[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZFTm-Efoy4QypozbSetsl3vIiGQm08K6zpIKjfsadxY":3,"$fPMO9CuZThVKhpVdxAj1daBywQopefOWIFiA3UINIWaI":173,"$f2-9L0zBKHHeiVqzf6vhIXqpQJU1pTbhP1KYTLPuuZ3E":177},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"discovery_status":23,"vulnerabilities":24,"developer":25,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":153},"consumer-terminal-checkout","Consumer Terminal Checkout","1.0","Figarellihousedev","https:\u002F\u002Fprofiles.wordpress.org\u002Ffigarellihousedev\u002F","\u003Cp>CT Checkout is a custom WooCommerce checkout plugin designed to work seamlessly with the CTC app. It enables a tailored checkout experience that integrates with the app’s unique flow and features.\u003C\u002Fp>\n\u003Cp>To enable the custom CT Checkout option, your WooCommerce store must be using the Classic Checkout page layout. This layout provides the necessary structure to support the plugin’s customized behavior and integration points with the CTC platform.\u003C\u002Fp>\n\u003Cp>Perfect for stores that need to streamline checkout for compatibility with CTC’s services, CT Checkout ensures a smoother experience for both merchants and customers.\u003C\u002Fp>\n\u003Cp>This plugin initiates an API call to a secure remote server to process a transaction using encrypted card information submitted by the customer. The remote call is required in order to securely validate and process the payment using data stored in a protected and PCI-compliant environment. This ensures sensitive payment information is never handled or stored directly on the merchant’s WordPress site, enhancing overall security and reducing compliance scope.\u003C\u002Fp>\n\u003Ch3>Important Notice on External Dependencies\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>This plugin relies on a third-party service to complete payment transactions.\u003C\u002Fstrong> Specifically, it sends encrypted payment token data and order details to a secure API endpoint provided by an external service.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The third-party API service is required for secure transaction processing.\u003C\u002Fli>\n\u003Cli>No payments can be completed without communication with this external endpoint.\u003C\u002Fli>\n\u003Cli>This is a necessary part of the payment flow to ensure PCI-compliant handling of sensitive information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Service URL: https:\u002F\u002Fwww.consumerterminalcheckout.com\u002F\u003Cbr \u002F>\nService Privacy Policy: https:\u002F\u002Fwww.consumerterminalcheckout.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>If you require a solution that functions entirely within your own infrastructure, this plugin may not be suitable, as external communication is essential to its purpose.\u003C\u002Fp>\n","CT Checkout is a custom WooCommerce checkout plugin designed to work seamlessly with the CTC app. It enables a tailored checkout experience that integ …",0,864,"2025-07-01T03:10:00.000Z","6.8.5","4.7","7.0",[],"https:\u002F\u002Fconsumerterminalcheckout.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconsumer-terminal-checkout.1.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"figarellihousedev",1,30,94,"2026-05-20T06:58:25.357Z",[],{"attackSurface":33,"codeSignals":82,"taintFlows":100,"riskAssessment":144,"analyzedAt":152},{"hooks":34,"ajaxHandlers":78,"restRoutes":79,"shortcodes":80,"cronEvents":81,"entryPointCount":11,"unprotectedCount":11},[35,41,45,50,54,58,63,66,70,74],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","admin_notices","closure","consumer-terminal-checkout.php",20,{"type":36,"name":42,"callback":43,"file":39,"line":44},"plugins_loaded","ctcp_check_woocommerce_active",26,{"type":46,"name":47,"callback":48,"file":39,"line":49},"filter","woocommerce_payment_gateways","ctcp_register_payment_gateway",34,{"type":36,"name":51,"callback":52,"file":39,"line":53},"woocommerce_checkout_process","ctcp_validate_payment_fields",60,{"type":36,"name":55,"callback":56,"file":39,"line":57},"woocommerce_checkout_update_order_meta","ctcp_save_payment_fields",61,{"type":36,"name":59,"callback":60,"priority":61,"file":39,"line":62},"woocommerce_admin_order_data_after_billing_address","ctcp_display_admin_fields",10,62,{"type":46,"name":64,"callback":38,"file":39,"line":65},"woocommerce_default_gateway",275,{"type":36,"name":42,"callback":67,"priority":68,"file":39,"line":69},"ctcp_init_payment_gateway",11,279,{"type":36,"name":71,"callback":72,"file":39,"line":73},"admin_menu","ctcp_admin_menu",282,{"type":36,"name":75,"callback":76,"file":39,"line":77},"wp_enqueue_scripts","ctcp_enqueue_styles",336,[],[],[],[],{"dangerousFunctions":83,"sqlUsage":84,"outputEscaping":86,"fileOperations":11,"externalRequests":27,"nonceChecks":88,"capabilityChecks":11,"bundledLibraries":99},[],{"prepared":11,"raw":11,"locations":85},[],{"escaped":87,"rawEcho":88,"locations":89},24,4,[90,93,95,97],{"file":39,"line":91,"context":92},21,"raw output",{"file":39,"line":94,"context":92},173,{"file":39,"line":96,"context":92},176,{"file":39,"line":98,"context":92},179,[],[101,119,131],{"entryPoint":102,"graph":103,"unsanitizedCount":11,"severity":118},"ctcp_init_payment_gateway (consumer-terminal-checkout.php:37)",{"nodes":104,"edges":115},[105,110],{"id":106,"type":107,"label":108,"file":39,"line":109},"n0","source","$_POST (x2)",129,{"id":111,"type":112,"label":113,"file":39,"line":94,"wp_function":114},"n1","sink","echo() [XSS]","echo",[116],{"from":106,"to":111,"sanitized":117},true,"low",{"entryPoint":120,"graph":121,"unsanitizedCount":11,"severity":118},"ctcp_settings_page (consumer-terminal-checkout.php:289)",{"nodes":122,"edges":129},[123,126],{"id":106,"type":107,"label":124,"file":39,"line":125},"$_POST['ctcp_merchant_id']",298,{"id":111,"type":112,"label":127,"file":39,"line":125,"wp_function":128},"update_option() [Settings Manipulation]","update_option",[130],{"from":106,"to":111,"sanitized":117},{"entryPoint":132,"graph":133,"unsanitizedCount":11,"severity":118},"\u003Cconsumer-terminal-checkout> (consumer-terminal-checkout.php:0)",{"nodes":134,"edges":141},[135,136,137,139],{"id":106,"type":107,"label":108,"file":39,"line":109},{"id":111,"type":112,"label":113,"file":39,"line":94,"wp_function":114},{"id":138,"type":107,"label":124,"file":39,"line":125},"n2",{"id":140,"type":112,"label":127,"file":39,"line":125,"wp_function":128},"n3",[142,143],{"from":106,"to":111,"sanitized":117},{"from":138,"to":140,"sanitized":117},{"summary":145,"deductions":146},"The \"consumer-terminal-checkout\" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of detected dangerous functions, the exclusive use of prepared statements for SQL queries, and a high percentage of properly escaped outputs are excellent indicators of good coding practices. Furthermore, the plugin demonstrates a commitment to security by including nonce checks on internal operations, which helps mitigate common CSRF vulnerabilities. The lack of recorded vulnerabilities, including CVEs, also suggests a history of responsible development and maintenance.\n\nHowever, there are a few areas that warrant attention and could potentially introduce risks. The presence of an external HTTP request, while not inherently problematic, needs to be scrutinized for potential vulnerabilities if the target endpoint is not secured or if the request data is not properly validated and sanitized. While the taint analysis shows no unsanitized paths, this single external request represents a potential vector that requires careful monitoring and assurance of its secure implementation. The lack of capability checks, while not immediately alarming given the limited attack surface reported, could become a concern if the plugin's functionality were to expand or if it integrates with more sensitive parts of WordPress.\n\nOverall, \"consumer-terminal-checkout\" v1.0 appears to be a well-developed plugin with a strong emphasis on secure coding principles. The immediate risks are low due to the lack of critical findings in static analysis and vulnerability history. The primary area for continued vigilance is the external HTTP request, and developers should ensure it is implemented with robust security measures. The absence of capability checks should be re-evaluated as the plugin evolves.",[147,150],{"reason":148,"points":149},"External HTTP request found",5,{"reason":151,"points":149},"No capability checks on internal operations","2026-03-17T06:50:02.286Z",{"wat":154,"direct":160},{"assetPaths":155,"generatorPatterns":157,"scriptPaths":158,"versionParams":159},[156],"\u002Fwp-content\u002Fplugins\u002Fconsumer-terminal-checkout\u002Fassets\u002Ficon.png",[],[],[],{"cssClasses":161,"htmlComments":162,"htmlAttributes":163,"restEndpoints":170,"jsGlobals":171,"shortcodeOutput":172},[],[],[164,165,166,167,168,169],"name=\"ctcp_payment_email\"","id=\"ctcp_payment_email\"","name=\"ctcp_card_token\"","id=\"ctcp_card_token\"","name=\"ctcp_card_exp_date\"","id=\"ctcp_card_exp_date\"",[],[],[],{"error":117,"url":174,"statusCode":175,"statusMessage":176,"message":176},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fconsumer-terminal-checkout\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":178,"versions":179},2,[180,188],{"version":181,"download_url":182,"svn_tag_url":183,"released_at":21,"has_diff":184,"diff_files_changed":185,"diff_lines":21,"trac_diff_url":186,"vulnerabilities":187,"is_current":184},"2.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconsumer-terminal-checkout.2.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fconsumer-terminal-checkout\u002Ftags\u002F2.0.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fconsumer-terminal-checkout%2Ftags%2F1.0.0&new_path=%2Fconsumer-terminal-checkout%2Ftags%2F2.0.0",[],{"version":189,"download_url":19,"svn_tag_url":190,"released_at":21,"has_diff":184,"diff_files_changed":191,"diff_lines":21,"trac_diff_url":21,"vulnerabilities":192,"is_current":184},"1.0.0","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fconsumer-terminal-checkout\u002Ftags\u002F1.0.0\u002F",[],[]]