[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fo_Wq7xEe3HhMuW74Uslx8E1gbzySqNYzOk3AV5dt8mg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":40,"fingerprints":193},"wp-yandex-translate","Prisna YT – Яндекс Переводчик","1.0.9","Prisna","https:\u002F\u002Fprofiles.wordpress.org\u002Fprisna\u002F","\u003Ch4>Yandex Translate\u003C\u002Fh4>\n\u003Cp>Добавьте себе виджет Яндекс переводчик, чтобы в дальнейшем иметь возможность переводить ваш сайт более чем на 70+ языков. Установить переводчик быстро и просто.\u003C\u002Fp>\n\u003Cp>Этот плагин позволяет сделать автоматический переводчик Яндекса более мощным и перевести ваш веб-сайт более чем на 70 языков. Этот плагин включает полный набор особенностей Переводчика Веб-сайта Яндекса без отключения  функциональности.\u003C\u002Fp>\n\u003Cp>Add the Yandex translate widget to have your website available in 70+ languages instantly. Installing the translator is fast and simple.\u003C\u002Fp>\n\u003Cp>This plugin brings the power of Yandex’s automatic translation service to translate your website into 70+ languages. This plugin includes the whole set of Yandex’s Website Translator features, no disabled functionality.\u003C\u002Fp>\n\u003Ch4>Особенности:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Легкий набор установок, включая простые параметры настройки, которые все могут понять, а также помощь специалистов.\u003C\u002Fli>\n\u003Cli>Использование плагина в качестве виджета и в качестве шорткода.\u003C\u002Fli>\n\u003Cli>Параметры настройки импорта\u002FЭкспорта, чтобы легко передать конфигурации.\u003C\u002Fli>\n\u003Cli>Практически не утяжеляет страницу.\u003C\u002Fli>\n\u003Cli>Для запросов новых функций, пожалуйста, \u003Ca href=\"https:\u002F\u002Fwww.prisna.net\u002Fru\u002Fсвязаться-с-нами\u002F\" rel=\"nofollow ugc\">вяжитесь с нами\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy set up, including simple settings with inline help that everybody can understand.\u003C\u002Fli>\n\u003Cli>Use it as a widget and as a shortcode.\u003C\u002Fli>\n\u003Cli>Practically null impact on page loads.\u003C\u002Fli>\n\u003Cli>Import\u002FExport settings to easily transfer configurations.\u003C\u002Fli>\n\u003Cli>For feature requests, please \u003Ca href=\"https:\u002F\u002Fwww.prisna.net\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Поддержка:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Создайте билет здесь в форуме поддержки WordPress: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-yandex-translate\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-yandex-translate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Или Вы можете обращаться за помощью  непосредственно на наш веб-сайт: \u003Ca href=\"https:\u002F\u002Fwww.prisna.net\u002Fru\u002Fсвязаться-с-нами\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.prisna.net\u002Fru\u002Fсвязаться-с-нами\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create a ticket here in the WordPress support forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-yandex-translate\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-yandex-translate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Or you can also ask for assistance directly from our website: \u003Ca href=\"https:\u002F\u002Fwww.prisna.net\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.prisna.net\u002Fcontact-us\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Добавьте себе виджет Яндекс переводчик.",80,8397,70,4,"2025-12-08T05:04:00.000Z","6.9.4","3.3","5.6",[20,21,22,23,24],"%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%b5%d1%81%d1%82%d0%b8-%d0%b0%d0%b2%d1%82%d0%be%d0%bc%d0%b0%d1%82%d0%b8%d1%87%d0%b5%d1%81%d0%ba%d0%b8","%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%b5%d1%81%d1%82%d0%b8-%d0%b2%d0%b5%d0%b1-%d1%81%d0%b0%d0%b9%d1%82","%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%b5%d1%81%d1%82%d0%b8-%d1%8f%d0%b7%d1%8b%d0%ba","%d1%8f%d0%b7%d1%8b%d0%ba%d0%be%d0%b2%d0%be%d0%b9-%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%be%d0%b4%d1%87%d0%b8%d0%ba","yandex-translate","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-yandex-translate\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-yandex-translate.1.0.9.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"prisna",8400,99,47,87,"2026-04-04T04:49:44.899Z",[],{"attackSurface":41,"codeSignals":79,"taintFlows":122,"riskAssessment":182,"analyzedAt":192},{"hooks":42,"ajaxHandlers":75,"restRoutes":76,"shortcodes":77,"cronEvents":78,"entryPointCount":28,"unprotectedCount":28},[43,49,53,57,61,66,71],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_init","_initialize","classes\\admin.class.php",10,{"type":44,"name":50,"callback":51,"file":47,"line":52},"admin_head","_remove_messages",11,{"type":44,"name":54,"callback":55,"file":47,"line":56},"plugins_loaded","initializeMenus",12,{"type":44,"name":58,"callback":59,"file":47,"line":60},"admin_menu","_add_options_page",83,{"type":44,"name":62,"callback":63,"file":64,"line":65},"widgets_init","_initialize_widget","classes\\common.class.php",875,{"type":44,"name":67,"callback":68,"file":69,"line":70},"wp_enqueue_scripts","_enqueue_scripts","classes\\main.class.php",8,{"type":44,"name":72,"callback":73,"file":69,"line":74},"wp_footer","_auto_initialize",9,[],[],[],[],{"dangerousFunctions":80,"sqlUsage":93,"outputEscaping":96,"fileOperations":28,"externalRequests":28,"nonceChecks":119,"capabilityChecks":120,"bundledLibraries":121},[81,85,89],{"fn":82,"file":47,"line":83,"context":84},"unserialize",286,"$unserialize = @unserialize($to_unserialize, array('allowed_classes' => false));",{"fn":86,"file":64,"line":87,"context":88},"preg_replace(\u002Fe)",1185,"preg_replace('\u002F^(\\-)?([0-9]+)(\\.[0-9]+)?([eE]\\+[0-9]+)?\u002Fe'",{"fn":90,"file":64,"line":91,"context":92},"create_function",1009,"$i = create_function('&$e, $p, $l', 'return intval(substr($e, $p, $l));');",{"prepared":94,"raw":28,"locations":95},3,[],{"escaped":14,"rawEcho":48,"locations":97},[98,101,103,105,107,109,111,113,115,117],{"file":47,"line":99,"context":100},141,"raw output",{"file":64,"line":102,"context":100},38,{"file":64,"line":104,"context":100},663,{"file":64,"line":106,"context":100},813,{"file":64,"line":108,"context":100},815,{"file":64,"line":110,"context":100},844,{"file":64,"line":112,"context":100},847,{"file":64,"line":114,"context":100},849,{"file":64,"line":116,"context":100},851,{"file":69,"line":118,"context":100},18,1,2,[],[123,141,151,171],{"entryPoint":124,"graph":125,"unsanitizedCount":119,"severity":140},"renderCSS (classes\\common.class.php:35)",{"nodes":126,"edges":137},[127,132],{"id":128,"type":129,"label":130,"file":64,"line":131},"n0","source","$_code",35,{"id":133,"type":134,"label":135,"file":64,"line":102,"wp_function":136},"n1","sink","echo() [XSS]","echo",[138],{"from":128,"to":133,"sanitized":139},false,"medium",{"entryPoint":142,"graph":143,"unsanitizedCount":119,"severity":140},"widget (classes\\common.class.php:837)",{"nodes":144,"edges":149},[145,148],{"id":128,"type":129,"label":146,"file":64,"line":147},"$_arguments",837,{"id":133,"type":134,"label":135,"file":64,"line":112,"wp_function":136},[150],{"from":128,"to":133,"sanitized":139},{"entryPoint":152,"graph":153,"unsanitizedCount":120,"severity":170},"_commit (classes\\admin.class.php:185)",{"nodes":154,"edges":167},[155,158,162,165],{"id":128,"type":129,"label":156,"file":47,"line":157},"$_name",185,{"id":133,"type":134,"label":159,"file":47,"line":160,"wp_function":161},"update_option() [Settings Manipulation]",190,"update_option",{"id":163,"type":129,"label":164,"file":47,"line":157},"n2","$_result",{"id":166,"type":134,"label":159,"file":47,"line":160,"wp_function":161},"n3",[168,169],{"from":128,"to":133,"sanitized":139},{"from":163,"to":166,"sanitized":139},"low",{"entryPoint":172,"graph":173,"unsanitizedCount":28,"severity":170},"\u003Ccommon.class> (classes\\common.class.php:0)",{"nodes":174,"edges":179},[175,178],{"id":128,"type":129,"label":176,"file":64,"line":177},"$_POST",531,{"id":133,"type":134,"label":135,"file":64,"line":108,"wp_function":136},[180],{"from":128,"to":133,"sanitized":181},true,{"summary":183,"deductions":184},"The \"wp-yandex-translate\" v1.0.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all its SQL queries and includes nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggest a generally stable codebase.\n\nHowever, several concerning code signals warrant attention. The presence of dangerous functions like `unserialize`, `preg_replace(\u002Fe)`, and `create_function` is a significant red flag, as these can be exploited for arbitrary code execution if not handled with extreme caution and proper sanitization. While the taint analysis shows no critical or high severity flows, the fact that 3 out of 4 analyzed flows have unsanitized paths suggests potential for vulnerabilities if user-supplied data reaches these dangerous functions without adequate input validation. Furthermore, only 29% of output escaping is properly handled, which could lead to cross-site scripting (XSS) vulnerabilities if untrusted data is displayed to users without proper sanitization.\n\nIn conclusion, while the plugin has a clean track record and employs some fundamental security measures, the identified dangerous functions and unsanitized taint flows, coupled with insufficient output escaping, present notable risks. A thorough audit and remediation of these specific code areas are recommended to strengthen its security posture.",[185,188,190],{"reason":186,"points":187},"Presence of dangerous functions: unserialize, preg_replace(\u002Fe), create_function",15,{"reason":189,"points":56},"Unsanitized paths in taint flows",{"reason":191,"points":74},"Low percentage of properly escaped output","2026-03-16T21:30:34.080Z",{"wat":194,"direct":204},{"assetPaths":195,"generatorPatterns":198,"scriptPaths":199,"versionParams":201},[196,197],"\u002Fwp-content\u002Fplugins\u002Fwp-yandex-translate\u002Fjavascript\u002Fcommon.class.js","\u002Fwp-content\u002Fplugins\u002Fwp-yandex-translate\u002Fstyles\u002Fadmin.css",[],[196,200],"\u002Fwp-content\u002Fplugins\u002Fwp-yandex-translate\u002Fjavascript\u002Fadmin.class.js",[202,203],"prisna-ywt-admin-common?ver=","prisna-ywt-admin?ver=",{"cssClasses":205,"htmlComments":207,"htmlAttributes":208,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":215},[206],"prisna-ywt-admin",[],[209,210],"data-prisna-tab","data-prisna-tab-2",[],[213,214],"prisna_tab","prisna_tab_2",[]]