[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fv_b5seqTPwNIZLNPSm6ay6n2COsf-KijIj9SsWam2Ys":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":30,"analysis":31,"fingerprints":230},"yews-optimisations","YEWS Optimisations","4.6.2.2","Grigory Metlenko","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrigory-metlenko\u002F","\u003Cp>YEWS Optimisations for the websites that are using the Modernize, Flawless and Total Business themes from Goodlayers.\u003C\u002Fp>\n","YEWS Optimisations for the websites that are using the Modernize, Flawless and Total Business themes from Goodlayers.",50,2050,0,"2016-10-05T01:40:00.000Z","",[],"https:\u002F\u002Fyews.com.au","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyews-optimisations.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":24,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":19,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"grigory-metlenko",2,60,30,84,"2026-04-04T05:26:21.855Z",[],{"attackSurface":32,"codeSignals":149,"taintFlows":218,"riskAssessment":219,"analyzedAt":229},{"hooks":33,"ajaxHandlers":139,"restRoutes":140,"shortcodes":141,"cronEvents":145,"entryPointCount":148,"unprotectedCount":13},[34,41,45,50,54,59,61,63,67,70,76,80,84,87,90,93,95,99,104,107,110,113,116,119,122,126,129,131,135],{"type":35,"name":36,"callback":37,"priority":38,"file":39,"line":40},"filter","yews_menu_item","yews_checks_menu_item",20,"include\\yews\\custom-checks.php",9,{"type":35,"name":42,"callback":43,"priority":38,"file":39,"line":44},"yews_menu_pages","yews_checks_page",39,{"type":46,"name":47,"callback":48,"file":39,"line":49},"action","yews_daily_checks","yews_do_this_daily",42,{"type":46,"name":51,"callback":52,"file":39,"line":53},"init","closure",110,{"type":35,"name":55,"callback":56,"priority":57,"file":39,"line":58},"auto_update_plugin","auto_update_yews_plugin",10,147,{"type":46,"name":47,"callback":52,"file":39,"line":60},150,{"type":46,"name":47,"callback":52,"file":39,"line":62},205,{"type":35,"name":36,"callback":64,"priority":57,"file":65,"line":66},"yews_enquiries_menu_item","include\\yews\\custom-enquiries.php",7,{"type":35,"name":42,"callback":68,"priority":57,"file":65,"line":69},"yews_enquiries_page",68,{"type":46,"name":71,"callback":72,"priority":73,"file":74,"line":75},"wp_footer","yews_add_footer_jquery",999,"include\\yews\\custom-footer.php",65,{"type":46,"name":77,"callback":78,"file":79,"line":11},"login_head","yews_custom_login_page_style","include\\yews\\custom-login.php",{"type":35,"name":81,"callback":82,"file":79,"line":83},"login_headerurl","yews_wp_login_url",55,{"type":35,"name":85,"callback":86,"file":79,"line":26},"login_headertitle","yews_wp_login_title",{"type":35,"name":88,"callback":89,"file":79,"line":69},"login_message","yews_custom_login_message",{"type":35,"name":36,"callback":91,"priority":27,"file":92,"line":66},"yews_microstructureddata_menu_item","include\\yews\\custom-micro-structured-data.php",{"type":35,"name":42,"callback":94,"file":92,"line":49},"yews_microstructureddata_page",{"type":46,"name":96,"callback":97,"file":92,"line":98},"wp_head","yews_msd_wp_head",79,{"type":46,"name":100,"callback":101,"file":102,"line":103},"customize_register","yews_customize_register","include\\yews\\custom-options.php",469,{"type":46,"name":96,"callback":105,"file":102,"line":106},"yews_add_analytics_code",472,{"type":46,"name":96,"callback":108,"file":102,"line":109},"yews_add_phone_code",490,{"type":46,"name":96,"callback":111,"file":102,"line":112},"yews_add_hellobarcss_code",527,{"type":46,"name":71,"callback":114,"file":102,"line":115},"yews_add_hellobarhtml_code",633,{"type":46,"name":71,"callback":117,"priority":73,"file":102,"line":118},"yews_add_remarketing_code",646,{"type":46,"name":71,"callback":120,"priority":73,"file":102,"line":121},"yews_add_conversion_tracking_code",665,{"type":46,"name":123,"callback":124,"file":102,"line":125},"wp_enqueue_scripts","yews_add_bottombar_scripts",684,{"type":46,"name":71,"callback":127,"priority":73,"file":102,"line":128},"yews_add_bottom_bar",686,{"type":46,"name":51,"callback":52,"file":130,"line":49},"include\\yews\\custom-yews-page.php",{"type":46,"name":132,"callback":133,"file":130,"line":134},"admin_menu","yews_add_admin_menu",74,{"type":46,"name":136,"callback":137,"file":130,"line":138},"admin_init","yews_settings_init",75,[],[],[142],{"tag":4,"callback":143,"file":130,"line":144},"yews_optimisations_shortcode",40,[146],{"hook":47,"callback":47,"file":39,"line":147},45,1,{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":156,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":154,"bundledLibraries":217},[],{"prepared":13,"raw":148,"locations":152},[153],{"file":74,"line":154,"context":155},5,"$wpdb->get_results() with variable interpolation",{"escaped":13,"rawEcho":27,"locations":157},[158,161,163,164,166,168,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215],{"file":74,"line":159,"context":160},59,"raw output",{"file":92,"line":162,"context":160},58,{"file":92,"line":26,"context":160},{"file":92,"line":165,"context":160},62,{"file":92,"line":167,"context":160},66,{"file":92,"line":69,"context":160},{"file":92,"line":170,"context":160},70,{"file":92,"line":172,"context":160},72,{"file":102,"line":174,"context":160},485,{"file":102,"line":176,"context":160},522,{"file":102,"line":178,"context":160},629,{"file":102,"line":180,"context":160},641,{"file":102,"line":182,"context":160},660,{"file":102,"line":184,"context":160},674,{"file":102,"line":186,"context":160},702,{"file":102,"line":188,"context":160},704,{"file":102,"line":190,"context":160},706,{"file":102,"line":192,"context":160},726,{"file":102,"line":194,"context":160},737,{"file":130,"line":196,"context":160},204,{"file":130,"line":198,"context":160},246,{"file":130,"line":200,"context":160},264,{"file":130,"line":202,"context":160},282,{"file":130,"line":204,"context":160},300,{"file":130,"line":206,"context":160},310,{"file":130,"line":208,"context":160},318,{"file":130,"line":210,"context":160},324,{"file":130,"line":212,"context":160},330,{"file":130,"line":214,"context":160},336,{"file":130,"line":216,"context":160},342,[],[],{"summary":220,"deductions":221},"The \"yews-optimisations\" plugin v4.6.2.2 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs) and no identified critical or high-severity taint flows, which are significant indicators of a generally well-maintained and secure codebase. The absence of dangerous functions, file operations, and external HTTP requests also contributes to a reduced attack surface. However, there are notable concerns arising from the static code analysis. The plugin performs SQL queries without utilizing prepared statements, which is a direct pathway to SQL injection vulnerabilities if the input is not meticulously sanitized elsewhere. Additionally, a substantial portion of the plugin's output is not properly escaped, creating a risk of Cross-Site Scripting (XSS) attacks. The lack of nonce checks on its single entry point (shortcode) is also a concern for potential Cross-Site Request Forgery (CSRF) attacks, though the absence of AJAX and REST API endpoints mitigates this specific risk somewhat.  The plugin's vulnerability history is strong, but the static analysis reveals potential weaknesses that could be exploited if not addressed.",[222,224,227],{"reason":223,"points":66},"Raw SQL queries without prepared statements",{"reason":225,"points":226},"Unescaped output detected",6,{"reason":228,"points":154},"Missing nonce checks on entry points","2026-03-16T21:59:13.762Z",{"wat":231,"direct":264},{"assetPaths":232,"generatorPatterns":247,"scriptPaths":248,"versionParams":249},[233,234,235,236,237,238,239,240,241,242,243,244,245,246],"\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-login.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-footer.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-yews-page.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-micro-structured-data.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-enquiries.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-options.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Finclude\u002Fyews\u002Fcustom-checks.css","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-login.js","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-footer.js","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-yews-page.js","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-micro-structured-data.js","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-enquiries.js","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-options.js","\u002Fwp-content\u002Fplugins\u002Fyews-optimisations\u002Fjs\u002Fcustom-checks.js",[],[240,241,242,243,244,245,246],[250,251,252,253,254,255,256,257,258,259,260,261,262,263],"yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-login.css?ver=","yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-footer.css?ver=","yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-yews-page.css?ver=","yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-micro-structured-data.css?ver=","yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-enquiries.css?ver=","yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-options.css?ver=","yews-optimisations\u002Finclude\u002Fyews\u002Fcustom-checks.css?ver=","yews-optimisations\u002Fjs\u002Fcustom-login.js?ver=","yews-optimisations\u002Fjs\u002Fcustom-footer.js?ver=","yews-optimisations\u002Fjs\u002Fcustom-yews-page.js?ver=","yews-optimisations\u002Fjs\u002Fcustom-micro-structured-data.js?ver=","yews-optimisations\u002Fjs\u002Fcustom-enquiries.js?ver=","yews-optimisations\u002Fjs\u002Fcustom-options.js?ver=","yews-optimisations\u002Fjs\u002Fcustom-checks.js?ver=",{"cssClasses":265,"htmlComments":267,"htmlAttributes":268,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":283},[266],"yews-hello-bar",[],[269,270,271,272,273,274],"data-hellobar-text","data-hellobar-button-text","data-hellobar-button-url","data-hellobar-classes","data-hellobar-bg-color","data-hellobar-text-color",[],[277,278,279,280,281,282],"yews_hellobar_text","yews_hellobar_button_text","yews_hellobar_button_url","yews_hellobar_classes","yews_hellobar_bg_color","yews_hellobar_text_color",[]]