[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHSC6DPKtUHZ1UVapoeOqTQU5SdulR_g1OwvEH2YXVK8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":140,"fingerprints":373},"ya-turbo","Ya Turbo","1.0.1","hardkod.ru","https:\u002F\u002Fprofiles.wordpress.org\u002Fhardkod\u002F","\u003Cp>Yandex Turbo модуль позволяет гибко настроить RSS 2.0. выгрузку для сервиса «Яндекс Турбо» страницы (https:\u002F\u002Fyandex.ru\u002F)\u003C\u002Fp>\n\u003Cp>Функции\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Создание нескольких выгрузок с разными настройками\u003C\u002Fli>\n\u003Cli>Неограниченное количество adNetwork\u003C\u002Fli>\n\u003Cli>Настройка типов материалов\u003C\u002Fli>\n\u003Cli>Настройка порядка сортировки\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Установка\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Сделайте резервную копию своего сайта.\u003C\u002Fli>\n\u003Cli>Скопируйте папку плагина ‘ya_turbo\u002F’ в директорию с плагинами вашего wordpress.\u003C\u002Fli>\n\u003Cli>Включите “Ya Turbo” на странице управления плагинами.\u003C\u002Fli>\n\u003Cli>Для каждой выгрузки доступна ссылка _domain.com\u002F?feed=ya-turbo&name=#name#. Где #name# это название вашего фида.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Поддержка\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>По любым вопросам, пожалуйста, обращайтесь hello@hardkod.ru. Мы также занимаемся \u003Ca href=\"https:\u002F\u002Fwww.hardkod.ru\u002Fcms\u002Fwordpress\" rel=\"nofollow ugc\">созданием и поддержкой сайтов на WordPress\u003C\u002Fa>\u003C\u002Fp>\n","Yandex Turbo модуль позволяет гибко настроить RSS 2.0. выгрузку для сервиса «Яндекс Турбо» страницы (https:\u002F\u002Fyandex.ru\u002F) Функции",300,10614,60,2,"2018-08-30T12:23:00.000Z","4.9.29","3.9","",[20,21,22,23,24],"%d1%82%d1%83%d1%80%d0%b1%d0%be","%d0%bd%d0%be%d0%b2%d0%be%d1%81%d1%82%d0%b8","%d1%8f%d0%bd%d0%b4%d0%ba%d0%b5%d1%81","turbo","yandex","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fya-turbo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fya-turbo.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"hardkod",1,30,84,"2026-04-05T19:05:40.349Z",[39,58,82,105,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":34,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ca-yaturbo","Easy Ya.Turbo Pages","1.1","Dmitry Egorov","https:\u002F\u002Fprofiles.wordpress.org\u002Fconsultapp\u002F","\u003Cp>Добавляет отдельный RSS канал с разметкой под Яндекс Турбо-страницы, сразу после установки и активации плагина можно отдавать Яндексу в Вебмастере канал по адресу “http(s):\u002F\u002FYOUR_SITE\u002Ffeed\u002Fyaturbo\u002F”. Разметка соответствует требованиям Яндекса и выдает ошибки при тесте обычными xml валидаторами, тк имеет специфические теги.\u003C\u002Fp>\n\u003Cp>В настройках можно указать код Метрики и дополнительные ссылки (блок Yandex:related – не более 10), эти ссылки будут вставлены в конце материала при отображении. Эти элементы будут добавлены в канал.\u003C\u002Fp>\n\u003Cp>1.* Версия выводит в канал все записи типа ‘post’.\u003C\u002Fp>\n\u003Cp>Плагин не использует специфические функции последних версий WP и должнен работать на более старых версиях, чем 4.8, но не тестировался там.\u003C\u002Fp>\n","Add rss channel for Yandex Turbo pages (Яндекс турбо страниц). URL of rss channel for Yandex.Webmaster: \"http(s):\u002F\u002FYOUR_SITE\u002Ffeed\u002Fyaturbo\u002F\".",200,6095,100,"2020-06-04T14:27:00.000Z","5.4.19","4.8",[20,54,55,23,24],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81","pages","http:\u002F\u002Fconsultapp.ru\u002Fyandex-turbo-pages-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fca-yaturbo.1.2.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":34,"unpatched_count":34,"last_vuln_date":81,"fetched_at":30},"wp-yandex-metrika","Yandex.Metrica","1.2.2","Yandex Metrika","https:\u002F\u002Fprofiles.wordpress.org\u002Fyandexmetrika\u002F","\u003Ch4>Yandex.Metrica\u003C\u002Fh4>\n\u003Cp>The free official Yandex.Metrica plugin for WordPress. This plugin helps you install a Yandex.Metrica tag on your site and configure the transfer of E-commerce data without manually editing the site’s code. It also transmits data about product views, additions to the basket, and sales.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Official Yandex.Metrica plugin\u003C\u002Fli>\n\u003Cli>E-commerce event tracking without manually editing the site’s code\u003C\u002Fli>\n\u003Cli>Quick installation\u003C\u002Fli>\n\u003Cli>Support for WordPress versions 5.2.9 and higher\u003C\u002Fli>\n\u003Cli>Scheduled updates\u003C\u002Fli>\n\u003Cli>Prompt support service\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>List of functions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically search for and configure installed Yandex.Metrica tags.\u003C\u002Fli>\n\u003Cli>Quickly add new Yandex.Metrica tags. The following parameters are set by default:\n\u003Cul>\n\u003Cli>E-commerce: Enabled\u003C\u002Fli>\n\u003Cli>Session Replay: Enabled (can be disabled if necessary)\u003C\u002Fli>\n\u003Cli>Click map: enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Transfer of e-commerce events according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fdata\u002Fe-commerce.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Adding an item to the basket\u003C\u002Fli>\n\u003Cli>Pageview of a product profile\u003C\u002Fli>\n\u003Cli>Removing an item from the basket\u003C\u002Fli>\n\u003Cli>Placing an order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Detalization of transferred product data according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fecommerce\u002Fdata.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Event logs with the following error codes:\n\u003Cul>\n\u003Cli>The WordPress version is deprecated\u003C\u002Fli>\n\u003Cli>The site lacks the brand taxonomy indicated by the user\u003C\u002Fli>\n\u003Cli>The theme doesn’t have the hook required for the plugin to work\u003C\u002Fli>\n\u003Cli>The tag number contains characters that aren’t numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n","The free official Yandex.Metrica plugin for WordPress.",60000,262856,70,13,"2025-09-25T10:44:00.000Z","6.8.5","5.2.9","5.6.20",[54,75,76,77,24],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","metrica","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-yandex-metrika\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-yandex-metrika.1.2.2.zip",78,"2025-12-07 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":71,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":101,"download_link":102,"security_score":103,"vuln_count":14,"unpatched_count":28,"last_vuln_date":104,"fetched_at":30},"rss-for-yandex-turbo","RSS for Yandex Turbo","1.32","Flector","https:\u002F\u002Fprofiles.wordpress.org\u002Fflector\u002F","\u003Cp>Данный плагин автоматически создаст на вашем сайте новую RSS-ленту (или несколько лент) для сервиса “Яндекс.Турбо” в полном соответствии с \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fdev\u002Fturbo\u002Fdoc\u002Frss\u002Fmarkup-docpage\u002F\" rel=\"nofollow ugc\">техническими требованиями\u003C\u002Fa> Яндекса.\u003C\u002Fp>\n\u003Cp>После установки плагина не забудьте проверить его настройки в “\u003Cstrong>Настройках\\Яндекс.Турбо\u003C\u002Fstrong>”.\u003C\u002Fp>\n\u003Cp>Чтобы добавить свою ленту в Яндекс.Турбо вам надо будет отправить заявку в Яндекс.Вебмастере (“Турбо-страницы\\Источники”). И не забудьте перевести переключатель в положение “Вкл”.\u003C\u002Fp>\n\u003Cp>Если вам понравился этот плагин, то, \u003Cstrong>пожалуйста\u003C\u002Fstrong>, поставьте ему 5 звезд.\u003C\u002Fp>\n\u003Cp>Для плагина есть премиум-дополнение \u003Ca href=\"https:\u002F\u002Fwpcase.ru\u002Fwpcase-turbo-ads\u002F\" rel=\"nofollow ugc\">WPCase: Turbo Ads\u003C\u002Fa> для неограниченной вставки рекламы на турбо-страницах.\u003C\u002Fp>\n","Создание RSS-ленты для сервиса Яндекс.Турбо.",30000,382157,92,145,"2025-05-19T09:39:00.000Z","4.4","5.3",[98,99,23,24,100],"feed","rss","yandex-turbo","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frss-for-yandex-turbo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frss-for-yandex-turbo.zip",99,"2021-04-23 00:00:00",{"slug":106,"name":107,"version":42,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":49,"num_ratings":14,"last_updated":114,"tested_up_to":51,"requires_at_least":17,"requires_php":18,"tags":115,"homepage":117,"download_link":118,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wt-yandex-metrika","WT Yandex Metrika","Roman Kusty","https:\u002F\u002Fprofiles.wordpress.org\u002Fkustyrt\u002F","\u003Cp>С помощью этого плагина вы можете c легкость добавить на свой сайт счетчик \u003Cstrong>Яндекс.Метрика\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\" rel=\"nofollow ugc\">Яндекс.Метрика\u003C\u002Fa> — инструмент для оценки посещаемости сайтов, анализа поведения посетителей и эффективности рекламы. Метрика работает по традиционному принципу интернет-счетчиков: код, установленный на страницах вашего сайта, регистрирует каждое посещение, собирая о нем данные.\u003C\u002Fp>\n\u003Ch4>Возможности плагина\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Выбор расположения кода счетчика: Header \u002F Footer\u003C\u002Fli>\n\u003Cli>Отключение счетчика при посещении сайта администратором\u003C\u002Fli>\n\u003Cli>Активация счетчика в панели администратора\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>После установки и активации плагина в \u003Cstrong>настройках сайта\u003C\u002Fstrong> появится раздел \u003Cstrong>WT Яндекс Метрика\u003C\u002Fstrong>, в котором необходимо вставить код счетчика и настроить отображение.\u003C\u002Fp>\n\u003Ch4>Поддержка\u003C\u002Fh4>\n\u003Cp>Домашняя страница и документация плагина: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress\u002F\" rel=\"nofollow ugc\">WT Yandex Metrika\u003C\u002Fa>.\u003Cbr \u002F>\nРазработка и поддержка: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\" rel=\"nofollow ugc\">АИТ “Web Technology”\u003C\u002Fa>.\u003Cbr \u002F>\nСообщество Вконтакте: \u003Ca href=\"https:\u002F\u002Fvk.com\u002Fagency_web_technology\" rel=\"nofollow ugc\">vk.com\u002Fagency_web_technology\u003C\u002Fa>.\u003C\u002Fp>\n","Простое добавление на сайт счетчика Яндекс.Метрика",6000,45465,"2020-05-25T14:17:00.000Z",[54,75,76,116],"yandex-metrika","https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-yandex-metrika.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":136,"download_link":137,"security_score":138,"vuln_count":34,"unpatched_count":28,"last_vuln_date":139,"fetched_at":30},"mihdan-yandex-turbo-feed","Mihdan: Yandex Turbo Feed","1.6.6","mihdan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmihdan\u002F","\u003Cp>Mihdan: Yandex Turbo Feed by mihdan – allows you to convert your site materials into Yandex.Turbo format.\u003C\u002Fp>\n\u003Ch4>Возможности плагина\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Создание неограниченного количества лент\u003C\u002Fli>\n\u003Cli>Индивидуальные настройки каждой ленты\u003C\u002Fli>\n\u003Cli>Поддержка произвольного CSS и HTML\u003C\u002Fli>\n\u003Cli>Массовое редактирование (Bulk Edit) настроек турбо-страниц\u003C\u002Fli>\n\u003Cli>Быстрое редактирование (Quick Edit) настроек турбо-страницы\u003C\u002Fli>\n\u003Cli>Возможность удаления всех турбо-страниц для определённой ленты\u003C\u002Fli>\n\u003Cli>Указание копирайта для фото\u003C\u002Fli>\n\u003Cli>Вставка кнопок шеринга и изменение их набора\u003C\u002Fli>\n\u003Cli>Вставка комментариев\u003C\u002Fli>\n\u003Cli>Вставка формы обратной связи\u003C\u002Fli>\n\u003Cli>Вставка и настройка меню\u003C\u002Fli>\n\u003Cli>Вставка и настройка хлебных крошек\u003C\u002Fli>\n\u003Cli>Вставка и настройка систем аналитики\u003C\u002Fli>\n\u003Cli>Вставка похожих записей\u003C\u002Fli>\n\u003Cli>Активация бесконечной ленты\u003C\u002Fli>\n\u003Cli>Вставка и настройка формы поиска\u003C\u002Fli>\n\u003Cli>Вставка и настройка рейтинга\u003C\u002Fli>\n\u003Cli>Вставка таблиц и их настройка\u003C\u002Fli>\n\u003Cli>Отключение неиспользуемых полей ленты (автор, метки …)\u003C\u002Fli>\n\u003Cli>Активация приватной ленты (запрос логина и пароля)\u003C\u002Fli>\n\u003Cli>Экспорт\u002FИмпорт настроек\u003C\u002Fli>\n\u003Cli>Ленты совместимы с плагином Yoast SEO\u003C\u002Fli>\n\u003Cli>Ленты совместимы с плагином The SEO Framework\u003C\u002Fli>\n\u003Cli>Ленты совместимы с плагином Rank Math\u003C\u002Fli>\n\u003Cli>Ленты совместимы с плагином WPML\u003C\u002Fli>\n\u003Cli>Ленты совместимы с плагином Polylang\u003C\u002Fli>\n\u003Cli>Ленты совместимы с плагином Transpoch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Need help with anything? Please create a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmihdan-yandex-turbo-feed\" rel=\"ugc\">support topic\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Feature Request\u003C\u002Fh4>\n\u003Cp>Want a feature added to this plugin? Create a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmihdan-yandex-turbo-feed\" rel=\"ugc\">support topic\u003C\u002Fa>.\u003Cbr \u002F>\nWe are always looking to add features to improve our plugin.\u003C\u002Fp>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>Mihdan: Yandex Turbo Feed \u003Cstrong>does not\u003C\u002Fstrong> make any changes to your database, it just processes the output. So you will not see these changes within the WYSIWYG editor.\u003C\u002Fp>\n\u003Ch3>System Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.6+\u003C\u002Fli>\n\u003Cli>PHP 5.6+\u003C\u002Fli>\n\u003C\u002Ful>\n","Mihdan: Yandex Turbo Feed by mihdan – allows you to convert your site materials into Yandex.Turbo format.",1000,39461,94,31,"2024-05-03T15:18:00.000Z","6.5.8","5.6","7.4",[98,99,23,24,100],"https:\u002F\u002Fwww.kobzarev.com\u002Fprojects\u002Fyandex-turbo-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmihdan-yandex-turbo-feed.1.6.6.zip",91,"2024-05-06 00:00:00",{"attackSurface":141,"codeSignals":185,"taintFlows":277,"riskAssessment":358,"analyzedAt":372},{"hooks":142,"ajaxHandlers":181,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":28,"unprotectedCount":28},[143,150,156,159,161,164,167,170,173,176,178],{"type":144,"name":145,"callback":146,"priority":147,"file":148,"line":149},"filter","plugin_action_links","action_links",10,"admin\\class-ya-turbo-admin.php",62,{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","plugins_loaded","anonymous","includes\\class-ya-turbo.php",148,{"type":151,"name":157,"callback":153,"file":154,"line":158},"admin_enqueue_scripts",163,{"type":151,"name":157,"callback":153,"file":154,"line":160},164,{"type":151,"name":162,"callback":153,"file":154,"line":163},"admin_init",165,{"type":151,"name":165,"callback":153,"file":154,"line":166},"admin_menu",166,{"type":151,"name":168,"callback":153,"file":154,"line":169},"add_meta_boxes",167,{"type":151,"name":171,"callback":153,"file":154,"line":172},"save_post",168,{"type":151,"name":174,"callback":153,"file":154,"line":175},"wp_enqueue_scripts",186,{"type":151,"name":174,"callback":153,"file":154,"line":177},187,{"type":151,"name":179,"callback":153,"file":154,"line":180},"init",188,[],[],[],[],{"dangerousFunctions":186,"sqlUsage":194,"outputEscaping":201,"fileOperations":28,"externalRequests":28,"nonceChecks":275,"capabilityChecks":14,"bundledLibraries":276},[187,191],{"fn":188,"file":148,"line":189,"context":190},"unserialize",558,"$feed->settings = unserialize( $feed->settings );",{"fn":188,"file":192,"line":193,"context":190},"public\\class-ya-turbo-public.php",102,{"prepared":195,"raw":34,"locations":196},5,[197],{"file":198,"line":199,"context":200},"uninstall.php",23,"$wpdb->query() with variable interpolation",{"escaped":202,"rawEcho":203,"locations":204},38,34,[205,208,211,213,215,216,218,220,222,225,228,230,232,234,235,237,240,242,244,246,247,249,251,252,254,256,258,260,262,265,267,269,271,273],{"file":148,"line":206,"context":207},160,"raw output",{"file":209,"line":210,"context":207},"admin\\partials\\ya-turbo-admin-add-feed.php",46,{"file":209,"line":212,"context":207},48,{"file":209,"line":214,"context":207},55,{"file":209,"line":68,"context":207},{"file":209,"line":217,"context":207},140,{"file":209,"line":219,"context":207},141,{"file":209,"line":221,"context":207},143,{"file":223,"line":224,"context":207},"admin\\partials\\ya-turbo-admin-del-feed.php",54,{"file":226,"line":227,"context":207},"admin\\partials\\ya-turbo-admin-display.php",36,{"file":226,"line":229,"context":207},58,{"file":226,"line":231,"context":207},93,{"file":226,"line":233,"context":207},97,{"file":226,"line":49,"context":207},{"file":226,"line":236,"context":207},103,{"file":238,"line":239,"context":207},"admin\\partials\\ya-turbo-admin-edit-feed.php",65,{"file":238,"line":241,"context":207},67,{"file":238,"line":243,"context":207},79,{"file":238,"line":245,"context":207},82,{"file":238,"line":233,"context":207},{"file":238,"line":248,"context":207},108,{"file":238,"line":250,"context":207},121,{"file":238,"line":217,"context":207},{"file":238,"line":253,"context":207},158,{"file":238,"line":255,"context":207},159,{"file":238,"line":257,"context":207},161,{"file":238,"line":259,"context":207},179,{"file":238,"line":261,"context":207},256,{"file":263,"line":264,"context":207},"admin\\partials\\ya-turbo-admin-promo.php",16,{"file":266,"line":35,"context":207},"admin\\partials\\ya-turbo-message.php",{"file":266,"line":268,"context":207},32,{"file":270,"line":229,"context":207},"public\\partials\\ya-turbo-public-feed.php",{"file":270,"line":272,"context":207},113,{"file":270,"line":274,"context":207},130,4,[],[278,300,312,331,347],{"entryPoint":279,"graph":280,"unsanitizedCount":14,"severity":299},"options_page__edit_feed (admin\\class-ya-turbo-admin.php:322)",{"nodes":281,"edges":295},[282,287,291],{"id":283,"type":284,"label":285,"file":148,"line":286},"n0","source","$_GET (x2)",336,{"id":288,"type":289,"label":290,"file":148,"line":286},"n1","transform","→ load_feed()",{"id":292,"type":293,"label":294,"file":148,"line":189,"wp_function":188},"n2","sink","unserialize() [Object Injection]",[296,298],{"from":283,"to":288,"sanitized":297},false,{"from":288,"to":292,"sanitized":297},"high",{"entryPoint":301,"graph":302,"unsanitizedCount":34,"severity":299},"options_page__del_feed (admin\\class-ya-turbo-admin.php:472)",{"nodes":303,"edges":309},[304,307,308],{"id":283,"type":284,"label":305,"file":148,"line":306},"$_GET",484,{"id":288,"type":289,"label":290,"file":148,"line":306},{"id":292,"type":293,"label":294,"file":148,"line":189,"wp_function":188},[310,311],{"from":283,"to":288,"sanitized":297},{"from":288,"to":292,"sanitized":297},{"entryPoint":313,"graph":314,"unsanitizedCount":330,"severity":299},"\u003Cclass-ya-turbo-admin> (admin\\class-ya-turbo-admin.php:0)",{"nodes":315,"edges":325},[316,318,319,321,323],{"id":283,"type":284,"label":305,"file":148,"line":317},482,{"id":288,"type":293,"label":294,"file":148,"line":189,"wp_function":188},{"id":292,"type":284,"label":320,"file":148,"line":286},"$_GET (x3)",{"id":322,"type":289,"label":290,"file":148,"line":286},"n3",{"id":324,"type":293,"label":294,"file":148,"line":189,"wp_function":188},"n4",[326,328,329],{"from":283,"to":288,"sanitized":327},true,{"from":292,"to":322,"sanitized":297},{"from":322,"to":324,"sanitized":297},3,{"entryPoint":332,"graph":333,"unsanitizedCount":14,"severity":299},"feed (public\\class-ya-turbo-public.php:78)",{"nodes":334,"edges":344},[335,338,342,343],{"id":283,"type":284,"label":336,"file":192,"line":337},"$_REQUEST",86,{"id":288,"type":293,"label":339,"file":192,"line":340,"wp_function":341},"get_row() [SQLi]",95,"get_row",{"id":292,"type":284,"label":336,"file":192,"line":337},{"id":322,"type":293,"label":294,"file":192,"line":193,"wp_function":188},[345,346],{"from":283,"to":288,"sanitized":297},{"from":292,"to":322,"sanitized":297},{"entryPoint":348,"graph":349,"unsanitizedCount":14,"severity":299},"\u003Cclass-ya-turbo-public> (public\\class-ya-turbo-public.php:0)",{"nodes":350,"edges":355},[351,352,353,354],{"id":283,"type":284,"label":336,"file":192,"line":337},{"id":288,"type":293,"label":339,"file":192,"line":340,"wp_function":341},{"id":292,"type":284,"label":336,"file":192,"line":337},{"id":322,"type":293,"label":294,"file":192,"line":193,"wp_function":188},[356,357],{"from":283,"to":288,"sanitized":297},{"from":292,"to":322,"sanitized":297},{"summary":359,"deductions":360},"The \"ya-turbo\" v1.0.1 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by having a zero attack surface in terms of accessible entry points like AJAX handlers, REST API routes, and shortcodes, with no unpatched CVEs in its history. The presence of nonce and capability checks, along with a high percentage of SQL queries using prepared statements, also suggests a conscious effort towards secure coding. However, significant concerns arise from the static analysis. The use of the \"unserialize\" function without clear sanitization is a critical vulnerability, especially when combined with five taint flows identified as having unsanitized paths. This indicates a strong potential for remote code execution or data manipulation if an attacker can control the serialized data passed to the plugin. The moderate rate of properly escaped output also introduces a risk of cross-site scripting (XSS) vulnerabilities, although the severity of these is not explicitly detailed. The lack of historical vulnerabilities could be interpreted positively as good security, or negatively as a lack of rigorous testing or exposure to attack vectors. Overall, while the plugin avoids common attack vectors and has no known historical vulnerabilities, the identified use of \"unserialize\" and the tainted, unsanitized data flows present a substantial risk that needs immediate attention.",[361,364,366,367,368,369,370],{"reason":362,"points":363},"Dangerous function: unserialize",15,{"reason":365,"points":363},"Taint flow with unsanitized path (Critical)",{"reason":365,"points":363},{"reason":365,"points":363},{"reason":365,"points":363},{"reason":365,"points":363},{"reason":371,"points":195},"Output escaping: 53% properly escaped","2026-03-16T20:03:04.823Z",{"wat":374,"direct":383},{"assetPaths":375,"generatorPatterns":378,"scriptPaths":379,"versionParams":380},[376,377],"\u002Fwp-content\u002Fplugins\u002Fya-turbo\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fya-turbo\u002Fassets\u002Fjs\u002Fscript.js",[],[377],[381,382],"ya-turbo\u002Fstyle.css?ver=","ya-turbo\u002Fscript.js?ver=",{"cssClasses":384,"htmlComments":386,"htmlAttributes":388,"restEndpoints":390,"jsGlobals":391,"shortcodeOutput":393},[385],"ya_turbo_feed",[387],"\u003C!-- Yandex Turbo -->",[389],"data-turbo-related",[],[392],"ya_turbo_params",[]]