[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7qo91eOLzlPd-qyepPSW3u9MsTT320luAtJqKisOH7k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":112},"wparabic","WPArabic","1.0.4","Hassan Ali ⚡️","https:\u002F\u002Fprofiles.wordpress.org\u002Fcreativehassan\u002F","\u003Cp>WP Arabic is simple and efficient Arabic writing plugin, this plugin will allow you to write Arabic with in the WordPress editors. When you will write roman Arabic like Text “Ana Ahb Alarbia” in editor It will convert that to “انا احب العربية”. You can enable this option by clicking the button over editors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Arabic Writing.\u003C\u002Fli>\n\u003Cli>Arabic Fonts (BalooBhaijaan, Scheherazade) and many more.\u003C\u002Fli>\n\u003Cli>Gutenberg Editor Block.\u003C\u002Fli>\n\u003Cli>Gutenberg Editor Sidebar Block Arabic Fonts (BalooBhaijaan, Scheherazade) and Font Size.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upcoming Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Comments section Arabic Typing.\u003Cbr \u002F>\n* Some Exiting hidden features.\u003C\u002Fp>\n","WPArabic Make Possible Arabic writing in WordPress editor Arabi -> عربي",30,3472,0,"2019-09-20T11:38:00.000Z","5.2.24","5.0","5.6",[19,20,21,22,4],"arabic-editor","arabic-language","arabic-typing","wp-arabic","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwparabic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwparabic.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"creativehassan",4,350,91,88,"2026-04-05T09:21:34.481Z",[],{"attackSurface":38,"codeSignals":80,"taintFlows":99,"riskAssessment":100,"analyzedAt":111},{"hooks":39,"ajaxHandlers":76,"restRoutes":77,"shortcodes":78,"cronEvents":79,"entryPointCount":13,"unprotectedCount":13},[40,47,51,55,59,63,67,72],{"type":41,"name":42,"callback":43,"priority":44,"file":45,"line":46},"action","media_buttons","add_arabic_media_button",10,"wp-arabic.php",21,{"type":41,"name":48,"callback":49,"priority":44,"file":45,"line":50},"wp_enqueue_scripts","enqueue_scripts_style",24,{"type":41,"name":52,"callback":53,"file":45,"line":54},"admin_enqueue_scripts","admin_style_scripts",27,{"type":56,"name":57,"callback":58,"file":45,"line":11},"filter","mce_buttons_2","wparabic_mce_editor_buttons",{"type":56,"name":60,"callback":61,"file":45,"line":62},"tiny_mce_before_init","wparabic_mce_before_init",33,{"type":56,"name":64,"callback":65,"file":45,"line":66},"init","wparabic_add_editor_styles",36,{"type":41,"name":68,"callback":69,"priority":70,"file":45,"line":71},"save_post","wparabic_save_status",1,39,{"type":41,"name":73,"callback":74,"file":45,"line":75},"plugins_loaded","wparabic_plugin_textdomain",42,[],[],[],[],{"dangerousFunctions":81,"sqlUsage":82,"outputEscaping":84,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":98},[],{"prepared":13,"raw":13,"locations":83},[],{"escaped":70,"rawEcho":85,"locations":86},6,[87,90,92,93,95,97],{"file":45,"line":88,"context":89},93,"raw output",{"file":45,"line":91,"context":89},94,{"file":45,"line":91,"context":89},{"file":45,"line":94,"context":89},98,{"file":45,"line":96,"context":89},99,{"file":45,"line":96,"context":89},[],[],{"summary":101,"deductions":102},"The \"wparabic\" v1.0.4 plugin exhibits a generally good security posture based on the provided static analysis.  The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code signals indicate no dangerous functions, no raw SQL queries, no file operations, and no external HTTP requests, all of which are positive security indicators. The lack of any recorded vulnerabilities in its history further suggests a history of secure development or diligent patching.\n\nHowever, there are notable areas of concern. The extremely low percentage of properly escaped output (14%) is a significant risk. This indicates that data rendered by the plugin is highly likely to be unescaped, making it vulnerable to cross-site scripting (XSS) attacks if any user-supplied data is processed and displayed. The absence of nonce checks and capability checks, while not directly tied to an attack surface in this specific analysis, is a general weakness. It implies that if new entry points were to be introduced, they might not have these fundamental security layers in place, leaving them exposed.\n\nIn conclusion, while \"wparabic\" v1.0.4 benefits from a small attack surface and a clean vulnerability history, the widespread lack of output escaping is a critical security flaw that could lead to XSS vulnerabilities. The absence of nonce and capability checks is a secondary concern that points to potential gaps in secure coding practices for future development.",[103,106,109],{"reason":104,"points":105},"Very low output escaping (14%)",15,{"reason":107,"points":108},"No nonce checks detected",5,{"reason":110,"points":108},"No capability checks detected","2026-03-16T22:28:25.898Z",{"wat":113,"direct":131},{"assetPaths":114,"generatorPatterns":124,"scriptPaths":125,"versionParams":126},[115,116,117,118,119,120,121,122,123],"\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fcss\u002Feditor-control.css","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fcss\u002Fwparabic.css","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fimages\u002Farabic.png","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fjs\u002Fwparabic-admin.js","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fjs\u002Ftranslate-api.js","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fjs\u002Fblock.js","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fcss\u002Ftranslate.css","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fcss\u002Fwparabic-admin.css","\u002Fwp-content\u002Fplugins\u002Fwparabic\u002Fassets\u002Fjs\u002Fapi.js",[],[118,119,120,123],[127,128,129,130],"wparabic-translate-api?ver=1.0.0","wparabic-admin?ver=1.0.0","wparabic-block?ver=1.0.0","api.js?ver=1.0.0",{"cssClasses":132,"htmlComments":134,"htmlAttributes":135,"restEndpoints":138,"jsGlobals":139,"shortcodeOutput":141},[133,69],"media-button-wparabic",[],[136,137],"data-wparabic-enable","data-wparabic-disable",[],[140],"arabic_text",[]]