16,[],[],[],[],{"dangerousFunctions":48,"sqlUsage":49,"outputEscaping":52,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":64},[],{"prepared":50,"raw":13,"locations":51},1,[],{"escaped":53,"rawEcho":54,"locations":55},2,3,[56,60,62],{"file":57,"line":58,"context":59},"class.wp-documents.php",100,"raw output",{"file":57,"line":61,"context":59},101,{"file":57,"line":63,"context":59},102,[],[],{"summary":67,"deductions":68},"The wp-html-imports-helper plugin, in version 0.1, presents a generally positive security posture based on the provided static analysis. The plugin exhibits zero known vulnerabilities, a clean vulnerability history, and no dangerous functions identified.  The code analysis reveals a limited attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events, significantly reducing potential entry points for attackers. Furthermore, the single SQL query utilizes prepared statements, which is a strong security practice. However, there are areas for concern. A significant weakness lies in the output escaping, with only 40% of outputs being properly escaped. This means there's a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is directly echoed without sanitization. Additionally, the complete absence of nonce checks and capability checks across all entry points, though currently unexploited due to the small attack surface, represents a significant omission in core WordPress security practices. This could become a critical oversight if the plugin's functionality expands or if new entry points are introduced without these essential security layers.",[69,72,74],{"reason":70,"points":71},"Poor output escaping practices",5,{"reason":73,"points":71},"Missing nonce checks",{"reason":75,"points":71},"Missing capability checks","2026-03-17T01:38:34.288Z",{"wat":78,"direct":85},{"assetPaths":79,"generatorPatterns":82,"scriptPaths":83,"versionParams":84},[80,81],"\u002Fwp-content\u002Fplugins\u002Fwp-html-imports-helper\u002Fclass.wp-documents.php","\u002Fwp-content\u002Fplugins\u002Fwp-html-imports-helper\u002Ffunctions.wp-documents.php",[],[],[],{"cssClasses":86,"htmlComments":87,"htmlAttributes":88,"restEndpoints":89,"jsGlobals":90,"shortcodeOutput":91},[],[],[],[],[],[]]