[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_x9orotLOBAAiBtzGDcOf4wGTRKDI-xkjhLTntQJuUQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":33,"analysis":34,"fingerprints":276},"coinscribble-integration","Coinscribble Integration","1.0.3","Coinscribble by Coinbound","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoinscribble\u002F","\u003Cp>This plugin allows you to integrate Coinscribble with your WordPress site. After installing and configuring the plugin, you will be able to receive and update posts from Coinscribble, as well as track your transactions.\u003C\u002Fp>\n","Integrate your wordpres site with Coinscribble posts",10,1550,100,1,"2024-07-18T08:23:00.000Z","6.5.8","6.0","7.4",[20,4,21],"coinscribble","integration-with-coinscribble","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcoinscribble-integration.1.0.3.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":20,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},30,88,"2026-04-04T19:15:49.338Z",[],{"attackSurface":35,"codeSignals":96,"taintFlows":236,"riskAssessment":263,"analyzedAt":275},{"hooks":36,"ajaxHandlers":63,"restRoutes":77,"shortcodes":92,"cronEvents":93,"entryPointCount":94,"unprotectedCount":95},[37,43,46,48,51,53,57,60],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","plugins_loaded","anonymous","includes\\class-coinscribble-integration.php",170,{"type":38,"name":44,"callback":40,"file":41,"line":45},"admin_enqueue_scripts",185,{"type":38,"name":44,"callback":40,"file":41,"line":47},186,{"type":38,"name":49,"callback":40,"file":41,"line":50},"admin_menu",187,{"type":38,"name":39,"callback":40,"file":41,"line":52},192,{"type":54,"name":55,"callback":40,"file":41,"line":56},"filter","wp_kses_allowed_html",207,{"type":38,"name":58,"callback":40,"file":41,"line":59},"admin_notices",254,{"type":38,"name":61,"callback":40,"file":41,"line":62},"rest_api_init",259,[64,68,71,74],{"action":65,"nopriv":66,"callback":40,"hasNonce":66,"hasCapCheck":66,"file":41,"line":67},"coinscribble_token_saving",false,188,{"action":69,"nopriv":66,"callback":40,"hasNonce":66,"hasCapCheck":66,"file":41,"line":70},"coinscribble_settings_saving",189,{"action":72,"nopriv":66,"callback":40,"hasNonce":66,"hasCapCheck":66,"file":41,"line":73},"coinscribble_update_transactions",190,{"action":75,"nopriv":66,"callback":40,"hasNonce":66,"hasCapCheck":66,"file":41,"line":76},"coinscribble_payment_info_saving",191,[78,87],{"namespace":79,"route":80,"methods":81,"callback":83,"permissionCallback":84,"file":85,"line":86},"\u002Fcoinscribble-integration\u002Fpost","\u002Fcreate",[82],"GET","create_item","run","includes\\routes\\routes.php",5,{"namespace":79,"route":88,"methods":89,"callback":90,"permissionCallback":84,"file":85,"line":91},"\u002Fupdate",[82],"update_item",41,[],[],6,4,{"dangerousFunctions":97,"sqlUsage":98,"outputEscaping":117,"fileOperations":14,"externalRequests":86,"nonceChecks":95,"capabilityChecks":95,"bundledLibraries":235},[],{"prepared":99,"raw":94,"locations":100},8,[101,105,107,109,111,115],{"file":102,"line":103,"context":104},"includes\\migrations\\class-coinscribble-add-note-column-to-transaction-migration.php",7,"$wpdb->query() with variable interpolation",{"file":102,"line":106,"context":104},20,{"file":108,"line":103,"context":104},"includes\\migrations\\class-coinscribble-transaction-migration.php",{"file":108,"line":110,"context":104},28,{"file":112,"line":113,"context":114},"includes\\repositories\\class-coinscribble-transactions-repository.php",18,"$wpdb->get_var() with variable interpolation",{"file":112,"line":116,"context":114},57,{"escaped":118,"rawEcho":119,"locations":120},165,64,[121,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,185,187,189,191,192,194,195,196,197,199,200,202,204,205,206,208,209,211,213,214,217,219,220,221,222,224,225,226,228,229,231,233],{"file":122,"line":123,"context":124},"admin\\partials\\coinscribble-integration-admin-overview.php",27,"raw output",{"file":122,"line":126,"context":124},32,{"file":122,"line":128,"context":124},40,{"file":122,"line":130,"context":124},43,{"file":122,"line":132,"context":124},44,{"file":122,"line":134,"context":124},50,{"file":122,"line":136,"context":124},52,{"file":122,"line":138,"context":124},55,{"file":122,"line":140,"context":124},56,{"file":122,"line":142,"context":124},69,{"file":122,"line":144,"context":124},70,{"file":122,"line":146,"context":124},71,{"file":122,"line":148,"context":124},72,{"file":122,"line":150,"context":124},73,{"file":122,"line":152,"context":124},74,{"file":122,"line":24,"context":124},{"file":122,"line":155,"context":124},93,{"file":122,"line":157,"context":124},94,{"file":122,"line":159,"context":124},95,{"file":122,"line":161,"context":124},96,{"file":122,"line":163,"context":124},97,{"file":122,"line":165,"context":124},103,{"file":122,"line":167,"context":124},106,{"file":122,"line":169,"context":124},107,{"file":122,"line":171,"context":124},112,{"file":122,"line":173,"context":124},114,{"file":122,"line":175,"context":124},119,{"file":122,"line":177,"context":124},120,{"file":179,"line":30,"context":124},"admin\\partials\\coinscribble-integration-admin-posts.php",{"file":179,"line":181,"context":124},38,{"file":179,"line":183,"context":124},42,{"file":179,"line":130,"context":124},{"file":179,"line":186,"context":124},49,{"file":179,"line":188,"context":124},51,{"file":179,"line":190,"context":124},54,{"file":179,"line":138,"context":124},{"file":179,"line":193,"context":124},68,{"file":179,"line":142,"context":124},{"file":179,"line":144,"context":124},{"file":179,"line":146,"context":124},{"file":179,"line":198,"context":124},87,{"file":179,"line":31,"context":124},{"file":179,"line":201,"context":124},89,{"file":179,"line":203,"context":124},90,{"file":179,"line":161,"context":124},{"file":179,"line":13,"context":124},{"file":179,"line":207,"context":124},101,{"file":179,"line":167,"context":124},{"file":179,"line":210,"context":124},108,{"file":179,"line":212,"context":124},113,{"file":179,"line":173,"context":124},{"file":215,"line":216,"context":124},"admin\\partials\\coinscribble-integration-admin-setup.php",21,{"file":215,"line":218,"context":124},29,{"file":215,"line":30,"context":124},{"file":215,"line":91,"context":124},{"file":215,"line":183,"context":124},{"file":215,"line":223,"context":124},61,{"file":215,"line":142,"context":124},{"file":215,"line":144,"context":124},{"file":215,"line":227,"context":124},102,{"file":215,"line":165,"context":124},{"file":215,"line":230,"context":124},123,{"file":215,"line":232,"context":124},146,{"file":215,"line":234,"context":124},147,[],[237,255],{"entryPoint":238,"graph":239,"unsanitizedCount":25,"severity":254},"\u003Ccoinscribble-integration-admin-overview> (admin\\partials\\coinscribble-integration-admin-overview.php:0)",{"nodes":240,"edges":251},[241,246],{"id":242,"type":243,"label":244,"file":122,"line":245},"n0","source","$_GET (x6)",16,{"id":247,"type":248,"label":249,"file":122,"line":132,"wp_function":250},"n1","sink","echo() [XSS]","echo",[252],{"from":242,"to":247,"sanitized":253},true,"low",{"entryPoint":256,"graph":257,"unsanitizedCount":25,"severity":254},"\u003Ccoinscribble-integration-admin-posts> (admin\\partials\\coinscribble-integration-admin-posts.php:0)",{"nodes":258,"edges":261},[259,260],{"id":242,"type":243,"label":244,"file":179,"line":113},{"id":247,"type":248,"label":249,"file":179,"line":130,"wp_function":250},[262],{"from":242,"to":247,"sanitized":253},{"summary":264,"deductions":265},"The \"coinscribble-integration\" v1.0.3 plugin exhibits a mixed security posture. While it boasts a clean vulnerability history with no known CVEs and a lack of dangerous functions or critical taint flows, its static analysis reveals significant concerns.  A substantial portion of its attack surface, specifically 4 out of 6 entry points, is exposed without authentication or proper permission checks. This includes all of the AJAX handlers and REST API routes lacking permission callbacks.  While the plugin demonstrates good practices with prepared statements for most SQL queries and a reasonable percentage of properly escaped output, the unprotected entry points present a notable risk.\n\nThe absence of known vulnerabilities is a positive sign, suggesting the developers may be diligent or the plugin hasn't been extensively targeted. However, the presence of unprotected AJAX handlers and REST API endpoints is a serious oversight. These can be leveraged for various attacks, including unauthorized actions, data manipulation, or denial-of-service, depending on their functionality. The plugin's internal security mechanisms, like nonce and capability checks, are present but not universally applied to its exposed entry points.\n\nIn conclusion, the \"coinscribble-integration\" v1.0.3 plugin has strengths in its clean vulnerability record and internal code hygiene regarding SQL and output escaping. However, the significant number of unprotected entry points dramatically increases its risk profile.  It is strongly recommended that these unprotected endpoints be secured with appropriate authentication and capability checks to mitigate potential security breaches.",[266,268,270,273],{"reason":267,"points":11},"Unprotected AJAX handlers",{"reason":269,"points":99},"Unprotected REST API routes",{"reason":271,"points":272},"File operations present",3,{"reason":274,"points":272},"External HTTP requests present","2026-03-17T00:15:36.011Z",{"wat":277,"direct":286},{"assetPaths":278,"generatorPatterns":280,"scriptPaths":281,"versionParams":283},[279],"\u002Fwp-content\u002Fplugins\u002Fcoinscribble-integration\u002Fcss\u002Fcoinscribble-integration-admin.css",[],[282],"\u002Fwp-content\u002Fplugins\u002Fcoinscribble-integration\u002Fjs\u002Fcoinscribble-integration-admin.js",[284,285],"coinscribble-integration\u002Fcss\u002Fcoinscribble-integration-admin.css?ver=","coinscribble-integration\u002Fjs\u002Fcoinscribble-integration-admin.js?ver=",{"cssClasses":287,"htmlComments":288,"htmlAttributes":289,"restEndpoints":293,"jsGlobals":296,"shortcodeOutput":298},[],[],[290,291,292],"data-nonce","data-action","data-nonce-id",[294,295],"\u002Fwp-json\u002Fcoinscribble-integration\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fcoinscribble-integration\u002Fv1\u002Ftoken",[297],"coinscribbleJsObject",[]]