[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fg4sV_uqJBXTuynH7KXh_H3NoEfpc-OhTVzFytdsfLDI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":150,"fingerprints":377},"appypie-web-to-app","Appypie Web to Mobile App","1.2.0","Appy Pie","https:\u002F\u002Fprofiles.wordpress.org\u002Fhancock11\u002F","\u003Cp>Appy Pie Web to Mobile App is a WordPress plugin that converts your blog\u002Fwebsite into a native\u002Fhybrid mobile App. This plugin also lets you convert your Woocommerce store into a user-friendly mobile app and ensures that the content from your website or store gets automatically and instantly integrated into the app as well.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Be Where the Customers Are On Their Phone.\u003C\u002Fli>\n\u003Cli>Make it Easy to do Business.\u003C\u002Fli>\n\u003Cli>Keep the Customers Engaged.\u003C\u002Fli>\n\u003Cli>Get More Repeat Business.\u003C\u002Fli>\n\u003Cli>Boost Your Website SEO Ranking. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fast Native Apps: Native apps created are fast, feature-rich, and provide the best user experience.\u003C\u002Fli>\n\u003Cli>No Coding Skill Required: No need to write even a single line of code when you create your native app.\u003C\u002Fli>\n\u003Cli>Real-Time Synchronization: Any change in the website or WooCommerce store gets reflected in real-time on the mobile app.\u003C\u002Fli>\n\u003Cli>Robust Communication: Users can call, email, text, and even locate you with a tap!\u003C\u002Fli>\n\u003Cli>Powerful Push Notifications: Keep your customers engaged with unlimited Geo (location-based), categorized, and scheduled push notifications.\u003C\u002Fli>\n\u003Cli>Effective Push Notifications: Send push notifications that include pictures and links.\u003C\u002Fli>\n\u003Cli>Modifiable Features: Add or remove app features as often as desired without having to republish.\u003C\u002Fli>\n\u003Cli>Social Integrations: Add your Facebook, Twitter, Instagram pages, and more\u003C\u002Fli>\n\u003Cli>App & Product Sharing: Let your product & app go Viral with app sharing features\u003C\u002Fli>\n\u003Cli>Google Analytics: See how your users are using your app with an in-depth Google Analytics report\u003C\u002Fli>\n\u003Cli>Increase Your Site’s SEO Ranking\u003C\u002Fli>\n\u003Cli>Boost Your Brand – Be in the Apple App Store or Google Play Store. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s how it works:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate the plugin, provide the required app info, including your App Name, App Type, Theme Type, Color Theme, App icon, Splash screen, and Background image, and your website\u002FWoocommerce store will be converted into a native mobile app in a few minutes!\u003C\u002Fli>\n\u003Cli>The result is an amazing app that is light, fast, and delivers a native app s user experience. You can even power up your app with multiple features like push notifications, calendar events and reminders, messages log,and more.\u003C\u002Fli>\n\u003Cli>Your app is synchronised with your website and Woocommerce. Anytime you update your website or Woocommerce store, your mobile app will be updated in real-time.\u003C\u002Fli>\n\u003Cli>Test your app and see how it appears and functions on a real device.\u003C\u002Fli>\n\u003Cli>Appy Pie publishes your app in the Apple App Store or Google Play Store or you can publish yourself.\u003C\u002Fli>\n\u003Cli>Be confident with unlimited chat and email support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Website: http:\u002F\u002Fwww.appypie.com\u003C\u002Fp>\n\u003Cp>Support: support@appypie.com\u003C\u002Fp>\n","Transform your WordPress site or Woocommerce store into a powerful Mobile App with powerful native app features.",40,7402,80,2,"2023-11-02T08:06:00.000Z","6.3.8","4.9","7.2",[20,21,22,23],"android","appy-pie","ios","mobile-app-converter","http:\u002F\u002Fwww.appypie.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappypie-web-to-app.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"hancock11",4,60,91,28,88,"2026-04-05T09:15:36.808Z",[40,65,86,107,131],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":27,"last_vuln_date":64,"fetched_at":29},"wpappninja","WPMobile.App","11.75","Amauri","https:\u002F\u002Fprofiles.wordpress.org\u002Famauric\u002F","\u003Ch4>Android and iOS mobile app\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>πŸ’³ \u003Cstrong>LIFETIME LICENCE\u003C\u002Fstrong> – No subscription, no hidden fees.\u003Cbr \u002F>\n\u003Cem>Android 129€ \u002F\u002F iOS 129€ \u002F\u002F Android + iOS 239€\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸŽ‰ \u003Cstrong>FREE TEST\u003C\u002Fstrong> – You can test your mobile app \u003Ca href=\"https:\u002F\u002Fwpmobile.app\u002Fen\u002Ftest-my-app\u002F\" rel=\"nofollow ugc\">with the demo app\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ–Œ \u003Cstrong>CUSTOMIZATION\u003C\u002Fstrong> – No mention of our brand or advertisement, the mobile app is white-labeled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ“² \u003Cstrong>GREAT COMPATIBILITY\u003C\u002Fstrong> – The mobile apps is compatible with smartphones and tablets, always up-to-date.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ‘Œ \u003Cstrong>VERY EASY PUBLISH\u003C\u002Fstrong> – I take care of all the technical work, no software to download or complicated manipulation to do.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ’¬ \u003Cstrong>SUPPORT TEAM\u003C\u002Fstrong> – I’m here to help and answer all your requests as quickly as possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ‘ \u003Cstrong>AUTOMATIC APP UPDATE\u003C\u002Fstrong> – When new content is released, the application is automatically updated.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ“’ \u003Cstrong>NOTIFICATIONS\u003C\u002Fstrong> – Unlimited push notification: manually or with automated push.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>πŸ“ˆ \u003Cstrong>REAL-TIME STATISTICS\u003C\u002Fstrong> – Stats about the app usage, all statistics are real-time and hosted on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Android and iOS mobile application. Easy setup, free test.",4000,551250,96,161,"2025-12-02T15:54:00.000Z","6.9.4","3.7.0","5.6",[20,57,22,58,59],"android-app","ios-app","mobile-app","https:\u002F\u002Fwpmobile.app\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpappninja.zip",89,9,"2025-10-26 00:00:00",{"slug":66,"name":67,"version":68,"author":67,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":53,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":82,"download_link":83,"security_score":84,"vuln_count":14,"unpatched_count":27,"last_vuln_date":85,"fetched_at":29},"goodbarber","GoodBarber","1.0.28","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoodbarber\u002F","\u003Cp>GoodBarber plugin is a fork of JSON API created by dphiffer.\u003Cbr \u002F>\nGoodBarber plugin creates a communication interface between your WordPress and your GoodBarber account.\u003Cbr \u002F>\nIt is used to retrieve content from your WordPress so that you can sync it with your native app created with GoodBarber.\u003C\u002Fp>\n","GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and\u002For Android",1000,79584,100,3,"2026-03-09T13:18:00.000Z","2.8","",[20,66,22,80,81],"json","native-apps","https:\u002F\u002Fwww.goodbarber.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoodbarber.zip",98,"2025-04-16 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":37,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":104,"download_link":105,"security_score":106,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"pushover-for-woocommerce","Pushover Integration for WooCommerce","1.1.0","Shop Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fshopplugins\u002F","\u003Cp>Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.\u003Cbr \u002F>\nAfter installation and setup automatic notifications can be sent to your device for new orders, low stock, backorder and out of stock notifications.\u003C\u002Fp>\n\u003Cp>Follow this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshopplugins\u002Fpushover-for-woocommerce\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Translations and pull requests are welcome!\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n","Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.",800,36588,14,"2024-09-12T07:54:00.000Z","6.6.5","3.5",[20,101,22,102,103],"desktop","pushover","woocommerce","https:\u002F\u002Fshopplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpushover-for-woocommerce.1.1.0.zip",92,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":27,"num_ratings":27,"last_updated":117,"tested_up_to":98,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":126,"download_link":127,"security_score":128,"vuln_count":129,"unpatched_count":27,"last_vuln_date":130,"fetched_at":29},"push-notification-mobile-and-web-app","Push notification for Mobile and Web app","2.0.4","App Cheap","https:\u002F\u002Fprofiles.wordpress.org\u002Fappcheap\u002F","\u003Cp>Support push notification for mobile and the web app.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fcirilla-multipurpose-flutter-wordpress-app\u002F31940668\" rel=\"nofollow ugc\">Demo app\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Push services support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Firebase HTTP V1\u003C\u002Fli>\n\u003Cli>Firebase HTTP legacy\u003C\u002Fli>\n\u003Cli>OneSignal\u003C\u002Fli>\n\u003Cli>Debug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How does it work\u003C\u002Fh3>\n\u003Cp>The Push Notification plugin is built with five part:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trigger: When WordPress action execution (Post saved, Order status changed …)\u003C\u002Fli>\n\u003Cli>Recipients: One\u002F More recipients get the notification ( topic, registration ID, role, user, merge tag …)\u003C\u002Fli>\n\u003Cli>Conditionals: Determine whether notification send\u003C\u002Fli>\n\u003Cli>Action: The action when the user click to notification on device\u003C\u002Fli>\n\u003Cli>Merge Tag: That is dynamic information in that context\u003C\u002Fli>\n\u003Cli>String translation: Replace part of string on title and message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Comment Post: Fires immediately after a comment is inserted into the database.\u003C\u002Fli>\n\u003Cli>Post Type: Fires when a post is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Save Post: Fires once a post has been saved.\u003C\u002Fli>\n\u003Cli>Order Status Changed: Fires when an order is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Product Status Changed: Fires when a product is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>WCFM – Direct Messaging: Fires when vendor receive a message.\u003C\u002Fli>\n\u003Cli>BuddyPress: Fires Messages message sent, Activity Posted Update, Friends Friendship Accepted, Friends Friendship Requested, Groups Posted Update, Groups Send Invites\u003C\u002Fli>\n\u003C\u002Ful>\n","Push notification for Android, iOS and the Web",500,15918,"2025-12-06T07:06:00.000Z","5.8","7.4",[121,122,123,124,125],"android-notifications","app-builder","firebase-messages","ios-notifications","push-notification","https:\u002F\u002Fappcheap.io\u002Fpush-notification-mobile-and-web-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notification-mobile-and-web-app.2.0.4.zip",99,1,"2025-05-16 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":74,"num_ratings":75,"last_updated":141,"tested_up_to":142,"requires_at_least":143,"requires_php":18,"tags":144,"homepage":148,"download_link":149,"security_score":74,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"device-based-redirect","Device-Based Redirect","1.2.1","Nithin","https:\u002F\u002Fprofiles.wordpress.org\u002Fncherian\u002F","\u003Cp>Device Based Redirect allows you to easily set up redirects to your mobile apps or mobile-friendly URLs based on the user’s device type. Perfect for promoting your mobile apps to website visitors and implementing platform-specific deep linking through a single URL.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page-specific redirects – Configure different redirects for different pages on your site\u003C\u002Fli>\n\u003Cli>Custom URL redirects – Create custom URLs that redirect users based on their device\u003C\u002Fli>\n\u003Cli>Set different destinations for iOS and Android users. Can be used to send users to iOS and Android app store pages.\u003C\u002Fli>\n\u003Cli>Deep linking support – Direct users to specific sections of your app through platform-specific deep links\u003C\u002Fli>\n\u003Cli>Fallback URLs for other devices – Specify where non-mobile users should be redirected\u003C\u002Fli>\n\u003Cli>Easy-to-use admin interface – Simple configuration through WordPress admin panel\u003C\u002Fli>\n\u003Cli>Bulk enable\u002Fdisable option – Quickly turn all redirects on\u002Foff\u003C\u002Fli>\n\u003Cli>Transient Cache for end-user redirects – Reduces database load for high traffic sites\u003C\u002Fli>\n\u003Cli>Titles for Custom URL Redirects for better organizing of redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use Cases:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>App Store Promotion: Direct mobile users to your app’s store listing while showing desktop users your website\u003C\u002Fli>\n\u003Cli>Deep Linking: Create a single URL that opens different app screens on iOS and Android\u003C\u002Fli>\n\u003Cli>Redirect users to mobile-friendly URLs based on their device type\u003C\u002Fli>\n\u003Cli>Marketing Campaigns: Share one link that works across all platforms\u003C\u002Fli>\n\u003Cli>Cross-Platform Navigation: Seamlessly guide users to the right platform-specific destination\u003C\u002Fli>\n\u003Cli>302 redirects – Redirects are of 302 type as they are not permanent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin handles user agent detection and routing automatically, making it easy to implement complex platform-specific navigation through simple WordPress configuration.\u003C\u002Fp>\n","Redirect users to your app pages in app store or play store based on their device type with custom URLs and page-specific redirects.",300,2323,"2025-05-27T06:04:00.000Z","6.8.5","5.0",[20,22,145,146,147],"mobile-redirect","redirect","redirection","https:\u002F\u002Fgithub.com\u002Fncherian\u002Fdevice-based-redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevice-based-redirect.1.2.1.zip",{"attackSurface":151,"codeSignals":198,"taintFlows":297,"riskAssessment":363,"analyzedAt":376},{"hooks":152,"ajaxHandlers":173,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":197,"unprotectedCount":197},[153,159,163,167,171],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","admin_menu","add_androidapp_menu","appypie-woocommerce-app-maker.php",68,{"type":154,"name":160,"callback":161,"file":157,"line":162},"admin_init","wpapp_addcss",69,{"type":154,"name":164,"callback":165,"file":157,"line":166},"admin_footer","validater_js",70,{"type":154,"name":168,"callback":169,"file":157,"line":170},"admin_enqueue_scripts","ds_admin_theme_style",84,{"type":154,"name":172,"callback":169,"file":157,"line":26},"login_enqueue_scripts",[174,179,182,186,188,192],{"action":175,"nopriv":176,"callback":177,"hasNonce":176,"hasCapCheck":176,"file":157,"line":178},"verify_token",false,"get_state_ajax_callback",71,{"action":175,"nopriv":180,"callback":177,"hasNonce":176,"hasCapCheck":176,"file":157,"line":181},true,72,{"action":183,"nopriv":176,"callback":184,"hasNonce":176,"hasCapCheck":176,"file":157,"line":185},"create_app","create_app_ajax_callback",73,{"action":183,"nopriv":180,"callback":184,"hasNonce":176,"hasCapCheck":176,"file":157,"line":187},74,{"action":189,"nopriv":176,"callback":190,"hasNonce":176,"hasCapCheck":176,"file":157,"line":191},"payment_app","payment_app_ajax_callback",75,{"action":189,"nopriv":180,"callback":190,"hasNonce":176,"hasCapCheck":176,"file":157,"line":193},76,[],[],[],6,{"dangerousFunctions":199,"sqlUsage":200,"outputEscaping":202,"fileOperations":291,"externalRequests":292,"nonceChecks":27,"capabilityChecks":129,"bundledLibraries":293},[],{"prepared":33,"raw":27,"locations":201},[],{"escaped":27,"rawEcho":203,"locations":204},45,[205,208,210,212,214,216,218,220,222,224,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,274,276,277,279,281,282,284,285,287,289],{"file":157,"line":206,"context":207},133,"raw output",{"file":157,"line":209,"context":207},162,{"file":157,"line":211,"context":207},165,{"file":157,"line":213,"context":207},168,{"file":157,"line":215,"context":207},171,{"file":157,"line":217,"context":207},174,{"file":157,"line":219,"context":207},343,{"file":157,"line":221,"context":207},344,{"file":157,"line":223,"context":207},389,{"file":157,"line":223,"context":207},{"file":157,"line":226,"context":207},498,{"file":157,"line":228,"context":207},1207,{"file":157,"line":230,"context":207},1208,{"file":157,"line":232,"context":207},1210,{"file":157,"line":234,"context":207},1316,{"file":157,"line":236,"context":207},1321,{"file":157,"line":238,"context":207},1331,{"file":157,"line":240,"context":207},1332,{"file":157,"line":242,"context":207},1336,{"file":157,"line":244,"context":207},1427,{"file":157,"line":246,"context":207},1429,{"file":157,"line":248,"context":207},1430,{"file":157,"line":250,"context":207},1437,{"file":157,"line":252,"context":207},1440,{"file":157,"line":254,"context":207},1448,{"file":157,"line":256,"context":207},1451,{"file":157,"line":258,"context":207},1459,{"file":157,"line":260,"context":207},1461,{"file":157,"line":262,"context":207},1463,{"file":157,"line":264,"context":207},1472,{"file":157,"line":266,"context":207},1475,{"file":157,"line":268,"context":207},1572,{"file":157,"line":270,"context":207},1645,{"file":157,"line":272,"context":207},1647,{"file":157,"line":272,"context":207},{"file":157,"line":275,"context":207},1649,{"file":157,"line":275,"context":207},{"file":157,"line":278,"context":207},1661,{"file":157,"line":280,"context":207},1663,{"file":157,"line":280,"context":207},{"file":157,"line":283,"context":207},1664,{"file":157,"line":283,"context":207},{"file":157,"line":286,"context":207},1724,{"file":157,"line":288,"context":207},1726,{"file":290,"line":74,"context":207},"list\\CountryIP.php",8,7,[294],{"name":295,"version":28,"knownCves":296},"jQuery",[],[298,316,327,341,355],{"entryPoint":299,"graph":300,"unsanitizedCount":129,"severity":315},"get_state_ajax_callback (appypie-woocommerce-app-maker.php:378)",{"nodes":301,"edges":313},[302,307],{"id":303,"type":304,"label":305,"file":157,"line":306},"n0","source","$_POST",381,{"id":308,"type":309,"label":310,"file":157,"line":311,"wp_function":312},"n1","sink","file_get_contents() [SSRF\u002FLFI]",383,"file_get_contents",[314],{"from":303,"to":308,"sanitized":176},"medium",{"entryPoint":317,"graph":318,"unsanitizedCount":129,"severity":315},"getip_index1 (list\\CountryIP.php:77)",{"nodes":319,"edges":325},[320,322],{"id":303,"type":304,"label":321,"file":290,"line":74},"$_SERVER['REMOTE_ADDR']",{"id":308,"type":309,"label":323,"file":290,"line":74,"wp_function":324},"echo() [XSS]","echo",[326],{"from":303,"to":308,"sanitized":176},{"entryPoint":328,"graph":329,"unsanitizedCount":129,"severity":340},"android_app_main_page (appypie-woocommerce-app-maker.php:126)",{"nodes":330,"edges":338},[331,334],{"id":303,"type":304,"label":332,"file":157,"line":333},"$_GET",149,{"id":308,"type":309,"label":335,"file":157,"line":336,"wp_function":337},"update_option() [Settings Manipulation]",152,"update_option",[339],{"from":303,"to":308,"sanitized":176},"low",{"entryPoint":342,"graph":343,"unsanitizedCount":27,"severity":340},"\u003Cappypie-woocommerce-app-maker> (appypie-woocommerce-app-maker.php:0)",{"nodes":344,"edges":352},[345,346,347,350],{"id":303,"type":304,"label":332,"file":157,"line":333},{"id":308,"type":309,"label":335,"file":157,"line":336,"wp_function":337},{"id":348,"type":304,"label":349,"file":157,"line":306},"n2","$_POST (x2)",{"id":351,"type":309,"label":310,"file":157,"line":311,"wp_function":312},"n3",[353,354],{"from":303,"to":308,"sanitized":180},{"from":348,"to":351,"sanitized":180},{"entryPoint":356,"graph":357,"unsanitizedCount":129,"severity":340},"\u003CCountryIP> (list\\CountryIP.php:0)",{"nodes":358,"edges":361},[359,360],{"id":303,"type":304,"label":321,"file":290,"line":74},{"id":308,"type":309,"label":323,"file":290,"line":74,"wp_function":324},[362],{"from":303,"to":308,"sanitized":176},{"summary":364,"deductions":365},"The appypie-web-to-app plugin version 1.2.0 exhibits a concerning security posture primarily due to a significant attack surface exposed without proper authentication or authorization checks. All six identified AJAX handlers lack any form of authentication, presenting a direct pathway for unauthenticated users to interact with these functionalities. While the plugin demonstrates good practices by using prepared statements for all SQL queries and avoiding dangerous functions, the absence of nonce checks on AJAX actions is a critical oversight. Furthermore, the taint analysis revealed four flows with unsanitized paths, indicating potential vulnerabilities related to how user-supplied data is handled before being used in file operations. The vulnerability history being clean is a positive sign, suggesting the developers may not have introduced severe security flaws historically, but this does not mitigate the current risks identified in the code analysis.",[366,369,371,373],{"reason":367,"points":368},"AJAX handlers without authentication checks",10,{"reason":370,"points":368},"AJAX handlers without nonce checks",{"reason":372,"points":291},"Flows with unsanitized paths",{"reason":374,"points":375},"Unescaped output detected",5,"2026-03-16T22:19:42.052Z",{"wat":378,"direct":391},{"assetPaths":379,"generatorPatterns":388,"scriptPaths":389,"versionParams":390},[380,381,382,383,384,385,386,387],"\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fcss\u002Ffont.css","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fcss\u002Fpayment.css","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fcss\u002Ffontello.css","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fcss\u002Fappyslim.css","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fappypie-web-to-app\u002Flist\u002Fjs\u002Fjquery.validate.min.js",[],[386,387],[],{"cssClasses":392,"htmlComments":393,"htmlAttributes":394,"restEndpoints":395,"jsGlobals":397,"shortcodeOutput":399},[],[],[],[396],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers",[398],"window.opener.location.reload(true)",[]]