[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvO2JK5ZJIdI70jtVWcfR-tExDTvKE8Vb4gWkiLGFd4I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":50,"analysis":127,"fingerprints":634},"chillpay-payment-gateway","ChillPay WooCommerce","2.6.0","ChillPay","https:\u002F\u002Fprofiles.wordpress.org\u002Fchillpay01\u002F","\u003Cp>The ChillPay WooCommerce plugin lets you accept credit cards and more with real-time reports. Get paid fast under your own branding. www.chillpay.co\u003C\u002Fp>\n","ChillPay WooCommerce payment gateway plugin primarily supports your WooCommerce, enables you to accept payments via Credit and Debit cards, Internet B &hellip;",100,5188,0,"2025-07-22T07:06:00.000Z","6.8.5","4.3.1","",[19,20,21,22,23],"chillpay","payment","payment-gateway","woocommerce","woocommerce-plugin","https:\u002F\u002Fwww.chillpay.co\u002FPlugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchillpay-payment-gateway.2.6.0.zip",99,1,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-32570","chillpay-woocommerce-cross-site-request-forgery-to-stored-cross-site-scripting","ChillPay WooCommerce \u003C= 2.5.3 -  Cross-Site Request Forgery to Stored Cross-Site Scripting","The ChillPay WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.5.3","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-07-22 14:06:03",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdce0e29f-d846-496b-a9fb-2f57cc352970?source=api-prod",105,{"slug":47,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":45,"trust_score":48,"computed_at":49},"chillpay01",78,"2026-04-04T15:37:12.457Z",[51,71,80,98,118],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":13,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":17,"download_link":69,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"bleumi-payments-for-wc-vendors-marketplace","Bleumi Payments for WC Vendors Marketplace","1.0.4","Bleumi","https:\u002F\u002Fprofiles.wordpress.org\u002Fbleumiinc\u002F","\u003Cp>Bleumi for WC Vendors Marketplace\u003C\u002Fp>\n\u003Cp>Bleumi is an all-in-one global Payment Orchestration Platform. With this extension, customers can accept Traditional (PayPal, Credit\u002FDebit Card) or Crypto Currency (USD Coin, Tether, Monerium) payments in your Woocommerce Store.\u003C\u002Fp>\n\u003Cp>This plugin adds support for split payments in Bleumi Payments (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbleumi-payments-for-woocommerce\u002F) for WC Vendors Marketplace (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-vendors\u002F) plugin.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2020 Bleumi, Inc.\u003C\u002Fp>\n\u003Cp>Code licensed under the MIT License.\u003C\u002Fp>\n","Accept Traditional and Crypto Currency Payments in your WooCommerce store.",10,970,"2022-02-17T11:03:00.000Z","5.8.13","5.4","7.0",[66,67,21,68,23],"accept-crypto-payments","bleumi","payment-processing","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbleumi-payments-for-wc-vendors-marketplace.1.0.4.zip",85,{"slug":72,"name":73,"version":74,"author":55,"author_profile":56,"description":75,"short_description":58,"active_installs":59,"downloaded":76,"rating":13,"num_ratings":13,"last_updated":77,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":78,"homepage":17,"download_link":79,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"bleumi-payments-for-woocommerce","Bleumi Payments for WooCommerce","1.0.9","\u003Cp>Bleumi for WooCommerce\u003C\u002Fp>\n\u003Cp>Bleumi is an all-in-one global Payment Orchestration Platform. With this extension, customers can accept Traditional (PayPal, Credit\u002FDebit Card) or Crypto Currency (USD Coin, Tether, Monerium) payments in your Woocommerce Store.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2020 Bleumi, Inc.\u003C\u002Fp>\n\u003Cp>Code licensed under the MIT License.\u003C\u002Fp>\n",1232,"2022-01-13T09:09:00.000Z",[66,67,21,68,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbleumi-payments-for-woocommerce.1.0.9.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":59,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":90,"homepage":96,"download_link":97,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"duecom-e-commerce-payment-gateway","Due.com E-Commerce Payment Gateway","1.4.4","Due","https:\u002F\u002Fprofiles.wordpress.org\u002Fdue\u002F","\u003Cp>Be sure to checkout our \u003Ca href=\"https:\u002F\u002Fdue.com\u002Fblog\u002Frequest-access-use-due-payment-gateway-woocommerce\u002F\" rel=\"nofollow ugc\">tutorial\u003C\u002Fa> on using this plugin.\u003C\u002Fp>\n\u003Cp>This plugin adds the Due.com E-Commerce Payment Gateway Support to WooCommerce for accepting \u003Cstrong>Credit Cards Payments\u003C\u002Fstrong> directly on checkout page for your WooCommerce products and subscriptions.\u003Cbr \u002F>\nThis plugin uses Due API \u003Cstrong>v1\u003C\u002Fstrong> to charge credit cards. For better visualization of how it looks & works check screenshots tab.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Accept Credit Card Payments.\u003C\u002Fli>\n\u003Cli>Supports Products and Subscriptions.\u003C\u002Fli>\n\u003Cli>Give your customers the option to store and manage credit cards for future payments.\u003C\u002Fli>\n\u003Cli>Supports Sandbox and Live Integration.\u003C\u002Fli>\n\u003Cli>Need custom checkout experience? Contact \u003Ca href=\"https:\u002F\u002Fsupport.due.com\" rel=\"nofollow ugc\">Due Support\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>This plugin requires SSL.\u003C\u002Fli>\n\u003Cli>This plugin supports refunds \u003Cstrong>(Only in Cents)\u003C\u002Fstrong> in woocommerce interface\u003C\u002Fli>\n\u003Cli>Contribute to future releases by sending us \u003Ca href=\"mailto:chalmers@due.com?subject=Feature%20Request\" rel=\"nofollow ugc\">Feature Requests\u003C\u002Fa>!\u003C\u002Fli>\n\u003C\u002Fol>\n","Be sure to checkout our tutorial on using this plugin.",2316,"2018-10-10T05:29:00.000Z",[91,92,93,94,95],"due-alipay-bitcoin-for-woocommerce","due-alipay-for-woocommerce","due-payment-gateway-for-woocommerce","due-woocommerce-plugin","woocommerce-plugin-due-alipay-bitcoin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduecom-e-commerce-payment-gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduecom-e-commerce-payment-gateway.1.4.4.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":59,"downloaded":106,"rating":11,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":116,"download_link":117,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"oganro-dialog-ezcash","Dialog Ez Cash Payment Gateway","1.2","Oganro","https:\u002F\u002Fprofiles.wordpress.org\u002Foganro\u002F","\u003Cp>This is a novel product that empowers users to do a range of online financial transactions anytime from anywhere. The Dialog Ez Cash woocommerce plugin ensures that customers are able to purchase items or make payments online in the most simplest and secure manner.\u003C\u002Fp>\n\u003Cp>Merchants of Dialog Ez Cash are now able to augment their sales by incorporating this woocommerce payment gateway plugin on their ecommerce websites. Whether it is to make a bill payment or purchase a product online, this wordpress plugin is the ideal solution for an efficient transaction.\u003C\u002Fp>\n\u003Cp>Most of the merchants having ecommerce websites in Sri Lanka prefer to have this plugin on their ecommerce websites due to the user-friendliness, convenience and security it provides when carrying-out online transactions.  Most notably it is free to download and easy to setup.  As one of the top IT companies in Sri Lanka, Oganro Private Limited is proud to be partnered with Dialog Ez Cash to develop and support this unique ecommerce solution.\u003C\u002Fp>\n\u003Cp>This plugin is brought to you by http:\u002F\u002Fwww.Oganro.com.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>Quick set-up plug and play\u003Cbr \u002F>\nDirect connect dialog payment gateway\u003Cbr \u002F>\nUser-friendly admin interface\u003Cbr \u002F>\nFree and fast support service\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>WordPress Site\u003Cbr \u002F>\nwoocommerce\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>Provided below are the facets to be done for configuration of ez cash\u003C\u002Fp>\n\u003Cp>Visit WooCommerce > Settings > Checkout > EzcashIPG\u003C\u002Fp>\n\u003Cp>Click Save\u003C\u002Fp>\n","Woocommerce Dialog Ez Cash Payment Gateway Plugin. Now carry-out your online payments thru Dialog Ez Cash.",2839,3,"2017-01-19T06:46:00.000Z","4.8.28","3.9",[112,113,114,115,23],"dialog-ez-cash-payment-gateway","online-payment-gateway","online-payment-plugin","online-transaction-plugin","http:\u002F\u002Fezcashipg.oganro.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foganro-dialog-ezcash.1.1.zip",{"slug":119,"name":120,"version":121,"author":55,"author_profile":56,"description":122,"short_description":58,"active_installs":13,"downloaded":123,"rating":13,"num_ratings":13,"last_updated":124,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":125,"homepage":17,"download_link":126,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"bleumi-payments-for-cancel-abandoned-order","Bleumi Payments for Cancel Abandoned Order","1.0.0","\u003Cp>Bleumi for WooCommerce\u003C\u002Fp>\n\u003Cp>Bleumi is an all-in-one global Payment Orchestration Platform. With this extension, customers can accept Traditional (PayPal, Credit\u002FDebit Card) or Crypto Currency (USD Coin, Tether, Monerium) payments in your Woocommerce Store.\u003C\u002Fp>\n\u003Cp>This plugin adds Bleumi Payments for WooCommece (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbleumi-payments-for-woocommerce\u002F) as a supported payment gateway in the WooCommerce Cancel Abandoned Order (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-cancel-abandoned-order\u002F) plugin.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2020 Bleumi, Inc.\u003C\u002Fp>\n\u003Cp>Code licensed under the MIT License.\u003C\u002Fp>\n",782,"2022-01-07T08:58:00.000Z",[66,67,21,68,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbleumi-payments-for-cancel-abandoned-order.1.0.0.zip",{"attackSurface":128,"codeSignals":257,"taintFlows":620,"riskAssessment":621,"analyzedAt":633},{"hooks":129,"ajaxHandlers":237,"restRoutes":253,"shortcodes":254,"cronEvents":255,"entryPointCount":256,"unprotectedCount":107},[130,136,139,143,147,151,155,159,162,166,169,173,177,182,186,190,194,198,202,206,210,214,218,222,227,231,235],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","plugins_loaded","check_dependencies","chillpay-woocommerce.php",46,{"type":131,"name":137,"callback":137,"file":134,"line":138},"init",47,{"type":131,"name":140,"callback":141,"file":134,"line":142},"admin_notices","woocommerce_plugin_notice",73,{"type":131,"name":144,"callback":145,"file":134,"line":146},"rest_api_init","closure",162,{"type":131,"name":137,"callback":148,"file":149,"line":150},"clear_payment_gateway_cache","fix-domain-change-issue.php",21,{"type":131,"name":132,"callback":152,"priority":153,"file":149,"line":154},"force_register_gateways",20,24,{"type":131,"name":156,"callback":157,"file":149,"line":158},"admin_init","check_and_clear_cache",27,{"type":131,"name":140,"callback":160,"file":149,"line":161},"domain_change_notice",30,{"type":163,"name":164,"callback":145,"file":149,"line":165},"filter","woocommerce_payment_gateways",75,{"type":131,"name":167,"callback":145,"file":149,"line":168},"admin_menu",212,{"type":131,"name":167,"callback":170,"file":171,"line":172},"add_admin_menu","includes\\class-chillpay-admin.php",39,{"type":163,"name":174,"callback":175,"file":171,"line":176},"woocommerce_order_actions","add_order_meta_box_actions",58,{"type":131,"name":178,"callback":179,"file":180,"line":181},"woocommerce_after_my_account","init_panel","includes\\class-chillpay-wc-myaccount.php",56,{"type":163,"name":164,"callback":183,"file":184,"line":185},"add_chillpay_alipay_wechatpay","includes\\gateway\\class-chillpay-payment-alipay-wechatpay.php",209,{"type":163,"name":164,"callback":187,"file":188,"line":189},"add_chillpay_billpayment","includes\\gateway\\class-chillpay-payment-billpayment.php",253,{"type":163,"name":164,"callback":191,"file":192,"line":193},"add_chillpay_creditcard","includes\\gateway\\class-chillpay-payment-creditcard.php",230,{"type":163,"name":164,"callback":195,"file":196,"line":197},"add_chillpay_ewallet","includes\\gateway\\class-chillpay-payment-ewallet.php",319,{"type":163,"name":164,"callback":199,"file":200,"line":201},"add_chillpay_installment","includes\\gateway\\class-chillpay-payment-installment.php",489,{"type":163,"name":164,"callback":203,"file":204,"line":205},"add_chillpay_internetbanking","includes\\gateway\\class-chillpay-payment-internetbanking.php",301,{"type":163,"name":164,"callback":207,"file":208,"line":209},"add_chillpay_kiosk_machine","includes\\gateway\\class-chillpay-payment-kiosk-machine.php",227,{"type":163,"name":164,"callback":211,"file":212,"line":213},"add_chillpay_mobilebanking","includes\\gateway\\class-chillpay-payment-mobilebanking.php",299,{"type":163,"name":164,"callback":215,"file":216,"line":217},"add_chillpay_pay_with_points","includes\\gateway\\class-chillpay-payment-pay-with-points.php",251,{"type":163,"name":164,"callback":219,"file":220,"line":221},"add_chillpay_qrcode","includes\\gateway\\class-chillpay-payment-qrcode.php",188,{"type":131,"name":223,"callback":224,"file":225,"line":226},"wp_enqueue_scripts","chillpay_assets","includes\\gateway\\class-chillpay-payment.php",127,{"type":131,"name":228,"callback":229,"file":225,"line":230},"woocommerce_api_chillpay_callback","callback",142,{"type":131,"name":232,"callback":233,"file":225,"line":234},"woocommerce_api_chillpay_result","result",143,{"type":131,"name":223,"callback":224,"file":225,"line":236},146,[238,242,246,248,251],{"action":239,"nopriv":240,"callback":145,"hasNonce":240,"hasCapCheck":240,"file":149,"line":241},"chillpay_fix_domain",false,250,{"action":243,"nopriv":240,"callback":243,"hasNonce":244,"hasCapCheck":240,"file":180,"line":245},"chillpay_delete_card",true,57,{"action":247,"nopriv":240,"callback":247,"hasNonce":244,"hasCapCheck":240,"file":180,"line":176},"chillpay_create_card",{"action":243,"nopriv":244,"callback":249,"hasNonce":240,"hasCapCheck":240,"file":180,"line":250},"no_op",59,{"action":247,"nopriv":244,"callback":249,"hasNonce":240,"hasCapCheck":240,"file":180,"line":252},60,[],[],[],5,{"dangerousFunctions":258,"sqlUsage":259,"outputEscaping":267,"fileOperations":13,"externalRequests":27,"nonceChecks":618,"capabilityChecks":260,"bundledLibraries":619},[],{"prepared":13,"raw":260,"locations":261},2,[262,265],{"file":149,"line":263,"context":264},153,"$wpdb->query() with variable interpolation",{"file":149,"line":266,"context":264},154,{"escaped":226,"rawEcho":268,"locations":269},199,[270,273,275,277,279,282,284,285,287,289,291,293,295,297,298,300,303,305,306,308,309,312,313,315,317,318,321,323,324,325,327,329,331,333,335,337,339,341,343,345,347,349,350,352,354,356,359,361,363,364,365,367,369,371,372,374,376,377,379,381,382,383,385,386,387,389,391,392,394,395,397,399,401,403,404,405,406,408,409,411,413,415,417,419,421,423,425,427,428,430,432,434,436,437,439,441,443,445,447,449,450,452,454,456,458,460,461,463,465,467,469,471,472,474,476,478,480,482,484,486,488,490,492,494,495,497,499,501,503,505,507,509,511,513,515,517,519,521,522,524,526,528,530,532,534,536,538,540,542,544,545,547,549,551,553,555,557,559,561,563,565,567,569,570,571,572,573,574,575,576,577,578,579,581,583,585,587,589,590,592,593,595,596,598,599,601,602,604,605,606,609,610,611,612,613,614,615,616,617],{"file":271,"line":153,"context":272},"chillpay-util.php","raw output",{"file":134,"line":274,"context":272},97,{"file":149,"line":276,"context":272},168,{"file":149,"line":278,"context":272},182,{"file":280,"line":281,"context":272},"includes\\admin\\views\\chillpay-page-settings.php",12,{"file":280,"line":283,"context":272},16,{"file":280,"line":153,"context":272},{"file":280,"line":286,"context":272},148,{"file":280,"line":288,"context":272},156,{"file":280,"line":290,"context":272},201,{"file":280,"line":292,"context":272},208,{"file":280,"line":294,"context":272},219,{"file":180,"line":296,"context":272},121,{"file":180,"line":263,"context":272},{"file":180,"line":299,"context":272},155,{"file":301,"line":302,"context":272},"templates\\payment\\form-alipay-wechatpay.php",15,{"file":301,"line":304,"context":272},25,{"file":301,"line":172,"context":272},{"file":301,"line":307,"context":272},49,{"file":301,"line":250,"context":272},{"file":310,"line":311,"context":272},"templates\\payment\\form-billpayment.php",17,{"file":310,"line":158,"context":272},{"file":310,"line":314,"context":272},41,{"file":310,"line":316,"context":272},51,{"file":310,"line":252,"context":272},{"file":319,"line":320,"context":272},"templates\\payment\\form-creditcard.php",28,{"file":319,"line":322,"context":272},29,{"file":319,"line":161,"context":272},{"file":319,"line":314,"context":272},{"file":319,"line":326,"context":272},53,{"file":319,"line":328,"context":272},64,{"file":319,"line":330,"context":272},94,{"file":332,"line":150,"context":272},"templates\\payment\\form-ewallet.php",{"file":332,"line":334,"context":272},31,{"file":332,"line":336,"context":272},45,{"file":332,"line":338,"context":272},55,{"file":332,"line":340,"context":272},69,{"file":332,"line":342,"context":272},79,{"file":332,"line":344,"context":272},93,{"file":332,"line":346,"context":272},103,{"file":332,"line":348,"context":272},117,{"file":332,"line":226,"context":272},{"file":332,"line":351,"context":272},141,{"file":332,"line":353,"context":272},151,{"file":332,"line":355,"context":272},161,{"file":357,"line":358,"context":272},"templates\\payment\\form-installment-th.php",42,{"file":357,"line":360,"context":272},48,{"file":357,"line":362,"context":272},54,{"file":357,"line":362,"context":272},{"file":357,"line":181,"context":272},{"file":357,"line":366,"context":272},63,{"file":357,"line":368,"context":272},81,{"file":357,"line":370,"context":272},88,{"file":357,"line":330,"context":272},{"file":357,"line":373,"context":272},101,{"file":357,"line":375,"context":272},110,{"file":357,"line":348,"context":272},{"file":357,"line":378,"context":272},131,{"file":357,"line":380,"context":272},137,{"file":357,"line":230,"context":272},{"file":357,"line":230,"context":272},{"file":357,"line":384,"context":272},144,{"file":357,"line":353,"context":272},{"file":357,"line":276,"context":272},{"file":357,"line":388,"context":272},175,{"file":357,"line":390,"context":272},181,{"file":357,"line":221,"context":272},{"file":357,"line":393,"context":272},194,{"file":357,"line":290,"context":272},{"file":357,"line":396,"context":272},210,{"file":357,"line":398,"context":272},217,{"file":357,"line":400,"context":272},225,{"file":402,"line":142,"context":272},"templates\\payment\\form-installment.php",{"file":402,"line":342,"context":272},{"file":402,"line":70,"context":272},{"file":402,"line":70,"context":272},{"file":402,"line":407,"context":272},87,{"file":402,"line":330,"context":272},{"file":402,"line":410,"context":272},112,{"file":402,"line":412,"context":272},119,{"file":402,"line":414,"context":272},125,{"file":402,"line":416,"context":272},132,{"file":402,"line":418,"context":272},138,{"file":402,"line":420,"context":272},145,{"file":402,"line":422,"context":272},158,{"file":402,"line":424,"context":272},164,{"file":402,"line":426,"context":272},170,{"file":402,"line":426,"context":272},{"file":402,"line":429,"context":272},172,{"file":402,"line":431,"context":272},179,{"file":402,"line":433,"context":272},196,{"file":402,"line":435,"context":272},203,{"file":402,"line":185,"context":272},{"file":402,"line":438,"context":272},216,{"file":402,"line":440,"context":272},222,{"file":402,"line":442,"context":272},229,{"file":402,"line":444,"context":272},242,{"file":402,"line":446,"context":272},248,{"file":402,"line":448,"context":272},254,{"file":402,"line":448,"context":272},{"file":402,"line":451,"context":272},256,{"file":402,"line":453,"context":272},263,{"file":402,"line":455,"context":272},281,{"file":402,"line":457,"context":272},288,{"file":402,"line":459,"context":272},294,{"file":402,"line":205,"context":272},{"file":402,"line":462,"context":272},307,{"file":402,"line":464,"context":272},314,{"file":402,"line":466,"context":272},328,{"file":402,"line":468,"context":272},334,{"file":402,"line":470,"context":272},340,{"file":402,"line":470,"context":272},{"file":402,"line":473,"context":272},342,{"file":402,"line":475,"context":272},349,{"file":402,"line":477,"context":272},367,{"file":402,"line":479,"context":272},374,{"file":402,"line":481,"context":272},380,{"file":402,"line":483,"context":272},387,{"file":402,"line":485,"context":272},393,{"file":402,"line":487,"context":272},400,{"file":402,"line":489,"context":272},412,{"file":402,"line":491,"context":272},418,{"file":402,"line":493,"context":272},424,{"file":402,"line":493,"context":272},{"file":402,"line":496,"context":272},426,{"file":402,"line":498,"context":272},433,{"file":402,"line":500,"context":272},451,{"file":402,"line":502,"context":272},458,{"file":402,"line":504,"context":272},464,{"file":402,"line":506,"context":272},471,{"file":402,"line":508,"context":272},477,{"file":402,"line":510,"context":272},484,{"file":402,"line":512,"context":272},495,{"file":402,"line":514,"context":272},502,{"file":402,"line":516,"context":272},516,{"file":402,"line":518,"context":272},522,{"file":402,"line":520,"context":272},528,{"file":402,"line":520,"context":272},{"file":402,"line":523,"context":272},530,{"file":402,"line":525,"context":272},537,{"file":402,"line":527,"context":272},555,{"file":402,"line":529,"context":272},562,{"file":402,"line":531,"context":272},568,{"file":402,"line":533,"context":272},575,{"file":402,"line":535,"context":272},581,{"file":402,"line":537,"context":272},588,{"file":402,"line":539,"context":272},600,{"file":402,"line":541,"context":272},606,{"file":402,"line":543,"context":272},612,{"file":402,"line":543,"context":272},{"file":402,"line":546,"context":272},614,{"file":402,"line":548,"context":272},621,{"file":402,"line":550,"context":272},639,{"file":402,"line":552,"context":272},646,{"file":402,"line":554,"context":272},652,{"file":402,"line":556,"context":272},659,{"file":402,"line":558,"context":272},665,{"file":402,"line":560,"context":272},672,{"file":402,"line":562,"context":272},683,{"file":402,"line":564,"context":272},690,{"file":402,"line":566,"context":272},698,{"file":568,"line":150,"context":272},"templates\\payment\\form-internetbanking.php",{"file":568,"line":334,"context":272},{"file":568,"line":336,"context":272},{"file":568,"line":338,"context":272},{"file":568,"line":340,"context":272},{"file":568,"line":342,"context":272},{"file":568,"line":344,"context":272},{"file":568,"line":346,"context":272},{"file":568,"line":348,"context":272},{"file":568,"line":226,"context":272},{"file":568,"line":380,"context":272},{"file":580,"line":283,"context":272},"templates\\payment\\form-kiosk-machine.php",{"file":580,"line":582,"context":272},26,{"file":580,"line":584,"context":272},35,{"file":586,"line":158,"context":272},"templates\\payment\\form-mobilebanking.php",{"file":586,"line":588,"context":272},37,{"file":586,"line":328,"context":272},{"file":586,"line":591,"context":272},74,{"file":586,"line":370,"context":272},{"file":586,"line":594,"context":272},98,{"file":586,"line":410,"context":272},{"file":586,"line":597,"context":272},122,{"file":586,"line":380,"context":272},{"file":586,"line":600,"context":272},147,{"file":586,"line":288,"context":272},{"file":603,"line":283,"context":272},"templates\\payment\\form-pay-with-points.php",{"file":603,"line":582,"context":272},{"file":603,"line":584,"context":272},{"file":607,"line":608,"context":272},"templates\\payment\\form-qrcode.php",23,{"file":607,"line":154,"context":272},{"file":607,"line":304,"context":272},{"file":607,"line":582,"context":272},{"file":607,"line":158,"context":272},{"file":607,"line":320,"context":272},{"file":607,"line":322,"context":272},{"file":607,"line":161,"context":272},{"file":607,"line":172,"context":272},{"file":607,"line":138,"context":272},4,[],[],{"summary":622,"deductions":623},"The \"chillpay-payment-gateway\" plugin v2.6.0 exhibits a mixed security posture. While it boasts no known critical or high severity vulnerabilities in its history and has addressed its past medium CVE, the static analysis reveals significant concerns. The plugin presents a total of 5 entry points, with a concerning 3 of these AJAX handlers lacking proper authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the plugin's handling of SQL queries is a weakness, with 100% of its queries not utilizing prepared statements, increasing the risk of SQL injection vulnerabilities. The output escaping is also suboptimal, with only 39% of outputs being properly escaped, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.",[624,626,628,631],{"reason":625,"points":302},"AJAX handlers without authentication checks",{"reason":627,"points":59},"SQL queries without prepared statements",{"reason":629,"points":630},"Low percentage of properly escaped output",8,{"reason":632,"points":59},"Known vulnerability history (medium)","2026-03-16T21:04:49.649Z",{"wat":635,"direct":646},{"assetPaths":636,"generatorPatterns":640,"scriptPaths":641,"versionParams":642},[637,638,639],"\u002Fwp-content\u002Fplugins\u002Fchillpay-payment-gateway\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fchillpay-payment-gateway\u002Fassets\u002Fjs\u002Ffrontend.js","\u002Fwp-content\u002Fplugins\u002Fchillpay-payment-gateway\u002Fassets\u002Fjs\u002Fjquery.payment.min.js",[],[638,639],[643,644,645],"chillpay-payment-gateway\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","chillpay-payment-gateway\u002Fassets\u002Fjs\u002Ffrontend.js?ver=","chillpay-payment-gateway\u002Fassets\u002Fjs\u002Fjquery.payment.min.js?ver=",{"cssClasses":647,"htmlComments":659,"htmlAttributes":666,"restEndpoints":670,"jsGlobals":672,"shortcodeOutput":675},[648,4,649,650,651,652,653,654,655,656,657,658],"chillpay-payment-form","chillpay-card-details-wrapper","chillpay-credit-card-input","chillpay-mb-payment-wrapper","chillpay-internetbanking-payment-wrapper","chillpay-ewallet-payment-wrapper","chillpay-qrcode-payment-wrapper","chillpay-billpayment-payment-wrapper","chillpay-kiosk-payment-wrapper","chillpay-installment-payment-wrapper","chillpay-pay-with-points-payment-wrapper",[660,661,662,663,664,665],"\u003C!-- ChillPay Payment Gateway -->","\u003C!-- End ChillPay Payment Gateway -->","\u003C!-- Start ChillPay payment form -->","\u003C!-- End ChillPay payment form -->","\u003C!-- ChillPay Credit Card Form -->","\u003C!-- End ChillPay Credit Card Form -->",[667,668,669],"data-chillpay-gateway-url","data-chillpay-public-key","data-chillpay-payment-method",[671],"\u002Fwp-json\u002Fchillpay\u002Fv1\u002Fwebhooks",[7,673,674],"chillpay_frontend_params","jQuery.fn.payment",[]]