[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB4c4iYWtC-f8Y7VnLjHaS8PDHaWdyuyaVs4fmBV5eYQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":143},"wp-qiita","WP Qiita","1.0.0","ka2","https:\u002F\u002Fprofiles.wordpress.org\u002Fka2\u002F","\u003Cp>You are able to manage the articles of \u003Ca href=\"https:\u002F\u002Fqiita.com\u002F\" title=\"Qiita\" rel=\"nofollow ugc\">Qiita\u003C\u002Fa> in the WordPress by using this plugin. In this plugin is using the Qiita API v2 to the Qiita connection.\u003Cbr \u002F>\nPlease refer to the Github original source.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fka215\u002Fwp-qiita\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fka215\u002Fwp-qiita\u003C\u002Fa>\u003C\u002Fp>\n","You are able to manage the articles of [Qiita](https:\u002F\u002Fqiita.com\u002F \"Qiita\") in the WordPress by using this plugin.",10,1251,0,"2015-12-10T07:07:00.000Z","4.4.34","4.2","",[19,20],"qiita","qiita-api-v2","https:\u002F\u002Fka2.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-qiita.1.0.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":28,"profile_url":8,"plugin_count":11,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"yuka2py",220,89,30,86,"2026-04-05T14:59:12.063Z",[],{"attackSurface":36,"codeSignals":42,"taintFlows":130,"riskAssessment":131,"analyzedAt":142},{"hooks":37,"ajaxHandlers":38,"restRoutes":39,"shortcodes":40,"cronEvents":41,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":43,"sqlUsage":44,"outputEscaping":46,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":129},[],{"prepared":13,"raw":13,"locations":45},[],{"escaped":47,"rawEcho":48,"locations":49},92,43,[50,54,55,57,59,61,63,64,65,67,69,71,73,75,77,79,81,83,84,86,87,89,91,93,95,97,99,100,102,104,106,107,109,111,112,114,116,118,120,122,124,125,127],{"file":51,"line":52,"context":53},"templates\\wp-qiita-options.php",32,"raw output",{"file":51,"line":52,"context":53},{"file":51,"line":56,"context":53},35,{"file":51,"line":58,"context":53},36,{"file":51,"line":60,"context":53},38,{"file":51,"line":62,"context":53},45,{"file":51,"line":62,"context":53},{"file":51,"line":62,"context":53},{"file":51,"line":66,"context":53},78,{"file":51,"line":68,"context":53},87,{"file":51,"line":70,"context":53},148,{"file":51,"line":72,"context":53},157,{"file":51,"line":74,"context":53},183,{"file":51,"line":76,"context":53},192,{"file":51,"line":78,"context":53},308,{"file":51,"line":80,"context":53},318,{"file":51,"line":82,"context":53},637,{"file":51,"line":82,"context":53},{"file":51,"line":85,"context":53},646,{"file":51,"line":85,"context":53},{"file":51,"line":88,"context":53},666,{"file":51,"line":90,"context":53},667,{"file":51,"line":92,"context":53},668,{"file":51,"line":94,"context":53},669,{"file":51,"line":96,"context":53},670,{"file":51,"line":98,"context":53},671,{"file":51,"line":98,"context":53},{"file":51,"line":101,"context":53},672,{"file":51,"line":103,"context":53},673,{"file":51,"line":105,"context":53},684,{"file":51,"line":105,"context":53},{"file":51,"line":108,"context":53},696,{"file":51,"line":110,"context":53},699,{"file":51,"line":110,"context":53},{"file":51,"line":113,"context":53},753,{"file":51,"line":115,"context":53},754,{"file":51,"line":117,"context":53},756,{"file":51,"line":119,"context":53},772,{"file":51,"line":121,"context":53},773,{"file":51,"line":123,"context":53},774,{"file":51,"line":123,"context":53},{"file":51,"line":126,"context":53},790,{"file":51,"line":128,"context":53},794,[],[],{"summary":132,"deductions":133},"The wp-qiita v1.0.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, file operations, external HTTP requests, and the clean taint analysis results are all positive indicators. The plugin also benefits from a minimal attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events.\n\nHowever, there are areas for improvement. The output escaping is only at 68%, indicating that a significant portion of outputs are not properly sanitized, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate escaping. The complete lack of nonce checks and capability checks, while not directly exploitable given the current attack surface, represents a missed opportunity for robust authorization and could become a vulnerability if new entry points are added in the future without corresponding security checks.\n\nThe vulnerability history is clean, with no known CVEs. This, combined with the generally good code practices observed, suggests that the plugin developers have a good understanding of security. Nevertheless, the partially unescaped output remains a notable concern that should be addressed to ensure complete protection against common web vulnerabilities.",[134,137,140],{"reason":135,"points":136},"Output escaping is not properly implemented",6,{"reason":138,"points":139},"Missing nonce checks",4,{"reason":141,"points":139},"Missing capability checks","2026-03-17T00:47:47.272Z",{"wat":144,"direct":155},{"assetPaths":145,"generatorPatterns":150,"scriptPaths":151,"versionParams":152},[146,147,148,149],"\u002Fwp-content\u002Fplugins\u002Fwp-qiita\u002Fassets\u002Fimages\u002Fqiita-app-register-1.png","\u002Fwp-content\u002Fplugins\u002Fwp-qiita\u002Fassets\u002Fimages\u002Fqiita-app-register-2.png","\u002Fwp-content\u002Fplugins\u002Fwp-qiita\u002Fassets\u002Fcss\u002Fwp-qiita-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-qiita\u002Fassets\u002Fjs\u002Fwp-qiita-admin.js",[],[149],[153,154],"wp-qiita\u002Fassets\u002Fcss\u002Fwp-qiita-admin.css?ver=","wp-qiita\u002Fassets\u002Fjs\u002Fwp-qiita-admin.js?ver=",{"cssClasses":156,"htmlComments":164,"htmlAttributes":170,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":188},[157,158,159,160,161,162,163],"wp-qiita-favicon-color","path1","path2","wpqt-qiita-favicon-color","wp-qiita-admin-form","wpqt-client_id","wpqt-client_secret",[165,166,167,168,169],"\u003C!-- Copyright 2015 ka2 (https:\u002F\u002Fka2.org) -->","\u003C!-- Nav tabs -->","\u003C!-- Tab panes -->","\u003C!-- \u002F.plugin-options-header -->","\u003C!-- \u002F#wp-qiita-admin-form -->",[171,172,173,174,175,176,177,178,179,180],"data-toggle","data-parent","aria-expanded","aria-controls","role","aria-multiselectable","data-toggle=\"tab\"","aria-controls=\"activation\"","role=\"tabpanel\"","class=\"tab-pane active loaded\"",[],[183,184,185,186,187],"WPQT_PLUGIN_VERSION","WPQT_DB_VERSION","WPQT","WPQT_DEBUG","wpqt_nonce_action",[]]