[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fx_1GwHSav46Qc7tbVSur-l6HlNHq4OH-FUbQ6nBTQXc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":35,"fingerprints":255},"broadnet-sms-services","Broadnet SMS Services","0.0.2","rabihz","https:\u002F\u002Fprofiles.wordpress.org\u002Frabihz\u002F","\u003Cp>This plugin adds a new feature to your WooCommerce site. With it, you can easily do integrate sms notifications in orders notifications.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you need help with the Broadnet SMS Services Plugin, please visit our support forum at noc@broadnet.me.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The Broadnet SMS Services Plugin is released under the GPLv2 license. A copy of the license can be found in the LICENSE file.\u003C\u002Fp>\n","A plugin for sending SMS notification to customers and administrator when orders status is changed using WooCommerce.",0,789,"2024-01-04T11:00:00.000Z","6.4.8","5.9","7.4",[18,19,20,21,22],"order-cancelled-sms-notification","order-completed-sms-notification","order-on-hold-sms-notification","order-pending-payment-sms-notification","order-processing-sms-notification","https:\u002F\u002Fwww.broadnet.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbroadnet-sms-services.0.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T06:06:33.272Z",[],{"attackSurface":36,"codeSignals":125,"taintFlows":245,"riskAssessment":246,"analyzedAt":254},{"hooks":37,"ajaxHandlers":115,"restRoutes":121,"shortcodes":122,"cronEvents":123,"entryPointCount":124,"unprotectedCount":124},[38,44,47,49,52,55,58,61,64,66,72,76,80,84,88,92,97,99,100,101,102,103,104,105,106,107,109,110,111,112,113,114],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","plugins_loaded","anonymous","includes\\class-broadnet-sms-services.php",148,{"type":39,"name":45,"callback":41,"file":42,"line":46},"admin_enqueue_scripts",163,{"type":39,"name":45,"callback":41,"file":42,"line":48},164,{"type":39,"name":50,"callback":41,"file":42,"line":51},"admin_menu",167,{"type":39,"name":53,"callback":41,"file":42,"line":54},"admin_init",168,{"type":39,"name":56,"callback":41,"file":42,"line":57},"admin_notices",170,{"type":39,"name":59,"callback":41,"file":42,"line":60},"admin_post_nds_form_response",172,{"type":39,"name":62,"callback":41,"file":42,"line":63},"wp_enqueue_scripts",191,{"type":39,"name":62,"callback":41,"file":42,"line":65},192,{"type":39,"name":67,"callback":68,"priority":69,"file":70,"line":71},"woocommerce_order_status_pending","sms_order_status_change_to_pending",10,"public\\class-broadnet-sms-services-public.php",59,{"type":39,"name":73,"callback":74,"priority":69,"file":70,"line":75},"woocommerce_order_status_processing","sms_order_status_change_to_processing",60,{"type":39,"name":77,"callback":78,"priority":69,"file":70,"line":79},"woocommerce_order_status_on-hold","sms_order_status_change_to_hold",61,{"type":39,"name":81,"callback":82,"priority":69,"file":70,"line":83},"woocommerce_order_status_completed","sms_order_status_change_to_completed",63,{"type":39,"name":85,"callback":86,"priority":69,"file":70,"line":87},"woocommerce_order_status_cancelled","sms_order_status_change_to_cancelled",64,{"type":39,"name":89,"callback":90,"priority":69,"file":70,"line":91},"woocommerce_order_status_refunded","sms_order_status_change_to_refunded",65,{"type":93,"name":94,"callback":95,"priority":69,"file":70,"line":96},"filter","woocoomerce_sms_message","fiter_wc_sms_msg",67,{"type":39,"name":40,"callback":41,"file":98,"line":43},"trunk\\includes\\class-broadnet-sms-services.php",{"type":39,"name":45,"callback":41,"file":98,"line":46},{"type":39,"name":45,"callback":41,"file":98,"line":48},{"type":39,"name":50,"callback":41,"file":98,"line":51},{"type":39,"name":53,"callback":41,"file":98,"line":54},{"type":39,"name":56,"callback":41,"file":98,"line":57},{"type":39,"name":59,"callback":41,"file":98,"line":60},{"type":39,"name":62,"callback":41,"file":98,"line":63},{"type":39,"name":62,"callback":41,"file":98,"line":65},{"type":39,"name":67,"callback":68,"priority":69,"file":108,"line":71},"trunk\\public\\class-broadnet-sms-services-public.php",{"type":39,"name":73,"callback":74,"priority":69,"file":108,"line":75},{"type":39,"name":77,"callback":78,"priority":69,"file":108,"line":79},{"type":39,"name":81,"callback":82,"priority":69,"file":108,"line":83},{"type":39,"name":85,"callback":86,"priority":69,"file":108,"line":87},{"type":39,"name":89,"callback":90,"priority":69,"file":108,"line":91},{"type":93,"name":94,"callback":95,"priority":69,"file":108,"line":96},[116,120],{"action":117,"nopriv":118,"callback":41,"hasNonce":118,"hasCapCheck":118,"file":42,"line":119},"nds_form_response",false,175,{"action":117,"nopriv":118,"callback":41,"hasNonce":118,"hasCapCheck":118,"file":98,"line":119},[],[],[],2,{"dangerousFunctions":126,"sqlUsage":127,"outputEscaping":129,"fileOperations":242,"externalRequests":243,"nonceChecks":124,"capabilityChecks":243,"bundledLibraries":244},[],{"prepared":11,"raw":11,"locations":128},[],{"escaped":130,"rawEcho":131,"locations":132},76,72,[133,137,139,141,143,145,147,149,151,153,155,156,158,160,162,164,166,168,170,172,174,176,178,179,180,182,184,186,188,190,192,193,194,196,198,200,202,204,205,206,208,209,210,211,212,213,214,215,216,217,219,220,221,222,223,224,225,226,228,229,230,231,232,233,234,235,236,237,238,239,240,241],{"file":134,"line":135,"context":136},"admin\\class-broadnet-sms-services-admin.php",157,"raw output",{"file":134,"line":138,"context":136},158,{"file":134,"line":140,"context":136},159,{"file":142,"line":124,"context":136},"admin\\views\\partials-html-how-to-settings.php",{"file":142,"line":144,"context":136},19,{"file":142,"line":146,"context":136},20,{"file":142,"line":148,"context":136},21,{"file":142,"line":150,"context":136},27,{"file":142,"line":152,"context":136},38,{"file":142,"line":154,"context":136},49,{"file":142,"line":75,"context":136},{"file":142,"line":157,"context":136},71,{"file":142,"line":159,"context":136},82,{"file":161,"line":124,"context":136},"admin\\views\\partials-html-sms-general-settings.php",{"file":161,"line":163,"context":136},8,{"file":161,"line":165,"context":136},12,{"file":161,"line":167,"context":136},16,{"file":161,"line":169,"context":136},23,{"file":161,"line":171,"context":136},33,{"file":161,"line":173,"context":136},39,{"file":161,"line":175,"context":136},45,{"file":177,"line":167,"context":136},"admin\\views\\partials-html-sms-settings-form-view.php",{"file":177,"line":146,"context":136},{"file":177,"line":169,"context":136},{"file":177,"line":181,"context":136},24,{"file":177,"line":183,"context":136},29,{"file":177,"line":185,"context":136},43,{"file":177,"line":187,"context":136},46,{"file":177,"line":189,"context":136},51,{"file":177,"line":191,"context":136},54,{"file":177,"line":71,"context":136},{"file":177,"line":96,"context":136},{"file":177,"line":195,"context":136},75,{"file":177,"line":197,"context":136},83,{"file":177,"line":199,"context":136},91,{"file":177,"line":201,"context":136},99,{"file":203,"line":135,"context":136},"trunk\\admin\\class-broadnet-sms-services-admin.php",{"file":203,"line":138,"context":136},{"file":203,"line":140,"context":136},{"file":207,"line":124,"context":136},"trunk\\admin\\views\\partials-html-how-to-settings.php",{"file":207,"line":144,"context":136},{"file":207,"line":146,"context":136},{"file":207,"line":148,"context":136},{"file":207,"line":150,"context":136},{"file":207,"line":152,"context":136},{"file":207,"line":154,"context":136},{"file":207,"line":75,"context":136},{"file":207,"line":157,"context":136},{"file":207,"line":159,"context":136},{"file":218,"line":124,"context":136},"trunk\\admin\\views\\partials-html-sms-general-settings.php",{"file":218,"line":163,"context":136},{"file":218,"line":165,"context":136},{"file":218,"line":167,"context":136},{"file":218,"line":169,"context":136},{"file":218,"line":171,"context":136},{"file":218,"line":173,"context":136},{"file":218,"line":175,"context":136},{"file":227,"line":167,"context":136},"trunk\\admin\\views\\partials-html-sms-settings-form-view.php",{"file":227,"line":146,"context":136},{"file":227,"line":169,"context":136},{"file":227,"line":181,"context":136},{"file":227,"line":183,"context":136},{"file":227,"line":185,"context":136},{"file":227,"line":187,"context":136},{"file":227,"line":189,"context":136},{"file":227,"line":191,"context":136},{"file":227,"line":71,"context":136},{"file":227,"line":96,"context":136},{"file":227,"line":195,"context":136},{"file":227,"line":197,"context":136},{"file":227,"line":199,"context":136},{"file":227,"line":201,"context":136},26,4,[],[],{"summary":247,"deductions":248},"The \"broadnet-sms-services\" plugin version 0.0.2 presents a mixed security posture. While it exhibits strengths in avoiding dangerous functions, utilizing prepared statements for SQL queries, and having no recorded historical vulnerabilities, significant concerns arise from its attack surface.  The plugin has two identified AJAX handlers, both of which lack authentication checks, creating a direct pathway for unauthorized actions. The output escaping is also a concern, with only 51% of outputs being properly escaped, leaving room for potential cross-site scripting (XSS) vulnerabilities. The absence of taint analysis results is neutral; it could indicate clean code or insufficient analysis.  \n\nGiven the identified unprotected AJAX endpoints, there is a clear risk of privilege escalation or unauthorized data manipulation if these handlers perform sensitive operations. The moderate output escaping rate further exacerbates this risk, potentially allowing malicious scripts to be injected and executed. The plugin's clean vulnerability history is a positive indicator, suggesting a generally secure development approach, but it does not negate the immediate risks identified in the static analysis.  \n\nIn conclusion, the \"broadnet-sms-services\" plugin has a concerning lack of security controls on its AJAX endpoints, which is the most critical weakness. While its SQL handling and historical security are positive, the unprotected entry points and moderate output escaping create a tangible risk that needs immediate attention. Developers should prioritize implementing proper authentication and capability checks for all AJAX handlers and improve output escaping to mitigate these vulnerabilities.",[249,251],{"reason":250,"points":69},"AJAX handlers without auth checks",{"reason":252,"points":253},"Moderate output escaping rate",5,"2026-03-17T07:06:08.830Z",{"wat":256,"direct":265},{"assetPaths":257,"generatorPatterns":260,"scriptPaths":261,"versionParams":262},[258,259],"\u002Fwp-content\u002Fplugins\u002Fbroadnet-sms-services\u002Fcss\u002Fbroadnet-sms-services-admin.css","\u002Fwp-content\u002Fplugins\u002Fbroadnet-sms-services\u002Fjs\u002Fbroadnet-sms-services-admin.js",[],[],[263,264],"broadnet-sms-services-admin.css?ver=","broadnet-sms-services-admin.js?ver=",{"cssClasses":266,"htmlComments":267,"htmlAttributes":268,"restEndpoints":269,"jsGlobals":270,"shortcodeOutput":271},[],[],[],[],[],[]]