[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1eaos0EpfmNl4ahXFLLtNAa_MuBPxeYr83xqgV7a1Ek":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":31,"analysis":32,"fingerprints":130},"wpcj-chimp","wpCJ Chimp","1.2","willcast","https:\u002F\u002Fprofiles.wordpress.org\u002Fwillcast\u002F","\u003Cp>wpCJ Chimp allows you to automatically add a new registered user to your MailChimp list once they registered with your blog depending on his\u002Fher selection.\u003C\u002Fp>\n","wpCJ Chimp allows you to automatically add a new registered user to your MailChimp list once they registered with your blog depending on his\u002Fher selec …",10,1687,0,"2010-04-09T00:06:00.000Z","2.9.2","2.9","",[19],"maichimp","http:\u002F\u002Fwww.wpcj.com\u002Fplugins\u002Fchimp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcj-chimp.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":22,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},3,30,84,"2026-04-05T09:55:15.520Z",[],{"attackSurface":33,"codeSignals":78,"taintFlows":115,"riskAssessment":116,"analyzedAt":129},{"hooks":34,"ajaxHandlers":74,"restRoutes":75,"shortcodes":76,"cronEvents":77,"entryPointCount":13,"unprotectedCount":13},[35,41,45,49,53,57,61,65,70],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","register_form","wpcjChimp_loginform","index.php",241,{"type":36,"name":42,"callback":43,"priority":11,"file":39,"line":44},"register_post","wpcjChimp_validate_registration",242,{"type":36,"name":46,"callback":47,"file":39,"line":48},"user_register","wpcjChimp_process_registration",243,{"type":36,"name":50,"callback":51,"file":39,"line":52},"admin_init","wpcjChimp_declare_options",246,{"type":36,"name":54,"callback":55,"file":39,"line":56},"admin_menu","wpcjChimp_create_menu",247,{"type":36,"name":58,"callback":59,"file":39,"line":60},"admin_print_scripts","wpcjChimp_option_page_scripts",248,{"type":36,"name":62,"callback":63,"file":39,"line":64},"admin_print_styles","wpcjChimp_option_page_styles",249,{"type":66,"name":67,"callback":68,"priority":11,"file":39,"line":69},"filter","plugin_action_links","wpcjChimp_add_action_link",250,{"type":66,"name":71,"callback":72,"file":39,"line":73},"contextual_help","wpcjChimp_load_contextual_help",254,[],[],[],[],{"dangerousFunctions":79,"sqlUsage":85,"outputEscaping":87,"fileOperations":113,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":114},[80],{"fn":81,"file":82,"line":83,"context":84},"unserialize","MCAPI.class.php",1456,"$serial = unserialize($response);",{"prepared":13,"raw":13,"locations":86},[],{"escaped":13,"rawEcho":88,"locations":89},11,[90,93,95,97,99,101,103,105,107,109,111],{"file":39,"line":91,"context":92},29,"raw output",{"file":39,"line":94,"context":92},174,{"file":39,"line":96,"context":92},411,{"file":39,"line":98,"context":92},427,{"file":39,"line":100,"context":92},466,{"file":39,"line":102,"context":92},478,{"file":39,"line":104,"context":92},484,{"file":39,"line":106,"context":92},509,{"file":39,"line":108,"context":92},517,{"file":39,"line":110,"context":92},558,{"file":39,"line":112,"context":92},584,2,[],[],{"summary":117,"deductions":118},"The WPCJ-Chimp plugin v1.2 exhibits a mixed security posture.  On the positive side, the plugin has a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed. Furthermore, all SQL queries are correctly using prepared statements, and there are no recorded vulnerabilities or CVEs. This indicates a conscientious effort by the developers to avoid common security pitfalls.\n\nHowever, several significant concerns arise from the static analysis. The presence of the `unserialize` function is a red flag, as it can be a direct vector for code injection if the unserialized data originates from an untrusted source. Compounding this, a concerning 100% of output functions are not properly escaped, leaving the plugin vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks on any potential entry points (though none are explicitly found) also weakens its overall security. While taint analysis showed no issues, this may be due to the limited scope of analysis or the absence of clear taint sources.\n\nIn conclusion, while the plugin boasts a clean vulnerability history and good practices in database interactions and attack surface minimization, the critical risks associated with unsanitized `unserialize` usage and widespread unescaped output cannot be ignored. These issues create significant potential for remote code execution and XSS vulnerabilities, respectively, despite the absence of readily identifiable external attack vectors.",[119,122,124,127],{"reason":120,"points":121},"Unescaped output detected",15,{"reason":123,"points":11},"Dangerous function 'unserialize' used",{"reason":125,"points":126},"Lack of nonce checks",5,{"reason":128,"points":126},"Lack of capability checks","2026-03-17T00:49:44.778Z",{"wat":131,"direct":143},{"assetPaths":132,"generatorPatterns":137,"scriptPaths":138,"versionParams":139},[133,134,135,136],"\u002Fwp-content\u002Fplugins\u002Fwpcj-chimp\u002Fwpcjchimp-admin.css","\u002Fwp-content\u002Fplugins\u002Fwpcj-chimp\u002Fwpcjchimp-frontend.css","\u002Fwp-content\u002Fplugins\u002Fwpcj-chimp\u002Fwpcjchimp-frontend.js","\u002Fwp-content\u002Fplugins\u002Fwpcj-chimp\u002FMCAPI.class.php",[],[],[140,141,142],"wpcj-chimp\u002Fwpcjchimp-admin.css?ver=","wpcj-chimp\u002Fwpcjchimp-frontend.css?ver=","wpcj-chimp\u002Fwpcjchimp-frontend.js?ver=",{"cssClasses":144,"htmlComments":145,"htmlAttributes":146,"restEndpoints":147,"jsGlobals":148,"shortcodeOutput":159},[],[],[],[],[149,150,151,152,153,154,155,156,157,158],"SISTEMA","CONTEXT","VERSION","wpcjChimp_plugin","wpcjChimp_first_module","wpcjChimp_message","wpcjChimp_error","wpcjChimp_header","MCHandler","wpcjchimp",[160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,179,182,183,184],"\u003Cbr \u002F>","\u003Cstrong>ERROR\u003C\u002Fstrong>: \u003Cem>","is mandatory.","\u003Cstrong>Contextual Help for wpcjChimp\u003C\u002Fstrong>\u003Chr\u002F>","\u003Cstrong>wpCJ Chimp Settings\u003C\u002Fstrong>\u003Cbr\u002F>","\u003Cblockquote>","\u003Cstrong>\u003Cem>Your MailChimp API Key:\u003C\u002Fem>\u003C\u002Fstrong> Get your MailChimp API Key from Your Account at Mailchimp.com.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>MailChimp List:\u003C\u002Fem>\u003C\u002Fstrong> Once you have entered your API Key, you will be presented with your lists. Select the one in which you want your new blog users to be subscribed to.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Double Opt-in:\u003C\u002Fem>\u003C\u002Fstrong> Specify if you want a confirmation email to be sent before a user is definitelly subscribed to your list.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Send Welcome Email:\u003C\u002Fem>\u003C\u002Fstrong> If Double Opt-in is NO and this field is YES, your users will receive a Welcome email after a successfully sign-up.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Update List Database:\u003C\u002Fem>\u003C\u002Fstrong> If you ever make changes to your List Database, or you change the list for the matter, force an update so the plugin knows that the new fields should be fetched.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Mandatory Fields:\u003C\u002Fem>\u003C\u002Fstrong> These are the fields that will be required to fill by the user if he\u002Fshe decides to get subscribed to your list.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Optional Fields:\u003C\u002Fem>\u003C\u002Fstrong> This is the list of optional fields that the user might fill. Specify if you want to ask for them at sign-up time.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Interest Groups:\u003C\u002Fem>\u003C\u002Fstrong> This is the list of Interest Groups of the selected list. Specify if you want to ask for them at sign-up time.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Confirmation question\u002FDefault Answer:\u003C\u002Fem>\u003C\u002Fstrong> If you want your visitors to click a checkbox in order to confirm that they want to subscribe to your list, you must enter the question here. I.e.- \"Subscribe to our Newsletter!\" You can also specify a default answer for this question.\u003Cbr\u002F>","\u003Cstrong>\u003Cem>Text to be shown to the visitors:\u003C\u002Fem>\u003C\u002Fstrong> This is a text that will be shown to your visitors right before the List Database fields. You can use HTML or leave it blank if you wish so.\u003Cbr\u002F>","\u003C\u002Fblockquote>\u003C\u002Fli>","\u003Cli>\u003Cstrong>wpCJ.com News\u003C\u002Fstrong>\u003Cbr\u002F>","This is the news feed of our website, \u003Ca href=\"http:\u002F\u002Fwww.wpcj.com\u002F\" title=\"wpCJ - WordPress & Commission Junction working together!\">http:\u002F\u002Fwww.wpcj.com\u002F\u003C\u002Fa>. You can dismiss it at anytime.","\u003C\u002Fli>","\u003Cli>\u003Cstrong>Partial Preview of the Sign-up Page\u003C\u002Fstrong>\u003Cbr\u002F>","In this box you will see an approximation of what your visitors will see below the usual WordPress registration fields.","\u003Cli>\u003Cstrong>\u003Cem>Feeling Generous Today?\u003C\u002Fem> link\u003C\u002Fstrong>\u003Cbr\u002F>","This is obviously a donate button. If you want to invite me one beer or two, they will be most welcome!","\u003Cul>"]