[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsVRSqDn4KK5f-IfB_dRiqNnjcHrsMNejdcc5rLn6yP4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":159},"wp-search-keyword-highlight","WP Search Keyword Highlight","1.0","suifengtec","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuifengtec\u002F","\u003Cp>Installs ‘WP Search Keyword Highlight’ on your wordpress blog so it will highlight the search keyword(s) on the search result page(s),you can specify the background color and the text color for the search keyword(s).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enjoy it!\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin will highlight the search keyword(s) each time,you can specify a background color and a text color for the search keyword(s).",10,1674,100,1,"2014-03-24T17:10:00.000Z","3.7.41","3.3","",[20,21],"keyword-highlight","search-keyword-highlight","http:\u002F\u002Fsuoling.net\u002Fwp-search-keyword-highlight","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-search-keyword-highlight.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},12,1260,88,30,86,"2026-04-05T09:59:05.577Z",[],{"attackSurface":38,"codeSignals":90,"taintFlows":120,"riskAssessment":147,"analyzedAt":158},{"hooks":39,"ajaxHandlers":81,"restRoutes":87,"shortcodes":88,"cronEvents":89,"entryPointCount":14,"unprotectedCount":14},[40,47,51,55,59,64,70,73,76],{"type":41,"name":42,"callback":43,"priority":44,"file":45,"line":46},"action","init","coolwp_skh_init",90,"admin\\cwp-plugin-admin-functions.php",21,{"type":41,"name":48,"callback":49,"file":50,"line":46},"admin_menu","coolwp_skh_style_code_add_admin","admin\\cwp-plugin-admin-interface.php",{"type":41,"name":52,"callback":53,"file":50,"line":54},"admin_head","coolwp_of_admin_head",107,{"type":41,"name":42,"callback":56,"file":57,"line":58},"coolwp_plugin_skh_options","admin\\cwp-plugin-settings.php",3,{"type":41,"name":60,"callback":61,"file":62,"line":63},"plugins_loaded","coolwp_skh_load_textdomain","wp-search-keyword-highlight.php",45,{"type":65,"name":66,"callback":67,"priority":68,"file":62,"line":69},"filter","the_title","coolwp_plugin_skh",200,55,{"type":65,"name":71,"callback":67,"priority":68,"file":62,"line":72},"the_excerpt",56,{"type":65,"name":74,"callback":67,"priority":68,"file":62,"line":75},"the_content",57,{"type":41,"name":77,"callback":78,"priority":79,"file":62,"line":80},"wp_head","coolwp_skh_custom_css",999,79,[82],{"action":83,"nopriv":84,"callback":85,"hasNonce":84,"hasCapCheck":84,"file":50,"line":86},"of_ajax_post_action",false,"coolwp_of_ajax_callback",285,[],[],[],{"dangerousFunctions":91,"sqlUsage":92,"outputEscaping":94,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":119},[],{"prepared":25,"raw":25,"locations":93},[],{"escaped":95,"rawEcho":96,"locations":97},2,11,[98,101,103,105,107,108,110,112,114,116,118],{"file":50,"line":99,"context":100},65,"raw output",{"file":50,"line":102,"context":100},68,{"file":50,"line":104,"context":100},82,{"file":50,"line":106,"context":100},128,{"file":50,"line":106,"context":100},{"file":50,"line":109,"context":100},129,{"file":50,"line":111,"context":100},130,{"file":50,"line":113,"context":100},141,{"file":50,"line":115,"context":100},142,{"file":50,"line":117,"context":100},256,{"file":62,"line":34,"context":100},[],[121,139],{"entryPoint":122,"graph":123,"unsanitizedCount":25,"severity":138},"coolwp_skh_options_page (admin\\cwp-plugin-admin-interface.php:40)",{"nodes":124,"edges":135},[125,130],{"id":126,"type":127,"label":128,"file":50,"line":129},"n0","source","$_SERVER['REQUEST_URI']",75,{"id":131,"type":132,"label":133,"file":50,"line":129,"wp_function":134},"n1","sink","echo() [XSS]","echo",[136],{"from":126,"to":131,"sanitized":137},true,"low",{"entryPoint":140,"graph":141,"unsanitizedCount":25,"severity":138},"\u003Ccwp-plugin-admin-interface> (admin\\cwp-plugin-admin-interface.php:0)",{"nodes":142,"edges":145},[143,144],{"id":126,"type":127,"label":128,"file":50,"line":129},{"id":131,"type":132,"label":133,"file":50,"line":129,"wp_function":134},[146],{"from":126,"to":131,"sanitized":137},{"summary":148,"deductions":149},"The wp-search-keyword-highlight plugin v1.0 presents a mixed security posture. On one hand, the absence of any known vulnerabilities in its history and the use of prepared statements for SQL queries are positive indicators. The code also avoids dangerous functions, file operations, and external HTTP requests, which are good security practices.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes one AJAX handler without any authentication or capability checks, creating a direct entry point for potential unauthorized actions. Furthermore, a critically low percentage (15%) of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks on the unprotected AJAX handler exacerbates this risk, as it allows for easily forged requests. The plugin's vulnerability history is clean, but this could be due to a lack of discovery rather than inherent security, given the identified code weaknesses.\n\nIn conclusion, while the plugin demonstrates some good practices, the unprotected AJAX endpoint combined with widespread unescaped output constitutes a serious security risk. The absence of known vulnerabilities is encouraging but does not negate the immediate threats posed by the static analysis findings. Remediation of the unescaped output and the addition of proper authentication and nonce checks to the AJAX handler are strongly recommended.",[150,152,155],{"reason":151,"points":11},"Unprotected AJAX handler",{"reason":153,"points":154},"Low output escaping percentage",8,{"reason":156,"points":157},"Missing nonce checks on AJAX",7,"2026-03-16T23:48:37.428Z",{"wat":160,"direct":169},{"assetPaths":161,"generatorPatterns":166,"scriptPaths":167,"versionParams":168},[162,163,164,165],"\u002Fwp-content\u002Fplugins\u002Fwp-search-keyword-highlight\u002Fadmin\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-search-keyword-highlight\u002Fadmin\u002Fcolorpicker.css","\u002Fwp-content\u002Fplugins\u002Fwp-search-keyword-highlight\u002Fadmin\u002Fadmin-style-coffee.css","\u002Fwp-content\u002Fplugins\u002Fwp-search-keyword-highlight\u002Fadmin\u002Fjs\u002Fcolorpicker.js",[],[165],[],{"cssClasses":170,"htmlComments":187,"htmlAttributes":188,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":216},[171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186],"wrap","logo","top-save-btn","ajax-loading-img","ajax-loading-img-bottom","save_bar_top","reset-button","submit-footer-reset","of-save-popup","of-save-save","of-save-reset","option_container","header","main","of-nav","content",[],[189,190,191,192,193,194,195,196,197,198,199,200,197,201,202,203,204,205,206,207,208,209,210,211,212],"id=\"option_container\"","id=\"of-popup-save\"","class=\"of-save-popup\"","id=\"of-popup-reset\"","id=\"ofform\"","id=\"header\"","class=\"logo\"","class=\"top-save-btn\"","class=\"clear\"","id=\"main\"","id=\"of-nav\"","id=\"content\"","class=\"save_bar_top\"","class=\"ajax-loading-img ajax-loading-img-bottom\"","class=\"reset-button button-primary\"","id=\"ofform-reset\"","class=\"submit-footer-reset\"","name=\"reset\"","type=\"submit\"","value=\"Reset Options\"","onclick=\"return confirm('CAUTION: Any and all settings will be lost! Click OK to continue.',CWP_PLUGIN_SKH_SLUG);\"","name=\"of_save\"","value=\"reset\"","class=\"button-primary\"",[],[215],"CWP_PLUGIN_SKH_URI",[]]