[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fw7c0ZzHUZd3t23n1BlX6M2ZZ6hB0HiUWbVDnq_iNC8o":3,"$fz5UIjd-CrbPknnuE4ahYAHKSAOcHvzaLmEOp6QBL4Fk":139,"$fI9DZshA69h_9FKFab5Pp5m_iIkk3M6bBhp0U8AI5Lrw":144},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":79,"fingerprints":126},"wpbom","WpBom","1.4.0","Vitor Guia","https:\u002F\u002Fprofiles.wordpress.org\u002Fvitoranguia\u002F","\u003Cp>This package is compatible with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress-Coding-Standards\" rel=\"nofollow ugc\">WordPress Coding Standards\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.php-fig.org\u002Fpsr\u002Fpsr-4\" rel=\"nofollow ugc\">PSR-4\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WordPress integration with OWASP \u003Ca href=\"https:\u002F\u002Fcyclonedx.org\" rel=\"nofollow ugc\">CycloneDX\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fdependencytrack.org\" rel=\"nofollow ugc\">Dependency Track\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic BOM submission to OWASP Dependency Track\u003C\u002Fli>\n\u003Cli>Manual BOM submission to OWASP Dependency Track\u003C\u002Fli>\n\u003Cli>Download BOM JSON in OWASP CycloneDX format\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress integration with OWASP CycloneDX and Dependency Track",70,2945,0,"2025-01-09T21:31:00.000Z","6.7.5","6.0","8.2",[19,20,21],"bom","cyclonedx","dependency-track","https:\u002F\u002Fgitlab.com\u002Fsepbit\u002Fwpbom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.4.0.zip",92,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"vitoranguia",2,89,30,86,"2026-05-20T06:52:27.052Z",[37,62],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":59,"download_link":60,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"australian-weather-widget-willyweather","Australian Weather Widget – WillyWeather","1.5","WillyWeather","https:\u002F\u002Fprofiles.wordpress.org\u002Fwillyweather\u002F","\u003Cp>The most accurate Australian weather widgets, with data provided by the Bureau of Meteorology (BoM). Willyweather weather widgets come in many different shapes and sizes, you can choose your own colours, and select from multiple weather types such as Weather, Wind, Rain, Swell, Tides, UV, Sun and Moon.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Accurate Australian data provided by the BoM.\u003C\u002Fli>\n\u003Cli>Beautiful retina graphics with stylish animations.\u003C\u002Fli>\n\u003Cli>Powered by the same WillyWeather API that was built for the award winning \u003Ca href=\"https:\u002F\u002Fitunes.apple.com\u002Fau\u002Fapp\u002Fwillyweather\u002Fid592978502\" rel=\"nofollow ugc\">WillyWeather iPhone app\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Choose from a wide selection of widget shapes and sizes:\n\u003Cul>\n\u003Cli>Sidebar\u003C\u002Fli>\n\u003Cli>Full Page\u003C\u002Fli>\n\u003Cli>Leaderboard\u003C\u002Fli>\n\u003Cli>Thin bar\u003C\u002Fli>\n\u003Cli>High bar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Choose your own colours to suit your website.\u003C\u002Fli>\n\u003Cli>Adjust the width of any of the widgets to suit your website.\u003C\u002Fli>\n\u003Cli>Scrollable wind and swell graphs (sidebar and full page).\u003C\u002Fli>\n\u003Cli>Add any of the weather types below to a sidebar or full page widget, selected via tabs.\n\u003Cul>\n\u003Cli>Weather\u003C\u002Fli>\n\u003Cli>Wind\u003C\u002Fli>\n\u003Cli>Tides\u003C\u002Fli>\n\u003Cli>Swell\u003C\u002Fli>\n\u003Cli>Rain\u003C\u002Fli>\n\u003Cli>UV\u003C\u002Fli>\n\u003Cli>Sun\u003C\u002Fli>\n\u003Cli>Moon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Change tab ordering via drag and drop (the first weather type in the list will be the default).\u003C\u002Fli>\n\u003Cli>Choose a fixed location or add a search facility.\u003C\u002Fli>\n\u003Cli>Choose from a database of over 17,000 Australian locations.\u003C\u002Fli>\n\u003Cli>Update the widget at any time.\u003C\u002Fli>\n\u003C\u002Ful>\n","Australian weather widgets for Wordpress, with the latest data sourced from the Bureau of Meteorology (BoM). Custom designs to suit any website.",200,9126,98,7,"2017-10-16T05:59:00.000Z","4.8.28","3.6.1","",[54,55,56,57,58],"bom-widget","bureau-of-meteorology","weather-forecast","weather-widget","willyweather-widget","http:\u002F\u002Fwillyweather.com.au\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faustralian-weather-widget-willyweather.1.5.zip",85,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":13,"downloaded":70,"rating":13,"num_ratings":13,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":52,"tags":74,"homepage":52,"download_link":78,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bomond-event","Bomond Event","1.0.1","webnautspro","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebnautspro\u002F","\u003Cp>Displaying the latest events from the BOMOND website in the carousel.\u003Cbr \u002F>\nShortcode embedding.\u003C\u002Fp>\n","Displaying the latest events from the BOMOND website in the carousel. Shortcode embedding. [bomond]",1179,"2018-12-28T08:45:00.000Z","3.4.2","3.0.1",[75,63,76,77],"bomond","event","slick-carousel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbomond-event.zip",{"attackSurface":80,"codeSignals":106,"taintFlows":115,"riskAssessment":116,"analyzedAt":125},{"hooks":81,"ajaxHandlers":102,"restRoutes":103,"shortcodes":104,"cronEvents":105,"entryPointCount":13,"unprotectedCount":13},[82,88,92,96,99],{"type":83,"name":84,"callback":85,"file":86,"line":87},"action","admin_init","json","wpbom.php",24,{"type":83,"name":89,"callback":90,"file":86,"line":91},"cmb2_init","options_page",25,{"type":83,"name":93,"callback":94,"file":86,"line":95},"upgrader_process_complete","auto_update",26,{"type":83,"name":97,"callback":94,"file":86,"line":98},"deleted_plugin",27,{"type":83,"name":100,"callback":94,"file":86,"line":101},"deleted_theme",28,[],[],[],[],{"dangerousFunctions":107,"sqlUsage":108,"outputEscaping":110,"fileOperations":13,"externalRequests":113,"nonceChecks":31,"capabilityChecks":13,"bundledLibraries":114},[],{"prepared":13,"raw":13,"locations":109},[],{"escaped":111,"rawEcho":13,"locations":112},6,[],1,[],[],{"summary":117,"deductions":118},"The wpbom v1.4.0 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a minimal attack surface. Furthermore, the code signals demonstrate good development practices, with no dangerous functions, all SQL queries utilizing prepared statements, and 100% of output being properly escaped. The presence of nonce checks is also reassuring.\n\nHowever, the analysis does reveal a single external HTTP request, which, while not inherently a vulnerability, represents a potential avenue for indirect attacks or information leakage if the external service is compromised or the data sent is sensitive. The complete lack of capability checks for any potential operations is also a concern, as it implies that any user, regardless of their role or permissions, could potentially interact with functionalities if they were to be exposed in the future. The zero taint analysis flows and zero recorded CVEs are excellent indicators, suggesting a history of secure development and a lack of publicly known vulnerabilities.\n\nIn conclusion, wpbom v1.4.0 appears to be a well-developed plugin from a security perspective. Its minimal attack surface and adherence to secure coding practices for SQL and output handling are commendable. The primary areas for improvement would be to investigate the external HTTP request for any potential risks and to implement capability checks if any functionalities are present that should be permission-restricted. Given the current data, the plugin demonstrates a low risk profile.",[119,122],{"reason":120,"points":121},"External HTTP requests present",3,{"reason":123,"points":124},"No capability checks found",5,"2026-03-16T21:35:08.847Z",{"wat":127,"direct":132},{"assetPaths":128,"generatorPatterns":129,"scriptPaths":130,"versionParams":131},[],[],[],[],{"cssClasses":133,"htmlComments":134,"htmlAttributes":135,"restEndpoints":136,"jsGlobals":137,"shortcodeOutput":138},[],[],[],[],[],[],{"error":140,"url":141,"statusCode":142,"statusMessage":143,"message":143},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwpbom\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":48,"versions":145},[146,152,159,166,173,180,186],{"version":6,"download_url":23,"svn_tag_url":147,"released_at":25,"has_diff":148,"diff_files_changed":149,"diff_lines":25,"trac_diff_url":150,"vulnerabilities":151,"is_current":140},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.4.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpbom%2Ftags%2F1.2.1&new_path=%2Fwpbom%2Ftags%2F1.4.0",[],{"version":153,"download_url":154,"svn_tag_url":155,"released_at":25,"has_diff":148,"diff_files_changed":156,"diff_lines":25,"trac_diff_url":157,"vulnerabilities":158,"is_current":148},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpbom%2Ftags%2F1.2.0&new_path=%2Fwpbom%2Ftags%2F1.2.1",[],{"version":160,"download_url":161,"svn_tag_url":162,"released_at":25,"has_diff":148,"diff_files_changed":163,"diff_lines":25,"trac_diff_url":164,"vulnerabilities":165,"is_current":148},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpbom%2Ftags%2F1.1.0&new_path=%2Fwpbom%2Ftags%2F1.2.0",[],{"version":167,"download_url":168,"svn_tag_url":169,"released_at":25,"has_diff":148,"diff_files_changed":170,"diff_lines":25,"trac_diff_url":171,"vulnerabilities":172,"is_current":148},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpbom%2Ftags%2F1.0.2&new_path=%2Fwpbom%2Ftags%2F1.1.0",[],{"version":174,"download_url":175,"svn_tag_url":176,"released_at":25,"has_diff":148,"diff_files_changed":177,"diff_lines":25,"trac_diff_url":178,"vulnerabilities":179,"is_current":148},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpbom%2Ftags%2F1.0.1&new_path=%2Fwpbom%2Ftags%2F1.0.2",[],{"version":65,"download_url":181,"svn_tag_url":182,"released_at":25,"has_diff":148,"diff_files_changed":183,"diff_lines":25,"trac_diff_url":184,"vulnerabilities":185,"is_current":148},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpbom%2Ftags%2F1.0.0&new_path=%2Fwpbom%2Ftags%2F1.0.1",[],{"version":187,"download_url":188,"svn_tag_url":189,"released_at":25,"has_diff":148,"diff_files_changed":190,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":191,"is_current":148},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpbom.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpbom\u002Ftags\u002F1.0.0\u002F",[],[]]