[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRLG8WeWRgWM9rG-ICjpqGsbXIFq_fus1OGqm03q7ONw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":22,"download_link":23,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":137,"fingerprints":262},"amazing-wp-e-commerce","Amazing WP e-Commerce","1.0.1","Risto Niinemets","https:\u002F\u002Fprofiles.wordpress.org\u002Fristoniinemets\u002F","\u003Cp>Whilst developing a theme for WP e-Commerce, have you ever thought why there’s a template file for a list and a grid view, even though it is disabled in Store settings (Settings – Store – Presentation)?\u003C\u002Fp>\n\u003Cp>This plugin will enable Grid and List views and will let you to customize the grid view as it is presented in Store settings. Those settings are: Products per row, Show only images, Display Variations, Display Description, Display “Add to Cart” Button, Display “More Detail” Button.\u003C\u002Fp>\n\u003Cp>If you have ever looked into wpsc-single_product.php file then you probably have noticed the Gold Cart plugin function in there and it does nothing. Well, I have added functionality for it. With this plugin installed, you will see additional product thumbails under the main thumbnail (screenshot 1).\u003C\u002Fp>\n\u003Cp>Also it comes with a fancy extra feature: Extra Thumbnails. If your product has more than the featured image, then you can go to products page (catalog) and hover over the product thumbnail. It will load the extra images and start a slideshow.\u003C\u002Fp>\n","Enable some of the WP e-Commerce disabled features and simplify your development.",10,3530,100,1,"","3.5.2","3.0.1",[19,20,21],"wp-e-commerce","wpec","wpsc","http:\u002F\u002Fwww.wordpress.org\u002Fextend\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famazing-wp-e-commerce.1.0.1.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"ristoniinemets",4,2480,85,30,84,"2026-04-05T02:28:27.840Z",[37,55,76,94,111],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":30,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":15,"tags":50,"homepage":15,"download_link":53,"security_score":32,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":54},"wpec-related-products","WP e-Commerce Related Products","1.3.2","Onnay Okheng","https:\u002F\u002Fprofiles.wordpress.org\u002Fonnayokheng\u002F","\u003Cp>WPEC Related Products for WP e-Commerce uses information available within the Single Product or All Page WPEC template to display related Products that belong to the same Product Category or Product Tag.\u003C\u002Fp>\n\u003Cp>WPEC Related Products extend the WP e-Commerce Plugin by displaying related Products to site. It automatically selects related Products based on the Category or Tag.\u003C\u002Fp>\n\u003Cp>Thanks to Versipellis, Adam Sargant, code monkey.\u003C\u002Fp>\n\u003Cp>Contact me for say hello \u003Ca href=\"http:\u002F\u002Fonnayokheng.com\" title=\"WordPress Developer Indonesia\" rel=\"nofollow ugc\">Onnay Okheng\u003C\u002Fa> or buy me a cup of chocolate 🙂\u003C\u002Fp>\n","WPEC Related Products for WP e-Commerce uses information available within the Single Product template to display related Products.",70,16163,"2012-11-21T15:20:00.000Z","3.4.2","3.0",[51,19,52],"spec","wpsc-related-products","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpec-related-products.1.3.2.zip","2026-03-15T15:16:48.613Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":15,"tags":69,"homepage":74,"download_link":75,"security_score":32,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":54},"gourl-wp-ecommerce-bitcoin-altcoin-payment-gateway-addon","GoUrl WP eCommerce – Bitcoin Altcoin Payment Gateway Addon","1.1.2","gourl","https:\u002F\u002Fprofiles.wordpress.org\u002Fgourl\u002F","\u003Cp>See \u003Ca href=\"https:\u002F\u002Fgourl.io\u002Fbitcoin-payments-wp-ecommerce.html#screenshot\" rel=\"nofollow ugc\">Screenshots\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>WordPress Plugin for WP eCommerce Features –\u003C\u002Fp>\n\u003Cul>\n\u003Cli>100% Free Open Source Plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcryptoapi\u002FBitcoin-Payments-WP-eCommerce\" rel=\"nofollow ugc\">Github.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Provides a Cryptocurrency Payment Gateway for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-e-commerce\u002F\" rel=\"ugc\">WP eCommerce 3.8.10 or higher\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Accept Bitcoin, BitcoinCash, Litecoin, Dash, Dogecoin, Speedcoin, Reddcoin, Potcoin, Feathercoin, Vertcoin, Peercoin, MonetaryUnit payments in WP eCommerce\u003C\u002Fli>\n\u003Cli>No Monthly Fee, Transaction Fee from 0%\u003C\u002Fli>\n\u003Cli>Product Prices in Bitcoin\u002FAltcoins directly and sends the amount straight to your business wallet.\u003C\u002Fli>\n\u003Cli>Product Prices in USD\u002FEUR\u002FGBP\u002Fetc. Google\u002FBitstamp\u002FPoloniex Live Exchange Rates\u003C\u002Fli>\n\u003Cli>Direct Integration on your website, no external payment pages opens (as other payment gateways offer)\u003C\u002Fli>\n\u003Cli>You will see the bitcoin\u002Faltcoin payment statistics in one common table on your website. \u003C\u002Fli>\n\u003Cli>No Chargebacks, Global, Secure. All in automatic mode.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgourl.io\u002Fview\u002Fcontact\u002FContact_Us.html\" rel=\"nofollow ugc\">Free Tech Support\u003C\u002Fa> for You\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin Page: \u003Ca href=\"https:\u002F\u002Fgourl.io\u002Fbitcoin-payments-wp-ecommerce.html\" rel=\"nofollow ugc\">https:\u002F\u002Fgourl.io\u002Fbitcoin-payments-wp-ecommerce.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Twitter: \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FCryptocoinAPI\" rel=\"nofollow ugc\">https:\u002F\u002Ftwitter.com\u002FCryptocoinAPI\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Github: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcryptoapi\u002FBitcoin-Payments-WP-eCommerce\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fcryptoapi\u002FBitcoin-Payments-WP-eCommerce\u003C\u002Fa>\u003C\u002Fp>\n","Provides Bitcoin\u002FAltcoin Payment Gateway for WP eCommerce 3.8.10+ or higher. Accept Bitcoin, Bitcoin Cash, Litecoin, Dogecoin, Dash, etc Payments on Y …",40,103177,3,"2021-07-13T16:55:00.000Z","5.8.13","3.5",[70,71,19,72,73],"bitcoin","bitcoincash","wp-ecommerce","wpecommerce","https:\u002F\u002Fgourl.io\u002Fbitcoin-payments-wp-ecommerce.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgourl-wp-ecommerce-bitcoin-altcoin-payment-gateway-addon.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":17,"requires_php":15,"tags":89,"homepage":92,"download_link":93,"security_score":32,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":54},"qtranslate-loves-wp-e-commerce","qTranslate loves WPEC","1.0","stereohero","https:\u002F\u002Fprofiles.wordpress.org\u002Fstereohero\u002F","\u003Cp>This is a simple and tiny plug-in which add translatable form fields for wp e-commerce taxonomies (product categores, variations and product tags).\u003C\u002Fp>\n\u003Cp>Just activate it and you’re good to go.\u003C\u002Fp>\n\u003Cp>Requires qTranslate and WP e-commerce.\u003C\u002Fp>\n","Adds translatable form fields for wp e-commerce taxonomies (product categories, variations and product tags).",2235,90,2,"2014-02-27T20:14:00.000Z","3.7.41",[90,91,19,20],"qtranslate","translation","http:\u002F\u002Fstereohero.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqtranslate-loves-wp-e-commerce.zip",{"slug":95,"name":96,"version":79,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":102,"num_ratings":86,"last_updated":103,"tested_up_to":48,"requires_at_least":104,"requires_php":15,"tags":105,"homepage":109,"download_link":110,"security_score":32,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":54},"wp-e-commerce-call-for-price","WP e-Commerce Call for Price","themeszone","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcommerce\u002F","\u003Cp>This is a WP e-Commerce plugin that allows you to hide the price of a specific product and replace it with a message asking your customers to call for price.\u003Cbr \u002F>\nThe plugin is easy to use and configure. There there 15 “Call for Price” icons available as well as an ability to upload custom “Call for Price” icons. Install it, Configure it and Rock it.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>http:\u002F\u002Fecommercewp.com\u002Fwp-e-commerce-call-for-price\u002F\u003C\u002Fp>\n","This is a WP e-Commerce plugin that allows you to hide the price of a specific product and replace it with a message asking your customers to call for …",4958,60,"2012-04-17T21:24:00.000Z","3.1",[106,107,108,19,20],"call-for-price","custom-meta","e-commerce","http:\u002F\u002Fecommercewp.com\u002Fwp-e-commerce-call-for-price\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-e-commerce-call-for-price.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":132,"download_link":133,"security_score":134,"vuln_count":135,"unpatched_count":24,"last_vuln_date":136,"fetched_at":54},"stop-user-enumeration","Stop User Enumeration","1.7.7","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.\u003C\u002Fp>\n\u003Cp>User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.\u003C\u002Fp>\n\u003Cp>Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.\u003C\u002Fp>\n\u003Cp>If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.\u003C\u002Fp>\n\u003Cp>If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin.\u003C\u002Fp>\n\u003Cp>The plugin can stop the user id being leaked by the oEmbed API call.\u003C\u002Fp>\n\u003Cp>Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this\u003Cbr \u002F>\nplugin will restrict and log that too.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5  sitemaps are generated by core WP  ( wp-sitemap.xml ) which includes a user\u002Fauthor sitemap that exposes the user id.  You can enable \u002F disable this in the plugin settings.\u003C\u002Fp>\n\u003Ch4>PHP 8.4 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blocks user enumeration requests by GET or POST\u003C\u002Fli>\n\u003Cli>Syslogs a block so Fail2Ban can be used to block an IP\u003C\u002Fli>\n\u003Cli>Optionally blocks REST API user requests for non authorized users\u003C\u002Fli>\n\u003Cli>Optionally removes author sitemap\u003C\u002Fli>\n\u003Cli>Optionally removes author from OEMBED\u003C\u002Fli>\n\u003Cli>Optionally removes numbers from comment authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin includes an optional email feature for plugin news and updates. When enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your email address may be sent to https:\u002F\u002Ffullworksplugins.com for important plugin updates and security notices\u003C\u002Fli>\n\u003Cli>This is completely optional and requires your explicit consent via the opt-in form in the plugin settings\u003C\u002Fli>\n\u003Cli>No data is collected or transmitted without your permission\u003C\u002Fli>\n\u003Cli>You can opt-out at any time from the plugin settings\u003C\u002Fli>\n\u003Cli>No other personal data is collected or transmitted to external services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system:\u003Cbr \u002F>\n* IP addresses of potential attackers are logged locally for security monitoring\u003Cbr \u002F>\n* These logs remain on your server and are not transmitted to any external service\u003Cbr \u002F>\n* Logs can be used with fail2ban or similar tools for enhanced security\u003C\u002Fp>\n\u003Cp>For more information about data handling, please visit https:\u002F\u002Ffullworksplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Helps secure your site against hacking attacks through detecting  User Enumeration",50000,1305856,98,128,"2025-12-15T10:48:00.000Z","6.9.4","6.3","7.4",[128,129,130,131],"fail2ban","security","user-enumeration","wpscan","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-user-enumeration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-user-enumeration.1.7.7.zip",91,6,"2025-06-26 00:00:00",{"attackSurface":138,"codeSignals":172,"taintFlows":205,"riskAssessment":248,"analyzedAt":261},{"hooks":139,"ajaxHandlers":158,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":30,"unprotectedCount":30},[140,146,150,154,156,157],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","wp_enqueue_scripts","load_amazing_ecommerce_assets","amazing-ecommerce.php",519,{"type":141,"name":147,"callback":148,"file":144,"line":149},"wpsc_top_of_products_page","create_amazing_ecommerce_grid",520,{"type":141,"name":151,"callback":152,"file":144,"line":153},"wpsc_theme_footer","finish_amazing_ecommerce_grid",521,{"type":141,"name":142,"callback":143,"file":155,"line":145},"trunk\\amazing-ecommerce.php",{"type":141,"name":147,"callback":148,"file":155,"line":149},{"type":141,"name":151,"callback":152,"file":155,"line":153},[159,164,167,168],{"action":160,"nopriv":161,"callback":162,"hasNonce":161,"hasCapCheck":161,"file":144,"line":163},"extra_product_images",false,"get_amazing_ecommerce_images",522,{"action":160,"nopriv":165,"callback":162,"hasNonce":161,"hasCapCheck":161,"file":144,"line":166},true,523,{"action":160,"nopriv":161,"callback":162,"hasNonce":161,"hasCapCheck":161,"file":155,"line":163},{"action":160,"nopriv":165,"callback":162,"hasNonce":161,"hasCapCheck":161,"file":155,"line":166},[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":204},[],{"prepared":24,"raw":24,"locations":175},[],{"escaped":24,"rawEcho":177,"locations":178},16,[179,182,184,186,188,190,192,194,196,197,198,199,200,201,202,203],{"file":144,"line":180,"context":181},181,"raw output",{"file":144,"line":183,"context":181},207,{"file":144,"line":185,"context":181},233,{"file":144,"line":187,"context":181},260,{"file":144,"line":189,"context":181},287,{"file":144,"line":191,"context":181},394,{"file":144,"line":193,"context":181},456,{"file":144,"line":195,"context":181},510,{"file":155,"line":180,"context":181},{"file":155,"line":183,"context":181},{"file":155,"line":185,"context":181},{"file":155,"line":187,"context":181},{"file":155,"line":189,"context":181},{"file":155,"line":191,"context":181},{"file":155,"line":193,"context":181},{"file":155,"line":195,"context":181},[],[206,223,231,240],{"entryPoint":207,"graph":208,"unsanitizedCount":14,"severity":222},"get_amazing_ecommerce_images (amazing-ecommerce.php:487)",{"nodes":209,"edges":220},[210,215],{"id":211,"type":212,"label":213,"file":144,"line":214},"n0","source","$_REQUEST",494,{"id":216,"type":217,"label":218,"file":144,"line":195,"wp_function":219},"n1","sink","echo() [XSS]","echo",[221],{"from":211,"to":216,"sanitized":161},"medium",{"entryPoint":224,"graph":225,"unsanitizedCount":14,"severity":222},"get_amazing_ecommerce_images (trunk\\amazing-ecommerce.php:487)",{"nodes":226,"edges":229},[227,228],{"id":211,"type":212,"label":213,"file":155,"line":214},{"id":216,"type":217,"label":218,"file":155,"line":195,"wp_function":219},[230],{"from":211,"to":216,"sanitized":161},{"entryPoint":232,"graph":233,"unsanitizedCount":14,"severity":239},"\u003Camazing-ecommerce> (amazing-ecommerce.php:0)",{"nodes":234,"edges":237},[235,236],{"id":211,"type":212,"label":213,"file":144,"line":214},{"id":216,"type":217,"label":218,"file":144,"line":195,"wp_function":219},[238],{"from":211,"to":216,"sanitized":161},"low",{"entryPoint":241,"graph":242,"unsanitizedCount":14,"severity":239},"\u003Camazing-ecommerce> (trunk\\amazing-ecommerce.php:0)",{"nodes":243,"edges":246},[244,245],{"id":211,"type":212,"label":213,"file":155,"line":214},{"id":216,"type":217,"label":218,"file":155,"line":195,"wp_function":219},[247],{"from":211,"to":216,"sanitized":161},{"summary":249,"deductions":250},"The \"amazing-wp-e-commerce\" v1.0.1 plugin presents a significant security risk due to a poorly implemented attack surface. While it shows good practices in avoiding dangerous functions, raw SQL queries, and external HTTP requests, its handling of entry points is concerning. All four identified AJAX handlers lack authentication checks, creating a wide open avenue for potential exploits. Furthermore, the plugin suffers from a complete lack of output escaping for all 16 identified output points, meaning any user-controlled data displayed could be vulnerable to cross-site scripting (XSS) attacks.\n\nThe taint analysis reveals four flows with unsanitized paths, which, combined with the lack of output escaping, strongly suggests a high risk of XSS vulnerabilities. The absence of nonce checks on AJAX handlers exacerbates this risk. Despite the plugin having no recorded vulnerability history, this data point alone does not indicate strong security; it may simply reflect a lack of widespread discovery or a less scrutinized plugin.\n\nIn conclusion, the plugin's strengths in SQL query handling and avoiding certain dangerous functions are overshadowed by critical weaknesses in authentication, output sanitization, and overall attack surface management. The significant number of unprotected AJAX handlers and universally unescaped outputs are major security concerns that require immediate attention.",[251,254,256,259],{"reason":252,"points":253},"Unprotected AJAX handlers",20,{"reason":255,"points":177},"No output escaping",{"reason":257,"points":258},"Unsanitized paths in taint flows",12,{"reason":260,"points":11},"No nonce checks on AJAX","2026-03-16T23:31:38.080Z",{"wat":263,"direct":268},{"assetPaths":264,"generatorPatterns":265,"scriptPaths":266,"versionParams":267},[],[],[],[],{"cssClasses":269,"htmlComments":271,"htmlAttributes":272,"restEndpoints":274,"jsGlobals":275,"shortcodeOutput":276},[270],"gallery_images",[],[273],"rel=\"thickbox\"",[],[],[]]