[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1xWud6tGhD2--iMZ_4Wn3zeGLfJvmCz2I6F6H0MiD-Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":117,"fingerprints":200},"wp-pranks","WP Pranks","1.0","qwerks","https:\u002F\u002Fprofiles.wordpress.org\u002Fqwerks\u002F","\u003Cp>A playful plugin with several options to pull a joke\u002Fprank on your friends.  Guaranteed to work on your WordPress website regardless of theme, plugin or version of WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Types of pranks:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>B&W – Turns website into black and white like the old days.\u003C\u002Fli>\n\u003Cli>Upside Down – Turns website upside-down.\u003C\u002Fli>\n\u003Cli>Hide All Odd Numbered Paragraphs – Self explanatory, come on.\u003C\u002Fli>\n\u003Cli>Blurry – Turns website so blurry even eye-glasses won’t help.\u003C\u002Fli>\n\u003Cli>Poop Emoji – Puts a poop emoji in upper left of the page.\u003C\u002Fli>\n\u003Cli>Comics Sans – Turns text to use the Comic Sans font.\u003C\u002Fli>\n\u003Cli>Insanely Large Text – Makes fonts larger for those who have really really bad eye-sight.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Terms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You are free to do whatever you want with the plugin, but you are liable for any and all damages and legal ramification resulting from the plugin.  \u003C\u002Fli>\n\u003Cli>I am not liable for anything.\u003C\u002Fli>\n\u003C\u002Ful>\n","A playful plugin with several options to pull a joke\u002Fprank on your friends.",10,1380,0,"2020-01-27T20:04:00.000Z","5.3.21","4.6","5.2.4",[19,20,21,22],"april-fools","funny","jokes","prank","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-pranks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-pranks.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T15:56:58.391Z",[35,56,75,85,100],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"air-horn","Air Horn","0.0.1","Jason Stallings","https:\u002F\u002Fprofiles.wordpress.org\u002Foctalmage\u002F","\u003Cp>This plugin plays an air horn when you login, and adds an air horn button to the WordPress toolbar.\u003C\u002Fp>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Cp>Login and hear the Air Horn!\u003C\u002Fp>\n","Air horn for WordPress.",2189,100,2,"2015-01-29T15:33:00.000Z","4.1.0","3.0.1","",[51,52,20,53,22],"air","airhorn","horn","https:\u002F\u002Fgithub.com\u002Foctalmage\u002FAirHorn\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fair-horn.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":65,"num_ratings":30,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":49,"tags":69,"homepage":73,"download_link":74,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"funny-photos","Funny Photos","2.9","PResponsive","https:\u002F\u002Fprofiles.wordpress.org\u002Fallis741\u002F","\u003Cp>Plugin “Funny Photos” displays Funny photos on your blog.\u003Cbr \u002F>\nThere are over 5,000 photos.\u003Cbr \u002F>\nAdd Funny Photos to your sidebar on your blog using  a widget.\u003Cbr \u002F>\nPhotos are saved on our database, so you don’t need to have space for all that information.\u003C\u002Fp>\n","Plugin \"Funny Photos\" displays Best photos of the day and Funny photos on your blog. There are over 5,000 photos.",7582,20,"2015-02-28T18:18:00.000Z","4.1.42","3.0",[70,57,71,21,72],"funny-jokes","funny-video","widget","http:\u002F\u002Fwww.premiumresponsive.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffunny-photos.zip",{"slug":76,"name":77,"version":68,"author":60,"author_profile":61,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":13,"num_ratings":13,"last_updated":81,"tested_up_to":67,"requires_at_least":68,"requires_php":49,"tags":82,"homepage":73,"download_link":84,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"joke-of-the-day","Joke of the Day","\u003Cp>Plugin “Joke of the Day” displays categorized jokes on your blog. There are over 40,000 jokes in 40 categories. Jokes are saved on our database, so you don’t need to have space for all that information.\u003C\u002Fp>\n","Plugin \"Joke of the Day\" displays jokes on your blog. There are over 40,000 jokes in 40 categories.",10249,"2015-02-28T18:10:00.000Z",[20,71,83,21,72],"joke","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjoke-of-the-day.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":49,"tested_up_to":94,"requires_at_least":95,"requires_php":49,"tags":96,"homepage":97,"download_link":98,"security_score":44,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":99},"joke-of-the-day-advanced","Joke of the Day Advanced","1.2","Andy","https:\u002F\u002Fprofiles.wordpress.org\u002Fandycorm\u002F","\u003Cp>Places a Joke of the Day widget on your WordPress blog. Features include the ability to only show jokes containing a particular keyword, a switch between ‘clean’ or ‘dirty’ jokes, as well as an option to change the current joke early if you get tired of it. Jokes are loaded via ajax from \u003Ca href=\"http:\u002F\u002Fwww.joke-db.com\u002F\" rel=\"nofollow ugc\">The Internet Joke Database\u003C\u002Fa>, so your page will never be slowed due to loading jokes.\u003C\u002Fp>\n","Freshen up your WordPress site with a new joke every day.",4004,"3.4.2","2.0.2",[20,70,83,21,72],"http:\u002F\u002Fwww.joke-db.com\u002Fwidgets\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjoke-of-the-day-advanced.zip","2026-03-15T10:48:56.248Z",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":65,"downloaded":108,"rating":44,"num_ratings":109,"last_updated":110,"tested_up_to":15,"requires_at_least":59,"requires_php":49,"tags":111,"homepage":115,"download_link":116,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"cornify-for-wordpress","Cornify for WordPress","1.3","B.","https:\u002F\u002Fprofiles.wordpress.org\u002Fbandonrandon\u002F","\u003Cp>Adds Cornify (cornify.com) to your WordPress. After five seconds of inactivity the site will show unicorns\u003Cbr \u002F>\nto the visitor until they interact with the site again. This was developed primarily as an April fools joke.\u003C\u002Fp>\n","Cornify Your WordPress Website.",4447,4,"2019-12-14T06:05:00.000Z",[19,112,113,114],"cornify","rainbows","unicorns","http:\u002F\u002Fbrooke.codes\u002Fprojects\u002Fcornify","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcornify-for-wordpress.1.3.zip",{"attackSurface":118,"codeSignals":138,"taintFlows":187,"riskAssessment":188,"analyzedAt":199},{"hooks":119,"ajaxHandlers":134,"restRoutes":135,"shortcodes":136,"cronEvents":137,"entryPointCount":13,"unprotectedCount":13},[120,126,130],{"type":121,"name":122,"callback":123,"file":124,"line":125},"action","wp_footer","wp_pranks_footer_hook","pranks.php",96,{"type":121,"name":127,"callback":128,"file":124,"line":129},"admin_menu","wp_pranks_setting_add_plugin_page",102,{"type":121,"name":131,"callback":132,"file":124,"line":133},"admin_init","wp_pranks_setting_page_init",103,[],[],[],[],{"dangerousFunctions":139,"sqlUsage":140,"outputEscaping":142,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":186},[],{"prepared":13,"raw":13,"locations":141},[],{"escaped":13,"rawEcho":143,"locations":144},24,[145,148,150,152,154,156,158,160,162,164,165,167,168,170,171,173,174,176,177,179,180,182,183,185],{"file":124,"line":146,"context":147},120,"raw output",{"file":124,"line":149,"context":147},123,{"file":124,"line":151,"context":147},124,{"file":124,"line":153,"context":147},125,{"file":124,"line":155,"context":147},126,{"file":124,"line":157,"context":147},127,{"file":124,"line":159,"context":147},128,{"file":124,"line":161,"context":147},129,{"file":124,"line":163,"context":147},180,{"file":124,"line":163,"context":147},{"file":124,"line":166,"context":147},182,{"file":124,"line":166,"context":147},{"file":124,"line":169,"context":147},184,{"file":124,"line":169,"context":147},{"file":124,"line":172,"context":147},186,{"file":124,"line":172,"context":147},{"file":124,"line":175,"context":147},188,{"file":124,"line":175,"context":147},{"file":124,"line":178,"context":147},190,{"file":124,"line":178,"context":147},{"file":124,"line":181,"context":147},192,{"file":124,"line":181,"context":147},{"file":124,"line":184,"context":147},194,{"file":124,"line":184,"context":147},[],[],{"summary":189,"deductions":190},"The \"wp-pranks\" plugin version 1.0 exhibits a seemingly positive security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events, particularly those lacking authentication or permission checks, suggests a limited attack surface. Furthermore, the code signals indicate no dangerous functions, no file operations, no external HTTP requests, and all SQL queries utilize prepared statements, which are strong security practices. The lack of known CVEs and vulnerability history also points towards a clean track record. However, a critical weakness is the complete lack of output escaping, with 100% of identified outputs being unescaped. This represents a significant blind spot and potential vector for cross-site scripting (XSS) attacks, especially as there are 24 identified output instances. The absence of nonce and capability checks, while potentially a consequence of the limited attack surface, also removes crucial layers of defense if any entry points were to be discovered or if the plugin's functionality were to expand without corresponding security measures.\n\nIn conclusion, while \"wp-pranks\" v1.0 demonstrates commendable practices in areas like SQL handling and avoiding dangerous functions, the pervasive lack of output escaping is a glaring and high-risk oversight. This, coupled with the absence of nonce and capability checks, leaves the plugin vulnerable to potential XSS attacks. The limited attack surface is a mitigating factor, but the unescaped output is a serious concern that needs immediate attention. The clean vulnerability history is a positive sign, but it does not negate the immediate risks identified in the code analysis.",[191,194,197],{"reason":192,"points":193},"Unescaped output (24 instances)",15,{"reason":195,"points":196},"Missing nonce checks",5,{"reason":198,"points":196},"Missing capability checks","2026-03-17T00:18:40.607Z",{"wat":201,"direct":206},{"assetPaths":202,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[],[],[],[],{"cssClasses":207,"htmlComments":208,"htmlAttributes":216,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":219},[],[209,210,211,212,213,214,215],"bw","upside down","hide off numbered paragraphs","blurry page","poop emoji upper left","comics sans","large font",[],[],[],[]]