[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fR6J0H4GiezGz5o8sT8XNi_0rYj2INTqbbLEAHnvC0bc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":52,"fingerprints":393},"awsa-shipping","AWSA Shipping – Advanced Shipping for Woocommerce and Dokan","1.3.0","Sajjad Aslani","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjadaslani\u002F","\u003Cp>این افزونه روش های ارسال پست پیشتاز، پست سفارشی ، تحویل اکسپرس و پست هوایی را به لیست روش های حمل نقل در ووکامرس و دکان با تنظیمات مختلف در هر روش اضافه می کند.\u003C\u002Fp>\n\u003Cp>امکان ثبت کد رهگیری با قابلیت نمایش در بخش جزئیات سفارش ووکامرس\u003Cbr \u002F>\nامکان ایمپورت و اکسپورت کد رهگیری سفارشات با اکسل\u003C\u002Fp>\n\u003Cp>روش های ارسال\u003Cbr \u002F>\n1. پست پیشتاز\u003Cbr \u002F>\n2. پست سفارشی\u003Cbr \u002F>\n3. تحویل اکسپرس\u003Cbr \u002F>\n4. تحویل هوایی\u003C\u002Fp>\n\u003Cp>تنظیمات روش های ارسال\u003Cbr \u002F>\n1.  عنوان و تصویر دلخواه برای هر روش ارسال\u003Cbr \u002F>\n2. مشخص کردن شهر های فعال و غیر فعال\u003Cbr \u002F>\n3. حداکثر وزن مجاز\u003Cbr \u002F>\n4. هزینه پیشفرض برای ارسال مرسوله\u003Cbr \u002F>\n5. هزینه های اضافی برای درست نبود کد پستی به صورت درصدی یا مبلغ ثابت\u003Cbr \u002F>\n6. هزینه ی اضافی به ازای بسته بندی و… به صورت درصدی یا مبلغ ثابت\u003Cbr \u002F>\n7. تنظیمات ارسال رایگان براساس روش پرداخت , مجموع حداقل مبلغ سفارش برای ارسال رایگان\u003Cbr \u002F>\n8. ارسال رایگان برای اولین سفارش مشتری\u003C\u002Fp>\n\u003Cp>محاسبه ی هزینه ی پست پیشتاز و پست سفارشی براساس تعرفه ی ۱۳۹۹ محاسبه می شود.\u003C\u002Fp>\n","روش های حمل و نقل با تنظیمات پیشرفته",90,8517,88,7,"2022-06-04T06:38:00.000Z","6.0.11","5.3.0","7.2",[20,21,22,23,24],"%d9%85%d8%ad%d8%a7%d8%b3%d8%a8%d9%87-%d9%87%d8%b2%db%8c%d9%86%d9%87-%d9%be%d8%b3%d8%aa","%d9%be%db%8c%d8%b4%d8%aa%d8%a7%d8%b2","%d8%ad%d9%85%d9%84-%d9%88-%d9%86%d9%82%d9%84-%d9%88%d9%88%da%a9%d8%a7%d9%85%d8%b1%d8%b3","%d8%ad%d9%85%d9%84-%d9%88-%d9%86%d9%82%d9%84-%d8%a7%db%8c%d8%b1%d8%a7%d9%86","%d8%ad%d9%85%d9%84-%d9%88-%d9%86%d9%82%d9%84-%d8%af%da%a9%d8%a7%d9%86","http:\u002F\u002Fsajjadaslani.ir\u002Fawsa-shipping\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawsa-shipping.1.3.0.zip",63,1,"2025-04-10 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-32604","awsa-shipping-reflected-cross-site-scripting","AWSA Shipping \u003C= 1.3.0 - Reflected Cross-Site Scripting","The AWSA Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.3.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-15 14:13:40",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1c17909f-bf69-4d72-80d2-0574b964bb4f?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"sajjadaslani",30,68,"2026-04-05T00:51:50.139Z",[],{"attackSurface":53,"codeSignals":232,"taintFlows":306,"riskAssessment":379,"analyzedAt":392},{"hooks":54,"ajaxHandlers":219,"restRoutes":227,"shortcodes":228,"cronEvents":229,"entryPointCount":230,"unprotectedCount":231},[55,62,66,70,75,79,83,88,92,96,99,101,103,105,107,109,112,114,116,120,124,125,128,130,134,136,139,144,146,150,154,158,162,166,168,170,173,177,180,183,187,191,194,196,200,204,209,213,217],{"type":56,"name":57,"callback":58,"priority":59,"file":60,"line":61},"action","admin_enqueue_scripts","AWSA_Admin_Shipping_Scripts::enqueue",99,"includes\\class-admin-shipping.php",67,{"type":56,"name":63,"callback":64,"file":60,"line":65},"admin_init","init",76,{"type":56,"name":67,"callback":68,"file":60,"line":69},"admin_post_awsa_shipping_settings","update_shipping_settings",77,{"type":56,"name":71,"callback":72,"priority":73,"file":60,"line":74},"admin_menu","menu",10,78,{"type":56,"name":76,"callback":77,"priority":73,"file":60,"line":78},"add_meta_boxes","meta_boxes",79,{"type":56,"name":80,"callback":81,"file":60,"line":82},"awsa_shop_order_actions_meta_box_child_info","awsa_order_actions_meta_box_child_info",104,{"type":84,"name":85,"callback":86,"file":60,"line":87},"filter","awsa_post_actions_modules_shop_order","anonymous",107,{"type":84,"name":89,"callback":90,"file":60,"line":91},"manage_edit-shop_order_columns","awsa_shipping_manage_posts_columns",110,{"type":56,"name":93,"callback":94,"priority":73,"file":60,"line":95},"manage_shop_order_posts_custom_column","awsa_shipping_display_parcel_code_column",111,{"type":56,"name":57,"callback":97,"priority":59,"file":98,"line":78},"\\AWSA_Shipping\\Admin_Scripts::enqueue","includes\\class-admin.php",{"type":56,"name":63,"callback":64,"file":98,"line":100},89,{"type":56,"name":102,"callback":68,"file":98,"line":11},"awsa_update_settings_page-awsa-shipping",{"type":56,"name":71,"callback":72,"priority":73,"file":98,"line":104},91,{"type":56,"name":76,"callback":77,"priority":73,"file":98,"line":106},92,{"type":56,"name":80,"callback":81,"file":98,"line":108},122,{"type":84,"name":85,"callback":110,"file":98,"line":111},"add_order_actions_modules",125,{"type":84,"name":89,"callback":90,"file":98,"line":113},128,{"type":56,"name":93,"callback":94,"priority":73,"file":98,"line":115},129,{"type":84,"name":117,"callback":118,"file":98,"line":119},"awsa_settings_page_awsa-shipping_addons","add_settings_page_addon",138,{"type":56,"name":121,"callback":86,"file":122,"line":123},"woocommerce_checkout_process","includes\\class-checkout.php",26,{"type":56,"name":121,"callback":86,"file":122,"line":48},{"type":84,"name":126,"callback":86,"priority":48,"file":127,"line":123},"bulk_actions-edit-shop_order","includes\\class-order-bulk-actions.php",{"type":56,"name":64,"callback":86,"priority":73,"file":129,"line":123},"includes\\class-order-statuses.php",{"type":84,"name":131,"callback":86,"priority":132,"file":129,"line":133},"wc_order_statuses",20,27,{"type":84,"name":126,"callback":86,"priority":48,"file":129,"line":135},28,{"type":56,"name":76,"callback":76,"priority":73,"file":137,"line":138},"includes\\class-post-actions.php",81,{"type":56,"name":140,"callback":141,"priority":59,"file":142,"line":143},"wp_enqueue_scripts","\\AWSA_Shipping\\Scripts::enqueue","includes\\class-shipping.php",199,{"type":56,"name":64,"callback":64,"file":142,"line":145},209,{"type":84,"name":147,"callback":148,"priority":73,"file":142,"line":149},"woocommerce_cart_shipping_method_full_label","awsa_shipping_filter_woocommerce_cart_shipping_method_full_label",216,{"type":84,"name":151,"callback":152,"priority":73,"file":142,"line":153},"woocommerce_shipping_methods","shipping_methods",228,{"type":84,"name":155,"callback":156,"priority":73,"file":142,"line":157},"awsa_package_info_get_weight","awsa_add_default_weight_for_products",231,{"type":56,"name":159,"callback":160,"priority":73,"file":142,"line":161},"woocommerce_order_details_before_order_table","display_parcel_detail",233,{"type":84,"name":163,"callback":164,"file":142,"line":165},"woe_fetch_order_data","replace_city_id_in_export_orders",236,{"type":56,"name":57,"callback":86,"priority":59,"file":167,"line":123},"includes\\class-wc-city-input-admin.php",{"type":84,"name":169,"callback":86,"file":167,"line":48},"woocommerce_get_settings_general",{"type":56,"name":171,"callback":86,"file":167,"line":172},"woocommerce_admin_field_awsa-city-selector",31,{"type":84,"name":174,"callback":86,"priority":59,"file":175,"line":176},"woocommerce_states","includes\\class-wc-states-cities.php",29,{"type":84,"name":178,"callback":86,"priority":59,"file":175,"line":179},"woocommerce_checkout_fields",34,{"type":84,"name":181,"callback":86,"priority":59,"file":175,"line":182},"woocommerce_form_field_city",39,{"type":84,"name":184,"callback":86,"priority":185,"file":175,"line":186},"woocommerce_formatted_address_replacements",9999,44,{"type":56,"name":188,"callback":86,"priority":189,"file":175,"line":190},"woocommerce_checkout_update_order_review",999,49,{"type":56,"name":192,"callback":86,"file":175,"line":193},"woocommerce_review_order_before_payment",50,{"type":56,"name":140,"callback":86,"priority":59,"file":175,"line":195},55,{"type":56,"name":71,"callback":197,"priority":59,"file":198,"line":199},"add_menus","includes\\core\\admin-menus\\class-admin-menus.php",62,{"type":56,"name":201,"callback":202,"file":203,"line":176},"admin_post_awsa_settings_page","update_settings_page","includes\\core\\apis\\settings\\class-settings-page.php",{"type":56,"name":205,"callback":206,"priority":73,"file":207,"line":208},"awsa_settings_page_enqueue","enqueue","includes\\core\\apis\\settings\\page\\class-display-page.php",166,{"type":56,"name":210,"callback":211,"priority":73,"file":207,"line":212},"awsa_settings_topmenu","settings_topmenu",167,{"type":56,"name":214,"callback":215,"priority":73,"file":207,"line":216},"awsa_display_page_settings","render_fields",168,{"type":56,"name":76,"callback":76,"priority":73,"file":218,"line":91},"includes\\core\\post-actions\\class-post-actions.php",[220,226],{"action":221,"nopriv":222,"callback":223,"hasNonce":224,"hasCapCheck":222,"file":137,"line":225},"aw-admin-actions-ajax-process",false,"actions_ajax_process",true,82,{"action":221,"nopriv":222,"callback":223,"hasNonce":224,"hasCapCheck":222,"file":218,"line":95},[],[],[],2,0,{"dangerousFunctions":233,"sqlUsage":234,"outputEscaping":236,"fileOperations":231,"externalRequests":231,"nonceChecks":301,"capabilityChecks":231,"bundledLibraries":302},[],{"prepared":28,"raw":231,"locations":235},[],{"escaped":237,"rawEcho":238,"locations":239},117,33,[240,244,247,250,251,253,255,257,259,261,264,265,266,267,268,269,271,273,274,275,278,279,281,282,285,288,289,290,291,293,294,296,299],{"file":241,"line":242,"context":243},"includes\\apis\\settings\\class-settings-page-fields.php",36,"raw output",{"file":245,"line":246,"context":243},"includes\\class-order-actions.php",84,{"file":248,"line":249,"context":243},"includes\\class-shipping-order-actions.php",69,{"file":167,"line":138,"context":243},{"file":167,"line":252,"context":243},93,{"file":167,"line":254,"context":243},101,{"file":207,"line":256,"context":243},150,{"file":207,"line":258,"context":243},155,{"file":207,"line":260,"context":243},210,{"file":262,"line":263,"context":243},"includes\\core\\apis\\settings\\page\\template-settings-page.php",25,{"file":262,"line":133,"context":243},{"file":262,"line":133,"context":243},{"file":262,"line":135,"context":243},{"file":262,"line":48,"context":243},{"file":262,"line":182,"context":243},{"file":262,"line":270,"context":243},40,{"file":262,"line":272,"context":243},46,{"file":262,"line":190,"context":243},{"file":262,"line":27,"context":243},{"file":276,"line":277,"context":243},"includes\\core\\post-actions\\template-admin-post-actions-meta-box.php",32,{"file":276,"line":238,"context":243},{"file":276,"line":280,"context":243},42,{"file":276,"line":190,"context":243},{"file":283,"line":284,"context":243},"includes\\core.php",418,{"file":286,"line":287,"context":243},"templates\\admin-post-actions-meta-box.php",13,{"file":286,"line":287,"context":243},{"file":286,"line":132,"context":243},{"file":286,"line":263,"context":243},{"file":292,"line":263,"context":243},"templates\\admin-shipping-settings-template.php",{"file":292,"line":123,"context":243},{"file":295,"line":132,"context":243},"templates\\parcel-info-meta-box-template.php",{"file":297,"line":298,"context":243},"templates\\template-shipping-tools.php",41,{"file":297,"line":300,"context":243},45,5,[303],{"name":304,"version":37,"knownCves":305},"Select2",[],[307,322,330,341,349,361,371],{"entryPoint":308,"graph":309,"unsanitizedCount":28,"severity":39},"bulk_actions_process (includes\\class-order-bulk-actions.php:61)",{"nodes":310,"edges":320},[311,315],{"id":312,"type":313,"label":314,"file":127,"line":249},"n0","source","$_REQUEST",{"id":316,"type":317,"label":318,"file":127,"line":78,"wp_function":319},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[321],{"from":312,"to":316,"sanitized":222},{"entryPoint":323,"graph":324,"unsanitizedCount":28,"severity":39},"\u003Cclass-order-bulk-actions> (includes\\class-order-bulk-actions.php:0)",{"nodes":325,"edges":328},[326,327],{"id":312,"type":313,"label":314,"file":127,"line":249},{"id":316,"type":317,"label":318,"file":127,"line":78,"wp_function":319},[329],{"from":312,"to":316,"sanitized":222},{"entryPoint":331,"graph":332,"unsanitizedCount":231,"severity":340},"update_shipping_settings (includes\\class-admin-shipping.php:120)",{"nodes":333,"edges":338},[334,337],{"id":312,"type":313,"label":335,"file":60,"line":336},"$_SERVER['HTTP_REFERER']",131,{"id":316,"type":317,"label":318,"file":60,"line":336,"wp_function":319},[339],{"from":312,"to":316,"sanitized":224},"low",{"entryPoint":342,"graph":343,"unsanitizedCount":231,"severity":340},"\u003Cclass-admin-shipping> (includes\\class-admin-shipping.php:0)",{"nodes":344,"edges":347},[345,346],{"id":312,"type":313,"label":335,"file":60,"line":336},{"id":316,"type":317,"label":318,"file":60,"line":336,"wp_function":319},[348],{"from":312,"to":316,"sanitized":224},{"entryPoint":350,"graph":351,"unsanitizedCount":28,"severity":340},"\u003Cclass-display-page> (includes\\core\\apis\\settings\\page\\class-display-page.php:0)",{"nodes":352,"edges":359},[353,356],{"id":312,"type":313,"label":354,"file":207,"line":355},"$_GET",65,{"id":316,"type":317,"label":357,"file":207,"line":260,"wp_function":358},"echo() [XSS]","echo",[360],{"from":312,"to":316,"sanitized":222},{"entryPoint":362,"graph":363,"unsanitizedCount":231,"severity":340},"save_settings (includes\\core\\apis\\settings\\page\\class-settings-page.php:115)",{"nodes":364,"edges":369},[365,368],{"id":312,"type":313,"label":335,"file":366,"line":367},"includes\\core\\apis\\settings\\page\\class-settings-page.php",142,{"id":316,"type":317,"label":318,"file":366,"line":367,"wp_function":319},[370],{"from":312,"to":316,"sanitized":224},{"entryPoint":372,"graph":373,"unsanitizedCount":231,"severity":340},"\u003Cclass-settings-page> (includes\\core\\apis\\settings\\page\\class-settings-page.php:0)",{"nodes":374,"edges":377},[375,376],{"id":312,"type":313,"label":335,"file":366,"line":367},{"id":316,"type":317,"label":318,"file":366,"line":367,"wp_function":319},[378],{"from":312,"to":316,"sanitized":224},{"summary":380,"deductions":381},"The awsa-shipping v1.3.0 plugin demonstrates a generally strong security posture, with a notable absence of dangerous functions and SQL injection vulnerabilities due to prepared statements. The plugin also implements a good number of nonce checks. However, the presence of unsanitized paths in the taint analysis indicates potential security weaknesses that could be exploited if they lead to exploitable vulnerabilities. The historically documented Cross-site Scripting (XSS) vulnerability, even if it is in the past, raises concerns about the plugin's historical ability to properly neutralize user-provided input, and the fact that there is still an unpatched vulnerability is a significant risk.\n\nWhile the static analysis shows a small attack surface and no immediate critical or high severity issues in the current version's code, the existence of an unpatched medium severity vulnerability from the past, coupled with the taint analysis findings, suggests that careful attention is still required. The plugin has strengths in its handling of SQL and the number of nonce checks, but the historical XSS and the taint findings highlight areas where input sanitization and output escaping might still need further review to ensure complete security.",[382,385,387,390],{"reason":383,"points":384},"Unpatched CVE present",15,{"reason":386,"points":301},"Flows with unsanitized paths found",{"reason":388,"points":389},"Output escaping not fully implemented",3,{"reason":391,"points":132},"Capability checks missing on entry points","2026-03-16T21:19:03.012Z",{"wat":394,"direct":415},{"assetPaths":395,"generatorPatterns":402,"scriptPaths":403,"versionParams":408},[396,397,398,399,400,401],"\u002Fwp-content\u002Fplugins\u002Fawsa-shipping\u002Fassets\u002Fcss\u002Fadmin-styles.css","\u002Fwp-content\u002Fplugins\u002Fawsa-shipping\u002Fassets\u002Fjs\u002Fadmin-scripts.js","\u002Fwp-content\u002Fplugins\u002Fawsa-shipping\u002Fassets\u002Fjs\u002Fawsa-form.js","\u002Fwp-content\u002Fplugins\u002Fawsa-shipping\u002Fassets\u002Fjs\u002Fawsa-post-actions.js","\u002Fwp-content\u002Fplugins\u002Fawsa-shipping\u002Fassets\u002Fcss\u002Ffontawesome.min.css","\u002Fwp-content\u002Fplugins\u002Fawsa-shipping\u002Fassets\u002Fjs\u002Fscripts.js",[],[404,405,406,407],"admin-scripts.js","awsa-form.js","awsa-post-actions.js","scripts.js",[409,410,411,412,413,414],"awsa-shipping-admin-style?ver=","awsa-shipping-admin-script?ver=","awsa-form-script?ver=","awsa-post-actions-script?ver=","awsa-fontawesome?ver=","awsa-shipping-script?ver=",{"cssClasses":416,"htmlComments":422,"htmlAttributes":423,"restEndpoints":424,"jsGlobals":425,"shortcodeOutput":429},[417,418,419,420,421],"awsa-shipping-admin-style","awsa-shipping-admin-script","awsa-form-script","awsa-post-actions-script","awsa-shipping-script",[],[],[],[426,427,428],"awsa_shipping_admin_data","awsa_script_data","awsa_shipping_data",[]]