[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ff1inkmrZTjOekbHZtDlcQ8lFka4JOlrtVM08jOJADew":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":38,"fingerprints":73},"wpr-halloween-scare-popup","WPR Halloween Scare","1.6","aryanduntley","https:\u002F\u002Fprofiles.wordpress.org\u002Fdunar21\u002F","\u003Cp>NOTE:  This plugin was developed for tutorial purposes with \u003Ca href=\"http:\u002F\u002Fworldpressrevolution.com\u002Fcreating-scary-halloween-popup\u002F\" title=\"WorldPress Revolution WordPress Tutorials\" rel=\"nofollow ugc\">WorldPress Revolution’s\u003C\u002Fa> Scary Halloween pop up tutorial.  This plugin will not be supported or updated.  It is free for any\u002Fall to use, customize or do with as they please.  Enjoy.\u003C\u002Fp>\n\u003Cp>This plugin creates a shortcode that when called, enqueues a javascript file that generates a popup that mimics a white noise tv static and then displays a scary, Halloween themed image\u002Fgif part way through the duration of the effect.\u003C\u002Fp>\n\u003Cp>Plugin site: \u003Ca href=\"http:\u002F\u002Fworldpressrevolution.com\u002Fwpr_myplugins\u002Fwpr-wordpress-halloween-scare-plugin\u002F\" title=\"Aryan Duntley's Worldpress Revolution wordpress tutorials\" rel=\"nofollow ugc\">WorldpressRevolution\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Demo: \u003Ca href=\"http:\u002F\u002Frepublicofus.com\u002Fhalloween-scare\u002F\" title=\"Aryan Duntley's WPR Halloween Scare Demo\" rel=\"nofollow ugc\">See Demo\u003C\u002Fa>\u003C\u002Fp>\n","Creates a scary, staticy Halloween popup.",10,1796,100,2,"2015-01-07T22:05:00.000Z","4.1.42","3.0.1","",[20,21,22],"halloween-plugin","halloween-theme","scary-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpr-halloween-scare-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpr-halloween-scare-popup.1.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"dunar21",3,120,30,84,"2026-04-04T15:15:31.194Z",[],{"attackSurface":39,"codeSignals":56,"taintFlows":63,"riskAssessment":64,"analyzedAt":72},{"hooks":40,"ajaxHandlers":47,"restRoutes":48,"shortcodes":49,"cronEvents":54,"entryPointCount":55,"unprotectedCount":26},[41],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","wp_enqueue_scripts","wpr_hs_addscripts","halloweenscare.php",24,[],[],[50],{"tag":51,"callback":52,"file":45,"line":53},"wprscare","hallscare",26,[],1,{"dangerousFunctions":57,"sqlUsage":58,"outputEscaping":60,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":62},[],{"prepared":26,"raw":26,"locations":59},[],{"escaped":26,"rawEcho":26,"locations":61},[],[],[],{"summary":65,"deductions":66},"Based on the static analysis and vulnerability history, the \"wpr-halloween-scare-popup\" v1.6 plugin exhibits a strong security posture. The code analysis reveals no dangerous functions, no SQL queries that are not using prepared statements, and all output is properly escaped. There are also no file operations or external HTTP requests, which are common sources of vulnerabilities.\n\nThe plugin's attack surface is minimal, consisting of a single shortcode. Importantly, there are no AJAX handlers or REST API routes, significantly reducing the potential for cross-site scripting (XSS) or other injection attacks. The absence of any recorded CVEs or past vulnerabilities further reinforces its current security.  However, it is noteworthy that there are no capability checks or nonce checks implemented for the shortcode. While the attack surface is small, this lack of validation means any user, regardless of their role, can trigger the shortcode's functionality, which could be a concern if the shortcode performs any sensitive actions or displays potentially user-controlled content.\n\nIn conclusion, the plugin demonstrates excellent adherence to secure coding practices regarding data sanitization, SQL injection prevention, and output escaping. The limited attack surface and lack of known vulnerabilities are significant strengths. The primary area for improvement lies in implementing proper authentication and authorization checks, specifically capability checks and nonce validation, for its shortcode to prevent potential misuse.",[67,70],{"reason":68,"points":69},"Shortcode without capability checks",5,{"reason":71,"points":69},"Shortcode without nonce checks","2026-03-17T01:37:08.950Z",{"wat":74,"direct":79},{"assetPaths":75,"generatorPatterns":76,"scriptPaths":77,"versionParams":78},[],[],[],[],{"cssClasses":80,"htmlComments":81,"htmlAttributes":82,"restEndpoints":83,"jsGlobals":84,"shortcodeOutput":85},[],[],[],[],[],[]]