[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVPBHQYGzppd8PlSetZLmupECQgWm32f_cptFnpvpXcI":3,"$fAHBQK_3hzMapCoK-8AdNajusuSPjM33c5e_i7abg42g":253,"$fR_SmDuhXaaawCXzb4cR3FE1mPQtV0d70y4jEf7RW_vc":258},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":232},"wpdevhub-recipes","WPDevHub Recipe Catalog","2.7","benhallbenhall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenhallbenhall\u002F","\u003Cp>Host Recipes on your WordPress Website\u003C\u002Fp>\n","Host Recipes on your WordPress Website",0,806,"2020-03-27T04:34:00.000Z","5.3.21","4.0","",[18],"recipes-cooking-baking-ingredients","https:\u002F\u002Fwww.wpdevhub.com\u002Fwordpress-plugins\u002Frecipe-catalog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpdevhub-recipes.2.7.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},9,80,30,84,"2026-05-20T01:25:29.593Z",[],{"attackSurface":34,"codeSignals":104,"taintFlows":194,"riskAssessment":220,"analyzedAt":231},{"hooks":35,"ajaxHandlers":100,"restRoutes":101,"shortcodes":102,"cronEvents":103,"entryPointCount":11,"unprotectedCount":11},[36,43,48,54,58,63,67,71,73,77,81,84,88,93,96],{"type":37,"name":38,"callback":39,"priority":40,"file":41,"line":42},"filter","post_thumbnail_html","wpFilterPostThumbnailHtml",20,"classes\u002Fclass.WPDEVHUB_DRC_Recipes_Main.php",74,{"type":37,"name":44,"callback":45,"priority":46,"file":41,"line":47},"post_row_actions","wpPostRowActions",10,77,{"type":49,"name":50,"callback":51,"file":52,"line":53},"action","widget_comments_args","disableCommentsWpActionWidgetCommentsArgs","classes\u002Fcore\u002Fclass.WPDEVHUB_DRC_StandardCustomPostType.php",34,{"type":37,"name":55,"callback":56,"file":52,"line":57},"comment_feed_where","disableCommentsWpFilterCommentFeedWhere",35,{"type":49,"name":59,"callback":60,"file":61,"line":62},"admin_enqueue_scripts","wpActionAdminEnqueueScripts","classes\u002Fcore\u002Fclass.WPDEVHUB_DRC_StandardMain.php",66,{"type":49,"name":64,"callback":65,"file":61,"line":66},"wp_enqueue_scripts","wpActionEnqueueScripts",67,{"type":49,"name":68,"callback":69,"file":61,"line":70},"admin_menu","wpActionAdminMenu",68,{"type":49,"name":64,"callback":65,"file":61,"line":72},188,{"type":37,"name":74,"callback":75,"priority":27,"file":61,"line":76},"the_content","wpFilterTheContent",391,{"type":37,"name":78,"callback":79,"priority":27,"file":61,"line":80},"the_excerpt","wpFilterTheExcerpt",392,{"type":37,"name":82,"callback":79,"priority":27,"file":61,"line":83},"get_the_excerpt",393,{"type":37,"name":85,"callback":86,"file":61,"line":87},"get_the_archive_title","wpFilterGetTheArchiveTitle",394,{"type":49,"name":89,"callback":90,"file":91,"line":92},"save_post","saveBase","classes\u002Fcore\u002Fclass.WPDEVHUB_DRC_StandardMetaBox.php",28,{"type":37,"name":74,"callback":94,"file":91,"line":95},"filterContent",32,{"type":49,"name":97,"callback":98,"priority":11,"file":99,"line":53},"init","wpActionInit","index.php",[],[],[],[],{"dangerousFunctions":105,"sqlUsage":111,"outputEscaping":114,"fileOperations":11,"externalRequests":11,"nonceChecks":191,"capabilityChecks":192,"bundledLibraries":193},[106],{"fn":107,"file":108,"line":109,"context":110},"unserialize","classes\u002Fcore\u002Fclass.WPDEVHUB_DRC_StandardObjectRecord.php",64,"return unserialize(base64_decode($object));",{"prepared":112,"raw":11,"locations":113},21,[],{"escaped":27,"rawEcho":115,"locations":116},41,[117,121,123,124,125,126,128,129,130,131,133,134,135,137,138,139,141,143,144,146,148,149,151,153,155,157,159,161,164,166,168,170,173,175,177,179,181,183,186,188,189],{"file":118,"line":119,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Recipes_CardLinkWidget.php",55,"raw output",{"file":118,"line":122,"context":120},56,{"file":118,"line":122,"context":120},{"file":118,"line":122,"context":120},{"file":118,"line":66,"context":120},{"file":118,"line":127,"context":120},76,{"file":118,"line":127,"context":120},{"file":118,"line":127,"context":120},{"file":118,"line":47,"context":120},{"file":118,"line":132,"context":120},78,{"file":118,"line":132,"context":120},{"file":118,"line":21,"context":120},{"file":118,"line":136,"context":120},90,{"file":118,"line":136,"context":120},{"file":118,"line":136,"context":120},{"file":118,"line":140,"context":120},91,{"file":118,"line":142,"context":120},92,{"file":118,"line":142,"context":120},{"file":118,"line":145,"context":120},99,{"file":118,"line":147,"context":120},105,{"file":118,"line":147,"context":120},{"file":118,"line":150,"context":120},177,{"file":118,"line":152,"context":120},181,{"file":118,"line":154,"context":120},183,{"file":118,"line":156,"context":120},187,{"file":118,"line":158,"context":120},190,{"file":160,"line":122,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Recipes_ExtraInfoMetaBox.php",{"file":162,"line":163,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Recipes_IngredientMetaBox.php",72,{"file":165,"line":66,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Recipes_InstructionMetaBox.php",{"file":167,"line":119,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Recipes_MediaMetaBox.php",{"file":169,"line":92,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Recipes_RecipeShortCodeMetaBox.php",{"file":171,"line":172,"context":120},"classes\u002Fclass.WPDEVHUB_DRC_Utilities.php",185,{"file":171,"line":174,"context":120},298,{"file":171,"line":176,"context":120},301,{"file":171,"line":178,"context":120},310,{"file":171,"line":180,"context":120},314,{"file":91,"line":182,"context":120},103,{"file":184,"line":185,"context":120},"classes\u002Fcore\u002Fclass.WPDEVHUB_DRC_StandardMetaBoxAndDbObject.php",81,{"file":187,"line":46,"context":120},"pages\u002Finc.settings-base.php",{"file":187,"line":115,"context":120},{"file":187,"line":190,"context":120},44,1,2,[],[195],{"entryPoint":196,"graph":197,"unsanitizedCount":192,"severity":219},"\u003Cinc.settings-base> (pages\u002Finc.settings-base.php:0)",{"nodes":198,"edges":215},[199,203,209,211],{"id":200,"type":201,"label":202,"file":187,"line":92},"n0","source","$_REQUEST",{"id":204,"type":205,"label":206,"file":187,"line":207,"wp_function":208},"n1","sink","call_user_func() [RCE]",38,"call_user_func",{"id":210,"type":201,"label":202,"file":187,"line":92},"n2",{"id":212,"type":205,"label":213,"file":187,"line":115,"wp_function":214},"n3","echo() [XSS]","echo",[216,218],{"from":200,"to":204,"sanitized":217},false,{"from":210,"to":212,"sanitized":217},"high",{"summary":221,"deductions":222},"The 'wpdevhub-recipes' plugin v2.7 exhibits a generally good security posture with no known vulnerabilities and a strong emphasis on secure coding practices like prepared statements for all SQL queries and the presence of nonce and capability checks. The static analysis also reveals a very small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that are not properly authenticated or authorized.\n\nHowever, there are a few concerning signals. The presence of the `unserialize` function, combined with a taint flow identified as having an unsanitized path, indicates a potential risk. If this `unserialize` function is used with user-supplied data, it could lead to remote code execution vulnerabilities. The low percentage of properly escaped output (18%) also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, although the attack surface is minimal.\n\nGiven the lack of historical vulnerabilities, it's possible these risks are mitigated by other factors not immediately apparent in the provided data, or that the identified taint flow has been handled internally. Nevertheless, the `unserialize` function and the poor output escaping are definite areas requiring attention to ensure a robust security profile.",[223,225,228],{"reason":224,"points":46},"Presence of unserialize function",{"reason":226,"points":227},"Taint flow with unsanitized path",12,{"reason":229,"points":230},"Low percentage of properly escaped output",7,"2026-04-16T14:30:33.487Z",{"wat":233,"direct":239},{"assetPaths":234,"generatorPatterns":236,"scriptPaths":237,"versionParams":238},[235],"\u002Fwp-content\u002Fplugins\u002Fwpdevhub-recipes\u002Fcss\u002Fwpdevhub-drc.css",[],[],[],{"cssClasses":240,"htmlComments":242,"htmlAttributes":245,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":250},[241],"wpdevhub-drc-recipe-single",[243,244],"\u003C!-- WPDevHub DRC START: Recipes -->","\u003C!-- WPDevHub DRC END: Recipes -->",[246],"data-recipe-id",[],[249],"WPDEVHUB_DRC_extra_vars",[251,252],"[wpdevhub_drc_display_recipe","[wpdevhub_drc_display_category",{"error":254,"url":255,"statusCode":256,"statusMessage":257,"message":257},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwpdevhub-recipes\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":191,"versions":259},[260],{"version":6,"download_url":20,"svn_tag_url":261,"released_at":22,"has_diff":217,"diff_files_changed":262,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":263,"is_current":254},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpdevhub-recipes\u002Ftags\u002F2.7\u002F",[],[]]