[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f--Mvw4WDmKaePacOeV5hZAM6fasVsxGdClmhAUD3su4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":118},"wp-secure-content","WP Secure Content","1.2.1","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cul>\n\u003Cli>\n\u003Cp>Author: \u003Ca href=\"http:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Project URI: \u003Ca href=\"http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fwp-sc\" rel=\"nofollow ugc\">http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fwp-sc\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>License: GPL 3. See License below for copyright jots and titles.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important!\u003C\u002Fp>\n\u003Cp>Visit my blog and suggest good features which you wana see in this plugin.\u003C\u002Fp>\n\u003Cp>It is simple to use and easy to understand for customization.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This WordPress Plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This free software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this software. If not, see http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","WP Secure Content is a great plugin to secure your posts\u002Fpages and WooCommerce products content.",20,7214,100,1,"2025-01-11T09:34:00.000Z","6.8.5","3.0","",[4],"http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fwp-sc","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-secure-content.1.2.1.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"fahadmahmood",40,32660,96,237,76,"2026-04-04T02:40:44.732Z",[],{"attackSurface":37,"codeSignals":61,"taintFlows":89,"riskAssessment":108,"analyzedAt":117},{"hooks":38,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":23,"unprotectedCount":23},[39,45,50,53],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","wp_footer","wp_secure_content","inc\\functions.php",145,{"type":40,"name":46,"callback":47,"file":48,"line":49},"admin_enqueue_scripts","register_sc_scripts","index.php",44,{"type":40,"name":51,"callback":47,"file":48,"line":52},"wp_enqueue_scripts",45,{"type":40,"name":54,"callback":55,"file":48,"line":56},"admin_menu","wpsc_menu",57,[],[],[],[],{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":14,"bundledLibraries":88},[],{"prepared":23,"raw":23,"locations":64},[],{"escaped":66,"rawEcho":67,"locations":68},4,12,[69,73,74,76,78,80,81,83,84,85,86,87],{"file":70,"line":71,"context":72},"inc\\settings.php",3,"raw output",{"file":70,"line":71,"context":72},{"file":70,"line":75,"context":72},10,{"file":70,"line":77,"context":72},50,{"file":70,"line":79,"context":72},54,{"file":70,"line":79,"context":72},{"file":70,"line":82,"context":72},59,{"file":70,"line":82,"context":72},{"file":70,"line":82,"context":72},{"file":70,"line":82,"context":72},{"file":70,"line":82,"context":72},{"file":70,"line":82,"context":72},[],[90],{"entryPoint":91,"graph":92,"unsanitizedCount":14,"severity":107},"\u003Csettings> (inc\\settings.php:0)",{"nodes":93,"edges":104},[94,99],{"id":95,"type":96,"label":97,"file":70,"line":98},"n0","source","$_POST['wpsc_exclude']",7,{"id":100,"type":101,"label":102,"file":70,"line":98,"wp_function":103},"n1","sink","update_option() [Settings Manipulation]","update_option",[105],{"from":95,"to":100,"sanitized":106},false,"low",{"summary":109,"deductions":110},"The \"wp-secure-content\" v1.2.1 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with exploitable attack surfaces significantly reduces the potential for external manipulation.  Furthermore, the use of prepared statements for all SQL queries and the presence of capability checks are positive indicators of secure coding practices.  The plugin also has no recorded vulnerabilities, suggesting a history of stable and secure development.\n\nHowever, a notable concern arises from the taint analysis, which identified one flow with unsanitized paths. While categorized as not critical or high severity, this still represents a potential avenue for attackers if the data involved is sensitive or can lead to further exploitation. Additionally, a low percentage (25%) of properly escaped output suggests that there are multiple instances where user-supplied or dynamic content might be directly rendered without sufficient sanitization, potentially leading to cross-site scripting (XSS) vulnerabilities.  Despite the lack of known CVEs, these code-level weaknesses warrant careful attention.\n\nIn conclusion, the plugin demonstrates good foundational security by minimizing its attack surface and employing secure database practices. The absence of known vulnerabilities is a significant strength. Nevertheless, the identified taint flow with unsanitized paths and the low rate of output escaping represent tangible risks that should be addressed to achieve a more robust security profile.",[111,114],{"reason":112,"points":113},"Taint flow with unsanitized paths",8,{"reason":115,"points":116},"Low percentage of properly escaped output",5,"2026-03-16T22:57:11.423Z",{"wat":119,"direct":128},{"assetPaths":120,"generatorPatterns":123,"scriptPaths":124,"versionParams":125},[121,122],"\u002Fwp-content\u002Fplugins\u002Fwp-secure-content\u002Fjs\u002Fscripts.js","\u002Fwp-content\u002Fplugins\u002Fwp-secure-content\u002Fcss\u002Fstyle.css",[],[121],[126,127],"wp-secure-content\u002Fjs\u002Fscripts.js?ver=","wp-secure-content\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":129,"htmlComments":131,"htmlAttributes":132,"restEndpoints":133,"jsGlobals":134,"shortcodeOutput":136},[130],"wpsc",[],[],[],[135],"wpsc_methods",[]]