[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhnPulUmrsCDB14jEdu5_fVa32Cj0y0CIt1tBUBDrLto":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":42,"crawl_stats":31,"alternatives":49,"analysis":50,"fingerprints":458},"appy-pie-connect-for-woocommerce","Appy Pie Connect for WooCommerce","1.1.4","Appy Pie","https:\u002F\u002Fprofiles.wordpress.org\u002Fhancock11\u002F","\u003Cp>This plugin is created for handling WooCommerce related REST API So, to use this plugin you need to install and activate \u003Ca href=\"#\" rel=\"nofollow ugc\">WC REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features of WP Form Connector\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No configuration needed\u003C\u002Fli>\n\u003Cli>Easy to use and lightweight plugin\u003C\u002Fli>\n\u003Cli>Developer friendly & easy to customize\u003C\u002Fli>\n\u003Cli>WC Custom endpoints REST API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Support : \u003Ca href=\"https:\u002F\u002Fwww.appypie.com\u002Fcontact-us\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.appypie.com\u002Fcontact-us\u003C\u002Fa>\u003C\u002Fp>\n","Short Description: This plugin provides awesome functionality to your WordPress site.",10,1878,0,"2025-12-04T10:21:00.000Z","6.9.4","4.8","7.4",[],"https:\u002F\u002Fwww.appypie.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappy-pie-connect-for-woocommerce.1.1.4.zip",95,1,"2025-10-02 22:31:47","2026-03-15T15:16:48.613Z",[26],{"id":27,"url_slug":28,"title":29,"description":30,"plugin_slug":4,"theme_slug":31,"affected_versions":32,"patched_in_version":33,"severity":34,"cvss_score":35,"cvss_vector":36,"vuln_type":37,"published_date":23,"updated_date":38,"references":39,"days_to_patch":41},"CVE-2025-9286","appy-pie-connect-for-woocommerce-missing-authorization-to-unauthenticated-privilege-escalation-via-resetuserpassword","Appy Pie Connect for WooCommerce \u003C= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password","The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.",null,"\u003C=1.1.2","1.1.3","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unverified Password Change","2025-10-30 14:16:38",[40],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F36fb5b8d-1ea4-45c2-8639-b229efdb57db?source=api-prod",28,{"slug":43,"display_name":7,"profile_url":8,"plugin_count":44,"total_installs":45,"avg_security_score":46,"avg_patch_time_days":41,"trust_score":47,"computed_at":48},"hancock11",4,60,91,88,"2026-04-05T20:01:27.234Z",[],{"attackSurface":51,"codeSignals":405,"taintFlows":420,"riskAssessment":448,"analyzedAt":457},{"hooks":52,"ajaxHandlers":186,"restRoutes":187,"shortcodes":402,"cronEvents":403,"entryPointCount":350,"unprotectedCount":404},[53,59,62,65,68,71,74,77,80,84,87,90,92,95,98,101,104,107,110,113,116,119,122,125,127,130,134,138,141,143,146,149,155,158,161,164,166,169,171,174,176,178,180,182],{"type":54,"name":55,"callback":56,"file":57,"line":58},"action","rest_api_init","get_register_user_route","connect-woocommerce-rest-api.php",34,{"type":54,"name":55,"callback":60,"file":57,"line":61},"customer_register",39,{"type":54,"name":55,"callback":63,"file":57,"line":64},"delete_user",44,{"type":54,"name":55,"callback":66,"file":57,"line":67},"update_user_detail",49,{"type":54,"name":55,"callback":69,"file":57,"line":70},"get_user_by_id",54,{"type":54,"name":55,"callback":72,"file":57,"line":73},"get_user_login",59,{"type":54,"name":55,"callback":75,"file":57,"line":76},"forget_password",64,{"type":54,"name":55,"callback":78,"file":57,"line":79},"reset_password",69,{"type":54,"name":55,"callback":81,"file":82,"line":83},"wc_product_routes","product-api.php",12,{"type":54,"name":55,"callback":85,"file":82,"line":86},"view_single_product",17,{"type":54,"name":55,"callback":88,"file":82,"line":89},"view_single_update_product",22,{"type":54,"name":55,"callback":91,"file":82,"line":41},"get_product_by_author",{"type":54,"name":55,"callback":93,"file":82,"line":94},"get_category_list",33,{"type":54,"name":55,"callback":96,"file":82,"line":97},"get_product_by_category_slug",38,{"type":54,"name":55,"callback":99,"file":82,"line":100},"create_product_route",43,{"type":54,"name":55,"callback":102,"file":82,"line":103},"delete_product_route",48,{"type":54,"name":55,"callback":105,"file":82,"line":106},"update_product_route",53,{"type":54,"name":55,"callback":108,"file":82,"line":109},"wc_get_update_product_routes",58,{"type":54,"name":55,"callback":111,"file":82,"line":112},"create_woocommerce_category_endpoint",63,{"type":54,"name":55,"callback":114,"file":82,"line":115},"update_woocommerce_category_endpoint",68,{"type":54,"name":55,"callback":117,"file":82,"line":118},"delete_woocommerce_category_endpoint",73,{"type":54,"name":55,"callback":120,"file":82,"line":121},"filter_wc_category_by_slug",78,{"type":54,"name":55,"callback":123,"file":82,"line":124},"create_wc_attribute_variation_productid_slug",83,{"type":54,"name":55,"callback":126,"file":82,"line":47},"update_wc_attribute_variation_productid_slug",{"type":54,"name":55,"callback":128,"file":82,"line":129},"wc_variation_routes",93,{"type":54,"name":131,"callback":132,"priority":11,"file":82,"line":133},"woocommerce_product_after_variable_attributes","appy_pie_connect_custom_field_to_variations",2011,{"type":54,"name":55,"callback":135,"file":136,"line":137},"wc_coupons_route","wc-coupons-api.php",13,{"type":54,"name":55,"callback":139,"file":136,"line":140},"view_coupons_route",18,{"type":54,"name":55,"callback":142,"file":136,"line":89},"create_coupons_route",{"type":54,"name":55,"callback":144,"file":136,"line":145},"delete_coupons_route",27,{"type":54,"name":55,"callback":147,"file":136,"line":148},"update_coupons_route",32,{"type":150,"name":151,"callback":152,"priority":11,"file":153,"line":154},"filter","woocommerce_webhook_topics","add_custom_webhook_topics","wc-custom-webhook.php",16,{"type":54,"name":156,"callback":157,"priority":11,"file":153,"line":86},"woocommerce_order_status_completed","on_woocommerce_order_status_completed",{"type":150,"name":159,"callback":160,"priority":11,"file":153,"line":140},"woocommerce_webhook_payload","add_custom_webhook_payload",{"type":54,"name":55,"callback":162,"file":163,"line":137},"wc_invoice_routes","wc-invoice-api.php",{"type":54,"name":55,"callback":165,"file":163,"line":86},"wc_invoice_generate_routes",{"type":54,"name":55,"callback":167,"file":168,"line":137},"wc_order_routes","wc-order-api.php",{"type":54,"name":55,"callback":170,"file":168,"line":140},"register_user_order_route",{"type":54,"name":55,"callback":172,"file":168,"line":173},"register_view_order",23,{"type":54,"name":55,"callback":175,"file":168,"line":41},"register_update_order",{"type":54,"name":55,"callback":177,"file":168,"line":94},"register_delete_order",{"type":54,"name":55,"callback":179,"file":168,"line":97},"register_create_order",{"type":54,"name":55,"callback":181,"file":168,"line":100},"register_order_received",{"type":54,"name":55,"callback":183,"file":184,"line":185},"closure","wc-webhook-api.php",8,[],[188,195,201,206,212,217,222,227,232,237,242,247,252,257,262,267,272,277,282,287,292,297,302,307,312,317,322,327,331,336,341,346,351,356,360,365,370,375,380,385,392,397],{"namespace":189,"route":190,"methods":191,"callback":193,"permissionCallback":194,"file":57,"line":129},"wc\u002Fv3","\u002Fcustomer\u002Flist",[192],"GET","get_user_list","get_items_permissions_check",{"namespace":189,"route":196,"methods":197,"callback":199,"permissionCallback":194,"file":57,"line":200},"\u002Fcustomer\u002Fcreate",[198],"POST","add_new_user",109,{"namespace":189,"route":202,"methods":203,"callback":204,"permissionCallback":194,"file":57,"line":205},"\u002Fcustomer\u002Flogin",[198],"user_login_route",125,{"namespace":189,"route":207,"methods":208,"callback":210,"permissionCallback":194,"file":57,"line":211},"\u002Fcustomer\u002Fdelete\u002F(?P\u003Cuser_id>[\\d]+)",[209],"DELETE","delete_wc_user",141,{"namespace":189,"route":213,"methods":214,"callback":215,"permissionCallback":194,"file":57,"line":216},"\u002Fcustomer\u002Fupdate",[198],"update_user_info",157,{"namespace":189,"route":218,"methods":219,"callback":220,"permissionCallback":194,"file":57,"line":221},"\u002Fcustomer\u002Fdetail\u002F(?P\u003Cuser_id>[\\d]+)",[192],"get_user_info_by_userid",173,{"namespace":189,"route":223,"methods":224,"callback":225,"permissionCallback":194,"file":57,"line":226},"customer\u002Fforget_password",[198],"check_user_email",189,{"namespace":189,"route":228,"methods":229,"callback":230,"permissionCallback":194,"file":57,"line":231},"customer\u002Freset_password",[198],"reset_user_password",206,{"namespace":189,"route":233,"methods":234,"callback":235,"permissionCallback":194,"file":82,"line":236},"\u002Fproduct\u002Flist",[192],"get_product_list",101,{"namespace":189,"route":238,"methods":239,"callback":240,"permissionCallback":194,"file":82,"line":241},"\u002Fvariation\u002Flist",[192],"get_variation_list",117,{"namespace":189,"route":243,"methods":244,"callback":245,"permissionCallback":194,"file":82,"line":246},"\u002Fproduct\u002Fupdatelist",[192],"get_update_product_list",132,{"namespace":189,"route":248,"methods":249,"callback":250,"permissionCallback":194,"file":82,"line":251},"\u002Fproduct\u002Flist\u002F(?P\u003Cid>[\\d]+)",[192],"get_single_product_detail",147,{"namespace":189,"route":253,"methods":254,"callback":255,"permissionCallback":194,"file":82,"line":256},"\u002Fproduct\u002Fupdatelist\u002F(?P\u003Cid>[\\d]+)",[192],"get_single_update_product_detail",162,{"namespace":189,"route":258,"methods":259,"callback":260,"permissionCallback":194,"file":82,"line":261},"\u002Fproduct\u002Fcreatevariation",[198],"create_product_variation_with_attribute",178,{"namespace":189,"route":263,"methods":264,"callback":265,"permissionCallback":194,"file":82,"line":266},"\u002Fproduct\u002Fupdatevariation",[198],"update_product_variation_with_attribute",194,{"namespace":189,"route":268,"methods":269,"callback":270,"permissionCallback":194,"file":82,"line":271},"\u002Fproduct\u002Fauthor\u002F(?P\u003Cid>[\\d]+)",[192],"listing_product_by_author",209,{"namespace":189,"route":273,"methods":274,"callback":275,"permissionCallback":194,"file":82,"line":276},"\u002Fproduct\u002Fcategories",[192],"display_wc_category_list",225,{"namespace":189,"route":278,"methods":279,"callback":280,"permissionCallback":194,"file":82,"line":281},"\u002Fproduct\u002Fcreate-category",[198],"create_woocommerce_category",240,{"namespace":189,"route":283,"methods":284,"callback":285,"permissionCallback":194,"file":82,"line":286},"\u002Fproduct\u002Fupdate-category",[198],"update_woocommerce_category",255,{"namespace":189,"route":288,"methods":289,"callback":290,"permissionCallback":194,"file":82,"line":291},"\u002Fproduct\u002Fdelete-category\u002F(?P\u003Cid>\\d+)",[198],"delete_woocommerce_category",270,{"namespace":189,"route":293,"methods":294,"callback":295,"permissionCallback":194,"file":82,"line":296},"\u002Fproduct\u002Fcategory",[192],"get_wc_product_by_category",286,{"namespace":189,"route":298,"methods":299,"callback":300,"permissionCallback":194,"file":82,"line":301},"\u002Fproduct\u002Ffiltercategory",[192],"filter_wc_product_by_category",302,{"namespace":189,"route":303,"methods":304,"callback":305,"permissionCallback":31,"file":82,"line":306},"product\u002Fcreate",[198],"create_product",318,{"namespace":189,"route":308,"methods":309,"callback":310,"permissionCallback":31,"file":82,"line":311},"product\u002Fdelete\u002F(?P\u003Cproduct_id>[\\d]+)",[198],"delete_product",330,{"namespace":189,"route":313,"methods":314,"callback":315,"permissionCallback":31,"file":82,"line":316},"product\u002Fupdate",[198],"update_product",342,{"namespace":189,"route":318,"methods":319,"callback":320,"permissionCallback":194,"file":136,"line":321},"\u002Fcoupons\u002Flist",[192],"get_coupons_list",41,{"namespace":189,"route":323,"methods":324,"callback":325,"permissionCallback":194,"file":136,"line":326},"\u002Fcoupons\u002Flist\u002F(?P\u003Cid>[\\d]+)",[192],"view_coupons_by_id",57,{"namespace":189,"route":328,"methods":329,"callback":330,"permissionCallback":194,"file":136,"line":118},"\u002Fcoupons\u002Fcreate",[198],"create_coupon",{"namespace":189,"route":332,"methods":333,"callback":334,"permissionCallback":194,"file":136,"line":335},"\u002Fcoupons\u002Fdelete\u002F(?P\u003Cid>[\\d]+)",[198],"delete_coupons",89,{"namespace":189,"route":337,"methods":338,"callback":339,"permissionCallback":194,"file":136,"line":340},"\u002Fcoupons\u002Fupdate",[198],"update_coupons",105,{"namespace":189,"route":342,"methods":343,"callback":344,"permissionCallback":194,"file":163,"line":345},"\u002Finvoice\u002Flist",[192],"get_invoice_list",25,{"namespace":189,"route":347,"methods":348,"callback":349,"permissionCallback":194,"file":163,"line":350},"invoice\u002Flist",[198],"generate_invoice_list",42,{"namespace":189,"route":352,"methods":353,"callback":354,"permissionCallback":194,"file":168,"line":355},"\u002Forder\u002Flist",[192],"get_order_list",51,{"namespace":189,"route":357,"methods":358,"callback":359,"permissionCallback":194,"file":168,"line":115},"order\u002Flist\u002F(?P\u003Corder_id>[\\d]+)",[192],"view_order_detail",{"namespace":189,"route":361,"methods":362,"callback":363,"permissionCallback":194,"file":168,"line":364},"order\u002Fdelete\u002F(?P\u003Corder_id>[\\d]+)",[209],"delete_order",85,{"namespace":189,"route":366,"methods":367,"callback":368,"permissionCallback":194,"file":168,"line":369},"user\u002Forder\u002Flist\u002F(?P\u003Ccustomer_id>[\\d]+)",[192],"get_user_order_list",102,{"namespace":189,"route":371,"methods":372,"callback":373,"permissionCallback":194,"file":168,"line":374},"\u002Forder\u002Fupdate",[198],"update_order",118,{"namespace":189,"route":376,"methods":377,"callback":378,"permissionCallback":194,"file":168,"line":379},"\u002Forder\u002Fcreate",[198],"create_order",135,{"namespace":189,"route":381,"methods":382,"callback":383,"permissionCallback":194,"file":168,"line":384},"order\u002Freceived\u002F(?P\u003Corder_id>[\\d]+)",[192],"order_received",151,{"namespace":386,"route":387,"methods":388,"callback":389,"permissionCallback":390,"file":184,"line":391},"wp\u002Fv3","insert_webhook",[198],"appy_pie_connect_insert_webhook_data","appy_pie_connect_authenticate_users_permission",9,{"namespace":386,"route":393,"methods":394,"callback":395,"permissionCallback":390,"file":184,"line":396},"update_webhook\u002F(?P\u003Cid>\\d+)",[198],"appy_pie_connect_update_webhook_data",15,{"namespace":386,"route":398,"methods":399,"callback":400,"permissionCallback":390,"file":184,"line":401},"delete_webhook\u002F(?P\u003Cid>\\d+)",[209],"appy_pie_connect_delete_webhook_data",21,[],[],3,{"dangerousFunctions":406,"sqlUsage":407,"outputEscaping":410,"fileOperations":13,"externalRequests":404,"nonceChecks":13,"capabilityChecks":418,"bundledLibraries":419},[],{"prepared":408,"raw":13,"locations":409},11,[],{"escaped":246,"rawEcho":411,"locations":412},2,[413,416],{"file":82,"line":414,"context":415},422,"raw output",{"file":82,"line":417,"context":415},426,20,[],[421,440],{"entryPoint":422,"graph":423,"unsanitizedCount":13,"severity":439},"get_product_list (product-api.php:431)",{"nodes":424,"edges":436},[425,430],{"id":426,"type":427,"label":428,"file":82,"line":429},"n0","source","$_GET",437,{"id":431,"type":432,"label":433,"file":82,"line":434,"wp_function":435},"n1","sink","echo() [XSS]",438,"echo",[437],{"from":426,"to":431,"sanitized":438},true,"low",{"entryPoint":441,"graph":442,"unsanitizedCount":13,"severity":439},"\u003Cproduct-api> (product-api.php:0)",{"nodes":443,"edges":446},[444,445],{"id":426,"type":427,"label":428,"file":82,"line":429},{"id":431,"type":432,"label":433,"file":82,"line":434,"wp_function":435},[447],{"from":426,"to":431,"sanitized":438},{"summary":449,"deductions":450},"The \"appy-pie-connect-for-woocommerce\" plugin version 1.1.4 exhibits a mixed security posture.  While it demonstrates good practices in preventing SQL injection through the exclusive use of prepared statements and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and vulnerability history. The presence of 3 REST API routes without permission callbacks represents a direct entry point for potential unauthorized access or data manipulation.  Furthermore, the plugin's history includes a past critical vulnerability related to unverified password changes, indicating a potential for severe security flaws, even though it is currently patched.  The complete absence of nonce checks on AJAX handlers, combined with the unprotected REST API endpoints, raises a red flag for potential cross-site request forgery or unauthorized action execution.",[451,453,455],{"reason":452,"points":396},"Unprotected REST API routes",{"reason":454,"points":11},"No nonce checks on AJAX handlers",{"reason":456,"points":418},"Past critical vulnerability (Unverified Password Change)","2026-03-17T05:39:27.798Z",{"wat":459,"direct":470},{"assetPaths":460,"generatorPatterns":467,"scriptPaths":468,"versionParams":469},[461,462,463,464,465,466],"\u002Fwp-content\u002Fplugins\u002Fappy-pie-connect-for-woocommerce\u002Fproduct-api.php","\u002Fwp-content\u002Fplugins\u002Fappy-pie-connect-for-woocommerce\u002Fwc-order-api.php","\u002Fwp-content\u002Fplugins\u002Fappy-pie-connect-for-woocommerce\u002Fwc-invoice-api.php","\u002Fwp-content\u002Fplugins\u002Fappy-pie-connect-for-woocommerce\u002Fwc-coupons-api.php","\u002Fwp-content\u002Fplugins\u002Fappy-pie-connect-for-woocommerce\u002Fwc-custom-webhook.php","\u002Fwp-content\u002Fplugins\u002Fappy-pie-connect-for-woocommerce\u002Fwc-webhook-api.php",[],[],[],{"cssClasses":471,"htmlComments":472,"htmlAttributes":473,"restEndpoints":474,"jsGlobals":483,"shortcodeOutput":484},[],[],[],[475,476,477,478,479,480,481,482],"\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Flist","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Fcreate","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Flogin","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Fdelete\u002F(?P\u003Cuser_id>[\\d]+)","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Fupdate","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Fdetail\u002F(?P\u003Cuser_id>[\\d]+)","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Fforget_password","\u002Fwp-json\u002Fwc\u002Fv3\u002Fcustomer\u002Freset_password",[],[]]