[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH5Qd_e-YE4nUSoOO32_tVUjmRInn81WR3iYEZsGayAk":3,"$fl025q-hnq-EEfF0BPZzOk5_ZsEX5y1Delv2oI7Vzuzg":263,"$fCIUzoO-dgc0Mdl07CMOrG_nhrBPBnNquoxuEA9Y0oRQ":267},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":32,"analysis":33,"fingerprints":237},"wp-infeed-post","WP Indeed Post","1.0","takumahirotsu","https:\u002F\u002Fprofiles.wordpress.org\u002Ftakumahirotsu\u002F","\u003Cp>サムネイル付きの新着記事を任意の数だけ表示可能。設定画面よりアドセンスコードをコピーアンドペーストするだけでインフィード広告をお好きな位置に挿入可能です。タイトルの文字サイズとカラー、日付・カテゴリーの表示・非表示とカラー、またサムネイルのサイズを個別に設定可能。インフィード広告の設定値に合わせて新着記事を表示することができる。\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","インフィード広告を挿入可能な新着記事表示プラグインです。",10,1579,0,"2018-01-24T21:41:00.000Z","3.5.2","3.3","",[19],"adsense-indeed","http:\u002F\u002Ftkmserver.xsrv.jp\u002Fuploads\u002FWP-infeed-post","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-infeed-post.1.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-05-20T10:11:38.184Z",[],{"attackSurface":34,"codeSignals":54,"taintFlows":156,"riskAssessment":225,"analyzedAt":236},{"hooks":35,"ajaxHandlers":50,"restRoutes":51,"shortcodes":52,"cronEvents":53,"entryPointCount":13,"unprotectedCount":13},[36,42,46],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","add_wp_infeed_post","wp-infeed-post.php",38,{"type":37,"name":43,"callback":44,"file":40,"line":45},"widgets_init","closure",179,{"type":37,"name":47,"callback":48,"file":40,"line":49},"admin_print_styles","wp_infeed_post_color_picker",200,[],[],[],[],{"dangerousFunctions":55,"sqlUsage":56,"outputEscaping":58,"fileOperations":13,"externalRequests":13,"nonceChecks":154,"capabilityChecks":13,"bundledLibraries":155},[],{"prepared":13,"raw":13,"locations":57},[],{"escaped":59,"rawEcho":60,"locations":61},21,55,[62,65,68,69,70,71,72,73,75,76,78,80,82,84,86,88,90,92,93,95,97,98,100,102,103,105,107,108,110,112,113,115,117,118,120,122,123,125,127,128,130,132,133,135,137,138,140,142,143,145,147,148,150,151,153],{"file":63,"line":28,"context":64},"views\\wp-infeed-post-options.php","raw output",{"file":66,"line":67,"context":64},"views\\wp-infeed-post-widget.php",16,{"file":66,"line":67,"context":64},{"file":66,"line":41,"context":64},{"file":66,"line":41,"context":64},{"file":66,"line":41,"context":64},{"file":66,"line":41,"context":64},{"file":66,"line":74,"context":64},43,{"file":66,"line":74,"context":64},{"file":66,"line":77,"context":64},53,{"file":66,"line":79,"context":64},60,{"file":40,"line":81,"context":64},72,{"file":40,"line":83,"context":64},79,{"file":40,"line":85,"context":64},100,{"file":40,"line":87,"context":64},102,{"file":40,"line":89,"context":64},129,{"file":40,"line":91,"context":64},130,{"file":40,"line":91,"context":64},{"file":40,"line":94,"context":64},133,{"file":40,"line":96,"context":64},134,{"file":40,"line":96,"context":64},{"file":40,"line":99,"context":64},137,{"file":40,"line":101,"context":64},138,{"file":40,"line":101,"context":64},{"file":40,"line":104,"context":64},141,{"file":40,"line":106,"context":64},142,{"file":40,"line":106,"context":64},{"file":40,"line":109,"context":64},145,{"file":40,"line":111,"context":64},146,{"file":40,"line":111,"context":64},{"file":40,"line":114,"context":64},149,{"file":40,"line":116,"context":64},150,{"file":40,"line":116,"context":64},{"file":40,"line":119,"context":64},153,{"file":40,"line":121,"context":64},154,{"file":40,"line":121,"context":64},{"file":40,"line":124,"context":64},157,{"file":40,"line":126,"context":64},158,{"file":40,"line":126,"context":64},{"file":40,"line":129,"context":64},161,{"file":40,"line":131,"context":64},162,{"file":40,"line":131,"context":64},{"file":40,"line":134,"context":64},165,{"file":40,"line":136,"context":64},166,{"file":40,"line":136,"context":64},{"file":40,"line":139,"context":64},169,{"file":40,"line":141,"context":64},170,{"file":40,"line":141,"context":64},{"file":40,"line":144,"context":64},173,{"file":40,"line":146,"context":64},174,{"file":40,"line":146,"context":64},{"file":40,"line":149,"context":64},185,{"file":40,"line":149,"context":64},{"file":40,"line":152,"context":64},186,{"file":40,"line":152,"context":64},2,[],[157,174,208],{"entryPoint":158,"graph":159,"unsanitizedCount":28,"severity":173},"\u003Cwp-infeed-post-options> (views\\wp-infeed-post-options.php:0)",{"nodes":160,"edges":170},[161,165],{"id":162,"type":163,"label":164,"file":63,"line":28},"n0","source","$_SERVER['REQUEST_URI']",{"id":166,"type":167,"label":168,"file":63,"line":28,"wp_function":169},"n1","sink","echo() [XSS]","echo",[171],{"from":162,"to":166,"sanitized":172},false,"low",{"entryPoint":175,"graph":176,"unsanitizedCount":13,"severity":173},"display_wp_infeed_post (wp-infeed-post.php:52)",{"nodes":177,"edges":202},[178,181,184,188,190,194,196,200],{"id":162,"type":163,"label":179,"file":40,"line":180},"$_POST['my_title_color']",74,{"id":166,"type":167,"label":182,"file":40,"line":180,"wp_function":183},"update_option() [Settings Manipulation]","update_option",{"id":185,"type":163,"label":186,"file":40,"line":187},"n2","$_POST['my_cat_color']",75,{"id":189,"type":167,"label":182,"file":40,"line":187,"wp_function":183},"n3",{"id":191,"type":163,"label":192,"file":40,"line":193},"n4","$_POST['my_cat_back_color']",76,{"id":195,"type":167,"label":182,"file":40,"line":193,"wp_function":183},"n5",{"id":197,"type":163,"label":198,"file":40,"line":199},"n6","$_POST['my_date_color']",77,{"id":201,"type":167,"label":182,"file":40,"line":199,"wp_function":183},"n7",[203,205,206,207],{"from":162,"to":166,"sanitized":204},true,{"from":185,"to":189,"sanitized":204},{"from":191,"to":195,"sanitized":204},{"from":197,"to":201,"sanitized":204},{"entryPoint":209,"graph":210,"unsanitizedCount":13,"severity":173},"\u003Cwp-infeed-post> (wp-infeed-post.php:0)",{"nodes":211,"edges":220},[212,213,214,215,216,217,218,219],{"id":162,"type":163,"label":179,"file":40,"line":180},{"id":166,"type":167,"label":182,"file":40,"line":180,"wp_function":183},{"id":185,"type":163,"label":186,"file":40,"line":187},{"id":189,"type":167,"label":182,"file":40,"line":187,"wp_function":183},{"id":191,"type":163,"label":192,"file":40,"line":193},{"id":195,"type":167,"label":182,"file":40,"line":193,"wp_function":183},{"id":197,"type":163,"label":198,"file":40,"line":199},{"id":201,"type":167,"label":182,"file":40,"line":199,"wp_function":183},[221,222,223,224],{"from":162,"to":166,"sanitized":204},{"from":185,"to":189,"sanitized":204},{"from":191,"to":195,"sanitized":204},{"from":197,"to":201,"sanitized":204},{"summary":226,"deductions":227},"The wp-infeed-post plugin v1.0 exhibits a mixed security posture. On the positive side, it boasts a clean vulnerability history with no recorded CVEs, suggesting a generally well-maintained codebase. Furthermore, it effectively utilizes prepared statements for its SQL queries and includes nonce checks, demonstrating good practices in preventing common web attacks. The absence of file operations and external HTTP requests also reduces potential attack vectors.\n\nHowever, there are significant concerns within the static analysis. A concerning 28% of output escaping is present, meaning a substantial portion of user-generated or dynamic content displayed to users is not properly sanitized. This could lead to Cross-Site Scripting (XSS) vulnerabilities if an attacker can inject malicious scripts that are then rendered without proper encoding. The taint analysis also reveals one flow with an unsanitized path, which, while not classified as critical or high severity, still represents a potential security weakness where data might be processed in an unexpected or insecure manner.\n\nIn conclusion, while the plugin's track record and SQL handling are strengths, the identified output escaping and taint flow issues present notable risks. The lack of capability checks on any entry points, combined with the absence of these checks on the identified unsanitized flow, further exacerbates the potential impact of the identified weaknesses. Mitigation of the unescaped output and unsanitized taint flow should be a priority.",[228,231,233],{"reason":229,"points":230},"Unsanitized output detected",8,{"reason":232,"points":230},"Unsanitized taint flow detected",{"reason":234,"points":235},"Missing capability checks on entry points",7,"2026-03-17T01:13:00.130Z",{"wat":238,"direct":246},{"assetPaths":239,"generatorPatterns":243,"scriptPaths":244,"versionParams":245},[240,241,242],"\u002Fwp-content\u002Fplugins\u002Fwp-infeed-post\u002Fstyle\u002Fwp-infeed-post.css","\u002Fwp-content\u002Fplugins\u002Fwp-infeed-post\u002Fviews\u002Fwp-infeed-post-options.php","\u002Fwp-content\u002Fplugins\u002Fwp-infeed-post\u002Fviews\u002Fwp-infeed-post-widget.php",[],[],[],{"cssClasses":247,"htmlComments":248,"htmlAttributes":249,"restEndpoints":255,"jsGlobals":256,"shortcodeOutput":262},[],[],[250,251,252,253,254],"id=\"setting-error-settings_updated\"","class=\"error settings-error notice is-dismissible\"","class=\"updated settings-error notice is-dismissible\"","name=\"wp_infeed_post_action\"","name=\"wp_infeed_post_field\"",[],[257,258,259,260,261],"my_title_size","my_title_color","my_cat_color","my_cat_back_color","my_date_color",[],{"error":204,"url":264,"statusCode":265,"statusMessage":266,"message":266},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-infeed-post\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":268,"versions":269},3,[270,277,284],{"version":271,"download_url":272,"svn_tag_url":273,"released_at":23,"has_diff":172,"diff_files_changed":274,"diff_lines":23,"trac_diff_url":275,"vulnerabilities":276,"is_current":172},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-infeed-post.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-infeed-post\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-infeed-post%2Ftags%2F2.0&new_path=%2Fwp-infeed-post%2Ftags%2F2.1",[],{"version":278,"download_url":279,"svn_tag_url":280,"released_at":23,"has_diff":172,"diff_files_changed":281,"diff_lines":23,"trac_diff_url":282,"vulnerabilities":283,"is_current":172},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-infeed-post.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-infeed-post\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-infeed-post%2Ftags%2F1.0&new_path=%2Fwp-infeed-post%2Ftags%2F2.0",[],{"version":6,"download_url":21,"svn_tag_url":285,"released_at":23,"has_diff":172,"diff_files_changed":286,"diff_lines":23,"trac_diff_url":23,"vulnerabilities":287,"is_current":204},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-infeed-post\u002Ftags\u002F1.0\u002F",[],[]]