[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-5y6aqRKBNcA-xCBE414D7qprPWf7GzHvmhIYAGYlas":3,"$fjYo3O004kefCwpjEQmwD5FEMA8gzqgmu2o6Ufs42K0o":101,"$fFKPWn1wDuHD9dpCPMcGPyitSC0OQb3_CsjgTdariy8s":106},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":39,"analysis":40,"fingerprints":88},"wp-rouble-rate","WP Rouble Rate","1.0","iTRON","https:\u002F\u002Fprofiles.wordpress.org\u002Fhokku\u002F","\u003Cp>Rating provided \u003Ca href=\"http:\u002F\u002Fwww.cbr.ru\u002Fscripts\u002FXML_daily.asp\" title=\"\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.cbr.ru\u002Fscripts\u002FXML_daily.asp \u003C\u002Fa>.\u003Cbr \u002F>\n Курсы валют предоставлены сайтом ЦБР \u003Ca href=\"http:\u002F\u002Fwww.cbr.ru\u002Fscripts\u002FXML_daily.asp\" title=\"\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.cbr.ru\u002Fscripts\u002FXML_daily.asp \u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WP Rouble Rate – плагин для ежедневного обновления курса рубля ко всем доступным для ЦБР валютам. Данные доступны в глобальной опции ‘_wprr_rate’.\u003C\u002Fp>\n\u003Cp>Use in the theme\u003C\u002Fp>\n\u003Cpre>\n    $rates = get_option( '_wprr_rate' );\n    echo $rates['USD']['Nominal'] . ' USD = ' . $rates['USD']['Value'];\n \u003C\u002Fpre>\n\u003Cp>Чтобы увидеть полный список доступных валют, выполните функцию ниже.\u003C\u002Fp>\n\u003Cp>Full rate list\u003C\u002Fp>\n\u003Cpre>\n        $rates = get_option( '_wprr_rate' );\n        print_r( $rates );\n \u003C\u002Fpre>\n","WP Rouble Rate - плагин для ежедневного обновления курса рубля ко всем доступным для ЦБР валютам.",10,998,0,"2017-03-03T00:30:00.000Z","4.7.33","4.0","",[19,20,21,22,23],"%d0%ba%d1%83%d1%80%d1%81-%d1%80%d1%83%d0%b1%d0%bb%d1%8f","exchange-rouble","rouble-exchanging","rouble-rate","rouble-rating","http:\u002F\u002Fnebster.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rouble-rate.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"hokku",9,10860,91,4,94,"2026-05-20T04:31:04.770Z",[],{"attackSurface":41,"codeSignals":65,"taintFlows":73,"riskAssessment":74,"analyzedAt":87},{"hooks":42,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":13,"unprotectedCount":13},[43,49,52],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","wprr_loader_exrate","_wprr_loader_exrate","wp-rouble-rate.php",21,{"type":44,"name":50,"callback":46,"file":47,"line":51},"wprr_loader_exrate__repeat",22,{"type":44,"name":53,"callback":54,"priority":55,"file":47,"line":56},"admin_bar_menu","wprr_admin_bar_menu",30,60,[],[],[],[61,63],{"hook":50,"callback":50,"file":47,"line":62},31,{"hook":45,"callback":45,"file":47,"line":64},49,{"dangerousFunctions":66,"sqlUsage":67,"outputEscaping":69,"fileOperations":71,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":72},[],{"prepared":13,"raw":13,"locations":68},[],{"escaped":13,"rawEcho":13,"locations":70},[],1,[],[],{"summary":75,"deductions":76},"The \"wp-rouble-rate\" plugin, version 1.0, exhibits a generally strong security posture based on the provided static analysis. The complete absence of dangerous functions, SQL injection vulnerabilities due to 100% prepared statements, and 100% properly escaped output are significant strengths. Furthermore, the lack of external HTTP requests and a clear vulnerability history, with zero recorded CVEs, contributes to a perception of low risk.\n\nHowever, there are notable areas of concern. The plugin utilizes two cron events without any apparent authentication or capability checks, which could potentially be triggered maliciously if not properly secured. The presence of a file operation without further context also warrants caution, as it could be a vector for unauthorized file access or modification. The complete absence of nonce checks and capability checks across all identified entry points is a significant weakness, as it leaves the plugin open to various attacks, especially if any of its functionalities were to be exposed or leveraged.\n\nIn conclusion, while the plugin has avoided common pitfalls like raw SQL or unsanitized output, the lack of fundamental security checks like nonces and capability checks on its cron events represents a substantial risk. The attack surface is currently reported as zero unprotected entry points, but this could be a limitation of the analysis or a temporary state. Future versions should prioritize implementing robust authentication and authorization mechanisms.",[77,80,83,85],{"reason":78,"points":79},"Cron events without auth checks",15,{"reason":81,"points":82},"File operation without context",5,{"reason":84,"points":11},"0 Nonce checks",{"reason":86,"points":11},"0 Capability checks","2026-04-16T12:36:23.181Z",{"wat":89,"direct":94},{"assetPaths":90,"generatorPatterns":91,"scriptPaths":92,"versionParams":93},[],[],[],[],{"cssClasses":95,"htmlComments":96,"htmlAttributes":97,"restEndpoints":98,"jsGlobals":99,"shortcodeOutput":100},[],[],[],[],[],[],{"error":102,"url":103,"statusCode":104,"statusMessage":105,"message":105},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-rouble-rate\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":107},[]]