[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsUgSKKu80m4N0rbA9u67ItlYebBD1rF94QTq7tLpY2U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":35,"fingerprints":142},"affiliate-marketing","Affiliate program for your website ( integration with Sdelka.biz )","1.1.20","sdelka","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdelka\u002F","\u003Cp>Плагин интегрирует ваш сайт с платформой партнёрского маркетинга Sdelka.biz.\u003Cbr \u002F>\nС помощью которой вы можете создать свою партнёрскую программу, отслеживать партнёрские продажи или действия по реферальным ссылкам, а так же выплачивать партнёрам вознаграждения.\u003C\u002Fp>\n\u003Cp>Плагин установит на ваш сайт код трекера для отслеживания партнёрских действий по реферальным ссылкам.\u003Cbr \u002F>\nИ создаст виджет для отображения ссылки на условия вашей партнёрской программы и получения реферальных ссылок.\u003C\u002Fp>\n","Плагин интегрирует ваш сайт с платформой партнёрского маркетинга Sdelka.biz.",10,1151,0,"2023-07-15T14:53:00.000Z","6.2.9","4.7","5.2",[19,20,21,22,7],"%d0%bf%d0%b0%d1%80%d1%82%d0%bd%d1%91%d1%80%d0%ba%d0%b0","%d0%bf%d0%b0%d1%80%d1%82%d0%bd%d1%91%d1%80%d1%81%d0%ba%d0%b0%d1%8f-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d0%b0","%d0%bf%d0%bb%d0%b0%d0%b3%d0%b8%d0%bd-%d0%b4%d0%bb%d1%8f-%d0%bf%d0%b0%d1%80%d1%82%d0%bd%d1%91%d1%80%d1%81%d0%ba%d0%be%d0%b9-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d1%8b","%d1%80%d0%b5%d1%84%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d0%b0%d1%8f-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d0%b0","https:\u002F\u002Fsdelka.biz\u002Fintegrations\u002Fwp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliate-marketing.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-05T09:17:03.427Z",[],{"attackSurface":36,"codeSignals":82,"taintFlows":98,"riskAssessment":126,"analyzedAt":141},{"hooks":37,"ajaxHandlers":78,"restRoutes":79,"shortcodes":80,"cronEvents":81,"entryPointCount":13,"unprotectedCount":13},[38,44,47,49,52,55,58,61,64,66,69,72,75],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","plugins_loaded","anonymous","includes\\class-sdelka.php",141,{"type":39,"name":45,"callback":41,"file":42,"line":46},"admin_enqueue_scripts",156,{"type":39,"name":45,"callback":41,"file":42,"line":48},157,{"type":39,"name":50,"callback":41,"file":42,"line":51},"woocommerce_order_status_completed",161,{"type":39,"name":53,"callback":41,"file":42,"line":54},"woocommerce_order_status_cancelled",162,{"type":39,"name":56,"callback":41,"file":42,"line":57},"woocommerce_order_status_failed",163,{"type":39,"name":59,"callback":41,"file":42,"line":60},"woocommerce_order_status_refunded",164,{"type":39,"name":62,"callback":41,"file":42,"line":63},"wp_enqueue_scripts",180,{"type":39,"name":62,"callback":41,"file":42,"line":65},181,{"type":39,"name":67,"callback":41,"file":42,"line":68},"woocommerce_new_order",183,{"type":39,"name":70,"callback":41,"file":42,"line":71},"admin_menu",196,{"type":39,"name":73,"callback":41,"file":42,"line":74},"plugin_action_links_sdelka\u002Fsdelka.php",199,{"type":39,"name":76,"callback":41,"file":42,"line":77},"widgets_init",202,[],[],[],[],{"dangerousFunctions":83,"sqlUsage":84,"outputEscaping":86,"fileOperations":13,"externalRequests":87,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":97},[],{"prepared":13,"raw":13,"locations":85},[],{"escaped":87,"rawEcho":88,"locations":89},5,3,[90,94,96],{"file":91,"line":92,"context":93},"includes\\class-sdelka-widget.php",36,"raw output",{"file":91,"line":95,"context":93},37,{"file":91,"line":95,"context":93},[],[99,118],{"entryPoint":100,"graph":101,"unsanitizedCount":88,"severity":117},"update_sdelka_settings (includes\\class-sdelka.php:322)",{"nodes":102,"edges":114},[103,108],{"id":104,"type":105,"label":106,"file":42,"line":107},"n0","source","$_POST (x3)",325,{"id":109,"type":110,"label":111,"file":42,"line":112,"wp_function":113},"n1","sink","update_option() [Settings Manipulation]",326,"update_option",[115],{"from":104,"to":109,"sanitized":116},false,"low",{"entryPoint":119,"graph":120,"unsanitizedCount":88,"severity":117},"\u003Cclass-sdelka> (includes\\class-sdelka.php:0)",{"nodes":121,"edges":124},[122,123],{"id":104,"type":105,"label":106,"file":42,"line":107},{"id":109,"type":110,"label":111,"file":42,"line":112,"wp_function":113},[125],{"from":104,"to":109,"sanitized":116},{"summary":127,"deductions":128},"The affiliate-marketing plugin v1.1.20 exhibits a generally good security posture, with no known historical vulnerabilities and a clean slate regarding critical code signals. The absence of dangerous functions, raw SQL queries, and file operations is commendable. However, several areas raise concerns.  The plugin makes 5 external HTTP requests, which can be a vector for various attacks if not handled securely, especially if the target URLs are user-controlled or untrusted.  The significant percentage of unescaped output (37%) is a notable weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if sensitive data is not properly sanitized before display.\n\nThe taint analysis, while reporting no critical or high severity flows, did identify two flows with unsanitized paths. This indicates a potential for path traversal vulnerabilities, even if they haven't escalated to critical levels in static analysis. The complete lack of nonce and capability checks across all entry points (AJAX, REST API, shortcodes, cron) is a major security gap. This means that any action initiated through these mechanisms could be performed by unauthenticated or unauthorized users, opening the door to privilege escalation or unauthorized data manipulation.\n\nWhile the plugin has no recorded vulnerability history, the static analysis reveals significant potential weaknesses that could easily be exploited. The lack of authentication and authorization checks on all entry points, combined with the unsanitized path flows and unescaped output, suggest a high risk of exploitation for XSS, privilege escalation, and potentially other vulnerabilities. The external HTTP requests also add to the overall risk profile.",[129,131,134,136,139],{"reason":130,"points":11},"Unsanitized paths found in taint analysis",{"reason":132,"points":133},"Missing nonce checks on entry points",15,{"reason":135,"points":133},"Missing capability checks on entry points",{"reason":137,"points":138},"Unescaped output identified",6,{"reason":140,"points":87},"External HTTP requests made","2026-03-17T01:16:35.737Z",{"wat":143,"direct":152},{"assetPaths":144,"generatorPatterns":147,"scriptPaths":148,"versionParams":149},[145,146],"\u002Fwp-content\u002Fplugins\u002Faffiliate-marketing\u002Fcss\u002Fsdelka-admin.css","\u002Fwp-content\u002Fplugins\u002Faffiliate-marketing\u002Fjs\u002Fsdelka-admin.js",[],[],[150,151],"affiliate-marketing\u002Fcss\u002Fsdelka-admin.css?ver=","affiliate-marketing\u002Fjs\u002Fsdelka-admin.js?ver=",{"cssClasses":153,"htmlComments":154,"htmlAttributes":155,"restEndpoints":156,"jsGlobals":157,"shortcodeOutput":158},[],[],[],[],[],[]]