[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2A2QmiCkJJ0WyWsYBGZNe5L6vwLBpFeG-BySW26ygl8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":50,"analysis":145,"fingerprints":464},"baggage-freight","Baggage Freight Shipping Australia","0.1.0","Shipster","https:\u002F\u002Fprofiles.wordpress.org\u002Fshipster\u002F","\u003Cp>If you have a WooCommerce store based in Australia and need the best domestic and international shipping rates on checkout, then look no further.\u003Cbr \u002F>\nOur freight aggregation system will match the best courier, at the best rate for each and every order placed on checkout.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays cheapest courier rate on checkout\u003C\u002Fli>\n\u003Cli>Seller saves money on freight & Buyer saves money on freight\u003C\u002Fli>\n\u003Cli>Increase your sales conversions Australia-wide\u003C\u002Fli>\n\u003Cli>Increase your sales conversions Internationally\u003C\u002Fli>\n\u003Cli>Generate Shipping Labels with ease\u003C\u002Fli>\n\u003Cli>Automatically books courier to make collection next day\u003C\u002Fli>\n\u003Cli>Tracking\u003C\u002Fli>\n\u003Cli>Insurance\u003C\u002Fli>\n\u003Cli>Try our Multi Carrier system FREE for 30 days\u003C\u002Fli>\n\u003Cli>Training, support, video tutorials available\u003C\u002Fli>\n\u003Cli>If you wish to continue using our Multi Carrier Plugin subscribe to a monthly plan \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FnTqZ5VYLbg8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>We back this system up with excellent customer service support, phone, email, live chat support 18 hours a day. Contact us on 1300 748 510.\u003C\u002Fp>\n","Australia's Best Wordpress Woocommerce Courier Comparison System and Freight Plugin for Domestic and International Shipments.",10,2289,100,3,"2014-09-18T07:23:00.000Z","3.6.1","3.0.1","",[20,21,22,23,24],"australia","calculator","carriers","couriers","e-commerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbaggage-freight.zip",62,1,"2019-01-08 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"WF-6130d49f-61b7-4b70-b1a5-036346f82650-baggage-freight","baggage-freight-shipping-australia-arbitrary-file-upload","Baggage Freight Shipping Australia \u003C= 0.1.0 - Arbitrary File Upload","The Baggage Freight Shipping Australia plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload-package.php file in versions up to, and including, 0.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.",null,"\u003C=0.1.0","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6130d49f-61b7-4b70-b1a5-036346f82650?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"shipster",30,67,"2026-04-04T14:55:07.204Z",[51,71,93,110,128],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":11,"downloaded":59,"rating":60,"num_ratings":14,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":67,"download_link":68,"security_score":69,"vuln_count":70,"unpatched_count":70,"last_vuln_date":36,"fetched_at":29},"woocommerce-smart-send-australian-shipping","Smart Send Shipping for WooCommerce","4.1.2","Smart Send","https:\u002F\u002Fprofiles.wordpress.org\u002Fgosmartsend\u002F","\u003Cp>Seamlessly integrate shipping for your Australian business with WooCommerce and the Smart Send shipping plugin.\u003C\u002Fp>\n\u003Cp>Awesome shipping rates thanks to Smart Send’s bulk discount through its carriers, as well as more timely resolution of any issues or requests.\u003C\u002Fp>\n\u003Cp>Allows customers to get an accurate quote for shipping before checking out, simply by entering some basic address info, as well as offering multiple shipping price point options, receipted delivery, transport assurance, tail-lift options AND the ability to set handling fees; flat rate or percentage.\u003C\u002Fp>\n\u003Cp>Merchant can fulfill shipping directly from within the WooCommerce ‘orders’ section of the dashboard, specifying pickup date.\u003C\u002Fp>\n\u003Cp>‘Smart Pack’ will bring your shipping down further by letting you put multiple items in the one package.\u003C\u002Fp>\n\u003Cp>This plugin requires the WooCommerce e-commerce plugin.\u003C\u002Fp>\n\u003Ch3>Fulfillment, Shipping Classes Smart Pack\u003C\u002Fh3>\n\u003Cp>You can instruct the plugin to request shipping quotes based on the packing the product comes in or on instructions you specify.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Support is available via the \u003Ca href=\"http:\u002F\u002Fwww.smartsend.com.au\" title=\"Support\" rel=\"nofollow ugc\">Smart Send website\u003C\u002Fa>;\u003C\u002Fp>\n","Australian merchants can get real-time shipping quotes, order fulfillment and shipping package packing for their WooCommerce website.",8177,74,"2025-03-03T19:24:00.000Z","6.6.5","4.7","7.4",[20,21,22,66,24],"cart","http:\u002F\u002Fdigital.smartsend.com.au\u002Fplugins\u002Fwoocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-smart-send-australian-shipping.4.1.2.zip",92,0,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":18,"download_link":92,"security_score":13,"vuln_count":70,"unpatched_count":70,"last_vuln_date":36,"fetched_at":29},"shippit-simplified-australia-shipping","Shippit for WooCommerce","2.0.4","matthewmuscat","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatthewmuscat\u002F","\u003Ch3>Multi-carrier shipping technology.\u003C\u002Fh3>\n\u003Cp>Seamlessly integrated with WooCommerce, our app gives you fast access to multiple carriers, and takes care of shipping for your stores, locations and brands.\u003C\u002Fp>\n\u003Cp>It’s mission-critical software, complete with the fulfilment automation and shipping analytics your business needs to save time and money when it comes to shipping.\u003C\u002Fp>\n\u003Cp>Together with our intuitive tracking notifications and in-house delivery support, we help you share better post-purchase experiences that scale with your business.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Offer live quotes for multiple delivery options at check-out.\u003C\u002Fli>\n\u003Cli>Discounted shipping rates with domestic and international carriers.\u003C\u002Fli>\n\u003Cli>One-click label printing, picklists and pack slips to fulfil orders fast.\u003C\u002Fli>\n\u003Cli>Smart carrier allocation and insights to keep shipping costs under control.\u003C\u002Fli>\n\u003Cli>Automated tracking notifications and customisable, branded tracking.\u003C\u002Fli>\n\u003C\u002Ful>\n","Multi-carrier shipping technology.",1000,30549,50,4,"2025-10-01T03:32:00.000Z","6.8.5","4.0.0","7.0",[88,89,90,91],"aramex","australia-post","couriers-please","shipping","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshippit-simplified-australia-shipping.stable.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":84,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":18,"download_link":109,"security_score":13,"vuln_count":70,"unpatched_count":70,"last_vuln_date":36,"fetched_at":29},"shipit","Shipit","9.6.1","Hirochi","https:\u002F\u002Fprofiles.wordpress.org\u002Ffranciscoarenasp\u002F","\u003Cp>Recuerda necesitas estas versiones para que funcione perfectamente:\u003C\u002Fp>\n\u003Cp>WC Version: 3.5.x or later\u003Cbr \u002F>\nWP Version: 4.4 or later\u003C\u002Fp>\n\u003Cp>Hola, está a punto de instalar nuestro complemento de última milla para su logística de comercio electrónico.\u003C\u002Fp>\n\u003Cp>Donde puede integrarse con el sistema de envío de Shipit y acelerar todas las entregas de sus productos.\u003Cbr \u002F>\nAl integrar su tienda a nuestra plataforma, puede ver, administrar y modificar sus envíos rápidamente con más de 5 couriers de Chile.\u003C\u002Fp>\n\u003Cp>Solo tiene que poseer sus credenciales otorgadas por Shipit.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>etiquetas: envío, paquetería, logística, fijación de precios, administración del estado del envío.\u003C\u002Fli>\n\u003C\u002Ful>\n","Shipit Calculator Mensajeros de envío",400,43917,46,6,"2026-03-04T18:15:00.000Z","4.4","5.6",[21,23,94,91],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshipit.9.6.1.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":13,"downloaded":118,"rating":103,"num_ratings":14,"last_updated":119,"tested_up_to":84,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":126,"download_link":127,"security_score":13,"vuln_count":70,"unpatched_count":70,"last_vuln_date":36,"fetched_at":29},"eshipper-commerce","eShipper Commerce","2.16.12","eshipper","https:\u002F\u002Fprofiles.wordpress.org\u002Feshipper\u002F","\u003Cp>Integrate your eCommerce platforms, automate shipping, and save on all carriers with eShipper.\u003C\u002Fp>\n\u003Cp>Get a faster, more seamless shipping experience with complete automation and fully customizable carrier options. Display live, flat, or free shipping rates at checkout and get live tracking updates as soon as your customer’s package ships. Take the guesswork out of choosing the right box size with our 4D boxing algorithm. Showcase your brand with customizable packing slips, and delight your customers with low-priced and fast shipping.\u003C\u002Fp>\n\u003Ch3>How does it work?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=aRxQKVD1eHs\" rel=\"nofollow ugc\">Watch the video here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Save up to 70% on shipping from the world’s most trusted carriers. No minimum shipping volume required\u003C\u002Fli>\n\u003Cli>Choose to display flat rates, free shipping or live rates to your customers when they checkout from your store.\u003C\u002Fli>\n\u003Cli>Sync your stores, products, and orders, plus manage all of your inventory – on one account\u003C\u002Fli>\n\u003Cli>Get one point of contact for all your shipping needs, from integration support to scaling your orders and everything in between.\u003C\u002Fli>\n\u003Cli>Get the latest tracking updates at your fingertips, including shipment notifications and search & filter options.\u003C\u002Fli>\n\u003Cli>Get access to exclusive Next-Day, Air Shipping, Cross Border and International Shipping Services.\u003C\u002Fli>\n\u003Cli>Reduce your carbon footprint and packaging costs with our 4D boxing algorithm.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Need Support?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.eshipper.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>. We’re always happy to help!\u003C\u002Fp>\n\u003Ch3>Pricing\u003C\u002Fh3>\n\u003Cp>Free\u003C\u002Fp>\n","Integrate your eCommerce platforms, automate shipping, and save on all carriers with eShipper.",6794,"2025-04-14T16:11:00.000Z","3.1","7.1",[123,24,91,124,125],"checkout","shipping-labels","shipping-rates-calculator","https:\u002F\u002Fww2.eshipper.com\u002Fecommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feshipper-commerce.2.16.12.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":70,"downloaded":69,"rating":70,"num_ratings":70,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":18,"download_link":144,"security_score":13,"vuln_count":70,"unpatched_count":70,"last_vuln_date":36,"fetched_at":29},"ih-shipping-for-auspost","IH Shipping for Australia Post","2.0.18","ihwebsolutions","https:\u002F\u002Fprofiles.wordpress.org\u002Fihwebsolutions\u002F","\u003Cp>IH Shipping for Australia Post was born out of necessity. While looking for an economical way to manage and sell inventory online using WordPress and WooCommerce, I hit a major roadblock: the inability to calculate accurate shipping without expensive or overly complex third-party plugins.\u003C\u002Fp>\n\u003Cp>Instead of compromising, I built this solution from the ground up. This plugin provides a lightweight, API-driven way to get real-time Australia Post rates, including volumetric box packing logic, without the “bloat” of larger enterprise tools.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Real-time Parcel Post rates via official Australia Post API.\u003Cbr \u002F>\n* Built-in volumetric box packer for accurate quoting.\u003Cbr \u002F>\n* Simple, “clean-code” setup that won’t slow down your site.\u003Cbr \u002F>\n* Tailor-made for Australian small businesses.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin relies on a third-party service to provide live shipping rates.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service:\u003C\u002Fstrong> Australia Post Digital API (https:\u002F\u002Fdigitalapi.auspost.com.au\u002F)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Required to obtain live postage rates for cart items.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> This plugin sends the origin postcode, destination postcode, and package dimensions\u002Fweight to the Australia Post API. No personal user data is transmitted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> https:\u002F\u002Fauspost.com.au\u002Fterms-conditions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Fauspost.com.au\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-time Parcel Post Rates:\u003C\u002Fstrong> Connects directly to the official AusPost PAC API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Box Packing:\u003C\u002Fstrong> Define your standard box sizes, and the plugin automatically finds the best fit for every order.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Heavy Parcel Support:\u003C\u002Fstrong> Automatically splits orders over 22kg into multiple packages to ensure accurate quotes without API errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Handling Fee:\u003C\u002Fstrong> Add a surcharge to cover packaging materials or time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Debug Mode:\u003C\u002Fstrong> Easy troubleshooting logs to check API connections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HPOS Compatible:\u003C\u002Fstrong> Fully compatible with WooCommerce High-Performance Order Storage.\u003C\u002Fli>\n\u003C\u002Ful>\n","A shipping integration that adds real-time Australia Post calculations (Parcel Post) with volumetric box packing.","2026-01-27T03:21:00.000Z","6.9.4","5.0","7.2",[141,89,142,91,143],"auspost","parcel-post","shipping-calculator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fih-shipping-for-auspost.zip",{"attackSurface":146,"codeSignals":176,"taintFlows":338,"riskAssessment":444,"analyzedAt":463},{"hooks":147,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":175,"entryPointCount":27,"unprotectedCount":70},[148,154,158,163],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","admin_menu","pro_admin_menu_bf","baggage_shipping.php",137,{"type":149,"name":155,"callback":156,"file":152,"line":157},"woocommerce_checkout_update_order_meta","post_order",416,{"type":149,"name":159,"callback":160,"priority":70,"file":161,"line":162},"woocommerce_shipping_init","init_baggage_shipping","class-wc-baggagefreight.php",565,{"type":164,"name":165,"callback":166,"file":161,"line":167},"filter","woocommerce_shipping_methods","add_bf_shipping_method",567,[],[],[171],{"tag":172,"callback":173,"file":152,"line":174},"baggage_link","post_link",420,[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":181,"fileOperations":335,"externalRequests":336,"nonceChecks":70,"capabilityChecks":70,"bundledLibraries":337},[],{"prepared":179,"raw":70,"locations":180},29,[],{"escaped":182,"rawEcho":183,"locations":184},12,76,[185,188,190,192,194,196,197,199,201,202,205,207,209,211,212,214,216,219,220,221,223,226,228,231,232,234,235,238,240,242,243,245,247,249,251,253,255,257,258,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,294,296,298,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333],{"file":186,"line":103,"context":187},"bf_freightsettings.php","raw output",{"file":186,"line":189,"context":187},73,{"file":186,"line":191,"context":187},79,{"file":186,"line":193,"context":187},84,{"file":195,"line":47,"context":187},"bf_label.php",{"file":195,"line":47,"context":187},{"file":195,"line":198,"context":187},31,{"file":195,"line":200,"context":187},33,{"file":195,"line":200,"context":187},{"file":203,"line":204,"context":187},"bf_order.php",80,{"file":203,"line":206,"context":187},81,{"file":203,"line":208,"context":187},82,{"file":203,"line":210,"context":187},83,{"file":203,"line":193,"context":187},{"file":203,"line":213,"context":187},85,{"file":203,"line":215,"context":187},97,{"file":217,"line":218,"context":187},"bf_payment.php",119,{"file":217,"line":218,"context":187},{"file":217,"line":218,"context":187},{"file":217,"line":222,"context":187},141,{"file":224,"line":225,"context":187},"bf_settings.php",103,{"file":224,"line":227,"context":187},191,{"file":229,"line":230,"context":187},"dashboard.php",35,{"file":229,"line":230,"context":187},{"file":229,"line":233,"context":187},39,{"file":229,"line":233,"context":187},{"file":236,"line":237,"context":187},"packed_items.php",72,{"file":236,"line":239,"context":187},99,{"file":236,"line":241,"context":187},104,{"file":236,"line":241,"context":187},{"file":236,"line":244,"context":187},117,{"file":236,"line":246,"context":187},132,{"file":236,"line":248,"context":187},262,{"file":236,"line":250,"context":187},305,{"file":236,"line":252,"context":187},307,{"file":236,"line":254,"context":187},309,{"file":236,"line":256,"context":187},310,{"file":236,"line":256,"context":187},{"file":259,"line":260,"context":187},"store-owner.php",639,{"file":259,"line":262,"context":187},675,{"file":259,"line":264,"context":187},685,{"file":259,"line":266,"context":187},695,{"file":259,"line":268,"context":187},705,{"file":259,"line":270,"context":187},717,{"file":259,"line":272,"context":187},731,{"file":259,"line":274,"context":187},741,{"file":259,"line":276,"context":187},751,{"file":259,"line":278,"context":187},761,{"file":259,"line":280,"context":187},1337,{"file":259,"line":282,"context":187},1351,{"file":259,"line":284,"context":187},1361,{"file":259,"line":286,"context":187},1371,{"file":259,"line":288,"context":187},1383,{"file":259,"line":290,"context":187},1393,{"file":292,"line":293,"context":187},"upload-package.php",345,{"file":292,"line":295,"context":187},399,{"file":292,"line":297,"context":187},409,{"file":292,"line":297,"context":187},{"file":292,"line":300,"context":187},435,{"file":292,"line":302,"context":187},465,{"file":292,"line":304,"context":187},827,{"file":292,"line":306,"context":187},879,{"file":292,"line":308,"context":187},985,{"file":292,"line":310,"context":187},989,{"file":292,"line":312,"context":187},991,{"file":292,"line":314,"context":187},993,{"file":292,"line":316,"context":187},1001,{"file":292,"line":318,"context":187},1003,{"file":292,"line":320,"context":187},1005,{"file":292,"line":322,"context":187},1007,{"file":292,"line":324,"context":187},1009,{"file":292,"line":326,"context":187},1109,{"file":292,"line":328,"context":187},1111,{"file":292,"line":330,"context":187},1113,{"file":292,"line":332,"context":187},1115,{"file":292,"line":334,"context":187},1117,8,5,[],[339,376,387,397,407],{"entryPoint":340,"graph":341,"unsanitizedCount":374,"severity":375},"\u003Cupload-package> (upload-package.php:0)",{"nodes":342,"edges":368},[343,348,353,357,359,362,366],{"id":344,"type":345,"label":346,"file":292,"line":347},"n0","source","$_REQUEST (x10)",617,{"id":349,"type":350,"label":351,"file":292,"line":304,"wp_function":352},"n1","sink","echo() [XSS]","echo",{"id":354,"type":345,"label":355,"file":292,"line":356},"n2","$_POST (x4)",159,{"id":358,"type":350,"label":351,"file":292,"line":328,"wp_function":352},"n3",{"id":360,"type":345,"label":361,"file":292,"line":306},"n4","$_REQUEST (x2)",{"id":363,"type":364,"label":365,"file":292,"line":306},"n5","transform","→ getPaging()",{"id":367,"type":350,"label":351,"file":292,"line":302,"wp_function":352},"n6",[369,371,372,373],{"from":344,"to":349,"sanitized":370},false,{"from":354,"to":358,"sanitized":370},{"from":360,"to":363,"sanitized":370},{"from":363,"to":367,"sanitized":370},16,"medium",{"entryPoint":377,"graph":378,"unsanitizedCount":14,"severity":386},"\u003Cbf_freightsettings> (bf_freightsettings.php:0)",{"nodes":379,"edges":384},[380,383],{"id":344,"type":345,"label":381,"file":186,"line":382},"$_REQUEST (x3)",17,{"id":349,"type":350,"label":351,"file":186,"line":189,"wp_function":352},[385],{"from":344,"to":349,"sanitized":370},"low",{"entryPoint":388,"graph":389,"unsanitizedCount":27,"severity":386},"\u003Cbf_settings> (bf_settings.php:0)",{"nodes":390,"edges":395},[391,394],{"id":344,"type":345,"label":392,"file":224,"line":393},"$_REQUEST",25,{"id":349,"type":350,"label":351,"file":224,"line":227,"wp_function":352},[396],{"from":344,"to":349,"sanitized":370},{"entryPoint":398,"graph":399,"unsanitizedCount":374,"severity":386},"\u003Cstore-owner> (store-owner.php:0)",{"nodes":400,"edges":405},[401,404],{"id":344,"type":345,"label":402,"file":259,"line":403},"$_POST (x16)",161,{"id":349,"type":350,"label":351,"file":259,"line":260,"wp_function":352},[406],{"from":344,"to":349,"sanitized":370},{"entryPoint":408,"graph":409,"unsanitizedCount":11,"severity":443},"\u003Cpacked_items> (packed_items.php:0)",{"nodes":410,"edges":436},[411,413,417,420,424,425,426,428,430,432,434],{"id":344,"type":345,"label":412,"file":236,"line":11},"$_POST (x2)",{"id":349,"type":350,"label":414,"file":236,"line":415,"wp_function":416},"query() [SQLi]",24,"query",{"id":354,"type":345,"label":418,"file":236,"line":419},"$_REQUEST (x4)",182,{"id":358,"type":350,"label":421,"file":236,"line":422,"wp_function":423},"get_row() [SQLi]",195,"get_row",{"id":360,"type":345,"label":392,"file":236,"line":419},{"id":363,"type":350,"label":351,"file":236,"line":248,"wp_function":352},{"id":367,"type":345,"label":427,"file":236,"line":11},"$_POST",{"id":429,"type":350,"label":351,"file":236,"line":254,"wp_function":352},"n7",{"id":431,"type":345,"label":361,"file":236,"line":248},"n8",{"id":433,"type":364,"label":365,"file":236,"line":248},"n9",{"id":435,"type":350,"label":351,"file":292,"line":302,"wp_function":352},"n10",[437,438,439,440,441,442],{"from":344,"to":349,"sanitized":370},{"from":354,"to":358,"sanitized":370},{"from":360,"to":363,"sanitized":370},{"from":367,"to":429,"sanitized":370},{"from":431,"to":433,"sanitized":370},{"from":433,"to":435,"sanitized":370},"high",{"summary":445,"deductions":446},"The 'baggage-freight' plugin v0.1.0 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids bundled libraries. However, significant concerns arise from critical vulnerabilities, both historically and indicated in the static analysis. The lack of nonce checks and capability checks across its entry points is a major weakness, leaving it susceptible to various attacks. While the attack surface is small, the absence of robust security checks on these entry points amplifies the risk.\n\nThe static analysis reveals a critical taint flow with unsanitized paths, indicating a potential for directory traversal or similar path manipulation vulnerabilities. The presence of file operations and external HTTP requests, combined with a very low percentage of properly escaped output, suggests that data processed by these functions could be vulnerable to injection attacks or cross-site scripting (XSS) if not handled with extreme care. The vulnerability history further compounds these concerns, showing a past critical vulnerability related to unrestricted file uploads, and a currently unpatched critical vulnerability.\n\nIn conclusion, while the plugin benefits from secure SQL practices and a limited attack surface, the recurring critical vulnerabilities and the current lack of essential security checks (nonces, capabilities) and proper output escaping create a substantial security risk. The unpatched critical vulnerability is the most immediate and severe concern, demanding urgent attention.",[447,450,453,455,457,459,461],{"reason":448,"points":449},"Currently unpatched critical CVE",20,{"reason":451,"points":452},"Critical severity taint flow",15,{"reason":454,"points":11},"No nonce checks",{"reason":456,"points":11},"No capability checks",{"reason":458,"points":336},"Low output escaping percentage",{"reason":460,"points":14},"File operations present",{"reason":462,"points":14},"External HTTP requests present","2026-03-17T01:29:43.112Z",{"wat":465,"direct":474},{"assetPaths":466,"generatorPatterns":469,"scriptPaths":470,"versionParams":471},[467,468],"\u002Fwp-content\u002Fplugins\u002Fbaggage-freight\u002Fcss\u002Fbaggage.css","\u002Fwp-content\u002Fplugins\u002Fbaggage-freight\u002Fjs\u002Fbaggage.js",[],[468],[472,473],"baggage-freight\u002Fcss\u002Fbaggage.css?ver=","baggage-freight\u002Fjs\u002Fbaggage.js?ver=",{"cssClasses":475,"htmlComments":476,"htmlAttributes":477,"restEndpoints":478,"jsGlobals":479,"shortcodeOutput":516},[],[],[],[],[480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,493,494,495,494,500,501,502,503,504,505,506,507,508,509,510,511,512,513,505,506,507,509,508,514,515],"window.bf_weight","window.bf_length","window.bf_width","window.bf_height","window.bf_unit","window.bf_description","window.bf_carrier","window.bf_service","window.bf_warranty","window.bf_transit_time","window.bf_booking_amount","window.bf_total_booking_rate","window.bf_collect_country","window.bf_collect_city","window.bf_collect_state","window.bf_collect_zip","window.bf_collect_company","window.bf_coll_contact_name","window.bf_collect_address","window.bf_collect_address1","window.bf_collect_email","window.bf_collect_phno","window.bf_email","window.bf_password","window.bf_dest_country","window.bf_dest_city","window.bf_dest_state","window.bf_dest_zip","window.bf_dest_email","window.bf_dest_phone_no","window.bf_dest_company","window.bf_dest_contact_name","window.bf_dest_address","window.bf_dest_address1","window.bf_customer_note","window.bf_order_id",[517,518],"[baggage_link]","[baggage_postorder]"]